Tag Archives: Information Security

Apr 20 2018
1 Comment
infosec, OSINT, pen-testing, RSA Conference, SECTF, Social Engineering, social media, vishing

RSAC 2018 – Rachel Tobac & Joe Gray

Compromising a Fortune 500 Business without Hacking a Thing!

Rachel Tobac and Joe Gray present at RSAC2018!!

A simulated compromise of a Fortune 500 company as part of a social engineering competition will lead to discussion about how data was collected using open source intelligence (OSINT) beyond that of social media and tools. It will identify places to find data, providing insight for more valuable data sources. This will include a demo of OSINT techniques, phishing and a pretexting discussion.

Learning Objectives:
1: Learn how to defend against social engineering.
2: Understand the relative ease in collecting open source intelligence (OSINT).
3: Learn more about the tools and techniques used in social engineering.

CLICK HERE FOR THE SLIDES FROM PRESENTATION

CLICK HERE TO DOWNLOAD MP3 FILE

Tagged , , , , , , , , , , ,
Apr 14 2018
Leave a comment
Disclosure, Electronics, Hackers, hacking, HID attacks, infosec, Internet Of Things, pen-testing, Privacy, smart locks, technology, USB drives

PODCAST: Amazon Key & HID Attacks with MG

WiRPfsLy_400x400

Guest: MG

This episode’s guest is Bay Area based security researcher MG. He joins the podcast to share his work experimenting with various HID (Human Interface Devices) attacks using USB drives and cables. MG has also made news recently for disclosing a vulnerability in the Amazon Key smart lock technology and shares his experience developing the proof of concept and eventually sharing it with Amazon’s security team.

Check out MG’s work here!

Amazon Key Attack

HID attack hardware

All-USB-devices-on-table

USB Rubber Ducky by Hak5

USB-rubber-ducky

MG’s HID attack platform for USB Type-A connectors

USBA-connector

PCB-boardwithUSBAconnector

Smoke-emitting USB drive

Smoke-USB

Exploding USB drive

Apple USB Lightning connector (MG’s HID attack cable on left)

Apple-lightningbolt2

Apple-lightningbolt-1

MG’s HID attack platform for USB Type-C connectors

USBC-connectors

DIRECT DOWNLOAD OF PODCAST MP3

Subscribe on iTunes, GooglePlay and Stitcher!

Tagged , , , , , , , ,
Mar 04 2018
Leave a comment
Cyber Security, DefCon, DEFCON 25, hacking, infosec, Instagram, OSINT, pen-testing, SECTF, Social Engineering, technology, vishing

PODCAST: Rachel Tobac

RACHELLLGuest – Rachel Tobac

Rachel is co-founder and CEO of Social Proof Security and Chair of the Board of Women In Security and Privacy.

Rachel-Tobac-SECTF-1500x500

Rachel discusses (and demonstrates) the art of “vishing” and social engineering. She placed 2nd twice in the Social Engineering Capture the Flag competition at DEFCON 24 and DEFCON 25 and has become a popular speaker and advocate for personal and organizational safety through social engineering awareness.

Subscribe via iTunes, GooglePlay and/or Stitcher!

DIRECT DOWNLOAD MP3 OF PODCAST

 

 

Tagged , , , , , , , , , , , , , , , , , , ,
Jan 01 2018
Leave a comment
Attribution, business, cyber crime, cyber espionage, Cyber Security, DefCon, DEFCON 25, Espionage, Hackers, hacking, infosec, pen-testing, Privacy, Risk Analysis, technology, threat analysis, WannaCry

PODCAST: Judy Towers & Michael Goedekr

This episode is an interview with intelligence analyst Judy Towers and Michael Goedekr, CEO of hackdefnet, conducted over the summer at DEFCON 25 in Las Vegas (2017). Judy and Michael share their thoughts on threat intelligence, risk analysis, dealing with C suite executives and more.

Tagged , , , , , , , ,
Nov 12 2017
1 Comment
Black Hat, DefCon, DEFCON 25, Electronics, Hackers, hacking, Ham Radio, infosec, Internet Of Things, Radio, SDR, Software Defined Radio, technology

PODCAST: Richard Henderson

nOvUZyKi_400x400

Guest Richard Henderson talks about his workshop on SDR in Las Vegas at DEFCON25!

Slides from Richard’s SDR workshop at DEFCON 25: DEFCON-25-Scanning-The-Airwaves

Richard Henderson is global security strategist at Absolute Software. We recorded this interview in July 2017 during the Black Hat 2017 security conference in Las Vegas, NV. Podcast available on iTunes, Google Play and Stitcher. Subscribe!

Tagged , , , , , , , , , , , , , , , , ,
Jul 20 2017
Leave a comment
crime, cyber crime, cyber espionage, Cyber Security, DefCon, DEFCON 25, Espionage, Hackers, hacking, infosec, pen-testing, Social Engineering, surveillance, technology, vishing

PODCAST: Physical Pen-testing with Jek Hyde

Jek-Hyde-baby-bump-pic-bathroom-1Guest Jek Hyde of Sincerely Security with prosthetic “baby bump.”

My guest this episode is “Jek” a social engineer/pen-tester who recently live tweeted a real world penetration test in which her team successfully breached a client’s corporate offices and networks. We talk about how she got into social engineering and information security. It was fun to learn about her experiences and pick up a few tips and tricks as I prepare for the Social Engineering Capture The Flag competition at DEFCON next week!

Tagged , , , , , , , , , , , , , , , , , , ,
Mar 28 2017
1 Comment
BrightTALK, CIA, cyber espionage, infosec, Wikileaks

BrightTALK Webinar on WikiLeaks Vault 7

Vault7-Still-BrightTALK

I recently moderated a BrightTALK webinar on the “Vault 7” CIA document leaks.

Join BrightTALK and check out this discussion titled “WikiLeaks Vault 7: Facts, Fiction & Implications” with distinguished speakers Jake Kouns (Risk Based Security) and Kenesa Ahmad (Aleada Consulting).

Follow on Twitter!

Tagged , , , , , ,
Mar 16 2017
Leave a comment
Anonymous, CNN, cyber crime, cyber espionage, Cyber Security, FBI, Hackers, hacking, infosec, Junaid Hussain, LulzSec, NSA, PSYOP, surveillance, TeaMp0isoN, technology, TriCk

CNN’s “Mostly Human” Series Premier with VITB!

VITBonCNNgo

Look who’s in an episode of the new CNNgo series  with !

Here’s a link to the video:
http://www.cnn.com/videos/cnnmoney/2017/03/08/mostly-human-hacker-down.cnnmoney/video/playlists/atv-mostly-human/

Follow me on Twitter!

Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Mar 16 2017
Leave a comment
BrightTALK, CloudBleed, Cloudflare, Cyber Security, infosec, Privacy, technology

BrightTALK webinar on Cloudbleed

CloudBleed-Slide01

Last week I moderated a BrightTALK webinar on the infamous “Cloudbleed” bug.

Join BrightTALK and check out this informative panel discussion I moderated titled “CloudBleed: The Good, The Bad, and The Ugly for Users, Companies and Society.” Featuring myself along with panelists Kaushik Narayan (Skyhigh Networks), Lori MacVittie (F5 Networks), Bojan Simic (HYPR Corp), and Tom Gorup (Rook Security).

Next Wed at 10 am PDT/ 1pm EDT (March 22, 2017) I will be moderating a BrightTALK webinar on the recent “Vault 7” CIA document leaks titled WikiLeaks Vault 7: Facts, Fiction & Implications with distinguished panelists Jake Kouns, (Risk Based Security), Kenesa Ahmad (WISP) and more to be announced.

Follow me on Twitter!

Tagged , , , , , , ,
Feb 15 2017
2 Comments
botnets, hacking, infosec, Internet Of Things, Mirai, RSA Conference

RSAC 2017: Rob Graham on Mirai and IoT Botnets

UPDATED WITH SLIDES (03/15/17)

rob-graham

“Mirai and IoT Botnet Analysis” MP3 AUDIO FILE

RSAC2017-Mirai-OPENINGSLIDE

“Mirai and IoT Botnet Analysis” SLIDES – PDF FILE

At this year’s RSA security conference in San Francisco, researcher Rob Graham gave a presentation entitled “Mirai and IoT Botnet Analysis.” His talk examined the infamous “Mirai” Internet of Things botnet and shared details on how it operates. Graham also covered technical aspects of the cameras it infects and detailed his own experimentation with Mirai in the wild. He went on to discuss last year’s massive DDoS attacks on DNS provider Dyn, which involved variations of the Mirai IoT botnet.

No official AV video recording of this talk, but the audio and RSAC slides are all you need.

Enjoy!

Also, check out Rob’s blog!

-Vince

Follow me on Twitter!

Tagged , , , , , , , , , , ,
Newer posts