Tag Archives: tech

PODCAST: Amazon Key & HID Attacks with MG

WiRPfsLy_400x400

Guest: MG

This episode’s guest is Bay Area based security researcher MG. He joins the podcast to share his work experimenting with various HID (Human Interface Devices) attacks using USB drives and cables. MG has also made news recently for disclosing a vulnerability in the Amazon Key smart lock technology and shares his experience developing the proof of concept and eventually sharing it with Amazon’s security team.

Check out MG’s work here!

Amazon Key Attack

HID attack hardware

All-USB-devices-on-table

USB Rubber Ducky by Hak5

USB-rubber-ducky

MG’s HID attack platform for USB Type-A connectors

USBA-connector

PCB-boardwithUSBAconnector

Smoke-emitting USB drive

Smoke-USB

Exploding USB drive

Apple USB Lightning connector (MG’s HID attack cable on left)

Apple-lightningbolt2

Apple-lightningbolt-1

MG’s HID attack platform for USB Type-C connectors

USBC-connectors

DIRECT DOWNLOAD OF PODCAST MP3

Subscribe on iTunes, GooglePlay and Stitcher!

Tagged , , , , , , , ,

PODCAST: Judy Towers & Michael Goedekr

This episode is an interview with intelligence analyst Judy Towers and Michael Goedekr, CEO of hackdefnet, conducted over the summer at DEFCON 25 in Las Vegas (2017). Judy and Michael share their thoughts on threat intelligence, risk analysis, dealing with C suite executives and more.

Tagged , , , , , , , ,

BrightTALK webinar: Google Docs Phishing Scam

What-is-google-docs-phishing-slide-2

ICYMI: I moderated a BrightTALK webinar on the recent Google Docs phishing attack.

Join BrightTALK and check out this informative panel discussion featuring myself along with panelists Nathan Wenzler and Kowsik Guruswamy.

This slideshow requires JavaScript.

A massive phishing campaign targeting Google accounts ripped through the internet on a Wednesday afternoon in early May. Phishing scams are pretty common. What sets this scam apart is that it is more convincing than most. The email takes users who click on the file to a legitimate Google sign-in screen to grant permissions. If you received the email or are concerned you might be targeted next, join this interactive Q&A panel to get the facts and protect your account and your organization.

We discuss:
– What is the Google Docs email scam?
– How is this scam different from other phishing scams?
– What’s the deal with Eugene Pupov?
– Who’s at risk and how can you avoid being a victim?
– What can we expect in the future?

Moderator:
– Vince Tocce, Vince in the Bay Podcast

Speakers:
– Nathan Wenzler, Chief Security Strategist at AsTech Consulting
– Kowsik Guruswamy, CTO for Menlo Security

Follow me on Twitter!

Tagged , , , , , , , , , , , , , , , , ,
%d bloggers like this: