tech | Vince in the Bay

Tag Archives: tech

My guest this episode is social engineering guru Joe Gray. Joe is a Senior Security Architect at IBM and has his own blog and podcast called Advanced Persistent Security. Joe presented a talk at RSA this year with friend of the show Rachel Tobac on social engineering and OSINT which I posted the full audio of here. Joe spoke with me about Social Engineering, OSINT, vishing, SECTFs, password inspections and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!!

Tagged ADVANCED PERSISTENT SECURITY, Cyber, Cyber Security, cybersecurity, hacking, Information Security, infosec, Internet, Joe Gray, OSINT, pen-testing, podcast, RSA Conference 2018, SECTF, security, Security Research, Social Engineering, tech, technology, vishing

Apr 22 2018

Leave a comment

bug bounties, Cyber Security, Disclosure, Hackers, hacking, infosec, pen-testing, RSA Conference

PODCAST: RSAC 2018 – Katie Moussouris

Katie-M-RSAC2018

Guest Katie Moussouris

Katie is the founder and CEO of Luta Security. She presented a talk on bug bounties, penetration testing and vulnerability disclosure entitled “Bug Bounty Buzzword Bingo—Deep Dive under a Jumped Shark” at the RSA Conference last week in San Francisco. Check out her slides here.

After her talk she spoke with me about the evolution of bug bounty programs, her work in developing ISO standards for vulnerability disclosure, her path to a career in information security and much more.

This episode is the 1st in a series dedicated to RSA Conference 2018. Stay tuned for more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!!

Tagged bug bounties, Cyber Security, hacking, Information Security, infosec, Internet, Katie Moussouris, Luta Security, podcast, RSA Conference 2018, security, tech, technology, vulnerability disclosure

Apr 20 2018

1 Comment

infosec, OSINT, pen-testing, RSA Conference, SECTF, Social Engineering, social media, vishing

RSAC 2018 – Rachel Tobac & Joe Gray

Compromising a Fortune 500 Business without Hacking a Thing!

Rachel Tobac and Joe Gray present at RSAC2018!!

A simulated compromise of a Fortune 500 company as part of a social engineering competition will lead to discussion about how data was collected using open source intelligence (OSINT) beyond that of social media and tools. It will identify places to find data, providing insight for more valuable data sources. This will include a demo of OSINT techniques, phishing and a pretexting discussion.

Learning Objectives:
1: Learn how to defend against social engineering.
2: Understand the relative ease in collecting open source intelligence (OSINT).
3: Learn more about the tools and techniques used in social engineering.

CLICK HERE FOR THE SLIDES FROM PRESENTATION

CLICK HERE TO DOWNLOAD MP3 FILE

Tagged hacking, Information Security, Internet, Joe Gray, OSINT, podcast, Rachel Tobac, RSA Conference 2018, security, Social Engineering, tech, technology

Apr 14 2018

Leave a comment

Disclosure, Electronics, Hackers, hacking, HID attacks, infosec, Internet Of Things, pen-testing, Privacy, smart locks, technology, USB drives

PODCAST: Amazon Key & HID Attacks with MG

WiRPfsLy_400x400

Guest: MG

This episode’s guest is Bay Area based security researcher MG. He joins the podcast to share his work experimenting with various HID (Human Interface Devices) attacks using USB drives and cables. MG has also made news recently for disclosing a vulnerability in the Amazon Key smart lock technology and shares his experience developing the proof of concept and eventually sharing it with Amazon’s security team.

Check out MG’s work here!

Amazon Key Attack

HID attack hardware

All-USB-devices-on-table

USB Rubber Ducky by Hak5

USB-rubber-ducky

MG’s HID attack platform for USB Type-A connectors

USBA-connector

PCB-boardwithUSBAconnector

Smoke-emitting USB drive

Smoke-USB

Exploding USB drive

Apple USB Lightning connector (MG’s HID attack cable on left)

Apple-lightningbolt2

Apple-lightningbolt-1

MG’s HID attack platform for USB Type-C connectors

USBC-connectors

DIRECT DOWNLOAD OF PODCAST MP3

Subscribe on iTunes, GooglePlay and Stitcher!

Tagged Amazon Key, Information Security, infosec, smart locks, tech, technology, USB drives, USB HID attacks, USB Rubber Ducky

Mar 04 2018

Leave a comment

Cyber Security, DefCon, DEFCON 25, hacking, infosec, Instagram, OSINT, pen-testing, SECTF, Social Engineering, technology, vishing

PODCAST: Rachel Tobac

Guest – Rachel Tobac

Rachel is co-founder and CEO of Social Proof Security and Chair of the Board of Women In Security and Privacy.

Rachel discusses (and demonstrates) the art of “vishing” and social engineering. She placed 2^nd twice in the Social Engineering Capture the Flag competition at DEFCON 24 and DEFCON 25 and has become a popular speaker and advocate for personal and organizational safety through social engineering awareness.

Subscribe via iTunes, GooglePlay and/or Stitcher!

DIRECT DOWNLOAD MP3 OF PODCAST

Tagged business, computers, Cyber Security, DefCon, DEFCON 25, hacking, Information Security, infosec, Instagram, Internet, podcast, Privacy, Rachel Tobac, SECTF, security, SEVilliage, Social Engineering, tech, technology, vishing

Jan 01 2018

Leave a comment

Attribution, business, cyber crime, cyber espionage, Cyber Security, DefCon, DEFCON 25, Espionage, Hackers, hacking, infosec, pen-testing, Privacy, Risk Analysis, technology, threat analysis, WannaCry

PODCAST: Judy Towers & Michael Goedekr

This episode is an interview with intelligence analyst Judy Towers and Michael Goedekr, CEO of hackdefnet, conducted over the summer at DEFCON 25 in Las Vegas (2017). Judy and Michael share their thoughts on threat intelligence, risk analysis, dealing with C suite executives and more.

Tagged DEFCON 25, hacking, Information Security, infosec, security, tech, technology, threat intel, WannaCry

Nov 12 2017

1 Comment

Black Hat, DefCon, DEFCON 25, Electronics, Hackers, hacking, Ham Radio, infosec, Internet Of Things, Radio, SDR, Software Defined Radio, technology

PODCAST: Richard Henderson

nOvUZyKi_400x400

Guest Richard Henderson talks about his workshop on SDR in Las Vegas at DEFCON25!

Slides from Richard’s SDR workshop at DEFCON 25: DEFCON-25-Scanning-The-Airwaves

Richard Henderson is global security strategist at Absolute Software. We recorded this interview in July 2017 during the Black Hat 2017 security conference in Las Vegas, NV. Podcast available on iTunes, Google Play and Stitcher. Subscribe!

Tagged Black Hat, computers, DefCon, DEFCON 25, hacking, Ham Radio, Information Security, infosec, Internet, Internet Of Things, IoT, podcast, Radio, SDR, security, Software Defined Radio, tech, technology

Jul 26 2017

Leave a comment

Anonymous, cyber crime, Cyber Security, FBI, Hackers, hacking, infosec, LulzSec

Vince Interviewed on CLOUDERA podcast

Check out this interview I did with @tjlaher for Cloudera on #cybercrime #hackers #Anonymous #CFAA #ITbootcamps #pizzabombing & more!

Tagged Anonymous, CFAA, Cloudera, computers, Cyber, cyber crime, Cyber Security, Hackers, hacking, Internet, Pizza Bombing, Privacy, security, tech, technology, trolls

Jul 20 2017

Leave a comment

crime, cyber crime, cyber espionage, Cyber Security, DefCon, DEFCON 25, Espionage, Hackers, hacking, infosec, pen-testing, Social Engineering, surveillance, technology, vishing

PODCAST: Physical Pen-testing with Jek Hyde

Guest Jek Hyde of Sincerely Security with prosthetic “baby bump.”

My guest this episode is “Jek” a social engineer/pen-tester who recently live tweeted a real world penetration test in which her team successfully breached a client’s corporate offices and networks. We talk about how she got into social engineering and information security. It was fun to learn about her experiences and pick up a few tips and tricks as I prepare for the Social Engineering Capture The Flag competition at DEFCON next week!

Tagged business, computers, corporate espionage, cybersecurity, DefCon, DEFCON 25, hacking, Information Security, infosec, Internet, pen-testing, Privacy, security, Security Research, Social Engineering, social media, tech, technology, Twitter, vishing

May 24 2017

Leave a comment

BrightTALK, business, cyber crime, Cyber Security, Google, Google Docs, hacking, infosec

BrightTALK webinar: Google Docs Phishing Scam

ICYMI: I moderated a BrightTALK webinar on the recent Google Docs phishing attack.

Join BrightTALK and check out this informative panel discussion featuring myself along with panelists Nathan Wenzler and Kowsik Guruswamy.

This slideshow requires JavaScript.

A massive phishing campaign targeting Google accounts ripped through the internet on a Wednesday afternoon in early May. Phishing scams are pretty common. What sets this scam apart is that it is more convincing than most. The email takes users who click on the file to a legitimate Google sign-in screen to grant permissions. If you received the email or are concerned you might be targeted next, join this interactive Q&A panel to get the facts and protect your account and your organization.

We discuss:
– What is the Google Docs email scam?
– How is this scam different from other phishing scams?
– What’s the deal with Eugene Pupov?
– Who’s at risk and how can you avoid being a victim?
– What can we expect in the future?

Moderator:
– Vince Tocce, Vince in the Bay Podcast

Speakers:
– Nathan Wenzler, Chief Security Strategist at AsTech Consulting
– Kowsik Guruswamy, CTO for Menlo Security

Follow me on Twitter!

Follow @VinceintheBay

Tagged BrightTALK, computers, Google, Google Defender, Google Docs, Hackers, hacking, Internet, Kowisk Guruswamy, Nathan Wenzler, Pawn Storm, Phishing Scam, Privacy, Russia, tech, technology, Vince in the Bay, VITB

%d bloggers like this:

VITB 4 LYFE

Tag Archives: tech

Share this:

Like this:

Share this:

Compromising a Fortune 500 Business without Hacking a Thing!

Share this:

Share this:

Like this:

Share this:

Share this:

Like this:

Share this:

Share this:

Share this:

Share this: