technology | Vince in the Bay

Jul 05 2018

Cyber Security, DefCon, GDPR, Giovanni Vigna, hacking, infosec, RSA Conference, technology

PODCAST: Giovanni Vigna

giovanni_vigna_square

Giovanni is a co-founder and CTO of Lastline, Inc., a company which develops solutions to detect and mitigate advanced malware and targeted threats. He is a Professor in the Department of Computer Science at the University of California in Santa Barbara and director of the Center for CyberSecurity at UCSB. He is co-director of the Security Lab, which is part of the iSeclab group and founder of the Shellphish hacker group which has annually competed in the DEFCON CTF (won in 2005) and also The DARPA Cyber Grand Challenge (3rd place). He also organizes the International Capture The Flag (iCTF), one of the world’s largest attack-defense hacking competitions.

Giovanni’s research focuses on vulnerability analysis, web security, malware analysis, and mobile security. We met in San Francisco at RSAC 2018 this year where he presented two talks, one entitled How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days and also The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem.

This episode we discuss all these things plus GDPR, Santa Barbara hot springs and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!

Check out Giovanni at RSAC 2018:

How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days

The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem

Tagged computers, Cyber Grand Challenge, Cyber Security, DARPA, DEF CON, DEFCON CTF, GDPR, Giovanni Vigna, hacking, iCTF, Information Security, infosec, Internet, Lastline, podcast, Privacy, RSA Conference 2018, RSAC18, security, Security Research, Shellphish, technology, UCSB

Jul 01 2018

Leave a comment

Amazon Web Services, AWS, bug bounties, Cyber Security, hacking, infosec, pen-testing, privilege escalation vulnerabilities, technology

PODCAST: Ben & Spencer from Rhino Security Labs

Ben-Spencer-tiled

Benjamin Caudill and Spencer Gietzen of Rhino Security Labs

Benjamin Caudill and Spencer Gietzen of Rhino Security Labs join me to discuss their research on Amazon Web Services privilege escalation vulnerabilities. Spencer recently revealed their AWS research on the Rhino Security Labs blog. Rhino is also rolling out a new open source AWS post-exploitation framework, designed for offensive security testing against AWS environments called Pacu. We also discuss how Ben and Spencer both found their way into the information security industry, pet peeves and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!

Tagged Amazon Key, Amazon Web Services, AWS, Benjamin Caudill, computers, hacking, Information Security, infosec, Internet, Pacu, podcast, Privacy, privilege escalation vulnerabilities, Rhino Security Labs, security, Spencer Gietzen, tech, technology

May 10 2018

Leave a comment

Cyber Security, hacking, infosec, OSINT, pen-testing, RSA Conference, SECTF, Social Engineering, vishing

PODCAST: RSAC 2018 – Joe Gray

Guest Joe Gray

My guest this episode is social engineering guru Joe Gray. Joe is a Senior Security Architect at IBM and has his own blog and podcast called Advanced Persistent Security. Joe presented a talk at RSA this year with friend of the show Rachel Tobac on social engineering and OSINT which I posted the full audio of here. Joe spoke with me about Social Engineering, OSINT, vishing, SECTFs, password inspections and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!!

Tagged ADVANCED PERSISTENT SECURITY, Cyber, Cyber Security, cybersecurity, hacking, Information Security, infosec, Internet, Joe Gray, OSINT, pen-testing, podcast, RSA Conference 2018, SECTF, security, Security Research, Social Engineering, tech, technology, vishing

Apr 29 2018

Leave a comment

Cyber Security, infosec, Internet Of Things, Privacy, RSA Conference, Social Engineering, technology

PODCAST: RSAC 2018 – Mark Nunnikhoven

Guest Mark Nunnikhoven

Mark is Vice President of Cloud Research at Trend Micro. He joined me at RSAC 2018 to discuss developing new email security gateway tools, operational technology in IoT, the new Cybersecurity Tech Accord, information security buzzwords and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!!

Tagged computers, Cyber Security, Cybersecurity Tech Accord, hacking, Internet, Internet Of Things, IoT, Mark Nunnikoven, operational technology, Phishing, podcast, security, technology, The Cyber, Trend Micro, VITB, Writing Style DNA

Apr 22 2018

Leave a comment

bug bounties, Cyber Security, Disclosure, Hackers, hacking, infosec, pen-testing, RSA Conference

PODCAST: RSAC 2018 – Katie Moussouris

Katie-M-RSAC2018

Guest Katie Moussouris

Katie is the founder and CEO of Luta Security. She presented a talk on bug bounties, penetration testing and vulnerability disclosure entitled “Bug Bounty Buzzword Bingo—Deep Dive under a Jumped Shark” at the RSA Conference last week in San Francisco. Check out her slides here.

After her talk she spoke with me about the evolution of bug bounty programs, her work in developing ISO standards for vulnerability disclosure, her path to a career in information security and much more.

This episode is the 1st in a series dedicated to RSA Conference 2018. Stay tuned for more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!!

Tagged bug bounties, Cyber Security, hacking, Information Security, infosec, Internet, Katie Moussouris, Luta Security, podcast, RSA Conference 2018, security, tech, technology, vulnerability disclosure

Apr 20 2018

1 Comment

infosec, OSINT, pen-testing, RSA Conference, SECTF, Social Engineering, social media, vishing

RSAC 2018 – Rachel Tobac & Joe Gray

Compromising a Fortune 500 Business without Hacking a Thing!

Rachel Tobac and Joe Gray present at RSAC2018!!

A simulated compromise of a Fortune 500 company as part of a social engineering competition will lead to discussion about how data was collected using open source intelligence (OSINT) beyond that of social media and tools. It will identify places to find data, providing insight for more valuable data sources. This will include a demo of OSINT techniques, phishing and a pretexting discussion.

Learning Objectives:
1: Learn how to defend against social engineering.
2: Understand the relative ease in collecting open source intelligence (OSINT).
3: Learn more about the tools and techniques used in social engineering.

CLICK HERE FOR THE SLIDES FROM PRESENTATION

CLICK HERE TO DOWNLOAD MP3 FILE

Tagged hacking, Information Security, Internet, Joe Gray, OSINT, podcast, Rachel Tobac, RSA Conference 2018, security, Social Engineering, tech, technology

Apr 14 2018

Leave a comment

Disclosure, Electronics, Hackers, hacking, HID attacks, infosec, Internet Of Things, pen-testing, Privacy, smart locks, technology, USB drives

PODCAST: Amazon Key & HID Attacks with MG

WiRPfsLy_400x400

Guest: MG

This episode’s guest is Bay Area based security researcher MG. He joins the podcast to share his work experimenting with various HID (Human Interface Devices) attacks using USB drives and cables. MG has also made news recently for disclosing a vulnerability in the Amazon Key smart lock technology and shares his experience developing the proof of concept and eventually sharing it with Amazon’s security team.

Check out MG’s work here!

Amazon Key Attack

HID attack hardware

All-USB-devices-on-table

USB Rubber Ducky by Hak5

USB-rubber-ducky

MG’s HID attack platform for USB Type-A connectors

USBA-connector

PCB-boardwithUSBAconnector

Smoke-emitting USB drive

Smoke-USB

Exploding USB drive

Apple USB Lightning connector (MG’s HID attack cable on left)

Apple-lightningbolt2

Apple-lightningbolt-1

MG’s HID attack platform for USB Type-C connectors

USBC-connectors

DIRECT DOWNLOAD OF PODCAST MP3

Subscribe on iTunes, GooglePlay and Stitcher!

Tagged Amazon Key, Information Security, infosec, smart locks, tech, technology, USB drives, USB HID attacks, USB Rubber Ducky

Mar 04 2018

Leave a comment

Cyber Security, DefCon, DEFCON 25, hacking, infosec, Instagram, OSINT, pen-testing, SECTF, Social Engineering, technology, vishing

PODCAST: Rachel Tobac

Guest – Rachel Tobac

Rachel is co-founder and CEO of Social Proof Security and Chair of the Board of Women In Security and Privacy.

Rachel discusses (and demonstrates) the art of “vishing” and social engineering. She placed 2^nd twice in the Social Engineering Capture the Flag competition at DEFCON 24 and DEFCON 25 and has become a popular speaker and advocate for personal and organizational safety through social engineering awareness.

Subscribe via iTunes, GooglePlay and/or Stitcher!

DIRECT DOWNLOAD MP3 OF PODCAST

Tagged business, computers, Cyber Security, DefCon, DEFCON 25, hacking, Information Security, infosec, Instagram, Internet, podcast, Privacy, Rachel Tobac, SECTF, security, SEVilliage, Social Engineering, tech, technology, vishing

Jan 01 2018

Leave a comment

Attribution, business, cyber crime, cyber espionage, Cyber Security, DefCon, DEFCON 25, Espionage, Hackers, hacking, infosec, pen-testing, Privacy, Risk Analysis, technology, threat analysis, WannaCry

PODCAST: Judy Towers & Michael Goedekr

This episode is an interview with intelligence analyst Judy Towers and Michael Goedekr, CEO of hackdefnet, conducted over the summer at DEFCON 25 in Las Vegas (2017). Judy and Michael share their thoughts on threat intelligence, risk analysis, dealing with C suite executives and more.

Tagged DEFCON 25, hacking, Information Security, infosec, security, tech, technology, threat intel, WannaCry

Nov 12 2017

1 Comment

Black Hat, DefCon, DEFCON 25, Electronics, Hackers, hacking, Ham Radio, infosec, Internet Of Things, Radio, SDR, Software Defined Radio, technology

PODCAST: Richard Henderson

nOvUZyKi_400x400

Guest Richard Henderson talks about his workshop on SDR in Las Vegas at DEFCON25!

Slides from Richard’s SDR workshop at DEFCON 25: DEFCON-25-Scanning-The-Airwaves

Richard Henderson is global security strategist at Absolute Software. We recorded this interview in July 2017 during the Black Hat 2017 security conference in Las Vegas, NV. Podcast available on iTunes, Google Play and Stitcher. Subscribe!

Tagged Black Hat, computers, DefCon, DEFCON 25, hacking, Ham Radio, Information Security, infosec, Internet, Internet Of Things, IoT, podcast, Radio, SDR, security, Software Defined Radio, tech, technology

Vince in the Bay

VITB 4 LYFE

Tag Archives: technology

PODCAST: Ben & Spencer from Rhino Security Labs

PODCAST: RSAC 2018 – Katie Moussouris

PODCAST: Amazon Key & HID Attacks with MG

PODCAST: Judy Towers & Michael Goedekr

PODCAST: Richard Henderson

VITB 4 LYFE

Tag Archives: technology

How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days

The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem

Share this:

Share this:

Share this:

Like this:

Share this:

Share this:

Compromising a Fortune 500 Business without Hacking a Thing!

Share this:

Share this:

Like this:

Share this:

Share this:

Like this:

Share this: