On this page
exploits
Explore " exploits" with insightful episodes like "Out with the Old, In with the New: What's Ahead for FedRamp", "Security Chaos Engineering with Kelly Shortridge", "Federico Kirschbaum on a life in the Argentina hacking scene", "Hacking, de dunne lijn tussen goed en kwaad ..." and "#69 - Distractions Open 24 Hours" from podcasts like ""CarahCast: Podcasts on Technology in the Public Sector", "RunAs Radio", "Security Conversations", "My Precious Data" and "Skids Podcast"" and more!
Episodes (37)
Security Chaos Engineering with Kelly Shortridge
Ready to inject a little chaos into your systems? Richard talks to Kelly Shortridge about her book Security Chaos Engineering. Kelly discusses the challenges of modern cybersecurity - how do you find weaknesses in your infrastructure and security systems? This leads to a discussion about challenging assumptions by exploring the workflows that exist in your infrastructure today. Exploring the workflows shows where assumptions exist, and that opens the door to testing them. There's sure to be some low-hanging fruit you can deal with, but eventually, you're left with tests that have to be set loose on your system - and you'll find out how resilient you really are!
Links:
Recorded August 22, 2023
Federico Kirschbaum on a life in the Argentina hacking scene
Hacking, de dunne lijn tussen goed en kwaad ...
Vaak denken mensen dat hackers altijd op een eenzame zolderkamer ineengedoken over een computer zitten, om toegang te krijgen tot een systeem, bankrekeningen, data of bestanden. Dit is echter meestal niet het geval. Vaak werken ze samen of zitten er goed georganiseerde organisaties achter de cyberaanvallen waar we veel over horen. Bovendien hoeft een hacker niet altijd kwaadaardige bedoelingen te hebben, want van origine is het iemand met veel technische kennis over computers die op een onconventionele manier een IT gerelateerd probleem oplost. In België is er daarom een nieuwe security wetgeving van kracht gegaan. Dankzij een nieuw wettelijk kader krijgen ethische hackers meer vrijheid om Belgische bedrijven te hacken.
Maar is het wel verstandig om ethisch hacken wettelijk toe te staan? Of is dit een baanbrekende wet, die de digitale maatschappij veiliger gaat maken? Tijdens deze podcast legt security evangelist Eddy Willems hoe deze unieke wetgeving er precies uitziet en vertelt hij wat ethisch hacken nu eigenlijk is. Daarnaast gaat hij dieper in op de verschillende ‘soorten’ hackers en zet hij uiteen hoe hackersgroepen te werk gaan.
#69 - Distractions Open 24 Hours
On episode 69 of the Skids Podcast;
- Snow Day
- Hummer
- Speed Running/Exploits Video games
- Shane Hates Everyone
- Distractions
- The news sucks
- Computers in schools
- Adam Sandler
- Ohio Train Wreck
- "Suicides"
- The Meme
- Unilad
- Tropic Thunder/This is the End
- Back in the day...
- Swatting
- Stores open 24 Hours
- Bill Heder/Barry
- Tim and Steven Spielberg
- Blackface
- Velvet Alley AD
- Coffee Brand Coffee AD
#skidspodcast #garbagepailskids #podcast #comedy #stevenspielberg #speedrun #videogames #distractions #ohiotrainwreck #ohio #mayorpete #adamsandler #suicides #tropicthunder #thisistheend #sethrogan #barry #billheder #news #hummer #computers #meme #swatting #open24hours #unilad #exploits #netflix #HBO #blackface
Opening Theme -
Title: Garage - Topher Mohr and Alex Elena (No Copyright Music)
Video Link: https://youtu.be/JQMpl4Peln8
Genre Music: Rock - Country
Opening Video -
Dumpster fire Brighton Fire 04-18-13
https://www.youtube.com/watch?v=8n3ZzWKXaU4
Velvet Alley Designs -
https://velvet-alley.com/
Coffee Brand Coffee -
https://coffeebrandcoffee.com/
Use the coupon code: gps1 to receive 5% off your purchase. You will be supporting an independent, growing company, as well as our show in the process!!
The Yatta Song Now, with subtitles! Be afraid Be VERY afraid
https://www.youtube.com/watch?v=KUOwbcdZozQ
This Week in DAOs: WAGBTC Part II, Exploit Avoidance, and DIY Nouns-Style
In this week’s episode of DAO or Never, we’re experiencing deja vu - and a little bit of nostalgia - with Constitution DAO part II. We also talk about the work being done to understand and avoid exploits; the market for studying web3; and the release of a quick and easy way to build a Nouns-style community. Let’s dive in!
Key Takeaways:
Constitution DAO, Take Two
Funding Exploit Research
DXdao Avoided Exploit Explained
Sotheby’s Metaversity
Nouns Builder Released
Additional Resources:
Learn more about Logos DAO
Connect with Logos DAO on LinkedIn and Twitter
Get all the news from DAO or Never
If you enjoyed this episode, please follow, rate, and leave a review on your favorite podcast platform!
Charlie Miller on hacking iPhones, Macbooks, Jeep and Self-Driving Cars
Doing Exploits in Dangerous End Times
Beers with Talos, Ep. #110: The 10 most-exploited vulnerabilities this year (You won't believe No. 6!)
Talos Takes Ep. #92: Kenna 101 — How to read a CVE
Project Zero's Maddie Stone on the surge in zero-day discoveries
Jeremiah Gilbert is an award-winning photographer and travel writer who has explored over a 100 countries. Pictures to show and stories to tell.
Jeremiah Gilbert is an award-winning photographer and travel writer based out of Southern California.
His travels have taken him to over a hundred countries and territories around the globe. His photography has been published internationally, in both digital and print publications, and has been exhibited worldwide, including in Leica’s LFI Gallery.
His hope is to inspire those who see his work to look more carefully at the world around them in order to discover beauty in unusual and unexpected places. Personally, I am a huge proponent of trying to get people to travel more and become educated and enlightened about the beautiful places in our fragile World.
Jeremiah is the author of the books:
- Can’t Get Here from There: Fifty Tales of Travel
- From Tibet to Egypt: Early Travels After a Late Start
Find him right here:
https://jeremiahgilbert.com/media-press/
https://www.instagram.com/jg_travels/
Getting a Security Audit with Paula Januszkiewicz
What's a security audit, and why do you need one? Richard talks to Paula Januszkiewicz about auditing security, technical reviews, and so-called penetration testing. Paula talks about needing outside experts who focus on the scope of exploits out in the world today to help make sure all aspects of your company's systems are reasonably secure - there is no such thing as perfect security! The conversation gets into the details around finding a good auditor, what to expect from them, and what they will expect from you - a good security audit takes time, and is a conversation!
Recorded December 21, 2021
#16: Bezpiecznik i profesjonalista z powołania - Andrzej Dyjak
Jak wygląda pełen profesjonalizm w IT? Przekonaj się sam w mojej rozmowie z Andrzejem Dyjakiem. Do branży IT można wejść kilkoma drogami, ale mój gość,zaczął od tej, która nie wydaje się najbardziej oczywista. A jaka?
Zapraszam na rozmowę o karierze w bezpieczeństwa IT, wyborach życiowych i zawodowych, pracy w różnych miejscach na świecie i jak to przełożyło się na wybór dalszej drogi. Andrzej jest rzadkim przypadkiem osoby, która wie czego chce, wie jak to zdobyć, i konsekwentnie do tego dąży, a jednocześnie ostrożnie i mocno waży słowa, które wypowiada na zewnątrz.
>>> ==== TY MOŻESZ BYĆ CZĘŚCIĄ TEGO PODCASTU ==== <<<
Pamiętaj, jeżeli masz jakieś pytanie, nagraj je i wyślij na podcast@onyszko.com. Możesz też wysłać je jako e-mail, ale fajnie by było gdybyś je nagrał(a) i stał się częścią tego podcastu.
📢📢📢 Podziel się! Link do odcinka, gotowy do udostępnienia niezależnie od platformy: https://share.transistor.fm/s/a1c14a9f
>>> ==== TY MOŻESZ BYĆ CZĘŚCIĄ TEGO PODCASTU ==== <<<
O czym usłyszysz w tym odcinku podcastu?
- Niesamowita historia wejścia w branże IT poprzez szukanie exploitów w oprogramowaniu
- O rynku exploit cyber-security i jak wpływa on na pracę i wybory w zakresie etyki w branży IT
- Czym jest DevSecOps i jak się to je?
- O podróżach, zmianach lokalizacji, pracy w różnych miejscach i uczeniu się "framework" społeczeństwa
- Z czego wynika różnica dojrzałości pracy w IT (i nie tylko) w poszczególnych krajach i jak przekłada się to na dojrzałość rynku.
- O wykorzystaniu unikalnych cech charaktery do kształtowania swojej ścieżki kariery.
- O trzech umiejętnościach, których musisz nauczyć się aby pracować niezależnie ale również pracując w jakiejś organizacji.
- Trendach w bezpieczeństwie i nie tylko i jak mogą się one przełożyć na naszą branżę
- O ekonomii bezpieczeństwa i jak ona działa?
Referencje do materiałów wymienionych w odcinku:
- Bug Bounty (Wikipedia)
- This Is How They Tell Me the World Ends: The Cyberweapons Arms Race - książka o rynku błędów cyber-security
- NSO Group (Wikipedia)
- DevSecOps (Wikipedia)
- The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win (Book)
- The War of Art (Book)
- Developer Hegemony
- The Goal
- Building Secure and Reliable Systems
- The Art of Software Security Assessment
Miejsca gdzie możecie spotkać Andrzeja w sieci:
Rozwiązania, produkty, usługi Andrzeja w sieci
- https://bezpiecznykod.pl/ - Doradztwo i Szkolenia
- https://bezpiecznykod.pl/akademia/ - kurs online
- https://bezpiecznykod.pl/podcast - podcast
- http://appsec.pl/ - mailing
Pozostańmy w kontakcie >> Zapisz się do mojego newsletter (EN) <<
Gdzie mnie znajdziesz w sieci:
- Blog: https://www.onyszko.com/
- Twitter: https://twitter.com/tonyszko
- LIN: https://www.linkedin.com/in/tomaszonyszko/
Firmowo:
- Blog: https://www.predicagroup.com/blog/
- Może znajdziesz coś dla siebie: https://www.predicagroup.com/careers/
DevSecOps in 2022 with Jess Dodson
2021 was a tough year for security - how can we do better in 2022? Richard chats with Jess Dodson about working to get better at information security in your organization. Jess talks about the log4j exploit as a great example of "what don't we know" - and the need for a software bill of materials as part of your configuration management database. Having a list of the libraries that internal applications depend on helps you respond in a time of crisis, being able to answer the question "where are we vulnerable?" This leads to a conversation about better DevSecOps - where development, security, and operations all take security seriously and help each other to help the organization succeed!
Links:
Recorded December 20, 2021
Costin Raiu on the .gov mobile exploitation business
Deprecating Basic Auth with Greg Taylor
Basic authentication is going away in Exchange Online - how will it impact you? Richard talks to Greg Taylor about the long-planned end of basic authentication support in Exchange Online. Greg talks about the fundamental vulnerability of basic authentication systems like POP and IMAP - and how many systems still use them by default. Too many business email compromise and ransomware attacks happen through an email hack, and getting rid of basic authentication will help. Basic auth goes away in October of 2022, and Greg discusses the many ways that Microsoft is assisting IT Pros to get to secure email protocols running before that happens!
Links:
Recorded October 25, 2021
Throwback: Zero-day exploit broker Chaouki Bekrar
It’s Just an Exploit Popularity Contest...
Recorded June 5, 2020 –Prod. Note: Things are a hot mess right now and the team thinks that there are voices you have needed to hear more than ours, so we held back on releasing a few episodes. This is the last of those withheld eps, please pardon any weeks-old info. Be safe, be kind, and listen to each other. Black lives matter.
This was a difficult show to make in light of the events the week prior. We were all in a mood along with the rest of the US and the world, and it showed. There was no amount of editing that could save that Roundtable. Regardless, we dig into vulnerabilities and exploits this episode starting with looking at the top 10 most exploited vulns from a recent CISA report (Full disclosure: Talos assisted in the creation of that report). We start to dig into some deeper convos around pentesting platforms and exploit stability that are sure to come back up soon. Full show notes on the Talos blog
How is Artificial Intelligence Changing Cyber Crime?
Cyber threat intelligence is a conceptual term with an international impact. Agencies around the world are racing to identify and stop cybercriminals from infecting and infiltrating networks to use our data against us. In this episode of No Password Required, Dr. Sagar Samtani, assistant professor of information systems and decision sciences at the University of South Florida, explains the cyber threat intelligence (CTI) life cycle and what you and/or your organization should do to help protect data assets and prevent cyberattacks.
Data is the prime target of many cybercriminals, yet what data they are searching depends on their goals. Are they scraping for social security numbers? Obtaining passwords? Collecting credit card numbers? Or worse? And why? It’s hard to imagine all the ways that data can be exploited.
Your data is widely available depending on where and how you store your data and whom you give permission to access that information. Personal choices, like having a smartphone, can be a gateway to someone collecting your data. Being on the grid with a social security number, health insurance, financial accounts, all these bits of information are housed somewhere, and cybercriminals know this. With the help of artificial intelligence (AI), cybercriminals are able to scrape data faster than ever before and with the launch of quantum machines, our security choices will be paramount to protecting our identity and data assets.
Cyber threat intelligence is helping individuals and industries protect themselves by understanding what is important, what are the exploits, and how to effectively respond. It is also helping to refine artificial intelligence algorithms to better assist in threat analytics. Dr. Samtani describes how industries are responding to industry-specific cybercrimes and developing response standards, protocols, and frameworks. He gives the example of the healthcare industry and HIPAA compliance as well as financial institutions and their evolving PCI compliance protocols. Understanding why a data asset is a target is a key facet to the cyber threat intelligence life cycle.
What are the Four Phases of Cyber Threat Intelligence?
- Identify what assets you (an organization) possess that hold value, e.g., a social security number, and how to protect those assets
- Data collection that is relevant to those critical cyber assets
- Threat analytics – whether traditional or AI techniques are being utilized
- Operational Intelligence – how is the compromised data actually used or exploited
Dr. Samtani explains there are two basic types of cyber threat intelligence analytics. First are the traditional threats, such as malware analysis. The second category is quickly changing as artificial intelligence evolves: data mining, text mining, and natural language processing based on pattern and techniques. Building systems that are designed to log and report data is crucial to discovering breaches and reporting them to prevent further penetration.
Once Data is Stolen, Where Does it Go?
Dr. Samtani discusses how hackers, cybercriminals, even geopolitical threat actors are using the data. He explains how the Dark Web is playing a role as a marketplace and toolbox for hackers. He details the four basic platforms--forums, Dark Web marketplaces, darknet carding shops, and internet relay chat--that cybercriminals use to complete their tasks and possibly grow their notoriety. Hacker behavior on the Dark Web is unlike traditional crime circuits where anonymity is preferred. There are tiers of hacker and they can use their screen names to build their reputation for monetization, credibility, and recognition. Artificial intelligence is being fine-tuned to help detect cybercriminals through intelligent predictions.
Security Protocols and the Danger of Oversharing
Individuals, organizations, developers, and even marketers play a role in security. Developers who were once tasked in racing product to market are now evolving to build-in and protect against exploits. Cultures are changing to bring awareness of the dangers of oversharing and learning from other’s breaches and incidents. Dr. Samtani and No Password Required host Bill McQueen discuss how oversharing can be as simple as a phone call asking what version a software is on and divulging that information, likening that to handing over the keys to a car.
The Study of Cybersecurity Science
As computing evolves, so do the crimes; the cybersecurity field is in the infancy of where it will be potentially. Developing talented professionals to stop cybercriminals, building frameworks and protocols, and advocating for strong cyber cultures at home and in the workplace will be essential to the future. There is ample opportunity for employment and research in the field of cybersecurity, cyber threat research, and cyber threat intelligence.
TIME STAMPS
1:12 Who is Dr. Sagar Samtani
1:30 How Does AI Automate Cybercrime and Cyber Threat Intelligence
3:08 The Four Phases of the Cyber Threat Intelligence Life Cycle
7:43 How Do You Rate and Respond to a Cyber Threat
10:03 Industry Specific Frameworks for Threat Identification and Mitigation
10:24 Data Characteristics in Cybersecurity
11:20 Defcon and AI Village
11:48 Tuning Algorithms for Cybersecurity
12:54 How are Hackers Fighting Against AI Detection
13:53 Developing Organizational Strategies to Counter Cybercrime
15:19 Cybersecurity/AI Ethics and Rules
18:40 Dark Web & Data
19:38 Dark Web Platforms
22:53 Access to Dark Web Platforms
23:50 Hacker Notoriety – Reputation, Monetization and Detection
27:40 Developers & Cyber Security Protocols
29:35 Double-Edged Sword of Sharing Cybersecurity Capabilities
30:40 Operational Intelligence and Risk Management
31:58 Hacker Behavior on the Dark Web/Darknet
33:40 What Can We Do to Protect Ourselves? Following the CTI Lifecycle
35:44 Cybersecurity Science as a Legitimate Field