Dec 9, 2013
In this presentation we continue to discover how to best prepare for a penetration test. However, this time it is a bit different, as we are going to cover how to prepare for the eventual compromise. What do attackers and penetration testers do once they exploit a system? How can you best prepare and detect and stop the pivot? Because you must... Stop.. The.. Pivot. We will also share a number of tricks on how to pivot without being detected, and how best to test your web proxies and egress firewalls.
Dec 8, 2013
Puffy-cheeked Paul, Larry and Jack are back with stories of the week from securing your Apache server to talking about Dave Kennedy and the healthcare.gov site, hacking bug bounties and security con videos are available online. Plus a ton more!
Dec 8, 2013
Thomas works for NCC Group as a Security Consultant, conducting all different types of security assessments. Ryan is a British Computer Security graduate, security enthusiast and Security Engineer for RandomStorm living in France. He is interested in Web Application Security and Information Security in general. http://www.scriptalert1.com is a very simple and concise platform to explain Cross-Site Scripting, it's dangers and mitigation. Our aim is for penetration testers to include a link in their pen test reports to the resource and to get it to be the de facto description for semi-technical / tech savvy managers.
Dec 8, 2013
Before he wrote hashcat he was a bug hunter for fun, focusing on open source software. After 2005 he only did bug hunting on commercial software and therefore not allowed to disclose product names. In 2010 he started hashcat and since that time it's the only project he's been working on.
Nov 28, 2013
Greg Hetrick joins Paul this week to talk about all the interesting and fun stories of the week in the world of IT security!
Nov 23, 2013
As always the guys have some great discussions and stories of the week!
Nov 22, 2013
Kyle is an information security engineer who devotes his spare time to exploiting the ‘internet of things’. He enjoys lockpicking, CTFs, tinkering with electronics, exploit development and blogging about his findings. He is the founding member of Louisville Organization of Locksport.
Nov 22, 2013
Deciphering the Episode 350 crypto challenge with Mike Connor.
Nov 12, 2013
Winn Schwartau is one of the world's top experts on security, privacy, infowar, cyber-terrorism and related topics. He is well known for his appearances at DEFCON as the host for the game Hacker Jeopardy.
Nov 12, 2013
The Cavalry Isn't Coming - Preserving Security Research Through the Demonstration of Public Good.
Nov 12, 2013
Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant performing reverse engineering, exploit development, threat modeling, and penetration testing. The technique of stealing the token of a process with higher privileges in order to achieve privilege escalation is often used during Kernel exploitation.
Nov 12, 2013
Dan Philpott is a Solutions Architect with Natoma Technologies working with Federal customers on cloud computing and federal information security projects. His work focuses on federal information security initiatives including FISMA, cybersecurity, FDCC, USGCB, HSPD-12, risk management and other federal information assurance initiatives
Nov 11, 2013
Mona can be used by pentesters and exploit developers to take a proof of concept crash and turn it into a working exploit in a quick and organized fashion, eliminating downtime.
Nov 7, 2013
We've all heard the term "Hacking Back". We all have mixed feelings about this term. Lets be clear, its not about feelings! The revenge-based "hacking back" was doomed for failure from the beginning. On the flip side, we're losing the battle against attackers on many fronts. What can we do? Setting traps, tracking attackers, luring them into areas of the network and systems deemed "honeypots" is on the table, or is it? What are the legal ramifications to this activity?
Nov 7, 2013
SCADA systems are being attacked and making headlines. However, this is not news, or is it? There is a lot of new found "buzz" around attacking SCADA and defending SCADA. Technology has evolved and many systems are Internet connected and more advanced than ever. Water, power, electric, manufacturing all have SCADA.
Nov 7, 2013
Episode 350 is dedicated to Veterans, so we found it only fitting to have a panel with InfoSec individuals who are also Veterans. We want to discuss how serving in the military has helped these people in their careers.
Nov 7, 2013
Kevin Finisterre is a Senior Research Consultant with Accuvant, has hacked everything from utilities providers to police cars and is keen on disseminating information relating to the identification and exploitation of software vulnerabilities on many platforms.
Nov 7, 2013
Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. Also creator of dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006. ;)
Nov 7, 2013
Contacts: lvdeijk@gmail.com angelo.dellaera@gmail.com They can also be reached on twitter: @ProjectHoneynet @angelodellaera @lvdeijk
Nov 7, 2013
Discussion of expectations of privacy today and what does privacy mean.
Nov 4, 2013
Greg Hetrick shows us how to better lock down our Java apps since we can't "just uninstall Java!"
Nov 4, 2013
Description: Extracts and outputs HTML/JS comments from HTTP responses. Why would someone use the tool or technique ? : "The attached script makes use of patterns to extract HTML comments from HTTP responses. There are times sensitive information may be present within HTML comments. While this does not necessarily represent a breach in security, it can give an attacker leverage useful for exploitation."
Oct 16, 2013
Jack's rantapocalypse, popping penguins, the Yahoo bounty, Paul wants a new phone and the Blackhole kit guy goes down. We think.
Oct 12, 2013
Heather Mahalik is a senior digital forensics analyst at Basis Technology. As the on-site project manager, she uses her experience to manage the cell phone exploitation team and supports media and cell phone forensics efforts in the U.S. government. Heather is a certified SANS instructor and teaching the upcoming course Advanced Smartphone and Mobile Device Forensics.