The Cyber Riddler

In this episode of the cyber riddler, we talked about  the critical first stage of cyberattacks: Initial Access. Learn how hackers breach organizations using tactics like phishing, exploiting vulnerabilities, stolen credentials, and supply chain attacks. We'll explore real-world examples, discuss why initial access is so crucial, and share practical strategies to defend against these threats. Whether you're a cybersecurity professional or just curious about how breaches happen, this episode is packed with insights to help you stay one step ahead. Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode, we explore the modern cybersecurity threat landscape, examining sophisticated attacks like ransomware-as-a-service, supply chain breaches, and file-less malware. We discuss essential defensive strategies, including the use of Zero Trust architecture, behavioral analytics, and other tools. Alongside these defenses, we emphasize the importance of proactive threat hunting and a strong incident response plan. This episode serves as a reminder of what you should do and hunt for threats in your environment.Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode of The Cyber Riddler podcast, we venture into the shadowy world of zero-day exploits, one of the most well known threats in the cybersecurity world . Zero-day exploits represent vulnerabilities that can be targeted before they are even known to exist, making them a significant concern for both organizations and individuals. We explore the lifecycle of a zero-day exploit, from discovery and weaponization to delivery and exploitation. Through notable case studies, we illustrate the profound impact these exploits can have. Additionally, we discuss the challenges faced by incident responders in dealing with unknown threats and the strategies that can be employed to defend against them. Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode, delve into the world of cyber security through the lens of expert threat hunters. As they navigate the complex digital landscape, these skilled professionals employ advanced techniques and tools to investigate systems meticulously. Their mission: to unearth hidden implants and payloads that lurk undetected, posing significant risks. Through a combination of expertise, intuition, and cutting-edge technology, they reveal how they stay one step ahead of cyber threats, ensuring the digital safety of organizations. Witness the high-stakes game of cyber threat hunting, where every clue uncovered could be the key to thwarting cybercriminals and safeguarding valuable data.Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode of The Cyber Riddler,  We dive into the cunning world of phishing scams, focusing on how Normal Users are reacting to these emails and how SOC (Security Operations Center) analysts can expertly analyze suspicious emails. We outline the essential tools and steps for dissecting emails, from examining sender addresses and email headers to scrutinizing links and attachments for malicious content. The episode also stresses the importance of staying updated on phishing trends, collaborative reporting, and fostering a culture of cybersecurity awareness within organizations. It's a must-listen for a normal user and cybersecurity professionals looking to sharpen their skills and anyone curious about the inner workings of email scam detection.Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

Explore the world of web security in our latest episode, 'HTTPS and TLS Tales'  deep into the mechanisms that differentiate HTTPS from HTTP, uncovering the layers of encryption, authentication, and data integrity that safeguard our online interactions. From the pivotal role of TLS to real-world cases of security breaches and the evolving landscape of cyber threats, this episode offers a comprehensive look at the technologies that keep the internet secure. Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode, we'll dive deep into the world of Threat Intelligence, exploring its critical role in cybersecurity. From the basics of data collection to the challenges of information sharing, we'll cover it all. Discover how Threat Intelligence empowers organizations to detect and respond to cyber threats, and stay ahead of evolving tactics. Join us for a comprehensive discussion that sheds light on this essential aspect of modern cybersecurity.Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

Dive into the shadowy world of lateral movement in cybersecurity.  In this episode of The Cyber Riddler. Explore how attackers stealthily navigate networks post-breach, using techniques from credential exploitation to abusing legitimate tools. Featuring real-world scenarios, this episode unveils the strategies behind advanced persistent threats and red team tactics. Learn about essential defenses like network segmentation and vigilant monitoring. Tune in for an essential guide to understanding and countering these hidden cyber maneuvers.Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode of The Cyber Riddler, we dive deep into the shadowy world of insider threats. We unravel the complexities of individuals within an organization who pose a risk to its security from the inside. We'll explore real-life cases, dissect the motives behind insider attacks, and discuss the latest strategies and technologies to safeguard your company against this often underestimated dangerTwitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode we've talked about The Lazarus Group, Which is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. We've discussed about their latest campaign where they targeted security researchers. and how they did the same act in the past. hope you like the episode.Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode we've covered the basics of malware analysis. Things that malware authors want to hide in their malware. How they want to make it hard for malware analysts to do their job. Our guest today has an extensive experience in malware analysis. He publishes many videos on malware reverse engineering on his channel and he is very knowledgeable when it comes to this field.Full Interview below:https://youtu.be/HuHATqK850sBlog Post: https://thecyberriddler.com/blog/malware-analysis-karstenKarsten's Twitter accounthttps://twitter.com/struppigelKarsten's YouTube channelhttps://www.youtube.com/@MalwareAnalysisForHedgehogsTwitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode we've talked about kernel drivers, We covered a variety of different topics like how to load a driver, signing process, HVCI and others, and we closed with Intel CET and Shadow stack. Yarden has a very great experience when it comes to windows internals topics, her work mainly in the defending side, she previously worked at SentinelOne and CrowdStrike and currently she is a senior security researcher at Trail of Bits, I hope you enjoy the episode.Full Interview below:https://youtu.be/rhmnXmxSH2kYarden's Twitter accounthttps://twitter.com/yarden_shafirTwitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

Dive into cybersecurity's captivating world with our latest episode on Vulnerability Research! Discover the secrets of ethical hackers, uncover different vulnerabilities, and explore responsible disclosure processes. Get insider tips and tricks to level up your cybersecurity knowledge. Our guest  Kevin is a renowned cybersecurity specialist and ethical hacker with years of experience and a keen eye for security flaws. Full Interview below:https://youtu.be/YURVs70d4ikOther Links:Blog Post: https://thecyberriddler.com/blog/vulnerability-research-kevin-backhouseTwitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

This Week's episode is about Windows Internals in depth, we've talked about things from an offensive and defensive perspective. Things like Hooks, Kernel callbacks, how security companies are using them and how Red Teamers are leveraging them as well. We've talked about many other concepts such as user space mode and kernel space mode, Patch Guard and many others. This episode is part of The Cyber Riddler podcast, Check out the other episodes on any of your favorite podcast apps. Just search the name "The Cyber Riddler". Not all of the episodes are in YouTube. links belowFull Interview below:https://www.youtube.com/watch?v=7pQpc1g7focPavel's YouTube Channelhttps://www.youtube.com/@zodiacon https://thecyberriddler.com/blog/windows-internalsTwitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode we talked about Digital forensics and Incident response aka DFIR, how to get started, and how crucial it is to deal with incidents. We also talked about various topics including memory dump and analysis, ransomeware and stories from the past about interesting incidents. This episode was starring Paula Januszkiewicz, CQURE CEO.Who's Paula?https://thecyberriddler.com/person/paula-januszkiewiczFind the full description on the blog post available in the podcast website below:https://thecyberriddler.com/blog/getting-started-with-dfir-paula-januszkiewiczThis episode has a video as well, you can check it out on the link below: https://www.youtube.com/watch?v=fs6kVl_r5icContact us on:Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

This week's episode talks about DNS in general and DNS attacks, we barely scratched the surface. DNS is playing a major role in our network communication and hackers take advantage of DNS attacks for their own gain. Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

LoLBins or Living Off The Land Binaries are binaries within the operating system it doesn't matter if it's a windows or unix based system. these binaries are heavily utilized by hackers to avoid detections, in this episode we will be diving into the world of LoLBins and we will discover how hackers are using them. Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode we scratched the surface of browser exploitation methods and we went through different techniques used by the attackers to gain access to your device. We also went through different old CVEs that have been used in the past. We hope you enjoy the episode. Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

In this episode we talked about cryptography in general and then we dived into the world of ransomware starting from when ransomware approximately started and then we talked about ransomware tactic and delivery mechanisms , evasion techniques and then we talked about the zeppelin  ransomware and how lance and his team were able to recover and reconstruct the keys by doing some RSA factorization and other interested techniques. the episode have a video too you can see the full episode on youtube on the link below.Full Episode on youtubehttps://www.youtube.com/watch?v=oqklfhWTNuQZeppelin article from Unit 221Bhttps://blog.unit221b.com/dont-read-this-blog/0xdead-zeppelinLance James Linkedin https://www.linkedin.com/in/unit221b/Unit221B websitehttps://unit221b.com/Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

Today's episode is about Pseudo Random Number Generators and how we can achieve Randomization. We also explain how applications can suffer big time when they don't have random values generated in their crypto systemsTwitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

Today's episode is about Pseudo Random Number Generators and how we can achieve Randomization. We also explain how applications can suffer big time when they don't have random values generated in their crypto systemsTwitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

Exploit code are amazing, But sometimes the technique behind itis what makes it shiny, In this episode I want you to look at exploitcodes from different perspective. not just finding vulnerabilities for the sake of finding vulnerabilities. always change your mindset whenyou do R&D from finding one vulnerability to finding one technique that works for majority of vulnerabilities Reference: Why You Shouldn't Trust NTDLL from Kernel Image Load Callbackshttps://www.sentinelone.com/labs/case-study-why-you-shouldnt-trust-ntdll-from-kernel-image-load-callbacks/Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

This Episode will give you a glance of Threat Intelligence and the world of APTsin this episode we will talk in general about different APT Groups, specificallyabout APT 29 aka Cozy Bear and how they achieve stealthiness while hiding in the shadows Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

This Episode will give you a glance of Threat Intelligence and the world of APTsin this episode we will talk in general about different APT Groups, specificallyabout APT 29 aka Cozy Bear and how they achieve stealthiness while hiding in the shadows Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

Today's episode is about VPNs and proxies from their standard usage to how the bad guys are using it. We will be diving through some technical aspects of using these commercial and free services and the privacy issues that comes along with it. We will also discuss some issues that might be faced while using these technologies such as log collection. Finally, we'll discuss how you can maintain your privacy while using them. Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

 Today's episode is about VPNs and proxies from their standard usage to how the bad guys are using it. We will be diving through some technical aspects of using these commercial and free services and the privacy issues that comes along with it. We will also discuss some issues that might be faced while using these technologies such as log collection. Finally, we'll discuss how you can maintain your privacy while using them. Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

The Cyber Riddler Promo, we are just getting started Hosted By: Ahmad AlmorabeaTwitter: @almorabeaWebsite: https://thecyberriddler.com