Podcasts about Black hat

  • 932PODCASTS
  • 2,265EPISODES
  • 51mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Dec 4, 2022LATEST

POPULARITY

20152016201720182019202020212022

Categories



Best podcasts about Black hat

Show all podcasts related to black hat

Latest podcast episodes about Black hat

DISRESPECTFUL NAJA_SORRY NOT SORRY!
The Way I Am Dark Story of Eminem - Suicide in the family looking serious in black hat In the absence of his father, Eminem's "male role

DISRESPECTFUL NAJA_SORRY NOT SORRY!

Play Episode Listen Later Dec 4, 2022 1:45


BarCode
Visionary with Mikko Hyppönen

BarCode

Play Episode Listen Later Dec 2, 2022 43:31 Transcription Available


Mikko Hyppönen is considered one of the world's foremost cybersecurity experts. He is known for his work on IoT security, where he coined the term “The Hyppönen law”. Currently he is working as Chief Research Officer at Withsecure and as Principal Research Advisor at F Secure. He has lectured at the universities of Stanford and Oxford and is a regular contributor to the New York Times, the Wall Street Journal and Scientific American. He was named among the 50 most influential people on the web by PC World Magazine and listed in the FP Global 100 Thought Leaders list. He speaks regularly at conferences such as Black Hat, DEF CON, HackInTheBox, OWASP, RSA, SOURCE, Security BSides Las Vegas and Shmoocon. He has advised companies such as Microsoft, Facebook, HPE, Google, Huawei, Dell and Cisco. He also advises governments around the globe including the United States, Canada, China, Japan, South Korea, Taiwan, Russia and Saudi Arabia. Mikko serves as Chairman on a number of industry organizations such as the Electronic Frontier Foundation (EFF), Digital Citizens Alliance (DCA) and Internet Archive. He is also a member of the board of directors of the International Association for Cryptologic Research (IACR).Mikko sits down with us to chat about his background, the internet, the future of the web and what advice he would give to aspiring security professionals.Danny Boy smartly pours a “Finnish Long Drink”.Support the showContact BarCode Support us on Patreon Follow us on LinkedIn Tweet us at @BarCodeSecurity Email us at info@thebarcodepodcast.com Thanks for listening, and we will see you next round!

Hackaday Podcast
Ep 195: No NABU for You, Self-Assembling 3D Prints, Black Hats Look at EV Chargers

Hackaday Podcast

Play Episode Listen Later Dec 2, 2022 68:17


This week, Editor-in-Chief Elliot Williams and Managing Editor Tom Nardi find themselves in the middle of a slow news week, so they dispense with the usual timely chit-chat and dive right into the results of a particularly tricky "What's that Sound" challenge. From there they'll cover the new breed of ATtiny microcontollers (and why you probably won't be buying them), a recently unearthed Z-80 consumer gadget that's begging to be reverse engineered, the fine art of electrifying watercraft, and a particularly impressive speech recognition engine. Stick around till the end to hear about the potential dangers of unsecured EV chargers, and take a walk down memory lane to a time when soldering irons and paper schematics ruled the world. Check out the links over on Hackaday, and as always, tell us what you think about this episode in the comments!

Black Hat Ultra
#111 Kamil Leśniak - "Młody weteran" - Black Hat Ultra Podcast

Black Hat Ultra

Play Episode Listen Later Nov 27, 2022 16:57


SEO para Google
Novedad Blackhat SEO - Crear webs en automático

SEO para Google

Play Episode Listen Later Nov 24, 2022 3:34


24-11-2022Novedad Blackhat SEO - Crear webs en automático- Chuiso lanza vídeo https://www.youtube.com/watch?v=NwTGAqrjcCo- 30 minutos- Plugin WP PAA GENERATOR- Webs automáticas- Muestra cómo- Muestra resultados- 60€/año- Inteligencia artificialRecuerda suscribirte al podcast para no perderte el resto de noticias, novedades, trucos y tendencias del mundo del SEO. Si te ha gustado comparte el episodio, dale a me gusta, deja 5 estrellas o comenta el episodio. Me ayudarás a seguir creando episodios completamente gratis y no tener que cobrar por ellos.Grupo Telegram: https://borjagiron.com/telegramTambién puedes acceder completamente gratis a todos mis curso de SEO desde https://triunfacontublog.com Soy Borja Girón, has escuchado el podcast SEO para Google, nos escuchamos en el próximo episodio.

Well PlayED
S6.E47 - Black Hat Motivation

Well PlayED

Play Episode Listen Later Nov 22, 2022 8:20


Enjoy a listen to Well Played Podcast on all things gamification. This episode we look at how we might infuse a bit of Black Hat Motivation into our games. Check out this episode and many others. Enjoy!

Daily Crypto Report
"FTX blackhat continues swapping Eth for BTC" Nov 21, 2022

Daily Crypto Report

Play Episode Listen Later Nov 21, 2022 6:25


Today's blockchain and cryptocurrency news Bitcoin is up slightly at $16,073 Ethereum is up .5% at $1,124 Binance Coin is up .5% at $259 FTX blackhat continues swapping Eth for BTC. FTX owes 3.1B to top 50 creditors. Uniswap updates privacy policy Court settles on bar date for Celsius. Deputy governor calls for digital British pound in wake of FTX collapse. Learn more about your ad choices. Visit megaphone.fm/adchoices

Black Hat Ultra
#110 Tadeusz Podraza - "Liczę poranki (a nie kilometry)" - Black Hat Ultra Podcast

Black Hat Ultra

Play Episode Listen Later Nov 20, 2022 18:03


The TechCrunch Podcast
Crypto's white knight was a black hat all along and other TC news

The TechCrunch Podcast

Play Episode Listen Later Nov 11, 2022 33:37


This week Darrell talks with Dom-Madori Davis about the coalition of VCs that are standing for reproductive rights. And Jacquelyn Melinek comes on the break down the FTX- Binance saga that's unfolded over the past week. And as always, Darrell breaks down the biggest stories in tech.Articles from the episode:More than 100 VC firms join VCs for Repro coalition to support reproductive rightsHere's the rundown on the Binance and FTX fiasco Binance's plan to acquire FTX is ‘real-life Game of Thrones' as crypto winter winds blowBinance backs out of deal to buy FTXCrypto giant Binance agrees to buy rival FTX amid ‘liquidity crunch'Other news from the week:All of the Elon Musk and Twitter news hereUS DOJ announces seizure of $3.36B in cryptocurrencyMeta confirms 11,000 layoffs, amounting to 13% of its workforceSalesforce confirms it has laid off hundreds of employees

All Things Considered - Paranormal
The Black Hat Man - MVP S5 E6

All Things Considered - Paranormal

Play Episode Listen Later Nov 8, 2022 64:58


Chris shares a personal story involving the paranormal phenomena known as the Black Hat Man. Is this a true paranormal phenomenon or is there a medical or scientific explanation?  Support the show

ITSPmagazine | Technology. Cybersecurity. Society
Supporting Security Innovation To Protect The World | A Conversation With Bob Martin @ The MITRE Corporation & Industrial Internet Consortium | Cy Beat Podcast With Deb Radcliff

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Nov 4, 2022 27:26


IT After Hours
Joe-Nathan! Jonathan D. Hernandez, The Man Behind The Books

IT After Hours

Play Episode Listen Later Nov 2, 2022 30:15


Jonathan Hernandez is CEO of Professional Programs LLC, the book and services provider for conferences like Black Hat, Pink, HDI and more. He's also my favorite face to see at any conference I speak at. We start out talking friendship, then business, then come in for the kill with our Carrot Top in Vegas Story. Jonathan's links are below and next time you're at a conference, swing by the bookstore, you might see his beautiful face!Jonathan's Links:https://www.linkedin.com/in/jonathan-d-hernandez-6b7a16155/http://www.professionalprograms.net/Ben's Links:QSTAC: https://www.ITXM.comBen's Book: https://www.amazon.com/Badass-Support-Ben-Brennan/dp/1544510276/

Quirky Voices Presents
BOGEYS AND GHOULIES - SEASON 4 - THE HAT MAN By Sarah Golding (PG 10+)

Quirky Voices Presents

Play Episode Listen Later Oct 31, 2022 14:36 Transcription Available


GREG ALBRECHT PODCAST
#239 Jak budować dyscyplinę, konsekwencję i wytrzymałość w biznesie? – Kamil Dąbkowski Black Hat Ultra

GREG ALBRECHT PODCAST

Play Episode Listen Later Oct 31, 2022 79:57


#239 Jak budować dyscyplinę, konsekwencję i wytrzymałość w biznesie? – Kamil Dąbkowski, Black Hat UltraKamil Dąbkowski – biegacz górski, twórca podcastu Black Hat Ultra, soloprzedsiębiorca. Po latach kariery w dużej organizacji zaczął pracować na własnych zasadach i monetyzować swoją pasję. Działa intuicyjnie, ze spokojem i pewnością, że wyjdzie z każdej sytuacji. Rozmawiamy o dyscyplinie, konsekwencji, dyskomforcie oczami ultrasa, który na pasji buduje własny biznes. Podcast Kamila Black Hat Ultra: https://www.blackhatultra.pl/CZYTAJ Business Unlimited Newsletter dla zarządzających

The God Show with Pat McMahon
No pointed black hat. No broomstick. But plenty of Witchcraft on the God Show, and it's magic!

The God Show with Pat McMahon

Play Episode Listen Later Oct 30, 2022


No pointed black hat. No broomstick. But plenty of Witchcraft on the God Show, and it's magic!

On The Ledger
#51 Never Been Hacked: Our New Security Update

On The Ledger

Play Episode Listen Later Oct 25, 2022 42:36


At Ledger, we deeply care about Web3 security and the values of self sovereignty, so much talent is working day in, day out on developing the best in class security solutions for your digital assets. And the truth is: we haven't really been talking that much about security here. But that is about to change… Every month, we'll take you with us behind the scenes at Ledger, to discuss the most recent developments, dive into the latest scams and hacks and answer your questions to provide you with everything you need to safely navigate this space. Charles Guillemet, our Chief Technology Officer, and Matt Johnson, our Chief Information Security Officer, will introduce you into our most secret team, the Donjon and how their crypto security experts made the event at the latest Black Hat conference, explain how our Brand Protection team detects, reports and takes down fake accounts, scams and more. Ready to get safer? This is Never Been Hacked (cause so are our devices), episode 1. Hosted on Acast. See acast.com/privacy for more information.

Dark Rhino Security Podcast
SC S8 E3 Cybersecurity Career Master Plan

Dark Rhino Security Podcast

Play Episode Listen Later Oct 21, 2022 54:48


#SecurityConfidential #DarkRhinoSecurity Dr. Gerald Auger has worked in the cybersecurity field since 2006 and holds a Ph.D. in cyber operations, is Chief Content Creator at “Simply Cyber”, and is the managing partner at the Coastal Information Security Group. His Book “Cybersecurity Career Master Plan” is a step-by-step guide for anyone who considers cybersecurity as a potential career field. 00:00 Introduction 01:20 Geralds Background 03:50 Being a lifelong learner 05:05 What drove you to write your book “Cybersecurity Career Master Plan” 08:00 Where to begin 13:00 Building your own brand 14:52 Black Hat 2022 18:20 What the government can do to help remove bad actors? 22:50 Access for Sale and Ransomware as a service 25:50 Multi-factor Authentication 30:13 Flashlight in a Dark Room Theory 35:35 What should small businesses do? 39:50 Securing the Cloud 43:22 S3 Bucket Leak 48:39 Security Awareness 53:05 Plugs from Jerry To learn more about Gerald visit https://www.linkedin.com/in/geraldauger/ https://www.simplycyber.io/free-cyber-resources https://www.simplycyber.io/blog https://www.youtube.com/c/GeraldAuger Geralds Book: https://www.amazon.com/Cybersecurity-Career-Master-Plan-cybersecurity/dp/1801073562?crid=3EBR8UHNWROGY&keywords=cybersecurity+master+plan&qid=1657667595&sprefix=cybersecurity+master,aps,150&sr=8-1&linkCode=sl1&tag=simplycyber-20&linkId=3141ad487e8cdd550a1bcfd63525209e&language=en_US&ref_=as_li_ss_tl To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: https://www.instagram.com/securityconfidential/ Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ Twitter: https://twitter.com/darkrhinosec LinkedIn: https://www.linkedin.com/company/dark-rhino-security Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

Perfectville - Miami Dolphins
The Black Hat Dolphins (Week 7 Preview)

Perfectville - Miami Dolphins

Play Episode Listen Later Oct 20, 2022 33:54


Welcome BACK To Perfectville! Sam hops in the virtual saddle to discuss the golden opportunity that The Miami Dolphins have to rock the black cowboy hat for the NFL. Since the league, the media and fanbases want to corwn the South Florida crew as such, Sam suggests we let them and rock the crown as hard as we can. Plus, with Chris Cullen still on assignment, Sam welcomes a familiar guest back to the show. He and the mystery guest discuss The Vikings game, possible trade partner for Miami before the deadline and of course...the return of Tua for the Brian Flores/Steelers revenge game. Enjoy and Welcome To Perfectville!

Seller Sessions
Protecting Yourself From Blackhat in Q4 with Howard Thai

Seller Sessions

Play Episode Listen Later Oct 13, 2022 17:04


Protecting Yourself From Blackhat in Q4 with Howard Thai   Howard and I chat about the 5 most common blackhat tactics and how to counter and deal with them.   Howard Thai is a former top 50 Seller on all of Amazon, and his origin story as a Seller is an epoch itself. Between selling thousands of units of hoverboards daily and battling with Apple Inc. on Amazon, the story of his humble beginnings is a story too long to tell. But this is all you need to know about Howard…   Signalytics.ai Elitesellersociety.com https://howardthai.com/

ITSPmagazine | Technology. Cybersecurity. Society
Securing Small And Medium Businesses Takes A Village | A Conversation With Renee Guttmann | Cy Beat Podcast With Deb Radcliff

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Oct 12, 2022 25:01


Renee Guttmann is applying her twenty years of C-level security experience at the Fortune 50 to help SMBs.SMBs need help understanding risk and prioritizing controls within their budgets, and Renee Guttman, CISO to the Fortune 50, VC advisor, and founder of CISOhive, talks about how security innovation, especially in the areas of AI and machine learning can help.____________________________GuestRenee GuttmannCISO to the Fortune 50, VC advisor, and founder of CISOhiveOn LinkedIn | https://www.linkedin.com/in/renee-guttmann/____________________________HostDeb RadcliffOn ITSPmagazine  

Mac Admins Podcast
Episode 286: Thijs Alkemade on the vulnerability from Black Hat

Mac Admins Podcast

Play Episode Listen Later Oct 11, 2022 45:03


One of our favorite things about interviewing security researchers is that those who can talk about what they do at places like DEF CON and Black Hat are the good guys. They exploit vulnerabilities and report their findings to vendors so that humanity can stay safer on our devices. If it weren't for them, the vulnerabilities would likely be uncovered and sold on the black market or used by nation states. So a huge thanks to our guest Thijs Alkemade for his hard work and talk at DEF CON and Black Hat on process injection for Mac apps! Hosts: Tom Bridge - @tbridge777 Charles Edge - @cedge318 Guests: Thijs Alkemade - @xnyhps Transcript: Transcription of this episode brought to you by Meter.com Click here to read the transcript Links: Process injection CVE-2021-30873 How Signing and Privacy Xcode Options For Developers Translate to MacAdmins - krypted Process injection: breaking all macOS security layers with a single vulnerability · Sector 7 Thijs Alkemade (@xnyhps) / Twitter Sponsors: Kandji Black Glove Mosyle Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson

Hacker Valley Studio
Beers, Tears, & Breaking Through in Cybersecurity Marketing with Gianna Whitver & Maria Velasquez

Hacker Valley Studio

Play Episode Listen Later Oct 6, 2022 31:20


In this special episode, Hacker Valley community members and hosts of the Breaking Through in Cybersecurity Marketing podcast, Gianna Whitver and Maria Velasquez, tell all about the ups and downs of cyber marketing. As podcast hosts and founders of the Cybersecurity Marketing Society, Gianna and Maria eat, sleep, and breathe cybersecurity marketing. This week, Gianna and Maria share the history behind the Society and explain why they decided to host their CyberMarketingCon2022 conference in person.   Timecoded Guide: [02:41] Creating the Cybersecurity Marketing Society [06:29] Transitioning CyberMarketingCon2022 from virtual to in-person [10:50] Combating the difficulty of growth marketing to cybersecurity practitioners [18:34] Examining ROIs for attendees of conferences like Black Hat and RSA [28:15] Finding the one thing they would instantly change about cyber marketing   Sponsor Links: Thank you to our sponsor Axonius for bringing this episode to life! Life is complex. But it's not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone   How did the Cybersecurity Marketing Society come to exist? Gianna and Maria initially met and bonded over how the cybersecurity marketing world is constantly changing and evolving, for better or worse. They would get together to chat, as well as share strategies and insights. They quickly realized, through their friendship, that there was potential for a solid community in cybersecurity marketing. They started a Slack channel, just to put something out there. The channel grew from 10 participants into a bustling community of over 1500 people. Now, the Society is growing every day and hosting online events. “It's always really nice to look back at the start, and it humbles you, right? As you continue this hustle of just growth and ongoing things happening, it's nice to take a step back and say, ‘Wow, look at where it all started.' It seemed like just a crazy idea then.” –Maria Velasquez What inspired the leap to host an in-person conference for CyberMarketingCon? Back in 2020, while everyone was experiencing the height of the pandemic, members of the Cybersecurity Marketing Society were still interested in making connections with other professionals in the industry. Gianna and Maria decided the best option available was hosting virtual conferences in 2020 and 2021. Later, they branched into in-person chapter meetups in cities around the world. An in-person CyberMarketingCon2022 seemed like the next natural step in the process to cement those community connections. “We started planning on a spreadsheet, basically. What's the theme? What do we want to cover in terms of topics? We looked to our members within the Society to hear what they'd like to learn at the conference and the speakers they'd like to see.” –Maria Velasquez   What makes it so difficult to market to cybersecurity practitioners? Cybersecurity practitioners are notoriously skeptical. Their purview is full of phishing links and threat actors, and their guards are always up. Practitioners also often have a revolving door of folks wanting them to try demos, which makes it harder for someone to stand out. Maria and Gianna explain that you have to create a different kind of connection to build a relationship with practitioners, and advise marketers to avoid the cringeworthy commercial buzzwords. “We're here to make sure that together, as an industry, cybersecurity marketers default to the best practices in marketing to practitioners, and that we're not bothering our target audience. We're doing great marketing, so that we can help everyone be more safe.” –Gianna Whitver   What did the ROIs look like for attendees of Black Hat and RSA? In general, according to Gianna and Maria, the return on investment seemed higher for attendees at Black Hat, rather than at RSA. For marketers, RSA is less about selling and more about brand awareness and meeting with investors. In contrast, those who attended Black Hat reported that, even though the quantity of traffic at their booths was lower, the quality of the connections was higher, and there is a lot of optimism about opportunities to connect next year becoming more frequent. “We're going to keep doing this every year. We're going to keep expanding the survey, we're going to have better data. I'm really looking forward to next year's debrief on Black Hat and RSA, seeing how things changed and how companies perceive their ROI.” –Gianna Whitver ----------  Links:  Grab your ticket to the CyberMarketingCon2022 Follow Gianna on LinkedIn Catch up with Maria on LinkedIn Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio

ITSPmagazine | Technology. Cybersecurity. Society
Martial Arts, Marksmanship, And ICS Cyber Incident Response | A Conversation With Lesley Carhart | Cy Beat Podcast With Deb Radcliff

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Sep 30, 2022 25:11


Lesley Carhart, former Air Force Reserve, talks about how the Air Force started her on the path of cyber safety and society, her work at Dragos, and career outreach to young people.As lead incident responder at Dragos, Lesley is at the center of some of the coolest industrial control system investigations reported to media. Most of the incidents they investigate are financial-based crimes like ransomware, followed by insiders who know how to cause the most mayhem, and state-sponsored attacks trying to get a foothold or backdoor into ICS systems so they can launch future attacks.____________________________GuestLesley CarhartDirector of ICS Cybersecurity Incident Response at Dragos [@DragosInc]On Twitter | https://twitter.com/hacks4pancakesOn LinkedIn | https://www.linkedin.com/in/lcarhart/____________________________HostDeb RadcliffOn ITSPmagazine  

OODAcast
Episode 102: Joseph Menn: Observations From Two Decades Of Tech Journalism

OODAcast

Play Episode Listen Later Sep 30, 2022 56:00


Covering technology issues, and specifically cybersecurity as a journalist is a tough endeavor. Some of these technologies are complex as are the security vulnerabilities often inherent in their deployment and making these topics broadly accessible can be a challenge. Many of the underlying issues touch upon national security and civil liberties creating an interesting nexus that must be highlighted in the proper context. Lastly, it can be a challenge to create trusted relationships with the hacker community, but they provide essential perspectives and leads. Joseph Menn has established himself as one of the top journalists covering these issues for over two decades at organizations like the Financial Times, Los Angeles Times, Bloomberg, Reuters, and now at the Washington Post. He's spoken at conferences like Black Hat, Def Con, and RSA. He's written three books covering topics like Napster, cybercrime, and most recently the infamous hacker group cDC in his book "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World". In the OODAcast, Joseph provides insights from his career as a journalist covering technology and cybersecurity. We explore how he first got involved with Def Con Black Hat and the value of attending the events. Joseph discusses how he first got introduced to the cDC and why he decided to write a book about the group and developed an overall positive outlook in the critical role hackers will play in saving the world. Official Bio: Joseph Menn joined The Washington Post in 2022 where he specializes in computer security, hacking, privacy and surveillance. He has perhaps the longest running track record among professional journalists covering cyber security and cyber conflict issues, having over two decades of experience on the topic. Prior to the Washington Post he covered cybersecurity and technology for Reuters, the Financial Times and the Los Angeles Times His books include "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World" (2019) and "Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet" (2010). External Links: Cult of the Dead Cow book Joseph Menn on Twitter Book Recommendation:  The Dawn of Everything

Security Stories
55: Privacy rights in our current world, with Ashlee Benge

Security Stories

Play Episode Listen Later Sep 27, 2022 56:01


On today's show our guest is one of our very own - Ashlee Benge, Strategic Intelligence Lead on the Cisco Talos team. After a very informative presentation at Blackhat on "Opsec in a Post-Roe World' we wanted to dive deeper with her to learn about the impact and implications on the security industry, practitioners and the world at large. The episode covers a vast range of discussion, with the fundamental hope to inspire people to take charge of their privacy and develop agency around big decisions made by regulators. Join us for a raw, rich and very real conversation. Oh, and some exciting news underway for the podcast!To read more about this topic, take a look at Ashlee's in depth article: Our current world, health care apps and your personal data

Hacking Humans
Simulated Phishing (noun) [Word Notes]

Hacking Humans

Play Episode Listen Later Sep 27, 2022 7:35


A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.  CyberWire Glossary link: https://thecyberwire.com/glossary/simulated-phishing Audio reference link: “Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.” YouTube, YouTube, 19 Apr. 2017.

Cybercrime Magazine Podcast
How A Black Hat Hacker Became A Bug Bounty Hunter. His Story. Tommy DeVoss, Ethical Hacker.

Cybercrime Magazine Podcast

Play Episode Listen Later Sep 22, 2022 26:19


Tommy DeVoss is a reformed black hat hacker who is now an ethical hacker. In this episode, Tommy joins host Hillarie McClure to discuss his origin story and what eventually landed him in prison, alongside some of his most notorious hacks, as well as what inspired him to get involved in bug bounty hunting, his work with HackerOne, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com/

Bartender at Large
Chuck Klosterman on Zima & Crystal Pepsi | Bartender at Large ep. 315

Bartender at Large

Play Episode Listen Later Sep 19, 2022 48:25


This week we have an extra special episode with featured guest, Chuck Klosterman, New York Times bestselling author of Sex, Drugs, and Cocoa Puffs; I Wear the Black Hat; But What If We're Wrong?; and most recently, The Nineties, which was released to widespread acclaim earlier this year. In the book, Klosterman examines all things 1990s including the decade's fascination with clear drinks such as Zima and Crystal Pepsi. So tune in and hear what Klosterman has to say about the drinks themselves and what they mean within the context of the era.   Buy The Nineties:https://chuckklostermanauthor.com/ _____________________________________ Join us every Monday as acclaimed bartender, Erick Castro, interviews some of the bar industry's top talents from around the world, including bartenders, distillers & authors. If you love cocktails & spirits then this award-winning podcast is just for you. SUPPORT US ON PATREON: Get early access to episodes, exclusive bonus episodes, special content and more: https://www.patreon.com/BartenderAtLarge WATCH OUR VIDEOS ON YOUTUBE: https://www.youtube.com/bartenderatlarge FOLLOW US ON INSTAGRAM: Erick Castro: www.instagram.com/HungryBartender Bartender at Large: www.instagram.com/BartenderAtLarge FOLLOW US ON TWITTER: Erick Castro: www.twitter.com/HungryBartender Bartender at Large: www.twitter.com/BartendAtLarge BUY OUR MERCH: https://moverandshakerco.com/collections/bartenderatlarge

Conversations with Tech Experts
Black Hat - EP. 55

Conversations with Tech Experts

Play Episode Listen Later Sep 16, 2022 29:15


This episode of Conversations with Tech Experts features Christopher Hippensteel, Network and System Administrator at New Resources Companies  He joins Experts Exchange CEO Randy Redberg and Director of Operations Thomas Bernal to discuss his experiences at Black Hat in Las Vegas as part of a new EE pilot program. He also breaks down why connecting face-to-face with people is incredibly important for the learning process. 

Jamf After Dark
macOS Threat Detection with Matt Benyo

Jamf After Dark

Play Episode Listen Later Sep 15, 2022 34:48


In a preview of his upcoming JNUC 2022 talks, Detections Developer Matt Benyo joins the Jamf After Dark Podcast to talk Black Hat, bug bounties, and the difficulties of being friends with IT when your job is to find malware.

The Cybrary Podcast
Responsible Vulnerability Disclosure with Casey Ellis | The Cybrary Podcast Ep. 93

The Cybrary Podcast

Play Episode Listen Later Sep 14, 2022 20:22 Transcription Available


When it comes to vulnerability disclosure, there can be a lot of unknowns. What is the first step in safely reporting? How can global bug bounty hunters better understand the specialized legalese in disclosure policies? Casey Ellis, Founder and CTO of Bugcrowd, addresses the importance of standardizing vulnerability disclosure policy language. Join in the de-villainization of ethical hackers and bug bounty hunters with Casey and the Cybrary team at Black Hat! Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn

ITSPmagazine | Technology. Cybersecurity. Society
Hackers, Priests, And Aliens | A Conversation With Richard Thieme | Cy Beat Podcast With Deb Radcliff

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Sep 14, 2022 33:14


In this podcast, we talk with Richard Thieme, former clergyman who's been a spiritual and ethical fixture in the hacker community for more than twenty years.What do hackers, priests and aliens have to do with cyber security? How are empathy and active listening used by spies, priests, and hackers alike? And how most people in the world are blissfully unaware of what's really happening behind the curtains.____________________________GuestRichard ThiemeFounder at Thieme WorksOn Twitter | https://twitter.com/neuralcowboyOn LinkedIn | https://www.linkedin.com/in/richardthieme/____________________________HostDeb RadcliffOn ITSPmagazine  

Authorized Novelizations Podcast
Heat 2 by Michael Mann and Meg Gardiner (w/ Blake Howard and Gavin G. Smith)

Authorized Novelizations Podcast

Play Episode Listen Later Sep 13, 2022 164:02


On a SURPRISE Authorized, we're discussing the new Tertiary Tome Heat 2 with none other than Blake Howard, host of One Heat Minute. We talk Chris' ascension to Blackhat and Neil McCauley's tragic past in this FULL SPOILERS review. We're also joined by returning guest Gavin G. Smith, whose book Spec Ops Z is out now: https://uk.bookshop.org/books/spec-ops-z/9781781088739 Follow us on instgram: instagram.com/authorizedpod Twitter: Twitter.com/authorizedpod --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/authorizedpod/support

Lock and Code
The MSP playbook on deciphering tech promises and shaping security culture

Lock and Code

Play Episode Listen Later Sep 12, 2022 44:22


The in-person cybersecurity conference has returned. More than two years after Covid-19 pushed nearly every in-person event online, cybersecurity has returned to the exhibition hall. In San Francisco earlier this year, thousands of cybersecurity professionals walked the halls of Moscone Center at RSA 2022. In Las Vegas just last month, even more hackers, security experts, and tech enthusiasts flooded the Mandalay Bay hotel, attending the conferences Black Hat and DEFCON.  And at nearly all of these conferences—and many more to come—cybersecurity vendors are setting up shop to show off their latest, greatest, you-won't-believe-we've-made-this product.  The dizzying array of product names, features, and promises can overwhelm even the most veteran security professional, but for one specific group of attendee, sorting the value from the verve is all part of the job description.  We're talking today about managed service providers, or MSPs.  MSPs are the tech support and cybersecurity backbone for so many small businesses. Dentists, mom-and-pop restaurants, bakeries, small markets, local newspapers, clothing stores, bed and breakfasts off the side of the road—all of these businesses need tech support because nearly everything they do, from processing credit card fees to storing patient information to managing room reservations, all of that, has a technical component to it today. These businesses, unlike major corporations, rarely have the budget to hire a full-time staff member to provide tech support, so, instead, they rely on a managed service provider to be that support when needed. And so much of tech support today isn't just setting up new employee devices or solving a website issue. Instead, it's increasingly about providing cybersecurity.  What that means, then, is that wading through the an onslaught of marketing speak at the latest cybersecurity conference is actually the responsibility of some MSPs. They have to decipher what tech tools will work not just for their own employees, but for the dozens if not hundreds of clients they support.  Today, on the Lock and Code podcast with host David Ruiz, we speak with two experts at Malwarebytes about how MSPs can go about staying up to date on the latest technology while also vetting the vendors behind it. As our guests Eddie Phillips, strategic account manager, and Nadia Karatsoreos, senior MSP growth strategist, explain, the work of an MSP isn't just to select the right tools, but to review whether the makers behind those tools are the right partners both for the MSP and its clients. 

ITSPmagazine | Technology. Cybersecurity. Society
A Conversation With Security Researcher And PhD Student Sebastián Castro | The Hacker Factory Podcast With Phillip Wylie

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Sep 9, 2022 31:29


Sebastián is a security researcher and computer science PhD student that recently presented at Black Hat 2022 on the Suborner vulnerability.Sebastián shares his journey into security research and his pursuit of a PhD in computer science. He discovered the Suborner vulnerability as well as RID Hijacking. Sebastián has presented at Black Hat and Hack in The Box._______________________GuestSebastián CastroPh. D. Student & Information Security Researcher at University of California, Santa Cruz [@ucsc]On Twitter | https://twitter.com/r4wd3rOn LinkedIn | https://www.linkedin.com/in/srcastrot/______________________HostPhillip WylieOn ITSPmagazine  

The Hacker Factory
A Conversation With Security Researcher And PhD Student Sebastián Castro | The Hacker Factory Podcast With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Sep 9, 2022 31:29


Sebastián is a security researcher and computer science PhD student that recently presented at Black Hat 2022 on the Suborner vulnerability.Sebastián shares his journey into security research and his pursuit of a PhD in computer science. He discovered the Suborner vulnerability as well as RID Hijacking. Sebastián has presented at Black Hat and Hack in The Box._______________________GuestSebastián CastroPh. D. Student & Information Security Researcher at University of California, Santa Cruz [@ucsc]On Twitter | https://twitter.com/r4wd3rOn LinkedIn | https://www.linkedin.com/in/srcastrot/______________________HostPhillip WylieOn ITSPmagazine  

Hacker Valley Studio
From Black Hat to Bug Bounties [Pt. 2] with Thomas DeVoss

Hacker Valley Studio

Play Episode Listen Later Sep 8, 2022 34:41


We're joined again by the hacker's hacker, Tommy DeVoss, aka dawgyg. Bug bounty hunter and reformed black hat, Tommy dives back into a great conversation with us about his journey in hacking and his advice to future red team offensive hackers. We cover everything we couldn't get to from part 1 of our interview, including his struggles with burnout, his past hacking foreign countries on a bold quest to stop terrorism, and his future in Twitch streaming to teach you how to be a better bug bounty hunter. Timecoded Guide: [02:57] Fixating on hacking because of the endless possibilities and iterations to learn [09:54] Giving advice to the next generation of hackers [17:17] Contacting Tommy and keeping up with him on Twitter [21:43] Planning a Twitch course to teach hackers about bug bounties using real bugs and real-world examples  [24:57] Hacking in the early 2000s and understanding the freedom Tommy has to talk about any and all illegal hacking he's done now that he's gone to prison   Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it's not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac is pleased to offer an exclusivecRed Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!   Do you ever struggle with burnout when it comes to hacking? Hacking has maintained Tommy's interest longer than anything else because of the constant changes in technology and the ever-evolving issues in the online world. However, just because hacking is his passion, doesn't mean that burnout or frustration never happens. Currently, Tommy is taking more of a break with hacking, letting his current day job and his passion for gaming have a front seat. However, he's still firmly in the industry, passionately developing learning opportunities for future hackers and answering questions from cyber professionals of all backgrounds. “I do get burned out sometimes…When it comes to bug bounty hunting, I try and make it so it averages out to where I make at least $1,000 an hour for my effort. It doesn't always work. Sometimes I'm more, sometimes I'm less, but I try and get it so it averages out to about that.”   What hacking advice would you give the younger version of yourself? Although his black hat ways resulted in prison time for Tommy, he doesn't regret his past and instead seeks to teach others the lessons he's learned. When we asked Tommy for advice for new hackers, he was clear that success is a longer journey than people assume it is. Tommy's success was not a fluke, it took years of hands-on learning and patience with failures in order to develop his bug bounty skills. Nothing is actually automatic or easy with hacking, especially as the technology continues to change and evolve. Tommy wants hackers to take every opportunity to try out their skills, even if it's a complete failure. “Don't expect success overnight. Also, don't let failure discourage you. When it comes to hacking, you're going to fail significantly more than you're going to succeed. And the people that are successful in bug bounties are the ones that don't let those failures discourage them.”   What do you think about the “media obsessed” stereotype many people have about black hat hackers? Wrapping up today, Tommy tells us that he'd be happy to be back in the Hacker Valley Studio again some time. Although the stereotype of a black hat hacker wanting attention from the media is disproven, Tommy believes that he definitely has craved that media attention for a large majority of his hacking career. Starting in the early 2000s, after 9/11, Tommy had one of his first brushes with fame in an interview with CNN about hacking Middle Eastern companies. Although his hacking and his politics have changed since then, Tommy enjoys having in-depth conversations about hacking and explaining the intricacies of what he does. “We loved the attention back then, and I still love the attention now, it's nice. The good thing about now is, because I already got in trouble for everything that I've done, I've done my prison time, I don't have anything that I did illegally on the computer anymore that I can't talk about, because I've already paid my debt to society.”   What are the best ways for people to keep up with what you're doing? Considering Tommy's success, it's understandable that a lot of cyber professionals and amateurs have tons of questions for him. When it comes to getting in contact with Tommy, he recommends tweeting him on Twitter publicly so that he can not only answer your question, but help others with the exact same questions. Education is key, and Tommy is so dedicated to teaching other hackers that he's currently developing a recurring Twitch stream centered around helping others learn about bug bounty hunting. “I don't know how successful we're going to be in finding the bugs, but I think it'll be fun to teach people [on Twitch] and do it that way, so that they can actually spend some time learning it. The best way to actually learn this stuff is to actually try and do the hacking.” ----------- Links: Stay in touch with Thomas DeVoss on LinkedIn and Twitter. Check out the Bug Bounty Hunter website. Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. Follow Ron Eddings on Twitter and LinkedIn Catch up with Chris Cochran on Twitter and LinkedIn Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord

Security Now (Video HI)
SN 887: Embedded AWS Credentials - TikTok leak, urgent Chrome patch, PyPI warning, Quantum Hype Bubble

Security Now (Video HI)

Play Episode Listen Later Sep 7, 2022 122:08


Picture of the Week.  Google's (newest) Open Source Software Vulnerability Rewards Program.  Did TikTok leak 2.05 BILLION User Records?  An urgent Chrome update patches new 0-day flaw.  Permission-less Browser Clipboard Write.  Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download.  A Quantum Hype Bubble?  All of the BlackHat 2022 Presentation Slides PDFs.  Csurf NPM library mistake.  SpinRite.  Closing The Loop.  Sci-Fi Discovery: "The Silver Ships"  Embedding AWS Credentials. We invite you to read our show notes at https://www.grc.com/sn/SN-887-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

All TWiT.tv Shows (MP3)
Security Now 887: Embedded AWS Credentials

All TWiT.tv Shows (MP3)

Play Episode Listen Later Sep 7, 2022 122:08


Picture of the Week.  Google's (newest) Open Source Software Vulnerability Rewards Program.  Did TikTok leak 2.05 BILLION User Records?  An urgent Chrome update patches new 0-day flaw.  Permission-less Browser Clipboard Write.  Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download.  A Quantum Hype Bubble?  All of the BlackHat 2022 Presentation Slides PDFs.  Csurf NPM library mistake.  SpinRite.  Closing The Loop.  Sci-Fi Discovery: "The Silver Ships"  Embedding AWS Credentials. We invite you to read our show notes at https://www.grc.com/sn/SN-887-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Security Now (Video HD)
SN 887: Embedded AWS Credentials - TikTok leak, urgent Chrome patch, PyPI warning, Quantum Hype Bubble

Security Now (Video HD)

Play Episode Listen Later Sep 7, 2022 122:08


Picture of the Week.  Google's (newest) Open Source Software Vulnerability Rewards Program.  Did TikTok leak 2.05 BILLION User Records?  An urgent Chrome update patches new 0-day flaw.  Permission-less Browser Clipboard Write.  Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download.  A Quantum Hype Bubble?  All of the BlackHat 2022 Presentation Slides PDFs.  Csurf NPM library mistake.  SpinRite.  Closing The Loop.  Sci-Fi Discovery: "The Silver Ships"  Embedding AWS Credentials. We invite you to read our show notes at https://www.grc.com/sn/SN-887-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Ivanti Insights
Microsoft's Coordinated Disclosure Discussion from BlackHat & DefCon '22

Ivanti Insights

Play Episode Listen Later Sep 7, 2022 31:26


Security Insights welcomes its new host, Ashley Stryker, into the mix! In today's episode, Chris Goettl and Daniel Spicer break down some backlash from Microsoft customers on their failure to disclose a “ninja patch” on a vulnerability researchers found months before the fix. Listen in as the trio discuss security transparency and best practices for vendor coordinated disclosures of vulnerabilities for cloud versus on-prem products and much more!~*~Ivanti automates IT and security operations to discover, manage, secure and service from cloud to edge. Visit us on: LinkedIn: https://www.linkedin.com/company/ivanti/ Twitter: https://www.twitter.com/GoIvanti/ Facebook: https://www.facebook.com/GoIvanti/ Instagram: https://www.instagram.com/goivanti/ Blog: https://www.ivanti.com/blog

Security Now (Video LO)
SN 887: Embedded AWS Credentials - TikTok leak, urgent Chrome patch, PyPI warning, Quantum Hype Bubble

Security Now (Video LO)

Play Episode Listen Later Sep 7, 2022 122:08


Picture of the Week.  Google's (newest) Open Source Software Vulnerability Rewards Program.  Did TikTok leak 2.05 BILLION User Records?  An urgent Chrome update patches new 0-day flaw.  Permission-less Browser Clipboard Write.  Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download.  A Quantum Hype Bubble?  All of the BlackHat 2022 Presentation Slides PDFs.  Csurf NPM library mistake.  SpinRite.  Closing The Loop.  Sci-Fi Discovery: "The Silver Ships"  Embedding AWS Credentials. We invite you to read our show notes at https://www.grc.com/sn/SN-887-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Radio Leo (Audio)
Security Now 887: Embedded AWS Credentials

Radio Leo (Audio)

Play Episode Listen Later Sep 7, 2022 122:08


Picture of the Week.  Google's (newest) Open Source Software Vulnerability Rewards Program.  Did TikTok leak 2.05 BILLION User Records?  An urgent Chrome update patches new 0-day flaw.  Permission-less Browser Clipboard Write.  Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download.  A Quantum Hype Bubble?  All of the BlackHat 2022 Presentation Slides PDFs.  Csurf NPM library mistake.  SpinRite.  Closing The Loop.  Sci-Fi Discovery: "The Silver Ships"  Embedding AWS Credentials. We invite you to read our show notes at https://www.grc.com/sn/SN-887-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Security Now (MP3)
SN 887: Embedded AWS Credentials - TikTok leak, urgent Chrome patch, PyPI warning, Quantum Hype Bubble

Security Now (MP3)

Play Episode Listen Later Sep 7, 2022 122:08


Picture of the Week.  Google's (newest) Open Source Software Vulnerability Rewards Program.  Did TikTok leak 2.05 BILLION User Records?  An urgent Chrome update patches new 0-day flaw.  Permission-less Browser Clipboard Write.  Nearly 1/3 of the packages in PyPI trigger an automatic code execution upon download.  A Quantum Hype Bubble?  All of the BlackHat 2022 Presentation Slides PDFs.  Csurf NPM library mistake.  SpinRite.  Closing The Loop.  Sci-Fi Discovery: "The Silver Ships"  Embedding AWS Credentials. We invite you to read our show notes at https://www.grc.com/sn/SN-887-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Word Notes
Simulated Phishing (noun)

Word Notes

Play Episode Listen Later Sep 6, 2022 7:35


A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.  CyberWire Glossary link: https://thecyberwire.com/glossary/simulated-phishing Audio reference link: “Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.” YouTube, YouTube, 19 Apr. 2017.

Highly Cultured
Black Hats Matter

Highly Cultured

Play Episode Listen Later Sep 5, 2022 111:11


Welcome back to the highest podcast in the world! Highly Cultured! On this week's Monday episode the guys discuss Stacey Dash grieving over DMX, Mark Zuckerberg's boxing skills, and Kanye's weekend on Instagram. Later in the episode the guys share their thoughts on Kendrick's short film for "We Cry Together", CyHi's problems that stemmed from writing "Sicko Mode" & more! Don't blame us, blame the internet! Follow us on social media & YouTube http://highlyculturedpod.contactin.bio/

ITSPmagazine | Technology. Cybersecurity. Society
ZenCon0 Event | Let's Talk About The Present And Future Of Crypto Ecosystems | A Conversation With Robert Viglione | On Location Coverage Podcast With Sean Martin And Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Sep 2, 2022 28:42


Following an invitation to participate in the ZenCon0 event that takes place in Milan, Italy, we decided to go for a virtual coverage by inviting Horizen's CEO Robert Viglione to talk about the present and future of crypto ecosystems.Rob Viglione is the co-founder and CEO of Horizen Labs and the co-founder and team lead of the Zen Blockchain Foundation. He holds a Ph.D. in Finance, an MBA in Finance and Marketing, and a Bachelor's in Physics & Applied Mathematics. Previously he has been an advisor to Aave and HeroEngine and worked as a software project manager for the U.S. Air Force.We hope you enjoy this virtual conversation about an actual event about virtual stuff that, at this point, is part of our "real society"

Hacker Valley Studio
From Black Hat to Bug Bounties [Pt. 1] with Tommy DeVoss

Hacker Valley Studio

Play Episode Listen Later Sep 1, 2022 35:58


We're joined by million-dollar hacker and bug bounty hunter, Thomas DeVoss, this week as we continue our season-long discussion of offensive cybersecurity legends. A legend in the making with a success story in bug bounty hunting that has to be heard to be believed, Tommy is an incredibly successful blach hat hacker-turned-bug bounty hunter, representing how misunderstood the hacking community can be and how positively impactful bug bounties can be. Who hacks the hackers? Look no further than Tommy DeVoss. Timecoded Guide: [02:59] Becoming interested in hacking for the first time  [08:26] Encountering unfriendly visits with the government and the FBI after his hacking skills progressed  [14:20] Seeking his first computer job after prison and leveraging his hacking skills [25:21] Discussing with Yahoo the possibility of working with them due to his successful bug boundaries [30:56] Giving honest advice to hackers looking to break into the bug bounty scene  Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it's not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today! When did you get into hacking for the first time? At an early age, Thomas found his passion for hacking in an IRC chat room. Mentored by a man named Lewis and encouraged by fellow friends in the hacking world, popping shells and breaking into US systems using foreign IP addresses. Although Tommy became incredible at his craft from a young age, his early habits became serious black hat issues that ended up getting him in trouble with the US government. Just like the hacker in a big Hollywood blockbuster, the government caught up with Tommy and he faced 2 years in prison in his first sentence. “Instead of coming back to him and saying, "Hey, I'm done," I came back and I was actually asking him questions like, "Can you explain this?” And he saw that I was like, actually interested in this and I wasn't one of the people that was just expecting it to be handed to me and everything like that.”   After spending time in prison, were there barriers to getting involved in hacking again? After being in and out of prison a couple times, Tommy found the worst part of coming home to be his ban from touching any sort of device with internet access. Despite it being a part of his probation, his passion for tech continued to bring him back to computers and gaming. After his final stint in prison after being falsely suspected of returning to his black hat ways, the FBI lifted Tommy's indefinite ban on computer usage and immediately renewed his passion for working in tech. “They had banned me indefinitely from touching a computer. So, when I came home on probation the first time, they upheld that and I still wasn't allowed to touch computers as part of my probation. For the first month or so, I didn't get on a computer when I came home from prison, but then it didn't take long before I got bored.”   How did your cyber career pivot to bug bounty hunting? With prison behind him and his ban on computers lifted, Tommy got a job working for a family friend in Richmond, Virginia for a modest salary of $30,000. Although this amount felt like a lot at the time, he quickly realized that there was money to be made in bug bounties. His first few experiments in attempting bug bounty programs had him earning $20,000 or $30,000 for hours of work, a huge increase from the salary he was currently making. Encountering success after success, Thomas quit his job in 2017 to become a full-time bug bounty hunter. “The first bug bounty program that jumped out at me was Yahoo. I had started hacking Yahoo in the mid 90s, I knew their systems in the 90s and early 2000s better than a lot of their system admins and stuff. And I figured, if there's any company that I should start out with, it should be them.”   What success have you seen since becoming a bug bounty hunter, especially with major corporations like Yahoo? Thomas has become a huge earner in the cybersecurity community, and has continued to see incredible results from his hacking and bug bounty projects. Most notably, after numerous high earning days, making up to $130K at once, with companies like Yahoo, he's even been offered positions working with corporations he's bug bountied for. However, Tommy is quick to point out that his success was definitely not overnight, and warns fellow hackers of getting too confident in their bug bounty abilities without the proper skill sets or amount of experience under their belts. “I think at this point, I've had days where I've made six-digit income in that single day, at least six or seven times. And it's almost always been from Yahoo.” ----------- Links:  Stay in touch with Thomas DeVoss on LinkedIn and Twitter. Check out the Bug Bounty Hunter website. Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter. Follow Ron Eddings on Twitter and LinkedIn Catch up with Chris Cochran on Twitter and LinkedIn Purchase a HVS t-shirt at our shop Continue the conversation by joining our Discord

The CyberWire
The optempo of a hybrid war's cyber phase. Hacktivists as cyber partisans. Zeppelin ransomware alert. DoNot Team update. Rewards for Justice offers $10 million for info on Russian bad actors.

The CyberWire

Play Episode Listen Later Aug 12, 2022 27:44


The optempo of the war's cyber phase, and Ukraine's response. Organizing and equipping hacktivists. Joint warning on Zeppelin ransomware. Update on the DoNot Team, APT-C-35. Rewards for Justice offers $10 million for information on Conti operators. Rob Boyce from Accenture shares insights from BlackHat. Caleb Barlow ponders closing the skills gap while shifting to remote work. And, hey, Mr. Target: pick one, OK? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/153 Selected reading. Black Hat 2022‑ Cyberdefense in a global threats era (WeLiveSecurity) How one Ukrainian ethical hacker is training 'cyber warriors' in the fight against Russia (The Record by Recorded Future) #StopRansomware: Zeppelin Ransomware (CISA) APT-C-35: New Windows Framework Revealed (Morphisec) The US Offers a $10M Bounty for Intel on Conti Ransomware Gang (Wired)

The CyberWire
Dispatches from a hybrid war. CISA releases its election cybersecurity toolkit. Post-incident disruption at NHS is expected to last at least three weeks. Cisco discloses a security incident.

The CyberWire

Play Episode Listen Later Aug 11, 2022 27:50


KillMilk says his crew downed Lockheed Martin's website. Industroyer2, and what became of it. CISA releases its election cybersecurity toolkit. Post-incident disruption at Britain's NHS. Carl Wright of AttackIQ shares strategies for CISOs to successfully prepare for the next attack. Dr. Christopher Pierson from Blackcloak joins us from Black Hat. And Cisco seems to have thwarted a security incident. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/152 Selected reading. Russian hacking group claims attack on Lockheed Martin (SiliconANGLE HIMARS-Maker Lockheed Martin "confident" against Russian hackers (Newsweek) Industroyer2: How Ukraine avoided another blackout attack (SearchSecurity) Researchers Look Inside Russian Malware Targeting Ukrainian Power Grid (PCMAG) CISA Releases Toolkit of Free Cybersecurity Resources for Election Community (CISA) Cybersecurity Toolkit to Protect Elections (CISA)  NHS staff told to plan for three weeks of disruption following cyberattack (Computing) Major NHS IT outage to last for three weeks (The Independent) Exclusive: NHS chiefs fear cyber attackers have accessed patient data (Health Service Journal)  Cisco Event Response: Corporate Network Security Incident (Cisco) Cisco Talos shares insights related to recent cyber attack on Cisco (Cisco Talos) Cisco confirms May attack by Yanluowang ransomware group (The Record by Recorded Future) Cisco Hit by Cyberattack From Hacker Linked to Lapsus$ Gang (Bloomberg) Cisco's own network compromised by gang with Lapsus$ links (Register)  Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen (BleepingComputer)