Podcasts about DerbyCon

  • 68PODCASTS
  • 202EPISODES
  • 52mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • Oct 29, 2024LATEST
DerbyCon

POPULARITY

20172018201920202021202220232024


Best podcasts about DerbyCon

Latest podcast episodes about DerbyCon

The Virtual CISO Moment
S6E52 - A Conversation with Lucas Gates

The Virtual CISO Moment

Play Episode Listen Later Oct 29, 2024 31:26


Lucas Gates is a Managing partner with Triton Infosec's Cyber Security Practice. In this role, he partners with clients to identify risks to modern-day threats through penetration testing, web application vulnerability testing, social engineering and network vulnerability assessments. He has vast experience in all types of technical security testing, application security, and application development and has won top prizes in a number of hacking competitions including Symantec's Cyber Readiness Challenge and DerbyCon's Capture the Flag.

Open at Intel
From Fear to Confidence: Navigating Open Source Security

Open at Intel

Play Episode Listen Later Oct 2, 2024 25:20


In this episode, we welcomed back Christopher Robinson, aka CRob, to discuss his extensive work in the Open Source Security Foundation (OpenSSF). We chatted about the importance of open source software security, detailing the various initiatives aimed at improving security standards. CRob shares insights into the working groups and projects within OpenSSF, focusing on their efforts to educate developers and security researchers. We also touched on the upcoming SOSS Fusion event, and its role in fostering community engagement and collaboration in open source security. We encourage listeners to join these endeavors and contribute to solving significant security challenges.    00:00 Welcome Back, CRob! 00:52 Diving into Open Source Security 01:20 Understanding the OpenSSF 04:18 Key Personas in Open Source Security 09:44 Educational Resources for Developers 12:17 Getting Involved with OpenSSF Projects 15:27 Upcoming Event: SOSS Fusion 17:47 The Value of Open Source Events 21:48 Final Thoughts and Future Plans Resources: OpenSSF SOSS Fusion Guest: Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. CRob is a 41st level Dungeon Master and a 24th level Securityologist.  He has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals, and spent 6 years helping lead the Red Hat Product Security team as their Program Architect. CRob has been a featured speaker at Gartner's Identity and Access Management Summit, RSA, BlackHat, DefCon, Derbycon, the (ISC)2 World Congress, and was named a "Top Presenter" for the 2017 and 2018 Red Hat Summits. CRob was the President of the Cleveland (ISC)2 Chapter, and is also a children's Cybersecurity Educator with the (ISC)2 Safe-and-Secure program. He holds a Certified Information Systems Security Professional (CISSP) certification, Certified Secure Software Lifecycle Professional (CSSLP) certification, and The Open Group Architecture Framework (TOGAF) certification. He is heavily involved in the Forum for Incident Response and Security Teams (FIRST) PSIRT SIG, collaborating in writing the FIRST PSIRT Services Framework, as well as the PSIRT Maturity Assessment framework. CRob is also the lead/facilitator of the Open Source Security Foundation (OpenSSF) Vulnerability Disclosures and OSS Developer Best Practices working groups as well as a Technical Advisory Committee (TAC) member.  He enjoys hats, herding cats, and moonlit walks on the beach.

Dark Rhino Security Podcast
S14 E5 Debunking Misconceptions in Cybersecurity

Dark Rhino Security Podcast

Play Episode Listen Later Mar 29, 2024 51:08


This week on Dark Rhiino Security's Security Confidential podcast, Host Manoj Tandon talks to Tom Eston. Tom's work over his 17 years in cybersecurity has focused on information security, network, red team, and application penetration testing as well as security and privacy advocacy. Tom has led multiple projects in the cybersecurity community, improved industry-standard testing methodologies, and is an experienced team manager and leader. Tom is also a frequent speaker at security user groups and international cybersecurity conferences including Black Hat, DEF CON, DerbyCon, SANS, InfoSec World, OWASP AppSec, and ShmooCon. 00:00 Introduction 00:20 Our Guest 12:34 The leadership role 14:09 Would you redesign the internet? 18:55 The Golden age of education 22:03 why is it that the hacking community can be better than the OEM? 25:19 Do you think Cybersecurity adds value to the market offering? 29:48 The Hackback program 35:08 Misconceptions of cybersecurity  48:56 More About Tom

Hacking Your Health
Episode 133: Phoenix Lifting Camp Debrief

Hacking Your Health

Play Episode Listen Later Mar 12, 2024 56:20 Transcription Available


Ever find yourself in a fitness rut, where the weights don't excite you, and the treadmill feels like a road to nowhere? We're just back from Phoenix and Cleveland, buzzing with stories about crushing limits and the magic of community in fitness. Picture a place where a simple change in grip unleashes unexpected strength and where first-time powerlifters find their tribe. Our episode unearths the vibrancy of togetherness that we've experienced, akin to the family-centric DerbyCon days, and the life-altering personal growth tales that remind us why we started this journey. We've all had sessions where the gym feels like a second home, and the people there become family. That's the energy we brought back to share with you. We talk about the infectious buzz from a workout so intense it could only be compared to having a personal coach pushing you. And when Diamond Dallas Page walks into the room, you know the day's about to get even better. Our conversation navigates through those "five more" moments that redefine potential, and a hike that tested our fortitude, mirroring the relentless pursuit needed not just in the gym but in the very essence of life. Join us to relive these extraordinary encounters and to ignite your own fire for fitness.Links and more:BC - All linksProductivity guideHack your health in 7 daysWhole human diagnosticsBook a strategy call Support the showWhere to find usWe Hack Health: TwitterWe Hack Health: InstagramWe Hack Health: Discord

The Virtual CISO Moment
S5E22 - A Conversation with Tracy Maleeff

The Virtual CISO Moment

Play Episode Listen Later Apr 25, 2023 28:16


Tracy Maleeff, Principal, Sherpa Intelligence LLC, is an Information Security Professional with a Master of Library and Information Science degree. A frequent author and speaker on InfoSec and research topics, she has presented at several Information Security industry conferences like Security BSides, DerbyCon, and DEF CON's Recon Village, as well many library/information professional events. She holds the GIAC Security Essentials (GSEC) certification. She also maintains an OSINT blog and cybersecurity newsletter at https://infosecsherpa.medium.com/ --- Send in a voice message: https://podcasters.spotify.com/pod/show/virtual-ciso-moment/message

Open at Intel
Christopher ”CRob” Robinson Shares an Optimistic Take on Open Source Security

Open at Intel

Play Episode Listen Later Feb 8, 2023 23:12


Christopher Robinson, also known as “CRob,” is the Director of Security Communications at Intel. In this role, Robinson handles crisis communications, training and security and incident communications. Half of the team behind the engaging security video series Chips and Salsa, he is also heavily involved in open source security communities and acts a technical advisor for the Open Source Security Foundation* (OpenSSF).   CRob shares his insights with Open Ecosystem Evangelist Katherine Druckman on the current threat landscape and finding joy in security work.   Guest: Christopher Robinson (aka CRob) is the Director of Security Communications at Intel Product Assurance and Security. CRob is a 41st level Dungeon Master and a 24th level Securityologist.  He has worked at several Fortune 500 companies with experience in the Financial, Medical, Legal, and Manufacturing verticals, and spent 6 years helping lead the Red Hat Product Security team as their Program Architect. CRob has been a featured speaker at Gartner's Identity and Access Management Summit, RSA, BlackHat, DefCon, Derbycon, the (ISC)2 World Congress, and was named a "Top Presenter" for the 2017 and 2018 Red Hat Summits. CRob was the President of the Cleveland (ISC)2 Chapter, and is also a children's Cybersecurity Educator with the (ISC)2 Safe-and-Secure program. He holds a Certified Information Systems Security Professional (CISSP) certification, Certified Secure Software Lifecycle Professional (CSSLP) certification, and The Open Group Architecture Framework (TOGAF) certification. He is heavily involved in the Forum for Incident Response and Security Teams (FIRST) PSIRT SIG, collaborating in writing the FIRST PSIRT Services Framework, as well as the PSIRT Maturity Assessment framework. CRob is also the lead/facilitator of the Open Source Security Foundation (OpenSSF) Vulnerability Disclosures and OSS Developer Best Practices working groups as well as a Technical Advisory Committee (TAC) member.  He enjoys hats, herding cats, and moonlit walks on the beach.

BarCode
HackCar with Robert Leale

BarCode

Play Episode Listen Later Oct 21, 2022 69:10 Transcription Available


Robert Leale is the president of CanBusHack, President of Pivvit and is also Founder of Car Hacking Village which can be seen at Def Con, DerbyCON, GrrCON, CypherCon, THOTCON, and many more hacking conferences across the globe. He stops by BarCode and we discuss vulnerable technology in automobiles, manufacturer responsibilities, car hacking tools, how to secure your vehicle and Car Hacking Village.Tony floors a “VTEC Punch”.Support the showContact BarCode Support us on Patreon Follow us on LinkedIn Tweet us at @BarCodeSecurity Email us at info@thebarcodepodcast.com Thanks for listening, and we will see you next round!

Paul Green's MSP Marketing Podcast
Episode 153: LinkedIn messages: A smart MSP marketing tool

Paul Green's MSP Marketing Podcast

Play Episode Listen Later Oct 17, 2022 28:19


Episode 153 includes: 00:00 The 2% mindset for successful people 07:19 How to grab anyone's attention on LinkedIn 14:43 A potential new automated Pen Test revenue stream 26:37 A great book recommendation about realising any goal Featured guest: Thank you to Alton Johnson from Vonahi Security for joining Paul to discuss a potential new automated Pen Test revenue stream. Prior to Vonahi Security, Alton has worked at several large and small cybersecurity consulting firms as a Principal Security Consultant. Throughout his professional career, he has performed hundreds of security assessments for organisations ranging from small businesses to Fortune 10. He also regularly attends information security conferences and have spoken at DerbyCon as well as local communities. Connect with Alton on LinkedIn: https://www.linkedin.com/in/altonjx Extra show notes: Out every Tuesday on your favourite podcast platform Presented by Paul Green, an MSP marketing expert: https://www.linkedin.com/in/paul-green-msp-marketing/ https://www.paulgreensmspmarketing.com/about/ You can join Paul in the MSP Marketing group on Facebook: https://www.facebook.com/groups/mspmarketing/ Thank you to Blaine Oelkers, the only Chief Results Officer®, for recommending the book Think And Grow Rich (the Study Guide edition), by Napoleon Hill: https://www.amazon.co.uk/Think-Grow-Rich-Study-Guide-ebook/dp/B07J3PM32G https://www.linkedin.com/in/blaineoelkers Subscribe to Paul's YouTube channel: https://www.youtube.com/mspmarketing Subscribe to this podcast using your favourite podcast provider: https://www.audible.co.uk/pd/Paul-Greens-MSP-Marketing-Podcast-Podcast/B08JK38L4V https://podcasts.apple.com/gb/podcast/paul-greens-msp-marketing-podcast/id1485101351 https://www.stitcher.com/podcast/paul-greens-msp-marketing-podcast https://podcasts.google.com/feed/aHR0cHM6Ly93d3cucGF1bGdyZWVuc21zcG1hcmtldGluZy5jb20vZmVlZC9wb2RjYXN0?sa https://music.amazon.co.uk/podcasts/b03a9638-adf4-4491-93f1-569183e079d7/Paul-Greens-MSP-Marketing-Podcast https://open.spotify.com/show/1Hw52ScOg5WvGaBUkaOrI7

Lay of The Land
#67: David Kennedy (Binary Defense and TrustedSec)

Lay of The Land

Play Episode Listen Later Mar 31, 2022 52:20


Our guest today is Dave Kennedy (@HackingDave), a cybersecurity authority whose mission is to drive the industry forward and make the world a more secure place. In addition to founding two large-scale cybersecurity firms — TrustedSec and Binary defense — Dave has testified before Congress on issues of national security and has appeared as a subject matter expert on hundreds of national news and TV shows.Dave started his career serving in the United States Marine Corps focusing on cyber warfare and forensic analytics, including two tours to Iraq. All experience he was able to leverage to become Chief Security Officer for Diebold — a fortune-1000-company based here in northeast Ohio.In 2012, Dave left Diebold to found TrustedSec — an information security consulting company — and sister company, Binary Defense which is a full-service 24/7/365 monitoring and detection company that focuses on the detection of attackers in its early stages. Simultaneously, Dave started the DerbyCon which became one of the highest regarded and attended security conferences in the industry over its tenure.Dave is a true cybersecurity champion — online, he goes by his @hackingdave handle where he has over 150,000 followers across social media; he's served as an advisor to the hit TV show Mr. Robot, and he is the co-author of Metasploit: The Penetration Tester's Guide, co-creator of the Penetration Testing Execution Standard (PTES), and creator of the Social Engineer Toolkit (SET).Really special to hear Dave's story and learn about the incredible organizations he's founded and grown here in Cleveland — please enjoy my conversation with Dave Kennedy!--Follow Dave Kennedy on Twitter @HackingDaveConnect with Dave on LinkedInLearn more about Binary DefenseLearn more about TrustedSecFollow TrustedSec on TwitterFollow Binary Defense on Twitter

SIWIKE “Stuff I Wish I Knew Earlier”: the podcast
MENTOR CORNER: DH-001 Dustin Heywood EvilMog - The Ethical Hacker

SIWIKE “Stuff I Wish I Knew Earlier”: the podcast

Play Episode Listen Later Mar 1, 2022 43:44


On this episode of the SIWIKE podcast, Luki and EvilMog talk about his learning challenges during high school, how he found his interest in computers, his involvement with DerbyCon, and how he became a part of IBM's x-force red. EvilMog also speaks about his Stuff I Wish I Knew Earlier and his future aspirations. Timestamps: 00:15 Dustin's career background 00:57 Dustin as a kid 06:09 Dustin in high school 08:17 Finding his interest in computers 09:04 Advice for those being picked on at school 11:49 Transitioning from high school to college 15:20 His struggles with group work 17:04 Transitioning from college to having jobs 25:39 Writing a will at 26 32:02 Got an offer from IBM 35:32 How he got his nickname 'EvilMog' 38:21 Dustin's SIWIKE 40:05 Future aspirations Connect with EvilMog at: https://twitter.com/evil_mog https://www.linkedin.com/in/evilmog/ Watch the episode for more details! Check out our SIWIKE podcast on Youtube: https://www.youtube.com/channel/UCMYBp3ALFsolJxcxh26XukQ Special thanks to https://www.instagram.com/lincolnalexanderthe2nd/ for the theme music Want more personalized career coaching or to connect with Luki: http://linkedin.com/in/lukidanu http://focusinspired.com http://instagram.com/lukidanu http://twitter.com/lukidanu Get SIWIKE Stuff I Wish I Knew Earlier: How to unlock your career potential here https://amzn.to/2LEF52R EvilMog #hacker #bullying #aspergers #learning #SIWIKE #podcast #IBM #xforcered #derbycon

The Official Offensive Security Podcast
#10. Team Hashcat Contributor, Dustin Heywood (@EvilMog)

The Official Offensive Security Podcast

Play Episode Listen Later Aug 23, 2021 43:47


Listen in as our host TJNull chats with Dustin Heywood (@EvilMog), a contributor to Team Hashcat who has an extreme addiction to cracking hashes. In addition, he is a Black Badge Holder at DEF CON, DerbyCon, SkyDogCon, and THOTCON. After covering how EvilMog got into infosec, they discuss the most important quality for a pentester or red teamer: writing. Find out why EvilMog considers writing skills to be more important than technical skills when pentesting. Learn more about Team Hashcat as well and the Crack Me If You Can contest they competed in. TJNull and EvilMog get into some detail on how to crack a hash and EvilMog comments on custom wordlists and tools used. Join us for this exciting conversation. Enjoy!

Easy Prey
Exposing Weakness Before It's Exploited with Jayson E. Street

Easy Prey

Play Episode Listen Later Aug 11, 2021 49:14


There are many ways your network can be accessed, not just remotely but physically. How equipped are you and your coworkers to prevent intrusions? Today's guest is Jayson E. Street. Jayson is the author of Dissecting the Hack: The F0rb1dd3n Network Series. He is the DEFCON Groups Global Ambassador and the VP of InfoSec for SphereNY. He has also spoken at DEFCON, DerbyCon, GRRCon, and at several other cons and colleges on a variety of Information Security topics. Jayson was also featured in The National Geographic series Breakthrough Cyber Terror. Show Notes: [1:00] - Jayson explains how he hacks to help. [1:59] - People want to see how Jayson can get into their facility and rob them. [3:39] - Jayson shares how “being the bad guy” can get the information needed to educate users and clients on preventing more. [4:51] - Jayson has been known to rob banks and shares the story about how he robbed the wrong bank because he had to go to the bathroom. [7:24] - The devices Jayson uses emulate keyboards and code.  [9:03] - Some employees for big companies like Microsoft have posted their badge on social media from which Jayson prints and uses as his own. [10:08] - How did Jayson get caught in robbing the wrong bank? [13:21] - He found out later that the bank he robbed by mistake wound up wiping their machines which cost them a lot of money even though Jayson's procedure was harmless. [16:01] - Jayson has a 100% success rate which shows how employees trust anyone who looks official. [17:13] - What is the yellow method and why does Jayson use it? [18:18] - Jayson describes the facility that took the longest amount of time to get into in Jamaica. [20:17] - In one instance, Jayson did not go back to talk to the client after conducting the pen test for a charity. [22:30] - When these tests happen, it isn't about winning and losing. Jayson makes sure he is caught so he can provide education and training. [25:08] - “The biggest thing that people can do to protect themselves is to listen to the voice in the back of your head saying that something is odd or unusual. Realize when you're at work, part of your job and responsibility is to think that something bad may happen.” [26:25] - Companies need to give a proper avenue for employees to feel comfortable in reporting something strange. [28:39] - Jayson shares some of the techniques he uses that have a 100% success rate in penetrating the company's network. [30:06] - At events, oftentimes there are company USB drives loaded with giveaway items. These could be dangerous to use. [31:39] - There is no way to completely eliminate threats. The important piece is how you respond to a threat. [33:10] - Network security is great, but physical security of a network is just as important. [35:01] - Jayson explains that the users of the programs in a network are the people that need to have the proper education. [37:45] - Jayson has a program where he gamifies security education. [39:50] - Many people don't realize how easy it is for an official looking badge to be recreated. [41:41] - Jayson describes his most boring and simple robbery he completed in 15 seconds. [42:29] - What was Jayson's most successful interaction? [43:51] - After obliterating a company one year, management took the lessons to heart, educated their team, and had him come back the next year. [46:19] - If pen testers are not rooting for the client, they are in the wrong business. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Jayson E. Street Home Page Jayson E. Street on Darknet Diaries Podcast Jayson E. Street on Twitter Jayson E. Street on LinkedIn Dissecting the Hack: The F0rb1dd3n Network by Jayson E. Street

Profiling Evil Podcast with Mike King
Are you Being Safe? Travel Safety Tips with Tim Roberts and Brent White from Wehackpeople.com - Profiling Evil Podcast

Profiling Evil Podcast with Mike King

Play Episode Listen Later Aug 4, 2021 54:57


Join Mike as he discusses travel safety tips with Tim Roberts and Brent White from https://wehackpeople.com Tim and Brent are Sr. Security Consultants specializing in Covert Entry. They have developed Red Team, Physical Security Assessment, and Social Engineering testing methodologies and have spoken at internationally recognized security conferences including DEFCON, DerbyCon, InfoSec World, NolaCon, SecureWorld, several B-Sides, ISSA International, AIDE at Marshall Univ, Techno Security & Forensics Con, Government information security panels and more.Book your next vacation with Hilton. The preferred hotel Chain of Profiling Evil: https://hilton.ijrn.net/vn4E3LStart your own podcast with Buzzsprout: https://www.buzzsprout.com/?referrer_id=1171763=======================================Profiling Evil B.O.L.O. Newsletter:https://cutt.ly/bolonewslettersignup Order today!Deceived: An Investigative Memoir into the Zion Society Cult https://cutt.ly/zionsocietybookHi there! New to Profiling Evil? If so, here's what you need to know -- We here at Profiling Evil have spent our lives in all facets of law enforcement, so we use this channel to help educate, analyze, and solve, as we cover various cases that are either currently in the media or cases we have been involved with through out our careers. ========================================SHOP MERCH: https://cutt.ly/pemerchandiseSHOP BOOKS: https://cutt.ly/pebookstoreDONATE: https://cutt.ly/pedonateBITCOIN DONATIONS: bc1qk65vcsa3sra884za3e62hkak0mfzjn7cccwfvk========================================Have a tip or a case you would like us to look at? EVIDENCE ROOM SUBMISSIONS https://cutt.ly/pe-evidenceroom========================================Where else you can find us:         INSTAGRAM: https://cutt.ly/peinstagram @profilingevilTWITTER: https://cutt.ly/petwitter @profilingevilFACEBOOK:https://cutt.ly/pefacebook @profilingevilWEBSITE: https://profilingevil.comDISCORD: https://cutt.ly/pediscord========================================PROFILING EVIL COMMUNITY MAP SURVEY: https://cutt.ly/pemapsurveyPROFILING EVIL MAP: https://cutt.ly/pemap (MIDDLE OF THE PAGE)PROFILING EVIL STORYMAPS: https://cutt.ly/pestorymaps========================================BUSINESS INQUIRIES: profilingevil@gmail.com========================================CREATED BY: Mike King https://profilingevil.comPRODUCED BY: CIRCA3 https://circa3.comORIGINAL MUSIC BY: Clifford W King https://cliffordwking.comSupport the show (https://patreon.com/profilingevil) Support the show (https://patreon.com/profilingevil)

The Hacker Mind
EP 26: Hacking Charity

The Hacker Mind

Play Episode Listen Later Jul 27, 2021 36:49


Hackers are charitable in ways that might surprise you. Whether it is in Africa or rural Arkansas, hackers find ways to use their skills for good reasons.   Jack Daniel and Jason Kent return to The Hacker Mind to discuss the various ways hackers are helping society by contributing to charitable organizations … even starting their own. From BSides, to DerbyCon, to Shmoocon, even on the Apple App Store you can find evidence of their hard work.

כל תכני עושים היסטוריה
[Malicious Life] DerbyCon - Dave Kennedy, ML B-Side

כל תכני עושים היסטוריה

Play Episode Listen Later Jul 14, 2021 36:58


DerbyCon was all about making the community - a family. Dave Kennedy, one of the founders of DerbyCon, talks about the unique vibe of the conference, his fear of clowns, and why he'll never - NEVER - listen to a Busta Rhymes album again.

Malicious Life
DerbyCon - Dave Kennedy [ML B-Side]

Malicious Life

Play Episode Listen Later Jul 13, 2021 36:57


DerbyCon - Dave Kennedy [ML B-Side]Advertising Inquiries: https://redcircle.com/brands

Malicious Life
DerbyCon – Dave Kennedy [ML B-Side]

Malicious Life

Play Episode Listen Later Jul 13, 2021 36:58


DerbyCon was all about making the community - a family. Dave Kennedy, one of the founders of DerbyCon, talks about the unique vibe of the conference, his fear of clowns, and why he'll never - NEVER - listen to a Busta Rhymes album again.

BarCode
Soundproof with Paul Asadoorian

BarCode

Play Episode Listen Later Jul 9, 2021 42:04


Paul Asadoorian is a security veteran that has spent time “in the trenches” implementing comprehensive security programs across a wide array of industries. A proven cybersecurity leader and innovator, Paul founded “Security Weekly” – a podcast network providing free knowledge for the entire security community to benefit from. As former Product Evangelist for Tenable, Paul built a library of materials on the topic of vulnerability management. He has also spent time as an instructor for The SANS Institute, an IANS faculty member and has presented at security conferences including RSA, Derbycon, BruCon, SOURCE Conference and more.I run into him at the bar, and we chat about his journey into cyber, the ability to deliver quality content to his audience while staying ahead of the game, his thoughts on vulnerability researchers, the public portrayal of hackers, and the one finding you'd see in a gap analysis of the entire cybersecurity industry.Tony the Bartender cranks up a “King's Jubilee”.Support the show (https://www.patreon.com/barcodepodcast)

Hack Chat
Maggie Jauregui // Firmware Security & Mastering Deep Work

Hack Chat

Play Episode Listen Later Jul 1, 2021 46:09


In this episode of Hack Chat, we discuss what it takes to become a security researcher and tackling deep technical work. We also discuss how to maximize your productivity and stop procrastinating with various techniques. Maggie Jauregui is an offensive security researcher at Intel’s PSG team, Maggie was a firmware security researcher for Intel's Platform Armoring and Resiliency (PAR) team that focused on UEFI security. She is focused on hardware and firmware security and has presented at conferences such as DEF CON, CanSecWest, DerbyCon, OSFC, and UEFI Plugfest.Learn more about Hack Chat: https://www.sentinelone.com/lp/hackchatLearn more about SentinelOne: https://www.sentinelone.com

Layer 8 Podcast
Episode 63: Joe Gray's Book Release - Practical Social Engineering

Layer 8 Podcast

Play Episode Listen Later Jun 14, 2021 57:08


For this episode, we talk with Joe Gray, also known as @C_3PJoe on Twitter. His web site is https://www.theosintion.com, a destination for OSINT and social engineering training. Joe is an accomplished conference speaker and won the social engineering capture the flag competition at DerbyCon. Joe tells us about a couple of his favorite presentations and projects he has worked on, how to get started in the OSINT industry and tells us about his book Practical Social Engineering, available from No Starch Press. There is even a free chapter available for download!

Cyber Security Interviews
#109 – Amanda Berlin: Happier People Stay Longer

Cyber Security Interviews

Play Episode Listen Later Jan 11, 2021 49:13


https://www.linkedin.com/in/amandaberlin/ (Amanda Berlin) is the Lead Incident Detection Engineer for https://www.blumira.com/ (Blumira) and the CEO and owner of the nonprofit corporation https://www.mentalhealthhackers.org/ (Mental Health Hackers). She is the author of a Blue Team best practices book called "https://www.amazon.com/Defensive-Security-Handbook-Practices-Infrastructure/dp/1491960388 (Defensive Security Handbook: Best Practices for Securing Infrastructure)” with Lee Brotherston through O'Reilly Media. She is a co-host on the https://www.brakeingsecurity.com (Brakeing Down Security podcast) and writes for several blogs. Amanda is an avid volunteer and mental health advocate. She has presented at a large number of conventions, meetings, and industry events such as DerbyCon, O’Reilly Security, GrrCon, and DEFCON. In this episode, we discuss her start in help desk, speaking amount mental health, depression and anxiety, men's reluctance to report health issues, neurodiversity, how organizations can encourage self-care, using medication, the Mental Health Hackers organization, and so much more. Where you can find Amanda: https://www.linkedin.com/in/amandaberlin/ (LinkedIn) https://www.mentalhealthhackers.org/ (Mental Health Hackers) https://www.brakeingsecurity.com/ (Brakeing Down Security Podcast) Episode Disclaimer: This podcast's information is not intended or implied as a substitute for professional medical advice, diagnosis, or treatment. We make no representation and assume no responsibility for the accuracy of the information contained in or available through this presentation. THIS IS NOT MEDICAL ADVICE. Please speak to your physician before embarking on any treatment plan. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HEARD ON THIS PODCAST.

ceo longer happier defcon blue team amanda berlin derbycon reilly media mental health hackers grrcon lee brotherston brakeing down security
Moscow Mules and NOP Slides
Episode 17 with Bryan McAninch

Moscow Mules and NOP Slides

Play Episode Listen Later Sep 10, 2020 64:56


This week on Moscow Mules and NOP Slides, we have Bryan McAninch. Buckle up friends, we have a topic filled podcast! Bryan enjoys a thirst-quenching Coca Cola from Freebirds, but also likes sipping on a margarita made with Herradura Reposasdo tequila. We discuss missing conferences but then dive into road tripping with friends to DerbyCon last fall. Bryan then discuss his side project called Hacking is Not a Crime. We talk about how it started, how the term "hacker" has changed over time, where the idea of the for their sticker came from, community involvement & ambassadors, their hashtags "Hacking is a Lifestyle" & "Hacking is a State of Mind", and hints of upcoming plans! We close out with a discussion of our love of RadioShack.  If you are interested in finding out more about Hacking is Not a Crime, be sure to check out their website https://www.hackingisnotacrime.org and follow them out on Twitter @hacknotcrime! David drinks a Combat Wombat from Rogue Ales out of a UFO themed glass from Keever Glass. Kyle sips on a Rationality Shall Run its Course from Burial Beer Company out of a Deadpool themed glass from Glass to Mouth.

Tribe of Hackers Podcast
Dave Kennedy, aka @HackingDave

Tribe of Hackers Podcast

Play Episode Listen Later Sep 7, 2020 52:33


This is a special Labor Day Quick Release celebrating the anniversary of Derbycon.Rural Tech Fund: https://ruraltechfund.org/Dave Kennedy has worked on cyberwarfare for the U.S. Marine Corps (USMC) and on forensics for theintelligence community, including two tours in Iraq. He has also served as the chief security officer (CSO) for a Fortune 1000 company with offices in more than 77 countries. Then one day, he left that job and started his own. He is the founder of TWO companies, TrustedSec and Binary Defense. If you are an NBA fan, you might even see a logo from time to time. He is also the founder of Derbycon, author of UNICORN, and the Social Engineering Toolkit, has testified before congress several times, has been on TV nearly a hundred times, and is absolutely terrified bye clowns

@BEERISAC: CPS/ICS Security Podcast Playlist

Podcast: Unsolicited Response PodcastEpisode: What OT Can Learn From ITPub date: 2020-09-02We hear it all the time. OT is different than IT, and IT doesn't understand OT. People argue about IT/OT convergence. In all these discussions I believe two things are true. OT doesn't really understand IT, and the similar, but not identical, requirements that mission critical IT has with OT. OT can actually learn a lot from IT. So I wanted to discuss this with someone with significant experience in both OT and IT security. Lesley Carhart of Dragos was a great choice. Before Dragos she worked for Motorola and was involved with incident response for both OT and mission critical IT. I talk and opine a bit more than normal in this episode because I have strong feelings on this topic. Send any comments or suggestions to s4@digitalbond.com, and subscribe if you haven't already. Links Lesley Carhart on Twitter: @hacksforpancakes Lesley Carhart personal website Lesley's DerbyCon session: Confessions of an IT / OT Marriage Counselor DragosThe podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Unsolicited Response Podcast
What OT Can Learn From IT

Unsolicited Response Podcast

Play Episode Listen Later Sep 2, 2020 41:38


We hear it all the time. OT is different than IT, and IT doesn't understand OT. People argue about IT/OT convergence. In all these discussions I believe two things are true. OT doesn't really understand IT, and the similar, but not identical, requirements that mission critical IT has with OT. OT can actually learn a lot from IT. So I wanted to discuss this with someone with significant experience in both OT and IT security. Lesley Carhart of Dragos was a great choice. Before Dragos she worked for Motorola and was involved with incident response for both OT and mission critical IT. I talk and opine a bit more than normal in this episode because I have strong feelings on this topic. Send any comments or suggestions to s4@digitalbond.com, and subscribe if you haven't already. Links Lesley Carhart on Twitter: @hacksforpancakes Lesley Carhart personal website Lesley's DerbyCon session: Confessions of an IT / OT Marriage Counselor Dragos

The Main Thing Podcast
Ep. 28 - Bill Gardner Shares Powerful Wisdom

The Main Thing Podcast

Play Episode Listen Later Aug 27, 2020 11:15


Welcome to Episode 28 of The Main Thing Podcast and another dose of wisdom! I'm your host, Skip Lineberg, and today I am thrilled to introduce you to my special guest, Bill Gardner. Bill is an Assistant Professor at Marshall University, in Huntington, West Virginia, where he teaches in the Cyber Forensics and Security Degree Programs.  Prior to joining the faculty at Marshall Univ., Bill co-founded the SecureWV/Hack3rCon cyber security conference. He also helped to start 304geeks, a non-profit technology organization based in Charleston, WV. Bill Gardner is an active member of the cyber security community and has spoken at a number of professional conferences including AIDE, DerbyCon and Shmoocon. He has co-authored two books: "Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats" and “Google Hacking For Penetration Testers.” He has also written a number of academic & non-academic journal articles. Get ready! Over the next 9-minutes you will discover why Bill Gardner is, without a doubt, one of the wisest people I know. Connect Bill Gardner on LinkedIn Free Poster! Thank you for being a loyal listener! Here's your link to download your free poster. It's a professionally designed work of art, emblazoned with the core wisdom lessons from our first seven guests in Season One. Credits Graphic Designer Emma Malinoski Editor and Technical Advisor Bob Hotchkiss Want to Help Support the Growth of this Podcast? Become a subscriber. Share the podcast with one or two friends. Buy some Main Thing Merch from our Merchandise Store. Become a patron of the show and consider supporting us on Patreon with a nominal, goodwill monetary donation.

Cyber Speaks LIVE
Mental Health in InfoSec with Alethe Denis

Cyber Speaks LIVE

Play Episode Listen Later Aug 5, 2020 55:14


::TALKING POINTS:: Mental Health in the Hacking Community and Globally Social Engineering Your Own Mindset Innocent Lives Foundation TraceLabs Mental Health and Wellness for Volunteers Tribe of Hackers Alethe Denis is a social engineer who specializes in open-source intelligence (OSINT) and phishing, specifically voice elicitation or phishing over the phone. Awarded a DEF CON Black Badge at DEFCON 27 for Winning the Social Engineering Capture the Flag (SECTF) contest, she is the VP of Dragonfly Security, CFO of PENGUIN, Voice & Data Services and a Founding Member of the DC209 DEFCON Group. She's presented at BSides San Francisco, the Layer 8 Conference, and WHackzCon as well as joined panels at DerbyCon and the Human Firewall Event. Most recently, she and her team 'Password Inspection Agency' placed Second in the TraceLabs Global Missing Persons OSINT CTF V. She also volunteers as a TraceLabs content contributor and judge (when she’s not competing) and is an Innocent Lives Foundation Advocate creating awareness of the Innocent Lives Foundation Mission. ::LINKS:: Trace Labs - https://tracelabs.org/ Innocent Lives Foundation - https://www.innocentlivesfoundation.org/ Alethe on Twitter - https://twitter.com/alethedenis Her security company, Dragonfly Security - https://dragonflysecurity.com/ Layer8 Podcast Series - https://anchor.fm/layer-8-podcast (Alethe's episode here) --- Send in a voice message: https://anchor.fm/cyberspeakslive/message

Layer 8 Podcast
Episode 26: Krittika Lalwaney - One Woman's Domination in a Male Dominated Field

Layer 8 Podcast

Play Episode Listen Later May 18, 2020 23:12


For this episode, we welcome Krittika Lalwaney. Krittika is a red teamer on the offensive security team for Capital One. She is a social engineering capture the flag black badge winner at DerbyCon in 2018. She takes us through her career path, where she started, which was not in IT, to eventually joining a SOC, catching a red teamer due to her awareness, all the way to her successes of today. This is a story of one woman's domination in a male dominated field. Take it away Krittika!

Cyber Security Interviews
#086 – Dave Kennedy: The Basics Are Still Challenging

Cyber Security Interviews

Play Episode Listen Later May 11, 2020 46:14


Social-Engineer Toolkit (https://github.com/trustedsec/social-engineer-toolkit) (SET), Artillery, Unicorn, PenTesters Framework, and several popular open-source tools.  David was the co-founder of DerbyCon (https://en.wikipedia.org/wiki/DerbyCon) ; a large-scale conference started in Louisville, Kentucky. Before the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence-related missions. David is frequently interviewed by news organizations, including CNN, Fox News, MSNBC, CNBC, and BBC World News. He has testified in front of Congress on two occasions on the security around government websites. In this episode, we discuss the shift to virtual conferences, Zoom vulnerabilities, responsible vulnerability disclosure, the importance of communication skills, giving back to the community, mental health, working from home, and so much more. Where you can find David: LinkedIn (https://www.linkedin.com/in/davidkennedy4/) Twitter (https://twitter.com/HackingDave) TrustedSec Blog (https://www.trustedsec.com/blog/) TrustedSec Public Slack (https://t.co/6yHoSwGKVH)

Tribe of Hackers Podcast
InfoSecSherpa: Tracy Maleeff

Tribe of Hackers Podcast

Play Episode Listen Later May 5, 2020 29:28


For Season 1, Episode 2, the Tribe of Hackers podcast is pleased to welcome Tracy Maleeff, a.k.a. the "InfosecSherpa"Tracy Z. Maleeff is an information security analyst for the New York Times Company. She earned a master of library and information science degree from the University of Pittsburgh, as well as undergraduate degrees from Temple University (BA, magna cum laude) and Pennsylvania State University (AA). Tracy holds a SANS GIAC GSEC certification. As an "InfoSecSherpa", Tracy is an active member of the InfoSec community and frequently shares her expert knowledge through her OSINT blog and InfoSec newsletter, in addition to Twitter. Tracy has given talks at DEF CON’s Recon Village, DerbyCon, and several BSides events. In her past career as a librarian, Tracy earned the honor of being named a Fellow of the Special Libraries Association and has won the Dow Jones Innovate Award and the Wolters Kluwer Innovations in Law Librarianship Award.You can subscribe to Tracy's Nuzzel newsletter here: https://nuzzel.com/InfoSecSherpaFollow us on twitter: https://twitter.com/ToHpodcastFollow Ray on twitter: https://twitter.com/RayRedactedFollow Tracy on Twitter: https://twitter.com/InfoSecSherpa

Cyber Work
Fuzzing, security testing and tips for a career in AppSec

Cyber Work

Play Episode Listen Later Apr 6, 2020 38:11


Learn all about fuzzing and application security with repeat guest Dr. Jared DeMott, CEO and founder of VDA labs. The last time he appeared (October 2018), the focus was on Internet-of-Things (IoT) security, but Jared is also the author of Fuzzing for Software Security Testing and Quality Assurance. In this episode we go deeper into continuous integration and deployment (CI/CD), fuzzing, dynamic analysis security testing and other AppSec tools, as well as practical tips and suggestions for entering the field.– Enter code “cyberwork” to get 30 days of free training with Infosec Skills: https://www.infosecinstitute.com/skills/– View transcripts and additional episodes: https://www.infosecinstitute.com/podcastDr. Jared DeMott is the Founder & CEO of VDA Labs, a full-scope cybersecurity company. DeMott previously served as a vulnerability analyst with the NSA. He holds a PhD from Michigan State University. He regularly speaks on cyber matters at conferences like RSA, DerbyCon, BlackHat, ToorCon, GrrCon, HITB and others. He was a finalist in Microsoft’s BlueHat prize contest, which helped make Microsoft customers more secure. Dr. DeMott has been on three winning Defcon capture-the-flag teams, and has been an invited lecturer at prestigious institutions such as the U.S. Military Academy. Jared is a Pluralsight author, and is often interviewed by media to weigh in on cyber matters.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Brakeing Down Security Podcast
2020-010-Dave Kennedy, offensive security tool release, Derbycom, and Esports

Brakeing Down Security Podcast

Play Episode Listen Later Mar 18, 2020 46:53


Dave Kennedy (@hackingDave) TrustedSec Released SEToolkit, Pentester Framework (PTF) PoC release for “Shitrix” bug (was disclosed after Google zero initiative India group) Jeff Snover, Lee Holmes - Powershell gods Arguments against release Tools are released are utilized by the ‘bad guys’ Tooling makes it more difficult to fingerprint who are who they say they are “Fuzzy Weasel Vs. Psycho Toads” Makes the bad guys job harder by making them have to create the PoC (presumably most bad actors are skids)     Arguments for release   Tools allow for teaching Blue team, and SIEM/logging systems to understand  Learning how something was created, being able to break down the vulnerability https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-shows-how-malware-detects-virtual-machines/ Show #2:DerbyCom - Tell us about it Dave Kennedy Center for gaming and Leadship https://twitter.com/hackingdave/status/1220150360779710464?lang=en    Offensive Security Tool release (PowerShell Empire 3.0) Powershell is re-released, using Python:https://twitter.com/BCSecurity1/status/1209126652300709888    Initial tweet: https://twitter.com/taosecurity/status/1209132572128747520 “We believe that Powershell and Empire framework will remain a major threat vector employed by APTs, malware authors, and Red Teams.” SO WHY ARE YOU UPDATING IT? You are improving capabilities you explicitly say are *used by bad guys.* Scottie, beam me up from this bizarro world. Affirmations and evidence: https://twitter.com/taosecurity/status/1209287582439395330  Nope. One example: Iranian APT “CopyKittens” uses Powershell Empire. Incidentally, I found this example via @MITREattack . https://clearskysec.com/tulip/ https://twitter.com/michael_yip/status/1209151868036886528  One can innovate without sharing with the adversary no? It’s literally how the defense industry work or am I missing something?   https://twitter.com/michael_yip/status/1209247219796398083  … “Are we really justifying lowering the R&D cost of the adversary is the only way to attract talent to the defensive side. Not to mention - no one is saying developing OST is wrong. It’s the way they're being shared that’s problematic”     https://twitter.com/2sec4u/status/1209169724799623169?s=20  The whole idea is that actors can't just git clone an advanced post exploitation framework which bypasses 95% of organisations defences. It should cost actors time & money to bypass these defences but because red team keep releasing new stuff with bypasses... the cycle continues. Comments in Support of initial argument https://twitter.com/IISResetMe/status/1209180945011621889?s=20  I really _want_ to agree. ... but I also work in an org with million dollar budgets, a dozen full-time detection engineers and analysts and an army of devs and sysadmins, and even we are having a hard time keeping up - how does this arms race "help" non-F500 orgs? (later discussion does mention that he has a hard time seeing it as net negative) https://twitter.com/IISResetMe/status/1209183774182907904?s=20    https://twitter.com/cnoanalysis/status/1209169633460150272?s=20  “If we don’t create the offensive tools then the bad guys will!” That is a terrible argument for OST release. “We might as well do something that harms because someone else will do that eventually anyway...” there are so many logical fallacies I don’t have enough space Rebuttals https://twitter.com/r3dQu1nn/status/1209207550731677697  Limiting yourself by not exposing more tooling to defenders is NOT how to improve security. Yikes. The more exposure you provide defenders gives you more detection's/IOC's you can build to help defend against APT's. That's the whole point of Proactive security.   https://twitter.com/bettersafetynet/status/1209138002473160707 It's vital that we continue to sharpen our swords. The commoditization of attacker techniques allows better defense against what adversaries are doing.   https://twitter.com/dragosr/status/1209213064446279680  And this whole discussion ignores a simple fact that released information is way better than exploits passed around quietly or kept in stockpile caches regardless of anyone’s metric of responsibility (which is a debatable, very hypothetical line of what’s acceptable or not).   https://twitter.com/bettersafetynet/status/1209139099979923457 The very fact that you and others who are taking this side are trying to cajole and brow beat to this position shows how weak your argument is. MITRE ATT&CK took off like gang-busters not because they had a better trolling game, but because it was a great idea implemented well. https://twitter.com/bettersafetynet/status/1209139578579275776  It's odd that those who advocate this position point out these reports while ignoring all the vendor patches, all the hardening guidelines, basically all the technical defensive work that ops teams do. Nobody's doubting attackers use these techniques, we doubt your conclusions.   https://twitter.com/bettersafetynet/status/1209154592560353280  My stance is likely to tick off both sides here. I think there are times that limited release is good. But over and over, we've seen where vendors do not change until something is publicly released. It's odd that those who advocate this position point out these reports while ignoring all the vendor patches, all the hardening guidelines, basically all the technical defensive work that ops teams do. Nobody's doubting attackers use these techniques, we doubt your conclusions.   https://twitter.com/r3dQu1nn/status/1209346356151631873 Security is a service that can be improved with products. Having no security or limiting exposure to offensive tool sets increases the chances of a breach. Ethical hackers sole purpose is to help make Blue better. Which is why purple teams are a great resource for any company.   https://twitter.com/ippsec/status/1209354476072689664?s=20  To the people upset by public red team tools. If you cant detect open source tools than what chance do you have at detecting private one off tools. It’s much easier to automate a battle against 100 duck sized horses than it is to face off against a single horse sized duck. Defender Classification of PowerShell Empire 3.0 https://www.bc-security.org/post/the-empire-3-0-strikes-back   Is there a way to protect against it?   Where does this sit in the ATT&CK Matrix?  Features:    Enhanced Windows Evasion vs. Defender DPAPI support for “PSCredential” and “SecureString” AMSI bypasses JA3/S signature Randomization New Mimikatz version intergration   Curveball test (CryptoAPI test scripts) Dave’s new Esport initiative (opens in February): https://twitter.com/HackingDave/status/1220150360779710464   DERBYCON community updates Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Brakeing Down Security Podcast
2020-009-Dave Kennedy, Offensive Tool release (Part 1)

Brakeing Down Security Podcast

Play Episode Listen Later Mar 11, 2020 34:47


Dave Kennedy (@hackingDave) TrustedSec Released SEToolkit, Pentester Framework (PTF) PoC release for “Shitrix” bug (was disclosed after Google zero initiative India group) Jeff Snover, Lee Holmes - Powershell gods Arguments against release Tools are released are utilized by the ‘bad guys’ Tooling makes it more difficult to fingerprint who are who they say they are “Fuzzy Weasel Vs. Psycho Toads” Makes the bad guys job harder by making them have to create the PoC (presumably most bad actors are skids)     Arguments for release   Tools allow for teaching Blue team, and SIEM/logging systems to understand  Learning how something was created, being able to break down the vulnerability https://www.bleepingcomputer.com/news/security/new-evasion-encyclopedia-shows-how-malware-detects-virtual-machines/ Show #2:DerbyCom - Tell us about it Dave Kennedy Center for gaming and Leadship https://twitter.com/hackingdave/status/1220150360779710464?lang=en    Offensive Security Tool release (PowerShell Empire 3.0) Powershell is re-released, using Python:https://twitter.com/BCSecurity1/status/1209126652300709888    Initial tweet: https://twitter.com/taosecurity/status/1209132572128747520 “We believe that Powershell and Empire framework will remain a major threat vector employed by APTs, malware authors, and Red Teams.” SO WHY ARE YOU UPDATING IT? You are improving capabilities you explicitly say are *used by bad guys.* Scottie, beam me up from this bizarro world. Affirmations and evidence: https://twitter.com/taosecurity/status/1209287582439395330  Nope. One example: Iranian APT “CopyKittens” uses Powershell Empire. Incidentally, I found this example via @MITREattack . https://clearskysec.com/tulip/ https://twitter.com/michael_yip/status/1209151868036886528  One can innovate without sharing with the adversary no? It’s literally how the defense industry work or am I missing something?   https://twitter.com/michael_yip/status/1209247219796398083  … “Are we really justifying lowering the R&D cost of the adversary is the only way to attract talent to the defensive side. Not to mention - no one is saying developing OST is wrong. It’s the way they're being shared that’s problematic”     https://twitter.com/2sec4u/status/1209169724799623169?s=20  The whole idea is that actors can't just git clone an advanced post exploitation framework which bypasses 95% of organisations defences. It should cost actors time & money to bypass these defences but because red team keep releasing new stuff with bypasses... the cycle continues. Comments in Support of initial argument https://twitter.com/IISResetMe/status/1209180945011621889?s=20  I really _want_ to agree. ... but I also work in an org with million dollar budgets, a dozen full-time detection engineers and analysts and an army of devs and sysadmins, and even we are having a hard time keeping up - how does this arms race "help" non-F500 orgs? (later discussion does mention that he has a hard time seeing it as net negative) https://twitter.com/IISResetMe/status/1209183774182907904?s=20    https://twitter.com/cnoanalysis/status/1209169633460150272?s=20  “If we don’t create the offensive tools then the bad guys will!” That is a terrible argument for OST release. “We might as well do something that harms because someone else will do that eventually anyway...” there are so many logical fallacies I don’t have enough space Rebuttals https://twitter.com/r3dQu1nn/status/1209207550731677697  Limiting yourself by not exposing more tooling to defenders is NOT how to improve security. Yikes. The more exposure you provide defenders gives you more detection's/IOC's you can build to help defend against APT's. That's the whole point of Proactive security.   https://twitter.com/bettersafetynet/status/1209138002473160707 It's vital that we continue to sharpen our swords. The commoditization of attacker techniques allows better defense against what adversaries are doing.   https://twitter.com/dragosr/status/1209213064446279680  And this whole discussion ignores a simple fact that released information is way better than exploits passed around quietly or kept in stockpile caches regardless of anyone’s metric of responsibility (which is a debatable, very hypothetical line of what’s acceptable or not).   https://twitter.com/bettersafetynet/status/1209139099979923457 The very fact that you and others who are taking this side are trying to cajole and brow beat to this position shows how weak your argument is. MITRE ATT&CK took off like gang-busters not because they had a better trolling game, but because it was a great idea implemented well. https://twitter.com/bettersafetynet/status/1209139578579275776  It's odd that those who advocate this position point out these reports while ignoring all the vendor patches, all the hardening guidelines, basically all the technical defensive work that ops teams do. Nobody's doubting attackers use these techniques, we doubt your conclusions.   https://twitter.com/bettersafetynet/status/1209154592560353280  My stance is likely to tick off both sides here. I think there are times that limited release is good. But over and over, we've seen where vendors do not change until something is publicly released. It's odd that those who advocate this position point out these reports while ignoring all the vendor patches, all the hardening guidelines, basically all the technical defensive work that ops teams do. Nobody's doubting attackers use these techniques, we doubt your conclusions.   https://twitter.com/r3dQu1nn/status/1209346356151631873 Security is a service that can be improved with products. Having no security or limiting exposure to offensive tool sets increases the chances of a breach. Ethical hackers sole purpose is to help make Blue better. Which is why purple teams are a great resource for any company.   https://twitter.com/ippsec/status/1209354476072689664?s=20  To the people upset by public red team tools. If you cant detect open source tools than what chance do you have at detecting private one off tools. It’s much easier to automate a battle against 100 duck sized horses than it is to face off against a single horse sized duck. Defender Classification of PowerShell Empire 3.0 https://www.bc-security.org/post/the-empire-3-0-strikes-back   Is there a way to protect against it?   Where does this sit in the ATT&CK Matrix?  Features:    Enhanced Windows Evasion vs. Defender DPAPI support for “PSCredential” and “SecureString” AMSI bypasses JA3/S signature Randomization New Mimikatz version intergration   Curveball test (CryptoAPI test scripts) Dave’s new Esport initiative (opens in February): https://twitter.com/HackingDave/status/1220150360779710464   DERBYCON community updates Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec  

Low Voltage Nation Podcast
6.0 Dave Kennedy Founder of Binary Defense and TrustedSec Fireside Chat

Low Voltage Nation Podcast

Play Episode Listen Later Jan 12, 2020 48:55


Blake Urmos interviews Dave Kennedy, founder of TrustedSec, Binary Defense, and DerbyCon. We dive into Dave's service as a United States Marine, working for Diebold as Chief Security Officer, and how he left his dream job to create some of the best information security companies in the world. --- Send in a voice message: https://anchor.fm/lowvoltagenation/message Support this podcast: https://anchor.fm/lowvoltagenation/support

Paul's Security Weekly (Video-Only)
Coalfire Incident & DerbyCon Communities - PSW #628

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Nov 27, 2019 62:28


Dave Kennedy is the Founder & CEO of TrustedSec. Dave comes on the show to talk about the Coalfire incident and DerbyCon communities. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628

Paul's Security Weekly TV
Coalfire Incident & DerbyCon Communities - PSW #628

Paul's Security Weekly TV

Play Episode Listen Later Nov 26, 2019 62:28


Dave Kennedy is the Founder & CEO of TrustedSec. Dave comes on the show to talk about the Coalfire incident and DerbyCon communities. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628

Purple Squad Security
Episode 62 - #ginfosec with InfoSecSherpa - Empathy as a Service

Purple Squad Security

Play Episode Listen Later Oct 6, 2019 61:44


It's been long enough, and it's time for Tracy "InfoSecSherpa" to return for another #ginfosec episode! This time around we're going to talk about Empathy as a Service, a talk that she recently did at DerbyCon. Soft skills will get you everywhere, and Tracy has some great advice to share about a topic she's very passionate about.Some links of interest: Tracy's Talk - https://www.youtube.com/watch?v=KILlp4KMIPA Tracy's OSINT-y Goodness Blog - medium.com/@InfoSecSherpa Tracy's Twitter - https://twitter.com/InfoSecSherpa Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com

Brakeing Down Security Podcast
2019-034- Tracy Maleeff, empathy as a service, derbycon discussion

Brakeing Down Security Podcast

Play Episode Listen Later Sep 22, 2019 83:46


Podcast Interview (Youtube): https://youtu.be/4tdJwBMh3ow Tracy Maleeff (pronounced like may-leaf) - https://twitter.com/InfoSecSherpa https://medium.com/@InfoSecSherpa https://nuzzel.com/InfoSecSherpa      Python secure coding class - November 2nd / 5 Saturdays @nxvl Teaching https://www.eventbrite.com/e/secure-python-coding-with-nicolas-valcarcel-registration-72804597511     Derbycon Talk: https://www.youtube.com/watch?v=KILlp4KMIPA    Plugs: Nuzzel newsletter: https://nuzzel.com/infosecsherpa OSINT-y Goodness blog: https://medium.com/@infosecsherpa    Tomato pie:  https://www.eater.com/2016/8/19/12525602/tomato-pie-philadelphia-new-jersey   Infosec is a service industry job (gasp!)   Customer service is an attitude, not department   Reference Interview:https://en.wikipedia.org/wiki/Reference_interview Approachability     Does your org make it easy to contact you?     What is your tone of writing?    What does your outgoing communication look like?     Reign in your attitude, language, etc…   “I am using an online translator” (great idea!) What is your department’s reputation?     Create an assessment of your department…   “I didn’t know there was humans in security?” --         Interest     Be interested in solving the problem.     Make interaction a ‘safe space’         No judging, mocking     LOL, “EE Cummings”         https://poets.org/poem/amores-i Listening     Pay attention to what the end user doesn’t say.     Don’t interrupt the end user         Interviewing     Repeat back what the user said or asked     Tone: Ask clarification questions, not accusatory questions     Searching     Did security fail the user? Answering     Teachable moments         Building trust/relationship equity         “While you’re on the phone…”     “Thank you for your time” Follow-Up     Think of ways to create a culture of security     Create canned emails     Random acts of kindness         cyberCupcakes!!!! Or potentially small value gift cards(?)     Kindness as currency         Christmas cookies              Spreading goodwill         building relationship equity             Reciprocity          Lunch and learns   People can’t be educated into vaccinations, but behaviorial nudges help     “Telling people facts won’t change behavior”         Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Iron Sysadmin Podcast
Episode 67 - DERBYCON 9

Iron Sysadmin Podcast

Play Episode Listen Later Sep 13, 2019 130:40


Welcome to Episode 67 Main Topic D*E*R*B*Y*C*O*N Talks: http://www.irongeek.com/i.php?page=videos/derbycon9/mainlist Opening Ceremony: http://www.irongeek.com/i.php?page=videos/derbycon9/1-00-opening-ceremony-derbycon-crew Keyonte from Ed Skoudis: http://www.irongeek.com/i.php?page=videos/derbycon9/1-01-opening-keynote-presented-by-ed-skoudis-ed-skoudis Panel with Mog and friends: http://www.irongeek.com/i.php?page=videos/derbycon9/1-02-derbycon-story-time-panel-dustin-heywood-evil-mog-and-others Jayson streets talk http://www.irongeek.com/i.php?page=videos/derbycon9/2-01-i-pwn-thee-i-pwn-thee-not-jayson-e-street  Scientific computing for infosec: http://www.irongeek.com/i.php?page=videos/derbycon9/2-02-scientific-computing-for-information-security-forging-the-missing-link-ryan-elkins Jason blanchard’s talk: http://www.irongeek.com/i.php?page=videos/derbycon9/2-15-how-to-give-the-gift-that-keeps-on-giving-your-knowledge-jason-blanchard Integgroll's talk: http://www.irongeek.com/i.php?page=videos/derbycon9/stable-30-python-two-birds-with-one-stone-andy-cooper Closing Ceremony: http://www.irongeek.com/i.php?page=videos/derbycon9/1-22-closing-ceremony-derbycon-crew Announcements Patreon Update $52/Month  THANK YOU ALL!  22532 Andi F DeMentor Jon S Julius Marc R https://www.patreon.com/IronSysadmin  Reviews Useful info and entertaining ★★★★★ in Apple Podcasts by sabertooth604 from Canada on August 20, 2019    I listen to Iron Sysadmin on regular basis. This podcast contains useful relevant information covering a plethora of subjects. Nate, Jason, Dustin and the others definitely deliver an entertaining view on information technology. :-) thanks and keep up the good work!! (From Canada) (https://app.mypodcastreviews.com/podcasts/personal_review?review_id=690696&token=a6e4846430eb169051c663172aa81e83) News https://techcrunch.com/2019/09/12/loot-boxes-in-games-are-gambling-and-should-be-banned-for-kids-say-uk-mps/  https://www.cultofmac.com/649724/samsung-cancels-all-galaxy-fold-preorders-ahead-of-launch/  https://www.wired.com/story/apple-u1-chip/ https://metro.co.uk/2019/09/10/hardcore-doom-fans-can-now-drink-bone-vodka-straight-from-hell-10717360/ Watch us live on the 2nd and 4th Thursday of every month! Subscribe and hit the bell! https://www.youtube.com/IronSysadminPodcast  Slack workspace https://www.ironsysadmin.com/slack Find us on Twitter, and Facebook! https://www.facebook.com/ironsysadmin https://www.twitter.com/ironsysadmin Subscribe wherever you find podcasts! And don't forget about our patreon! https://patreon.com/ironsysadmin   Intro and Outro music credit: Tri Tachyon, Digital MK 2http://freemusicarchive.org/music/Tri-Tachyon/     

TrustedSec Security Podcast
3.19 - DerbyCon Victory Lap!

TrustedSec Security Podcast

Play Episode Listen Later Sep 13, 2019 22:10


Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, David Kennedy, and Martin Bos This show features a little different format we look back on nine years of DerbyCon with two of the principle organizers!

Stumbling Through Security
STS Episode #3: DerbyCon IX Recap

Stumbling Through Security

Play Episode Listen Later Sep 12, 2019


Show notes: https://seangoodwin.blog/sts003

The Future of Data Podcast | conversation with leaders, influencers, and change makers in the World of Data & Analytics

In this podcast, Rahul Kashyap(@RCKashyap) talks about the state of security, technology, and business crossroad on Security and the mindset of a security led technologist. He sheds some light on past, present, and future security risks discussed some common leadership concerns, and how a technologist could circumvent that. This podcast is a must for all technologists and wannabe technologists to grow their organization. Timeline: 0:29 Rahul's journey. 4:40 Rahul's current role. 7:58 How the types of cyberattacks have changed. 12:53 How has IT interaction evolved? 16:50 Problems security industry. 20:12 Market mindset vs. security mindset. 23:10 Ownership of data. 27:02 Cloud, saas, and security. 31:40 Priorities for securing an enterprise. 34:50 How security is secure enough. 37:40 Providing a stable core to the business. 41:11 The state of data science vis a vis security. 44:05 Future of security, data science, and AI. 46:14 Distributed computing and security. 50:30 Tenets of Rahul's success. 53:15 Rahul's favorite read. 54:35 Closing remarks. Rahul's Recommended Read: Mindset: The New Psychology of Success – Carol S. Dweck http://amzn.to/2GvEX2F Podcast Link: https://futureofdata.org/rckashyap-cylance-on-state-of-security-technologist-mindset-futureofdata-podcast/ Rahul's BIO: Rahul Kashyap is the Global Chief Technology Officer at Cylance, where he is responsible for strategy, products, and architecture. Rahul has been instrumental in building several key security technologies viz: Network Intrusion Prevention Systems (NIPS), Host Intrusion Prevention Systems (HIPS), Web Application Firewalls (WAF), Whitelisting, Endpoint/Server Host Monitoring (EDR), and Micro-virtualization. He has been awarded several patents for his innovations. Rahul is an accomplished pen-tester and has in-depth knowledge of OS, networking, and security products. Rahul has written several security research papers, blogs, and articles that are widely quoted and referenced by media around the world. He has built, led, and scaled award-winning teams that innovate and solve complex security challenges in both large and start-up companies. He is frequently featured in several podcasts, webinars, and media briefings. Rahul has been a speaker at several top security conferences like BlackHat, BlueHat, Hack-In-The-Box, RSA, DerbyCon, BSides, ISSA International, OWASP, InfoSec UK, and others. He was named 'Silicon Valley's 40 under 40' by Silicon Valley Business Journal. Rahul mentors entrepreneurs who work with select VC firms and is on the advisory board of tech start-ups. About #Podcast: #FutureOfData podcast is a conversation starter to bring leaders, influencers, and lead practitioners to discuss their journey to create the data-driven future. Wanna Join? If you or any you know wants to join in, Register your interest @ http://play.analyticsweek.com/guest/ Want to sponsor? Email us @ info@analyticsweek.com Keywords: #FutureOfData #DataAnalytics #Leadership #Podcast #BigData #Strategy

The OSINTion
2017 DerbyCon Podcaster's Podcast (NSF Kids/Work)

The OSINTion

Play Episode Listen Later Sep 27, 2017 78:30


2017 DerbyCon Podcaster’s Podcast (NSF Kids/Work) ADVANCED PERSISTENT SECURITY   September 27, 2017 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on ... The post 2017 DerbyCon Podcaster's Podcast (NSF Kids/Work) first appeared on Advanced Persistent Security. --- Send in a voice message: https://podcasters.spotify.com/pod/show/the-osintion/message Support this podcast: https://podcasters.spotify.com/pod/show/the-osintion/support

kids podcasters love us derbycon advanced persistent security
Bugcrowd Chats
Bugcrowd Chats - Justin Kennedy & Steve Breen @ DerbyCon 2015

Bugcrowd Chats

Play Episode Listen Later Oct 18, 2015 11:21


We met up with Justin Kennedy and Steve Breen (BreenMachine) at DerbyCon 2015 right after they took home 2nd place in the CTF. Tune in to hear more about how Justin and Steve teamed up to tackle the CTF, as well as some tips for bug bounty hunters. Discuss this podcast on the Bugcrowd Forums: http://bgcd.co/1LGLWUU Make sure to check out their tool httpscreenshot: https://github.com/breenmachine/httpscreenshot Follow Justin on Twitter: https://twitter.com/jstnkndy Follow Steve on Twitter: https://twitter.com/breenmachine Follow Sam on Twitter: https://twitter.com/samhouston Check out Bugcrowd.com to learn more about joining our security researcher community: http://bugcrowd.com/researchers

The Social-Engineer Podcast
Ep. 038 - Live from DerbyCon 2012

The Social-Engineer Podcast

Play Episode Listen Later Oct 15, 2012 92:53


DerbyCon V2.0 was an epic con. The team was all present to share if a few firsts - and our first live podcast from DerbyCon… Check it out Date Oct 15, 2012