POPULARITY
In this edition of Between Two Nerds Tom Uren and The Grugq look at NSA's take on information warfare, all the way back from 1997. This episode is also available on Youtube. Show notes Cryptolog, The Journal of Technical Health, from NSA in 1997
In this edition of Between Two Nerds Tom Uren and The Grugq talk about cyber's ‘hard problems' and why they are intractable. This episode is also available on Youtube. Show notes Cyber Hard Problems, from the National Academies of Sciences
In this edition of Between Two Nerds Tom Uren and The Grugq examine what makes it hard for even competent hackers to contribute to state-backed espionage agencies. This episode is also available on Youtube. Show notes The I-Soon cyber espionage contractor data leak
In this edition of Between Two Nerds Tom Uren and The Grugq examine whether the US should steal intellectual property from Chinese companies. This episode is also available on Youtube. Show notes Stewart Baker's Lawfare article Bunny Huang's 'Essential Guide to Electronics in Shenzhen' BTN44 on the rights and wrongs of intellectual property theft Corelight sponsor interview with James Pope
In this edition of Between Two Nerds Tom Uren and The Grugq talk about an in-depth report on a Ukrainian hacking control panel. The panel shows how the Ukrainian group thinks about hacking operations and the pair discuss why the report exists and what it achieves. This episode is also available on Youtube. Show notes Bulldog backdoor web panel analysis
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the Southeast Asian criminal syndicates that run online scam compounds. Should organisations like US Cyber Command or the UK's National Cyber Force target these gangs with disruption operations? This episode is also available on Youtube. Show notes UN Office of Drugs and Crime on Southeast Asian transnational cyber scammers
In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether cyber operations can be ‘strategic', that is, can they affect the fate of nations. This episode is also available on Youtube. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq look at the idea of global critical infrastructure. One common example is submarine cables, which are globally important but are vulnerable because they are hard to defend. But what about services from tech giants? Are they global critical infrastructure? This episode is also available on Youtube. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq look at the idea of ‘false scarcities' in cyber security. Are bugs and talent rare? Or is our thinking blinkered? This episode is also available on Youtube. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq look at all the strands of evidence that make people think NSA is a top-tier cyber actor. This episode is also available on Youtube Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq talk about why people studying cyber operations are fascinated by 0days. These are vulnerabilities or exploits that have been found in a system before the vendor or manufacturer is made aware of them and so therefore no fix exists. This episode is also available on Youtube. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how offensive cyber operations could do so much more than just ‘deny, disrupt, degrade and destroy'. Grugq thinks this thinking is rooted in military culture and he wonders why cyber operations are always so mean. This episode is also available on Youtube. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq talk about what Europe should do given that US security guarantees are evaporating. Should Europe grow its cyber capabilities, what it would get out of it and how should it go about doing it? This episode is also available on Youtube. Show notes Zero Day on the Trump Administration order that US Cyber Command stand down it's Russian cyber operations
In this edition of Between Two Nerds Tom Uren and The Grugq take a deep dive into incident response reports from Chinese cybersecurity firms that attribute the hack of one of the country's top seven defence universities to the US National Security Agency. These reports were collated and translated into English by the security researcher known as Inversecos (https://x.com/inversecos). This episode is also available on Youtube. Show notes NSA (Equation Group) TTPs from a Chinese lens Northwestern Polytechnical University at the China Defence Universities tracker Risky Business podcast discussion with Inversecos
In this edition of Between Two Nerds Tom, Uren and The Grugq examine the fundamental principles of network exploitation as described in Matthew Monte's ‘Network Attacks and Exploitation: A Framework' book using recent hacks as case studies. This episode is also available on Youtube. Show notes Network Attacks and Exploitation: A Framework Google's Signal hacking report Device code phishing
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the United State's Vulnerabilities Equities Program, which balances the need for intelligence collection with the need to protect the public. The government recently revealed that in 2023 it released 39 vulnerabilities, but what does this really tell us? This episode is also available on Youtube. Show notes The unclassified VEP appendix Kim Zetter's Zero Day substack
In this edition of Between Two Nerds Tom Uren and The Grugq talk about Israeli spyware vendor Paragon, how and why it positions itself to sell to the US market, and how its capabilities might work. This episode is also available on Youtube. Show notes TechCrunch report The tweet we discuss Dropping Italy as a customer
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the compromise of US telecommunications companies by Chinese hackers has very little to do with US government lawful intercept laws. This episode is also available on Youtube. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the evolution of Russian cyber operations during its invasion of Ukraine. This episode is also available on Youtube. Show notes
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how states have very different approaches to controlling cyber operations. At the very beginning they refer to this Microsoft Threat Intelligence post. Show notes Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the opportunities for hackers have changed and how that has altered the pipelines that turn kids into criminals. Show notes This Kid Wouldn't Stop Hacking Rappers
In this edition of Between Two Nerds Tom Uren and The Grugq talk about different views on attribution and why it still matters for sophisticated state-backed groups.
In this edition of Between Two Nerds Tom Uren and The Grugq talk about what cyber weapons really are and why use of the term is counterproductive. They reference Defining Offensive Cyber Capabilities, a paper authored by Tom. Show notes Defining offensive cyber capabilities
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how ungoverned spaces on Telegram result in increasingly toxic and antisocial communities.
In this edition of Between Two Nerds Tom Uren and The Grugq discuss what the Russian state gains and loses from hosting a ransomware ecosystem.
In this edition of Between Two Nerds Tom Uren and The Grugq talk about a new attempt to measure cyber power, the International Institute for Strategic Studies Cyber Power Matrix. Show notes Project Raven The Council on Foreign Relations Cyber Operations Tracker The IISS Cyber Power Matrix
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how criminals are using deepfakes… but it is not the end of the world. Show notes OpenAI's October 2024 Influence and cyber operations update report Rest of World's 2024 AI election tracker A UN report on the adoption of technology by transnational organised crime
In this edition of Between Two Nerds Tom Uren and The Grugq talk about ‘cyber persistence theory'. They cover what it is, why it is increasingly popular amongst America's allies, why we think the theory is right and also cover some critiques of the theory. They refer to the article in CyberScoop ‘America's allies are shifting: Cyberspace is about persistence, not deterrence' in CyberScoop. Show notes America's allies are shifting: Cyberspace is about persistence, not deterrence
In this edition of Between Two Nerds Tom Uren and The Grugq talk about various Southeast Asian countries investing in cyber forces, the drivers behind these decisions and what kind of actions make sense.
In this edition of Between Two Nerds Tom Uren and The Grugq talk about new reports saying that Russia is creating new cyber groups made up of cyber criminals.
In this edition of Between Two Nerds Tom Uren and The Grugq dissect an FBI advisory about North Korean groups targeting cryptocurrency firms with social engineering.
In this edition of Between Three Nerds Tom Uren and The Grugq talk to Alex Joske, author of a book about how the Chinese Ministry of State Security (MSS) has shaped Western perceptions of China. They discuss the MSS's position in the Chinese bureaucracy, its increasing role in cyber espionage, its use of contractors and the PRC's vulnerability disclosure laws. Show notes Spies and Lies (Joske book)
In this edition of Between Two Nerds Tom Uren and The Grugq discuss the opportunities in phishing and why it is both easy and difficult.
In this edition of Between Two Nerds Tom Uren and The Grugq examine how the cybersecurity industry is very strange when compared to other professional fields such as doctors and accountants.
In this edition of Between Two Nerds Tom Uren and The Grugq discuss what it would mean to be in a golden age of OSINT and whether we are in one.
In this episode of the Hack the Planet Podcast: The Grugq shares stories from his 25 years at Phrack, with a special announcement about its future! We also dive into … Continue reading "The Grugq"
In this edition of Between Two Nerds Tom Uren and The Grugq discuss recent changes in a Chinese APTs tactics and how cyber security agencies have responded.
In this edition of Between Two Nerds Tom Uren and The Grugq discuss what the widespread disruption caused by CrowdStrike's faulty update tells us about how useful cyber operations are for war.
In this edition of Between Two Nerds Tom Uren and The Grugq discuss whether the rise of cloud computing has been a boon or a curse for cyber espionage agencies.
In this edition of Between Two Nerds Tom Uren and The Grugq discuss Shashank Joshi's notes from a recent Oxford Cyber forum. Topics include the role of 0days and who is ahead when it comes to offensive cyber operations. The pair refer to observations made in this thread.
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how bureaucracies should deal with outstandingly talented individuals.
In this edition of Between Two Nerds Tom Uren and The Grugq talk about why governments have failed to protect the private sector from state-backed cyber espionage.
In this edition of Between Two Nerds Tom Uren and The Grugq talk about how the use of cyber operations in Ukraine is informative but information is incomplete. Rather than clarifying the role of cyber operations in conventional warfare there is still a lot of room for confirmation bias.
In this edition of Between Two Nerds Tom Uren and The Grugq talk about law enforcement agencies trolling cyber criminals when they carry out disruption operations, and why it might be counterproductive.
In this edition of Between Two Nerds Tom Uren and The Grugq talk about the role of the state in tackling ransomware. They discuss why action has been slow and ineffective, and what it will take to truly change the situation.
In this edition of Between Three Nerds Tom Uren and The Grugq talk to Elena Grossfeld about the strategic culture of Russian intelligence organisations. In the discussion we refer to Elena's paper on Russia's declining satellite reconnaissance capability and she talks about ‘lustration', the removal of public officials who are associated with a tainted political regime. Elena is researching Russian and Soviet intelligence culture at Kings College London and is on X @kloosha. Show notes Russia's Declining Satellite Reconnaissance Capabilities and Its Implications for Security and International Stability
The regular two nerds have the week off, but the former Director of the CIA's Center for Cyber Intelligence Andy Boyd joins Patrick Gray for a rollicking conversation in front of a live audience in San Francisco. Grugq and Tom return next week!
In this edition of Between Two Nerds Tom Uren and The Grugq look at how different types of secrecy obsessed organisations learn. The Grugq mentions the book Mafia Organisations: The Visible Hand of Criminal Enterprise by Maurizio Catino.
In this edition of Between Two Nerds Tom Uren and The Grugq look at the life cycle of 0days, dissect the conventional wisdom and talk about how 0days are never truly ‘burnt'.
Get the explosive inside scoop on two brazen hacks from the hacking guru and cyber warfare expert simply known as “The Grugq.” He joins James to dissect an elaborate phishing campaign that compromised Qatar's national news agency. You'll learn how hackers fabricated academic awards as a ploy to infiltrate key targets. The Grugq also unravels the Coinbase hack that could have been an unparalleled crypto heist. He reveals how the culprits were obsessed with deploying a flashy new zero-day exploit, when lower-tech tricks already had executives firmly ensnared. This is a rare chance to analyze major cyber attacks play-by-play alongside one of the world's top hacking experts. Buckle up for a wild ride!