Podcasts about hackcon

In this episode, Geoff and Skyler are joined by TrustedSec's Force Cloud Security Practice Lead @nyxgeek to talk about his findings after 3 years of user enumeration in Azure! He also dives into techniques and the implications of "presence data" in Microsoft Teams. We get a preview of his conference talks at (the now past) Shmoocon and HackCon, which he will be delivering in Norway on February 2, 2025. What is in the future of authentication and identity management? Listen now to hear nyxgeek's predictions for 2025.  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Learn more at https://trustedsec.com/ Hack the planet!

Melvin, Tobias, Øystein og Eirik svarer på et ekte lytterspørsmål om IPv6 som vi ikke bare har funnet på selv, det har faktisk dukket opp i mailboksen vår, jeg kan vise deg hvis du ikke tror på meg, det er ekte altså! Så blir det litt War Story å snacke på, yumyum. På nyhetsfronten er det oppfølging om LastPass, før det snakkes om HackCon (som ikke er en nyhet? Men det er i nyhetsseksjonen uansett). Det snakkes også om andre konferanser, som heller ikke er det jeg ville kalt nyheter, men her er det i nyhetsseksjonen likevel. Det er også noe greier om PwC og Mandiant inni der et sted. Offensive Security blir OffSec, så vær så god for reklamen OffSec.

Jane Lo, Singapore Correspndent speaks with Zoltán Balázs, Head of Vulnerability Research at CUJO AI. CUJO AI is a company focusing on home IoT Security. Before joining CUJO AI he worked as a CTO for an AV tester company, an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes.
He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras. Zoltán has been invited to give presentations at information security conferences worldwide including DEF CON, SyScan360, SAS2018, Virusbulletin, Disobey, Deepsec, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Nopcon, Hacktivity, and Ethical Hacking. Proud OSCE. In this on-site interview at “Hack-in-the-Box” held at the Singapore Intercontinental Hotel, Zoltán gives some highlights of his presentation on “Web3 + Scams = It's a Match!” Sharing his perspective on what the Web3 world encompasses – including non-fungible tokens (NFTs) – he explains how some of the over-valuations reported in the media for NFTs may leave an impression of fraud and scams. He also points out how some of the old fashion investment scams such as “rug pulls” and “pump and dump” still plagues the Web3 world. One common tactic, such as preying on victim's “fear of missing out” (FOMO) on an attractive investment, can also be seen in the promotion of Bored Apes Yacht Club NFT collection. Zoltán also outlines a highly notable scam known as the “Squid Game” rug pull, where the combination of the ease of creating tokens, and the popularity of the Netflix TV show lured victims to put money into the fraudulent investment scheme. To avoid falling victim to one of the scams, Zoltán's advice is “take time, don't rush.” Recorded on-site at the Singapore Intercontinental Hotel in Bugis, 26th August 2022, 11am Singapore Time.

Vetle (@bordplate), René (@ParticleVoid), Eirik (@0xSV1) og Melvin (@Flangvik) snakker om årets HackCon, Renè kommer med en liten war story og Melvin snakker om sitt TS Tool release. Nyhetene de diskuterer i dag er OWASP som gir ut en serie med cheatsheets, Østre-Toten flytter IT fra kjeller til selskap, psykoterapisenter som ble hacket gikk konkurs, svensk politi fikk millionbot for å bruke Clearview AI, søkere til UDs Aspirantkurs forsøkt phishet og Første Apple M1 “native” skadevare funnet.

Hackcon VI just happened at Pocono Springs Camp! I got to chat with some of the attendees: Tony, Andrea (and MLH Coach), Corbin, and Deepraj! Listen to their Hackcon adventure and I'll see you at Hackcon VII! (This episode was not sponsored and has no relation to Major League Hacking)

RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID Francis Brown Partner - Bishop Fox Shubham Shah Security Analyst at Bishop Fox Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We'll also be releasing a slew of new and free RFID hacking tools using Arduino microcontrollers, Raspberry Pis, phone/tablet apps, and even 3D printing. This presentation will NOT weigh you down with theoretical details or discussions of radio frequencies and modulation schemes. It WILL serve as a practical guide for penetration testers to better understand the attack tools and techniques available to them for stealing and using RFID tag information, specifically for HF and UHF systems. We will showcase the best-of-breed in hardware and software that you'll need to build an RFID penetration toolkit. Our goal is to eliminate pervasive myths and accurately illustrate RFID risks via live attack DEMOS: High Frequency / NFC – Attack Demos: HF physical access control systems (e.g., iCLASS and MIFARE DESFire 'contactless smart card' product families) Credit cards, public transit cards, passports (book), mobile payment systems (e.g., Apple Pay, Google Wallet), NFC loyalty cards (e.g., MyCoke Rewards), new hotel room keys, smart home door locks, and more Ultra-High Frequency – Attack Demos: Ski passes, enhanced driver's licenses, passports (card), U.S. Permanent Resident Card ('green card'), trusted traveler cards Schematics and Arduino code will be released, and 100 lucky audience members will receive one of a handful of new flavors of our Tastic RFID Thief custom PCB, which they can insert into almost any commercial RFID reader to steal badge info or use as a MITM backdoor device capable of card replay attacks. New versions include extended control capabilities via Arduino add-on modules such as Bluetooth low energy (BLE) and GSM/GPRS (SMS messaging) modules. This DEMO-rich presentation will benefit both newcomers to RFID penetration testing as well as seasoned professionals. Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 1000 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients. Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, RSA, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques. Shubham Shah is a Security Analyst at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. Shubham's primary areas of expertise are application security assessment, source code review, and mobile application security. Shubham is a former bug bounty hunter who has submitted medium-high risk bugs to the bug bounties of large corporations such as PayPal, Facebook, and Microsoft. He regularly conducts web application security research and frequently contributes to the security of open-source projects. He has presented at Ruxcon and is known in Australia for his identification of high-profile vulnerabilities in the infrastructures of major mobile telecommunication companies. Prior to joining Bishop Fox, Shubham worked at EY. At EY, he performed web application security assessments and application penetration tests. Additionally, Shubham has been a contractor for companies such as Atlassian. As a contractor, he conducted external web application security penetration tests. Shubham also develops and maintains open-source projects such as Websec Weekly that assist the web application security industry. Twitter: @bishopfox Facebook: https://www.facebook.com/BishopFoxConsulting LinkedIn: https://www.linkedin.com/company/bishop-fox

First live stream(ish)! Rickrolled Live, EL Android/iPhone Apps, Boyscout, It's magic, nmap String of Doom, Unexpected Guests, A ton of security stuff!, Shmoocon, Hackcon, Intro/Outro - Put it in Your Mouth by Akinyele

First live stream(ish)! Rickrolled Live, EL Android/iPhone Apps, Boyscout, It's magic, nmap String of Doom, Unexpected Guests, A ton of security stuff!, Shmoocon, Hackcon, Intro/Outro - Put it in Your Mouth by Akinyele

In our first ever Major League Hacking European podcast, we speak with Bilawal Hameed, Joe Nash, Kurt Lee (Major League Hacking EU) and Niklas Begley (HackLondon/KCL Tech) about Hackcon II, ICHack, HackLondon, StacsHack, challenges with bringing under 18's to hackathons, organising a Hackcon in Europe and what student hackathons can learn from professionally-ran hackathons such as BattleHack. Published on Tuesday 17th February 2015.

Elevator Hacking - From the Pit to the Penthouse Deviant Ollam The CORE Group Howard Payne The CORE Group Throughout the history of hacker culture, elevators have played a key role. From the mystique of students at MIT taking late-night rides upon car tops (don't do that, please!) to the work of modern pen testers who use elevators to bypass building security systems (it's easier than you think!) these devices are often misunderstood and their full range of features and abilities go unexplored. This talk will be an in-depth explanation of how elevators work... allowing for greater understanding, system optimizing, and the subversion of security in many facilities. Those who attend will learn why an elevator is virtually no different than an unlocked staircase as far as building security is concerned! While paying the bills as a security auditor and penetration testing consultant with his company, The CORE Group, Deviant Ollam is also member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. Deviant runs the Lockpicking Village with TOOOL at HOPE, DEFCON, ShmooCon, etc, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the United States Military Academy at West Point, and the United States Naval Academy at Annapolis. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th. Twitter: @deviantollam, @TCGsec Howard Payne is an elevator consultant from New York specializing in code compliance and accident investigations. He has logged over 9,000 hours examining car-tops, motor rooms, and hoistways in cases ranging from minor injuries to highly-publicized fatalities, and has contributed to forensic investigations that have been recognized by local, State, and Federal courts. Howard has appeared on national broadcast television making elevators do things they never should. When he's not riding up and down high-rise hoistways, he moonlights as a drum and bass DJ and semi-professional gambler. His favorite direction is Up and his favorite elevator feature is riot mode. Twitter: @SgtHowardPayne