Podcast appearances and mentions of hector monsegur

  • 13PODCASTS
  • 33EPISODES
  • 52mAVG DURATION
  • 1EPISODE EVERY OTHER WEEK
  • Apr 24, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about hector monsegur

Latest podcast episodes about hector monsegur

Hacker And The Fed
DOGE Drama, Digital Grit, and CVE Chaos

Hacker And The Fed

Play Episode Listen Later Apr 24, 2025 51:49


Chris Tarbell and Hector Monsegur dive into the near-shutdown of the CVE system, a whistleblower's wild claims about the Doge agency and Russian logins, and why the future of cybersecurity depends on more entrepreneurs stepping up. Sharp takes, tech insights, and signature banter throughout. Join our new Patreon! https://www.patreon.com/c/hackerandthefed Send HATF your questions at questions@hackerandthefed.com

Hacker And The Fed
Hacks, Heists, and the Rise of Digital Deception

Hacker And The Fed

Play Episode Listen Later Mar 13, 2025 53:55


In this episode of Hacker in the Fed, Chris Tarbell and Hector Monsegur discuss their recent travels, major cybersecurity threats, and the dangers of disinformation. Topics include a Bluetooth backdoor affecting a billion devices, a $150M crypto heist linked to the LastPass hack, and malware spreading via GitHub. Plus, Hector's take on propaganda and narrative warfare. Send HATF your questions at questions@hackerandthefed.com.

Hacker And The Fed
Smart Bed Backdoor, Crypto Heists, Router Hacks, and U.S. Cyber Command's Stand Down

Hacker And The Fed

Play Episode Listen Later Mar 6, 2025 54:58


In this episode of Hacker in the Fed, former FBI special agent Chris Tarbell and ex-black hat hacker turned cybersecurity expert Hector Monsegur discuss GrayNoise's 2025 Mass Internet Exploitation Report, revealing how attackers are exploiting vulnerabilities faster than ever, particularly targeting home routers. The two also cover a shocking backdoor discovery in the Eight Sleep smart mattress, the rising trend of violent crypto-related attacks, and the recent Bybit hack. Hector wraps up with a deep dive into the U.S. Cyber Command's recent decision to halt cyber operations against Russia and what it means for national security. Send HATF your questions at questions@hackerandthefed.com.

Hacker And The Fed
Inside a Ransomware Gang, Leaked Logs, a $1.4B Crypto Heist & Signal Under Attack

Hacker And The Fed

Play Episode Listen Later Feb 27, 2025 48:28


In this episode of Hacker in the Fed, former FBI special agent Chris Tarbell and ex-black hat hacker turned cybersecurity expert Hector Monsegur discuss the leaked Black Basta ransomware logs, a $1.4 billion crypto heist, and new threats targeting Signal Messenger. They also share insights from their latest speaking events, the role of AI in cybersecurity, and the pros and cons of IT centralization in government. Send HATF your questions at questions@hackerandthefed.com.

Hacker And The Fed
School Cyberattacks, Swatting as a Service, and Hector Rants on the Broken Cybersecurity Job Market

Hacker And The Fed

Play Episode Listen Later Feb 20, 2025 53:32


In this episode of Hacker in the Fed, former FBI special agent Chris Tarbell and ex-black hat hacker turned cybersecurity expert Hector Monsegur discuss alarming trends in school cyberattacks and the lack of transparency in reporting breaches, a disturbing case of "swatting as a service," and the ongoing challenges in the cybersecurity job market. Hector delivers a passionate rant on hiring issues in the industry, highlighting unrealistic job requirements and outsourcing concerns. Send HATF your questions at questions@hackerandthefed.com.

Hacker And The Fed
SSH Backdoors, the Decline of Ransomware Payments, and Hector Rants on a MASSIVE Insider Threat

Hacker And The Fed

Play Episode Listen Later Feb 13, 2025 54:40


This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discussdiscuss a newly discovered SSH backdoor used by Chinese cyber spies, the alarming rise of insider threats in critical U.S. infrastructure, and the significant drop in ransomware payments in 2024. Hector also delivers a passionate rant about government security oversight and the risks posed by unvetted personnel in federal systems. Plus, the duo shares insights on bypassing corporate security with SSH tunneling, the evolution of cybercrime tactics, and why cybersecurity resilience is more crucial than ever. Send HATF your questions at questions@hackerandthefed.com.

Hacker And The Fed
Hacked Healthcare, Hacked Cars & The Hidden Risks of Modern Tech

Hacker And The Fed

Play Episode Listen Later Feb 6, 2025 49:13


This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss a shocking backdoor found in healthcare patient monitors linked to China, a major vulnerability in Subaru's Starlink system allowing remote vehicle control, and the ongoing concerns over modern cars collecting unnecessary user data. They also discuss cybersecurity career paths—Blue Team vs. Red Team—and how to build a well-rounded skillset. Plus, plenty of laughs, from muscle car nostalgia to an unexpected debate about pole vs. stripper dancing. Send HATF your questions at questions@hackerandthefed.com.

Hacker And The Fed
ROSS ULBRICHT PARDONED, Plus Insider Threats, Corporate Security Risks, and A High-Profile Crypto Kidnapping

Hacker And The Fed

Play Episode Listen Later Feb 1, 2025 48:49


This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur talk hector's much-needed vacation in the rainforest, and onto the major cybersecurity stories they missed while away. They discuss the recent pardon of Ross Ulbricht, second chances in life, and the complexities of law enforcement and the justice system. The conversation covers everything from insider threats, corporate security risks, personal attack surface reduction and even a recent high-profile crypto kidnapping. Send HATF your questions at questions@hackerandthefed.com.

Hacker And The Fed
Holiday Reflections: Cybersecurity, Careers, and Christmas Cheer

Hacker And The Fed

Play Episode Listen Later Dec 26, 2024 45:32


This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur celebrate the holidays with heartfelt reflections alongside their standard cybersecurity insights. Hector shares a touching story about family, gratitude, and his journey to providing new opportunities for others. The duo answers listener questions on topics like DDoS attacks, Windows migrations, and breaking into the cybersecurity field, offering practical advice for newcomers and seasoned professionals alike. Send HATF your questions at questions@hackerandthefed.com.

Hacker And The Fed
Yahoo Red Team Layoffs, North Korea Infiltrating U.S. Companies, Data Breaches, and Protecting your Medical History

Hacker And The Fed

Play Episode Listen Later Dec 19, 2024 47:04


This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss Yahoo's controversial decision to lay off its red team, the rise of North Korean IT workers infiltrating U.S. companies, and the ethical dilemmas around hacking. They also reflects on the desensitization to data breaches, debate the significance of protecting medical history, and share candid moments about their personal lives and experiences in the industry. Send HATF your questions at questions@hackerandthefed.com.

Hacker And The Fed
Telecom Hacks, Ransomware Fallout, Encrypted Chats, and a Diss Track Challenge

Hacker And The Fed

Play Episode Listen Later Dec 12, 2024 46:00


Cybersecurity Chaos: Encrypted Chats, Ransomware Woes, and a Diss Track Challenge This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss the largest U.S. telecom hack in history attributed to Chinese state-sponsored attackers, the FBI's surprising push for encrypted communications, and the takedown of an encrypted messaging service used by criminals. They also tackle the bankruptcy of vodka giant Stoli following a devastating ransomware attack and share actionable advice for cybersecurity resilience. Send HATF your questions at questions@hackerandthefed.com.

Hacker And The Fed
DB Cooper, ExxonMobil & Corporate Espionage, and Ross Ulbricht's Potential Pardon

Hacker And The Fed

Play Episode Listen Later Dec 5, 2024 44:55


This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss their obsession with the DB Cooper case and the latest potential break in the decades-old mystery. Hector shares stories about his early days as a hacker and the challenges of trust in loosely connected cybercriminal groups. They also tackle corporate espionage and the ethics of hackers-for-hire in light of ExxonMobil's alleged involvement in a hacking scandal. Wrapping up, they address listener questions about second chances, with Hector reflecting on his journey of redemption, and weigh in on the contentious debate around Ross Ulbricht's potential pardon.

Hacker And The Fed
A THANKSGIVING SPECIAL: Phishing Failures, Red Team Career Advice, and Cybersecurity Ethics

Hacker And The Fed

Play Episode Listen Later Nov 28, 2024 47:12


This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss key cybersecurity challenges, from the effectiveness of phishing training to the ethical dilemmas of vulnerability disclosure. They explore how technical controls and employee education can work together to defend against increasingly sophisticated attacks, including SMS and social media phishing. They also dive into career advice for transitioning from Blue Team to Red Team roles and the complexities of the cybersecurity job market. And to close out, a heartfelt Thanksgiving message.

Hacker And The Fed
Italian Hacking Scandal, NSA Best Practices, Insider Threats & a Former Anonymous Hacker?

Hacker And The Fed

Play Episode Listen Later Nov 21, 2024 40:19


This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur dive into a massive hacking scandal targeting Italian political elites, revealing insider threats and international intrigue. They break down NSA mobile device security best practices and share their own successes (and failures) in following them. Plus, updates on their personal lives, community work, and how ethical hacking can prevent breaches like this. Send HATF your questions at questions@hackerandthefed.com.

Hacker And The Fed
We're Back!

Hacker And The Fed

Play Episode Listen Later Nov 14, 2024 29:46


Hacker And The Fed is back. Finally rebooting after a temporary hiatus. Former FBI Special Agent, Chris Tarbell, and ex-Anonymous/LulzSec blackhat hacker turned network penetration tester, Hector Monsegur (aka Sabu), once faced off as adversaries in cyberspace before becoming close friends and now podcast co-hosts. Whether you are a legal professional, cybersecurity practitioner, or forensic investigator, Chris and Hector will bring you their unique perspectives on the latest developments in cybersecurity. Send HATF your questions at questions@hackerandthefed.com.

Modem Mischief
Hector Monsegur (aka Sabu) & Lulzsec

Modem Mischief

Play Episode Listen Later May 13, 2024 27:36


We delve into the story of Hector Monsegur, also known as 'Sabu', a central figure in the hacktivist group Lulzsec. Explore his rise to infamy in the cyber world, his pivotal role in high-profile cyber attacks, and the dramatic turn of events that led him to collaborate with law enforcement. Join us for a gripping narrative on the complexities of cyber ethics, activism, and the thin line between right and wrong. Created, Produced & Hosted by Keith Korneluk Written & Researched by Ed Leer Edited, Mixed & Mastered by Greg Bernhard Theme Song "You Are Digital" by Computerbandit

Adventures of Alice & Bob
Ep. 50 - The Rise and Reflections of Sabu // Hector Monsegur

Adventures of Alice & Bob

Play Episode Listen Later Mar 8, 2024 49:56


Today, Marc is joined by Hector Monsegur, the infamous hacker formerly known as Sabu. In this episode, Hector takes us on a journey through his past, from his early inspirations drawn from hacker films to his pivotal role in the LulzSec hacking collective. With raw honesty, he delves into the motivations and mindsets that fueled his involvement in hacktivism, shedding light on the complexities and ethical dilemmas surrounding digital activism. Hector's story is a testament to the transformative power of embracing one's passion, and his insights offer a rare glimpse into the psyche of a cyber outlaw-turned-cybersecurity professional.

Lex Fridman Podcast
#340 – Chris Tarbell: FBI Agent Who Took Down Silk Road

Lex Fridman Podcast

Play Episode Listen Later Nov 22, 2022 182:59 Very Popular


Chris Tarbell is a former FBI special agent and cybercrime investigation specialist who brought down Ross Ulbricht and Silk Road, and Hector Monsegur (aka Sabu) of LulzSec and Anonymous. Please support this podcast by checking out our sponsors: – True Classic Tees: https://trueclassictees.com/lex and use code LEX to get 25% off – InsideTracker: https://insidetracker.com/lex to get 20% off – ExpressVPN: https://expressvpn.com/lexpod to get 3 months free – BetterHelp: https://betterhelp.com/lex to get 10% off – Blinkist: https://blinkist.com/lex to get 25% off premium EPISODE LINKS: Hacker And The Fed podcast: https://podcasts.apple.com/podcast/hacker-and-the-fed/id1649541362 Naxo: https://naxo.com/who-we-are PODCAST INFO: Podcast website: https://lexfridman.com/podcast Apple Podcasts: https://apple.co/2lwqZIr Spotify:

Hacker And The Fed
Introducing Hacker And The Fed

Hacker And The Fed

Play Episode Listen Later Oct 12, 2022 2:43


Former FBI special agent Chris Tarbell and former Anonymous blackhat Hector Monsegur (aka Sabu) first faced-off as adversaries in cyberspace before becoming close friends and podcast co-hosts. Listen to Tarbell, co-founder of an elite cybersecurity firm NAXO, and Monsegur, a top network penetration tester and security engineer, break down the must-know cybersecurity news and topics of the day. You'll walk away from each episode with unique perspectives on how to keep your family, your company, and your personal cyber footprint safe from attacks.

Malicious Life
Hackers vs. Spies: The Stratfor Leaks, Pt. 2

Malicious Life

Play Episode Listen Later Jun 14, 2022 32:09 Very Popular


In June 2011, a Con Edison truck was parked outside of Hector Monsegur's New York apartment, every day for over a week. But Hector - better known as Sabu, the ringleader of the LulzSec hacking group -wasn't fooled: he guessed, correctly, that the FBI was on to him. But it turned out that of all the people who broke or disregarded the law in this particular story, only one man had a reason to worried: Jeremy Hammond.

Application Paranoia
S3EP1 - Flying wheelchairs, Log4J and best application security practices with guest Hector Monsegur

Application Paranoia

Play Episode Play 31 sec Highlight Listen Later Feb 15, 2022 66:47


Back for another season Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another application security interview special. In this weeks episode the team meet with special guest  Hector Monsegur. Hector is a industry professional with decades of experience, mostly on the offensive side. He is currently  Director of Research for Alacrinet where he spends his days working with clients to improve their overall security posture while he works on offensive research and engagements. Join us as Hector helps discuss Log4j, Pen testing  evolution and how to get more folks involved in application security.For reference...Meat Loaf, a flying wheelchair, and the greatest story ever told | Louder (loudersound.com)

CodeNewbie
S18:E9 - DevNews: Potential Effects of a Cyberwar Between Russia and Ukraine, a Coding Bootcamp Stands Strong In Afghanistan, and More (Josh Puetz, Jamshid Hashimi, Hector X. Monsegur)

CodeNewbie

Play Episode Listen Later Feb 3, 2022 52:13


In this featured episode of DevNews, hosts Saron Yitbarek and Josh Puetz talk about The New York Time's Wordle acquisition, and Apple App Stores new unlisted apps option. Then we speak with Hector Monsegur, director of research at Alacrinet and former black hat hacker about what a cyberwar between Russia and Ukraine would look like and what its effects could be. Finally, we speak with Jamshid Hashimi, founder of CodeWeekend, a coding bootcamp that is still providing education and hope within the chaos caused by the US pullout from Afghanistan and the new Taliban regime. Show Links DevDiscuss (sponsor) DevNews (sponsor) New Relic (sponsor) Retool (sponsor) Microsoft 30 Days to Learn It (sponsor) Wordle Is Joining The New York Times Games Unlisted app distribution Destructive malware targeting Ukrainian organizations Cybersecurity & Infrastructure Security Agency CodeWeekend

DevNews
S7:E4 - Potential Effects of a Cyberwar Between Russia and Ukraine, a Coding Bootcamp Stands Strong In Afghanistan, and More

DevNews

Play Episode Listen Later Feb 3, 2022 51:46


In this episode, we talk about The New York Time's Wordle acquisition, and Apple App Stores new unlisted apps option. Then we speak with Hector Monsegur, director of research at Alacrinet and former black hat hacker about what a cyberwar between Russia and Ukraine would look like and what its effects could be. Finally, we speak with Jamshid Hashimi, founder of CodeWeekend, a coding bootcamp that is still providing education and hope within the chaos caused by the US pullout from Afghanistan and the new Taliban regime. Show Notes DevDiscuss (sponsor) Stack Overflow Podcast (sponsor) CodeNewbie (sponsor) Scout APM (DevNews) (sponsor) Wordle Is Joining The New York Times Games Unlisted app distribution Destructive malware targeting Ukrainian organizations Cybersecurity & Infrastructure Security Agency CodeWeekend

The Pure Report
Inside The Mind Of A Hacker: Ransomware Mitigation and Recovery

The Pure Report

Play Episode Listen Later Sep 13, 2021 39:38


It's the return of our Hacker turned cybersecurity expert. Hector Monsegur, former technical frontman of the infamous LulzSec hacking collective, returns to the Pure Report to share his personal story and his deep insights on the evolution of the latest Ransomware attacks that are plaguing businesses and the public sector. Hector describes how large-scale attacks and ransomware-as-a-service are creating new headaches for IT teams and how to prepare for them. If you want to learn what motivates hackers and how to improve your cybersecurity defenses, make plans on October 27th to attend Pure's upcoming Cybersecurity Month webinar featuring Hector and Pure's Shawn Rosemarin and Andy Stone - to register today, go to: purestorage.com/BlackHat

DevNews
S4:E3 - Basecamp Backlash, Remote Work Harassment, Linux Kernel Submission Ban, and Crypto Miners Killing Free CI

DevNews

Play Episode Listen Later Apr 28, 2021 55:41


In this episode, we talk about the problematic blog post put out by Basecamp CEO and Co-founder Jason Fried, and we also get into how crypto currency miners are killing free CI. Then we chat with Hector Monsegur, security researcher and former blackhat hacker, about how University of Minnesota security researchers submitted security vulnerabilities to the Linux kernel to show flaws in the approval process leading to a call for a ban on anything submitted by umn.edu emails. Finally, we speak with McKensie Mack, founder & CEO of MMG and a co-author of a report put out by the non-profit, Project Include, about how remote work is leading to more gender and racial harassment at tech companies. Show Notes DevDiscuss (sponsor) CodeNewbie (sponsor) Scout APM (sponsor) RudderStack (sponsor) Changes at Basecamp What really happened at Basecamp An Open Letter To Jason and David Crypto miners are killing free CI Remote work since Covid-19 is exacerbating harm: What companies need to know and do University of Minnesota banned from contributing to Linux kernel

DevNews
S2:E8 - Major Governmental Hack, Ruby 3.0, Oblivious DNS, and Facebook Antitrust Lawsuits

DevNews

Play Episode Listen Later Dec 16, 2020 46:28


In this episode, we about federal and state antitrust lawsuits against Facebook, and a new DNS technique backed by Apple, Cloudflare, and Fastly called Oblivious DNS. Then we speak with Hector Monsegur, security researcher and former blackhat hacker, about a major hack against multiple government agencies. Then we chat with Penelope Phippen, tech lead at Stripe, and a Director at Ruby Central, about the release of Ruby 3.0. Show Notes DevDiscuss (sponsor) Triplebyte (sponsor) CodeNewbie (sponsor) Vonage (sponsor) Improving DNS Privacy with Oblivious DoH in 1.1.1.1 U.S. and States Say Facebook Illegally Crushed Competition U.S. Agencies Hacked in Foreign Cyber Espionage Campaign Linked to Russia Ruby 3.0.0 Preview 2 Released

Decrypted
A Hacker's Redemption (Part 1)

Decrypted

Play Episode Listen Later Mar 6, 2018 32:06


By the time he was 27, Hector Monsegur had become one of the most notorious hackers on the internet. With the vigilante group Anonymous and its offshoot LulzSec, he launched attacks against multibillion-dollar companies and governments around the world. But then he got caught. This week on Decrypted, Bloomberg Technology's Aki Ito and Brad Stone bring you his story in its entirety, in two episodes. Part 1 recounts Hector's childhood as he fell in love with the internet, and gradually descended into the world of cybercrime. Part 2 traces his complicated journey to rebuild his life.

Decrypted
A Hacker's Redemption (Part 2)

Decrypted

Play Episode Listen Later Mar 6, 2018 28:17


By the time he was 27, Hector Monsegur had become one of the most notorious hackers on the internet. With the vigilante group Anonymous and its offshoot LulzSec, he launched attacks against multibillion-dollar companies and governments around the world. But then he got caught. This week on Decrypted, Bloomberg Technology's Aki Ito and Brad Stone bring you his story in its entirety, in two episodes. Part 1 recounts Hector's childhood as he fell in love with the internet, and gradually descended into the world of cybercrime. Part 2 traces his complicated journey to rebuild his life.

The Upgrade by Lifehacker
How to Fight Hackers, With Former Black-Hat Hacker Hector Monsegur

The Upgrade by Lifehacker

Play Episode Listen Later Oct 4, 2017 58:05


The Equifax hack has made one thing clear: all of us are vulnerable to these kinds of attacks. But how can you keep your information (and money) safe? What steps should you take to protect yourself? To find out, we brought in Hector Monsegur, former black-hat hacker, now Director of Assessment Services at Rhino Labs—and one of our favorite guests from the past year. He tells us what companies like Equifax should do to keep us safe(r), who he thinks might be behind it, what we should look out for after an attack, and how we can prevent hacks like this one from causing too much damage. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Reboot It!
Reboot It! Episode 44 with Hector Monsegur

Reboot It!

Play Episode Listen Later Jul 3, 2017 67:34


reboot hector monsegur
Brakeing Down Security Podcast
2017-020-Hector_Monsegur_DNS_OSINT_Outlaw_Tech_eClinicalWorks_fine

Brakeing Down Security Podcast

Play Episode Listen Later Jun 14, 2017 76:37


Hector Monsegur (@hxmonsegur on Twitter) is a good friend of the show, and we invited him to come on and discuss some of the #OSINT research he's doing to identify servers without using noisy techniques like DNS brute forcing.   We also discuss EclinicalWorks and their massive fine for falsifying testing of their EHR system, and implications for that. What happens to customers confidence in the product, and what happens if you're already a customer and realize you were duped by them?   We also discuss Hector's involvement with the TV show "Outlaw Tech". Who approached him, why he did it, why it's not CSI:Cyber or "Scorpion" and how it discusses the techniques used by bad guys.   Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-020-Hector_monsegur_DNS_research_OSINT.mp3   #RSS: www.brakeingsecurity.com/rss Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2  #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast     Join our #Slack Channel! Sign up at https://brakesec.signup.team #iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/     ----------  Show notes:   going beyond DNS bruteforcing and passively discovering assets from public datasets??? Very interested in hearing about this Straight OSINT, or what? Hxm: Over at RSL (Rhino Sec Labs), one of the research projects I’m working on is discovery of assets (subdomains) while minimizing footprint (dns bruteforcing). Datasets include things like: Data from the certificate transparency project (https://www.certificate-transparency.org/) rDNS and forward dns dataset from https://scans.io/  Sonar Scans - Rapid7 Sublist3r: https://github.com/aboul3la/Sublist3r And other datasets that are out there Crime Flare https://krebsonsecurity.com/tag/crimeflare-com/ -> crimeflare.com Discuss why brute forcing DNS leaves such a heavy footprint for blue team forensics How cloud providers like CloudFlare, and others, do not take advantage of DNS bruteforcing error messages   Special shout out to Ryan Sears @ CaliDog Security for his research into this field https://en.wikipedia.org/wiki/Markov_chain Smart DNS Bruteforcing - https://github.com/jfrancois/SDBF   Training gained from internal phishing campaigns Does it breed internal mis-trust? Recent campaign findings Why do it if we know one account is all it takes? Because we know it’s a ‘win’ for security?   Outlaw Tech on Science Channel What’s it about? (let’s talk about the show) The show itself is on the Science channel (Discovery) The aim of the program is to discuss the technology behind many of the biggest crimes (heists, el chapo’s communication network, etc) And how I play a part in it https://www.spoofcard.com/ https://www.sciencechannel.com/tv-shows/outlaw-tech/ Rhinosecuritylabs.com     http://www.dw.com/en/estonia-buoys-cyber-security-with-worlds-first-data-embassy/a-39168011 - ”Estonia buoys cyber security with world's first data embassy” - interesting   https://www.digitalcommerce360.com/2017/05/31/eclinicalworks-will-pay-feds-155-million-settle-false-claims-charges/ -- holy shit -- Reminds me of the whole emissions scandal from a couple of years back. http://www.roadandtrack.com/new-cars/car-technology/a29293/vehicle-emissions-testing-scandal-cheating/   http://securewv.com/cfp.html       OneLogin/Docusign breaches OneLogin: https://arstechnica.com/security/2017/06/onelogin-data-breach-compromised-decrypted/ Docusign:  https://www.inc.com/sonya-mann/docusign-hacked-emails.html http://www.spamfighter.com/News-20916-DocuSign-Data-Hack-Resulted-in-Malware-Ridden-Spam.htm Crowdfunding to buy shadowbroker exploits ended: https://threatpost.com/crowdfunding-effort-to-buy-shadowbrokers-exploits-shuts-down/126010/   China's Cybersecurity Law: https://lawfareblog.com/chinas-cybersecurity-law-takes-effect-what-expect   Facial recognition for plane boarding:  http://money.cnn.com/2017/05/31/technology/jetblue-facial-recognition/index.html     Keybase.io’s Chrome plugin  -- Game changer? https://chrome.google.com/webstore/detail/easy-keybaseio-encryption/bhoocemedffiopognacolpjbnpncdegk/related?hl=en

The Upgrade by Lifehacker
How to Protect Yourself Online with Hector Monsegur

The Upgrade by Lifehacker

Play Episode Listen Later May 22, 2017 62:25


Hector Monsegur is a reformed black-hat hacker. Under the alias Sabu, he hacked corporations, news organizations, and Middle Eastern governments. After he was caught, Hector became an informant for the FBI; now he makes a living helping companies avoid getting hacked. Hector joined us in the studio to talk about all the ways we put ourselves at risk of being the next hacking victim, and how we can protect ourselves and our data. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Brakeing Down Security Podcast
2016-011-Hector Monsegur, deserialization, and bug bounties

Brakeing Down Security Podcast

Play Episode Listen Later Mar 13, 2016 72:26


Download Here: http://traffic.libsyn.com/brakeingsecurity/2016-011-Hector_Monsegur-bug_bounties-serialization.mp3 iTunes Direct Link: https://itunes.apple.com/us/podcast/2016-011-hector-monsegur-serialization/id799131292?i=364768504&mt=2 Hector Monsegur has had a colorful history. A reformed black hat who went by the name 'Sabu' when he was involved in the hacker collectives "Lulzsec" and "Anonymous", he turned state's evidence for the FBI, working to stop further hacking attempts by the same people he was working with. https://en.wikipedia.org/wiki/Hector_Monsegur This week, we got to sit down with Hector, to find out what he's been doing in the last few years. Obviously, a regular job in the security realm for a large company is not possible for someone with a colorful past that Mr. Monsegur has. So we discuss some of the methods that he's used to make ends meet. Which brings us to the topic of bug bounties. Do they accomplish what they set out to do? Are they worth the effort companies put into them? And how do you keep bounty hunters from going rogue and using vulnerabilities found against a company on the side? In an effort to satisfy my own curiosity, I asked Hector if he could explain what a 'deserialization' vulnerability is, and how it can be used in applications. They are different than your run of the mills, every day variety OWASP error, but this vulnerability can totally ruin your day... https://www.contrastsecurity.com/security-influencers/java-serialization-vulnerability-threatens-millions-of-applications https://securityintelligence.com/one-class-to-rule-them-all-new-android-serialization-vulnerability-gives-underprivileged-apps-super-status/ Finally, we ask Hector some advice for that 'proto black hat' who is wanting to head down the road that Hector went. The answer will surprise you... We hope you enjoy this most interesting interview with a enigmatic and controversial person, and hope that the information we provide gives another point of view into the mind of a reformed "black hat" hacker...   Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security using Patreon: https://www.patreon.com/bds_podcast RSS FEED: http://www.brakeingsecurity.com/rss On #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969 Player.FM : https://player.fm/series/brakeing-down-security-podcast Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ #infosec, #blackhat, hector #monsegur, #hacker, #anonymous, #lulzsec, #FBI, #Sabu, #deserialization, #bug #bounties, #hackerone, #bugcrowd, #podcast, #de-serialization, #penetration tests, #social #engineering, #CISSP