POPULARITY
On today's episode of the Security Vendor spin-off series, we're joined by Ollie Linsley and Johnny Xmas, Technical Director at GRIMM. During this episode, Johnny shares his journey of how he got into his role as a Technical Director and some of the trials and tribulations he faced during that period. Johnny also talks about his biggest accomplishment to date during his career. Learn more from Johnny: https://www.linkedin.com/in/antoniojohnnymartinelli/ https://twitter.com/J0hnnyXm4s https://www.instagram.com/j0hnnyxm4s/ Take a look at GRIMM here: https://grimmcyber.com/ Want to stay up to date with new episodes? Follow our LinkedIn page for all the latest podcast updates!Head to: https://www.linkedin.com/company/the-route-to-networking-podcast/Interested in following a similar career path? Why don't you take a look at our jobs page, where you can find your next job opportunity? Head to: www.hamilton-barnes.com/jobs/
From boxing talk, laughs and food recipes enjoy a fun podcast with Johnny and I. Follow Coach Johnny on Instagram @unclebigbanks
Johnny Xmas joins us from the I Got One podcast to bring you a dash of news. Cliffy and Jaku are going to have menu items on Fukuburger's Menu. For Real Life! It's going to be awesome, and if you've never been there, you should go. Mario Maker 1 is dead. Soon, the upload servers will be down. Meaning, you can play levels that have been uploaded, but no one will be able to upload more. Will Chain Chomp Braden make it in time? Fall Guys Season 3 is happening. They had a really cool social media campaign for it where 300 people got pieces of the image they sent out and had to work together to solve it. Neo: The World Ends With You has been announced. It was an amazing DS game originally, and we're pretty excited to see what they do with the sequel. There were a lot of delays this week including: Cuphead DLC, Watch Dogs: Legion online, and Five Nights at Freddy's. This week's Hot Take is about the new consoles. The leaps between generations is getting smaller and smaller. Demon's Souls looks amazing, but does it really look like it couldn't be done on the ps4? Will the next generation be an even smaller leap? WE NOW HAVE A PATREON! Check it out at https://www.patreon.com/WarpWorld Check out https://coins.warp.world for a salty treat! You can submit any questions you have to podcast@warp.world for the Ask the Broadcasters segment!
In this episode of Security Headlines, we are joined by the Hacker Johnny Xmas. Johnny is a very interesting character with a lot of fun projects behind him. Join us as we get to hear Johnny's stories as we deep dive into this weeks episode of Security Headlines: ## Venmo After giving a talk about it and releasing software that made everyone able to easily abuse this, Luckily venmo took action and limited the amount of data avaliable. Johnny found a way to generate api keys with just making a simple request to the ## Bypassing Webb application firewalls A lot of firewalls just focus on IP filtering which is a huge problem when, in todays world it is really easy and cheap for a consumer to aquire a large sets off ip addresses. One provider of proxied ip addresses is Hola VPN that lets their free users act as exit nodes that they sell using platforms such as luminate. Other people have adopted this approach but with mobile development toolkits. ## Grimm Johnny is currently working for the security engineering firm Grimm, a company known for its involvement in the ICS(Industrial control system) security work. Currently working on developing Grimm is currently hiring people, do you want to get paid to develop security training platforms ? then Grimm is the place for you! External links: https://twitch.tv/j0hnnyxm4s https://twitter.com/J0hnnyXm4s/ https://www.youtube.com/c/JohnnyXmas/ https://github.com/johnnyxmas/Talk_Decks/tree/master/2019/Sorry%20about%20your%20WAF https://ghost.express/ https://www.cnbc.com/2020/05/07/zoom-buys-keybase-in-first-deal-as-part-of-plan-to-fix-security.html https://www.twitch.tv/mr_horologist https://twitter.com/cigarsec https://www.icsvillage.com/ https://www.grimm-co.com/careers https://en.wikipedia.org/wiki/Venmo https://www.technowize.com/grindr-security-flaw-lets-anyone-hijack-user-accounts/ https://en.wikipedia.org/wiki/Principle_of_least_privilege https://en.wikipedia.org/wiki/Branched-chain_amino_acid https://opihr.com/ https://en.wikipedia.org/wiki/Sub7 https://nmap.org/book/man-nse.html https://en.wikipedia.org/wiki/Less_Than_Jake https://en.wikipedia.org/wiki/Oh,_Sleeper https://luminati.io/ https://selenium.dev/ https://blog.firosolutions.com
Beaches, Bunni3, and Johnny Xmas from Radio Statler join me on this episode of the podcast. We talk about Radio Statler’s journey since they started the radio program at HOPE as well as the state of cons during covid. We journey to the depths of ocean waters to discuss dolphin mating habits. We talk a...
On this podcast, Wes talks to John Xmas. Johnny works for Kasada, a company that offers a security platform to help ensure only your users are logging into your web applications. Johnny is a well-known figure in the security space. The two discuss common attack vectors, the OWASP Top 10, and then walk through what hackers commonly do attempting to compromise a system. The show is full of advice on protecting your systems including topics around Defense in Depth, Time-Based Security, two-factor authentication, logging/alerting, security layers, and much more. Why listen to this podcast: - While there are sophisticated web attacks out there that use things like PhantomJS or Headless Chome, the vast majority of the web application attacks are the same unsophisticated scripted attacks that you always hear about. These are simple scripts using tools like curl and BurpSuite with Python or JavaScript. These simple scripts are still incredibly effective. - OWASP Top 10 really hasn’t changed all that much in the last ten years. For example, despite being the number one approach used to educate defensive engineers on how to protect their apps, SQLI (SQL Injection) is still the most common attack. We continue to repeat the same mistakes that have exposed systems for a decade now. - Phishing is by and far the quickest way to compromise a system. Defensive in Depth, security boundaries, limiting local admin rights are all things that corporations can implement to minimize the blast radius. - Attackers have hundreds of gigs of actual username/password combinations that have been exposed from all the breaches over the past few years. These are often a first step when attempting to compromise a system. It’s more often likely that they will figure out a valid email pattern for a company and then feed actual names into that pattern to go after the username. From there, brute force attacks with those usernames against libraries of passwords is a common approach. - A common approach is to go after an email login. While the email can be a treasure trove of information, it’s more about using those credentials in other places. It’s pretty common, for example, to use those credentials to get into a network with a VPN. - Captcha/reCaptcha is not very effective and preventing these brute force attacks. There are a large number of bypasses and even Mechanical Turk companies that are available to bypass these tools. What can be effective is Time Based Security because it slows the attackers down. If you can slow them down, you can make the attack say long to succeed that they’ll go somewhere else. - Once inside the network, most companies often have little security on internal systems. Multi-factor authentication, not just on the front door, but on internal systems is a huge step in the right direction. Monitoring not only for failed login attempts but, in some situations, valid login attempts (such as when a domain admin logs into a domain controller) should absolutely be used. - When it comes to application security between services within a network, the best advice is to make sure developers really understand what is trying to be accomplished by something like JWT (JSON Web Tokens). Often its the lack of understanding of what they’re actually doing that leads to system vulnerabilities. More on this: Quick scan our curated show notes on InfoQ https://bit.ly/2MSIAXG You can also subscribe to the InfoQ newsletter to receive weekly updates on the hottest topics from professional software development. bit.ly/24x3IVq Subscribe: www.youtube.com/infoq Like InfoQ on Facebook: bit.ly/2jmlyG8 Follow on Twitter: twitter.com/InfoQ Follow on LinkedIn: www.linkedin.com/company/infoq Check the landing page on InfoQ: https://bit.ly/2MSIAXG
Bummed that CypherCon is over? We bring you back with Augmented Reality Podcasting! Johnny Xmas and I sat down after his talk at CypherCon 4.0 and we bring you back into the Con. Among other topics, we discuss (not) flamethrowers, venmo drug dealers, and questioning whether or not there is true altruism. You can check...
GrandPooBear is missing! While he's talking care of his family, Xwater and Jaku are here to entertain! They give you the lowdown on the Farm Simulator Esports League, and how weird that this is becoming the norm. The Wii eshop is closing. Get in and download all of the games you want before it goes down. Is Steam losing ground to the Epic Store? We get a little salty about how many Twitch accounts get hacked. Get tips on how to keep your accounts safe from Jaku. Theres a Hot Take on Sea of Thieves and how many of the top streamers are jumping form Fortnite to be swarthy pirates! They finish it up with a couple of great Side-Questions, including how Poo ACTUALLY got his name! Jaku and Johnny Xmas are doing an AMA on computer security on February 2nd at 3pm est. https://www.reddit.com/r/Twitch/ WE NOW HAVE A PATREON! Check it out at https://www.patreon.com/WarpWorld Check out coins.warp.world for a salty treat! You can submit any questions you have to podcast@warp.world for the Ask the Broadcasters segment!
This week, Keith and Paul interview Johnny Xmas, Director of Field Engineering at Kasada.io! In the Application Security News, Millions of passengers affected by Cathay Pacific Airline Hack, China has been hijacking the internet backbone of Western countries, how proficient are developers at fixing Application Security flaws, MicroTik Router Bug is as bad as it gets, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter! Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Keith, Paul, and Johnny Xmas discuss airport security, penetration testing, the top 5 payment apps, and DevOps infused conversation! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37 Follow us on Twitter: https://www.twitter.com/securityweekly
Keith, Paul, and Johnny Xmas discuss airport security, penetration testing, the top 5 payment apps, and DevOps infused conversation! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37 Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Keith and Paul interview Johnny Xmas, Director of Field Engineering at Kasada.io! In the Application Security News, Millions of passengers affected by Cathay Pacific Airline Hack, China has been hijacking the internet backbone of Western countries, how proficient are developers at fixing Application Security flaws, MicroTik Router Bug is as bad as it gets, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter! Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week we did the podcast LIVE on Twitch! We talk about how busy our next two weeks are with Twitch-Con, Mario Maker Colosseum. Check out our booth at Twitch-Con, Booth 848, where we will be showing off Crowd Control Live! Fortnite’s Fall Skirmish had a lot of lag. We discuss how lag effects Fortnight, and all esports, after a less than satisfying performance during the Fall Skirmish. We get a little salty about Rockstar Games hitting their employees with 100 hour work weeks in the wake of Red Dead 2’s release. “A delayed game is eventually good, a bad game is bad forever.” -Shigeru Miyamoto We have an interview with Johnny Xmas and Jaku about I Got One! I Got One! is the new podcast joining the Warp World Network. Jaku and Johnny come up with the crazy ideas, and give them to you, the listeners, to turn them into reality. Everyone pitches an idea to show you how it’s done, and nothing could possibly go wrong with any of them. Our Hot Take on Discord stealth changing their TOS, and why you should opt-out of it. Email arbitration-opt-out@discord.com to say you’re withdrawing from the changes. Bebo pivots away from streaming software to running tournaments.We were excited for Bebo to enter the streaming arena, but we’re happy they found a niche to thrive in. GameWisp is closing down.If you, or anyone you know, has an account with them, you need to log in and withdraw your money as soon as you can. They will be shutting down services, and if you don’t, they’re keeping the money. Then we close with some Side Quest-ions from our amazing viewers. WE NOW HAVE A PATREON! Check it out at https://www.patreon.com/WarpWorld Check out coins.warp.world for a salty treat! You can submit any questions you have to podcast@warp.world for the Ask the Broadcasters segment!
ShowMeCon is one of my favorite security conferences. The organizers are awesome and take care of their speakers like no other conference. The venue is fantastic. The content is mind blowing. I can't say enough good things about the even that Dave and Renee Chronister put on every year in St. Louis, Missouri. They know how to put on a conference. Regular listeners of the podcast will note that I recorded an episode with Dave on ShowMeCon several weeks ago. After that recording he asked if I was interested in doing a recording at the conference. I said yes and thus the birth of this epic episode. This format is experimental. First, it is marked as explicit, because there is swearing. Second, It's over 90 minutes long. I didn't think breaking it up into four or five pieces would serve the recording well. Send me your feedback good or bad on this episode, because I'd like to do more of these. I would really like to hear it for this episode.