Podcasts about mubix

Want to hear some amazing stories from the one and only Mubix? Take a listen as this episode we sit down with Mubix and he shares some amazing hacking stories. Don't want to miss any HTB updates? Follow us on social media or join our Discord server: discord.gg/hackthebox

This week we continue our series on how to break into a cybersecurity career with long time industry veteran, Rob Fuller (Mubix). Rob speaks with us about how he started his career in the Marine Corps, his time on Hak5, and more recently earning his Masters degree. Rob also talks about how these experiences has […] The post How to Break Into a Cybersecurity Career – Rob Fuller (Mubix) appeared first on The Shared Security Show.

Introduction Overview of Log4j vuln (as of 16 December 2021) Why is it a big deal? (impact/criticality/risk) Talk about patching vs. mitigation why wasn't this given the same visibility in 2009? Because it's Oracle or Java? Good callout is building slides to brief org leadership, detections, and other educational tools. Vuln fatigue (Java vulns in 2009 and pretty much forever cause us fatigue) Are there other technologies like log4j that prop up the entire world, and we just don't know? Egress traffic (discussed at length on twitter, what problems it solve?) https://twitter.com/mubix/status/1470430085169745920 Latest: https://www.theregister.com/2021/12/14/apache_log4j_v2_16_jndi_disabled_default/ - apache removed JDNI functionality https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/

"Mubix" joins the ghosts in the h4unt3d house and talks about his career, marines, uber, hak5, HBO's "silicone valley" and much more! Thanks Rob!

In this episode of Hack Chat, we dive into the mindset of learning new tools of the trade and discuss how Mubix continues to elevate his skills. Mubix is a Red Teamer who is always looking for a challenge and willing to learn anything to overcome it. Mubix continues to push the limits of his skills, and is one of the most influential people on Twitter discussing everything Red Teaming.Learn more about the Hack Chat series here: https://www.sentinelone.com/lp/hackchat/ Learn more about SentinelOne here: https://www.sentinelone.com

In this episode, we catch up with @mubix (Rob Fuller), a is red teamer turned purple teamer. He started his career in the United States Marine Corps working with explosives and has gone on to have a highly successful career in the security industry working at companies like Rapid7, GE, Uber, Cruise Automation and now Balck Hills Information Security, as well as contributing back in many ways to the security community and speaking at many conferences around the world.Mubix shares his journey, stories along the way, as well as going deeper into both red and purple teaming.

In this episode of the Hack the Planet Podcast: We chat with mubix about the infamous QuickCreds script, writing games in your boot sector, Hak5, and the joys of teaching … and cheating at video games. https://www.amazon.com/Programming-Sector-Games-Toledo-Gutierrez/dp/0359816312 Be a guest on the show! We want your hacker rants! Give us a call on the Hacker … Continue reading "Interview with mubix"

Three stories in one! In this episode we hear about a penetration test from Mubix that he'll never forget, a incident response from Robert M. Lee which completely stunned him, and a social engineering mission from Snow. Podcast recommendation: Moonshot. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rob (@Mubix), recently had a post titled "Friendly Fire." In the post he talks about the red vs. blue dynamic and some of the pitfalls of that attitude. I knew of the red vs. blue dyanmic, but I never thought it would be hurting the security industry. I decided to have Mubix on to discuss the topic a little bit more. We discuss maximizing a pentest and CTFs.

Rob (@Mubix), recently had a post titled "Friendly Fire." In the post he talks about the red vs. blue dynamic and some of the pitfalls of that attitude. I knew of the red vs. blue dyanmic, but I never thought it would be hurting the security industry. I decided to have Mubix on to discuss the topic a little bit more. We define red team vs. blue team and then talk about working together.

Viva Mexico,History lessons,Mubix on the road,PCI train wreck,FU to Anti-Sec,Banking woes,WAF is not security,Voicemails,DefCon draws closer,Thomas Jefferson=encryption badass,@Blackhat and DefCon,Espionage,Microsoft,Missing your PI data,Leeroy Jenkins!

In this episode:We discover Twitter exposes phone numbers without consent,Cloud computing security,Paper tigers,Security incident planning,Story time with Chris and Ryan,Upcoming security conventions (which ones to go to...)

Viva Mexico,History lessons,Mubix on the road,PCI train wreck,FU to Anti-Sec,Banking woes,WAF is not security,Voicemails,DefCon draws closer,Thomas Jefferson=encryption badass,@Blackhat and DefCon,Espionage,Microsoft,Missing your PI data,Leeroy Jenkins!

In this episode:We discover Twitter exposes phone numbers without consent,Cloud computing security,Paper tigers,Security incident planning,Story time with Chris and Ryan,Upcoming security conventions (which ones to go to...)

EP034 Open Source Security Architecture Group Oh boy do we have an episode for you! This is our first ever interview and with an entertaining guy Rob Fuller also known as Mubix. He took the time to discuss with us (well, Max mostly) The plans for the Open Source Security Architecture Group. Or at least ... Read more The post Open Source Security Architecture Group – Episode 034 appeared first on In-security Podcast.

EP034 Open Source Security Architecture Group Oh boy do we have an episode for you! This is our first ever interview and with an entertaining guy Rob Fuller also known as Mubix. He took the time to discuss with us (well, Max mostly) The plans for the Open Source Security Architecture Group. Or at least ... Read more The post Open Source Security Architecture Group – Episode 034 appeared first on In-security Podcast.

In this episode: All things Shellshock DerbyCon was GREAT, thanks for asking Get well soon, Cap'n Crunch Links mentioned in this weeks show: Mubix's existing shellshock attack vectors and PoCsSpiderLabs: Shellshock a Week Later: What We Have SeenDerbycon 2014 VideosHelp John Draper (Cap'n Crunch)

SecuraBit Episode 34This week we welcome Scott Fitzpatrick of Symantec to join our roundtable on the news items of the day.News Items:StrongWebMail Fail - http://www.pcworld.com/businesscenter/article/166314/web_mail_company_to_pay_prize_after_ceo_hacked.htmlTweetDeck still passes authentication in the clearGoogle Apps criticized about their securityiPhone 3.0 Teathering Hack - http://www.jellysms.com/blog/enable-internet-tethering-with-your-iphone-in-2-minutes-on-o2-ireland-with-30-gm/RSnake's SlowLoris (low bandwidth, greedy, poisonus HTTP client) - http://ha.ckers.org/slowloris/Mubix presenting a six hour work shop "From Shell to Owning the Company" at ToorCampDefCon and the Podcasters Meetup- In Sky box 207 and 208 8pm or after the last talk on Saturday night.- Exotic Liability (http://www.exoticliability.com/) and Germaina Newbs (http://grmn00bs.blogspot.com/) will be join the line up.PaulDot Com with Securabity Thursday July 2, 2009 at 7pm.Join us in IRC at irc.freenode.net #securabitOur Next live recording is July 1, 2009 at 8pm EDT.Hosts:Chris Gerling - http://www.chrisgerling.com - @hak5chrisJason Mueller - @securabit_jayChristopher Mills - http://www.packetsense.net - @thechrisamRob Fuller - Mubix - http://room362.com - @MubixAndrew Borel - @andrew_secbitGuests:Scott FitzpatrickLinks:Symantec - http://www.symantec.com/Mubix - Couch to Career - http://www.room362.com/archives/564-couch-to-career-follow-up.html

Here is the audio from the meetup on 2/6 if anyone is interested.  We're releasing this on our feed for anyone who doesn't follow pauldotcom.  It's not edited, just raw audio so if you have any complaints keep them to yourself. ;)Thanks to all who came!

Paul and Larry talk coming at you live from Shmoocon 2009! Special guests include Marcus Carey, Johnny Long, Listener Karl, Mubix, and Matthew Carpenter! Sponsored by Core Security, listen for the new customer discount code at the end of the show Sponsored by Tenable Network Security, creators of Nessus and makers of the Tenable Security Center, software that extends the power of Nessus through sophisticated reporting, remediation workflow, IDS event correlation and much more. Want to register for any SANS conference? Please visit http://www.securityweekly.com/sans/ for our referral program Be sure to check out "Maltego" from Paterva, try the community edition for free! Don't forget to sign up for our Mailing List, Forums, and log into our IRC Channel! Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand

In this episode we talk about Chris Gerling attending the SANS Cyber Defense Initiative 2008 in Washing DC.  He will be taking the Security 508 Computer Forensics, Investigation, and Response course.  If you are at the conference please make sure you look for Chris.  He also plans to take the new GPEN test while there.  We might be bringing the sock monkey to Shmoocon and have him do some interviews. We also spoke about how few businesses are actually checking a persons signature or id for credit cards.  Most businesses are simply not checking the cards like they should be. Chris is beginning to wonder if they will card his fiancee between now and when they get married. After the break we came back and mentioned that we were not going going to drop the Fbomb for 40 bucks as was hinted at in the chat room.  Went into the issue of dns forwarding being done on  CheckFree.com The article was actually from The Washington Post by Brian Krebs.  Anthony put a shout out to Ed Smiley for sending both Mubix and Anthony a copy of  1password.  It was a Great hookup.  Then we covered various apps on the IPhone.  We touched on what the encryption is on a 3g network.  We found a great powerpoint slide show explaining it. After the last break we went into firewall set ups.  Everyone but Anthony is running FIOS so the discussion on how to set up the coax or ethernet wan links ensued.  You will just have to listen to it to see what kind of sense it makes.  We did get lots of comments from our faithfull in the irc channel (irc.freenode.net #Securabit).  From there the show just went down hill with strippers and alcohol. Don't forget to give us a feedback on Itunes so we can bump the old shows off the list. Thanks again for all the donations for the Tip Jar. Hosts: Rob Fuller - Mubix, room362.com Anthony Gartner - AnthonyGartner.com Chris Gerling - Hak5Chris, Chrisgerling.com Chris Mills - ChrisAM Jason Mueller - SecurabitJay Special Guest: Joel Esler from sourcefire.com and Joelesler.net Important links for the show and documents used: http://www.sans.org/cdi08/ http://www.sans.org/training/description.php?mid=98 http://www.sans.org/press/giac_pentest_cert.php http://voices.washingtonpost.com/securityfix/2008/12/hackers_hijacked_large_e-bill.html?nav=rss_blog

Sorry for the delay in getting this episode out this time.  Anthony got stuck with doing some actual work and then we all got hit by the holidays.  We do hope you enjoy the show this week. Mubix attended the CSI Conference and no not CSI on TV, the CSI Anual conference. The topic he found intriguing is Security and Responsibility.  If something happens how and to what extent as security professionals are we responsible and accountable.  This is a topic he brought up on twitter as well and got a lot of replies back.  Some agreeing and some not, Feel free to weigh in on this one. Some of the references that were brought up in response to this topic were Sandboxie, castlecops, and Web of Trust. After the break we went into a discussion on DD Images and using live view on them, but since that was a fail, Chris used QEMU.   You can even go get some test images at ProjectHoneypot.org and convert them using a tool dd2vmdk .  The conversation went into WPA is not Busted.  We referenced Steven Gibson's explantion and Joel Eslers blog posts on the subject.  During the break we discussed a great site as well from Josh Wright about Wireless Vulnerabilities & Exploits After the Break we were able to bring in the real Joel Esler.  Joel is part time batman as well and Joel has aggred to give us at least one batmobile, but we digress.  He actually works for sourcefire.  This is an organzation that you should take a look at, it is well worth your time.  He also is an avid security blogger and has his own blog at Joel Esler.net  Joel talks about he IPS's of today are simply not the same as many of the original IPS's. We lose Joel a little bit during the break and we cut a little more abruptly to break than we normally do.  Sorry about that!  But we kind of ran out of content and time. SecuraBit would like to make sure everyone has a Happy Holidays and don't forget to leave us feedback on Itunes even if you don't listen via Itunes.  We want to get some of these casts out of there that have not posted in years. Hosts: Rob Fuller - Mubix, room362.com Anthony Gartner - AnthonyGartner.com Chris Gerling - Hak5Chris, Chrisgerling.com Chris Mills - ChrisAM Jason Mueller - SecurabitJay Special Guest: Joel Esler from sourcefire.com and Joelesler.net Important links for the show and documents used: http://www.phishtank.com/ http://projecthoneypot.org/ http://www.sourcefire.com/products/3D/?semg=USSFR2&gclid=CISstozXgpcCFQVKtAodijdxXQ http://www.joelesler.net/finshake/Blog/Blog.html http://www.wirelessve.org/news_entries http://en.wikipedia.org/wiki/Dd_(Unix) http://en.wikipedia.org/wiki/QEMU http://isc.sans.org/diary.html?rss http://isc.sans.org/diary.html?storyid=5300 http://www.clamav.net/ http://sandboxie.com/ http://www.castlecops.com/ http://en.wikipedia.org/wiki/Web_of_trust

On this episode of SecuraBit: Multiboot Security DVD Mubix posted an awesome link on his blog to a Multiboot Security DVD that allows you to choose which common security distros, all on one medium! OS Choices: Backtrack 3 Damn Small Linux 4.2.5 GeeXBoX 1.1 (not geekbox ) Damn Vulnerable Linux (Strychnine) 1.4 Knoppix 5.1.1 MPentoo 2006.1 Ophcrack 1.2.2 (with 720 mb tables) Puppy Linux 3.01 Byzantine OS i586-20040404 Make a bootable FAT32 USB stick using Unetbootin Some distros the Securabit guys would like to see added: Helix Intelguardians Samurai RedHat/Fedora OpenSSH Compromises As noted on the Securabit website, a Fedora and Red Hat Enterprise Linux servers were compromised. The ComputerWorld Blog - Linux Security Idiots article explains how the servers were compromised -Stolen SSH keys are used to gain access to the system -After that, rootkit "phalanx2" is installed and steals more SSH keys -Obviously this could be used to install any malware at all The RHEL offshoot CentOS was not affected by the compromise. Joomla Vulnerability US CERT Joomla! Password Reset Vulnerability Joomla Core Exploit Announcement - Password Remind Functionality Joomla user password reset vulnerability being actively exploited BREAK After Break Banter Italy tries to ban PirateBay Awesome Quote: "Fear makes the wolf look bigger" Best Western Pwned Originally Discovered by The Sunday Herald. As many as 8 million accounts compromised Best Western Response Vulnerbilty of BGP This exploit of Border Gateway Protocol allows the attacker to monitor internet traffic and forward it to anywhere in the world. Five hours of traffic was forwarded to New York during Defcon 16. This vulnerability is going to be bigger than the Kaminsky DNS Vuln. Speaking of Dan, he loves Securabit! Defcon presentation from Anton Kapela and Alex Pilosov Border Gateway Protocol Wired - Revealed: The Internet's Biggest Security Hole Wired - More on BGP Attacks -- Updated The Middler Jay Beale - Middler - Release it already! DefCon Talk Audio Steganography Hiding information by slightly altering the binary sequence of a sound file From simple algorithms that insert info in the form of signal noise, to more powerful methods that exploit sophisticated signal processing techniques to hide information. LSB coding (least significant bit):  substitute with a binary msg Parity coding Phase coding:  #  The original sound signal is broken up into smaller segments whose lengths equal the size of the message to be encoded. A Discrete Fourier Transform (DFT) is applied to each segment to create a matrix of the phases and Fourier transform magnitudes. Phase differences between adjacent segments are calculated. Phase shifts between consecutive segments are easily detected. In other words, the absolute phases of the segments can be changed but the relative phase differences between adjacent segments must be preserved. Therefore the secret message is only inserted in the phase vector of the first signal segment as follows: Spread spectrum Two versions of SS can be used in audio steganography: the direct-sequence and frequency-hopping schemes. In direct-sequence SS, the secret message is spread out by a constant called the chip rate and then modulated with a pseudorandom signal. It is then interleaved with the cover-signal. In frequency-hopping SS, the audio file's frequency spectrum is altered so that it hops rapidly between frequencies. Least Significant Bit BREAK Security Justice stops by Tom and Dave from Security Justice -Search for pics of Mubix gets you this -Shmoocon will have another Podcasters Meetup and Hak5 will be there. -List of Hacker/Security Con's Forensic recovery on SSD SSD Forensics: - no physical security hooks that prevent them from being removed from enclosures - ultraviolet laser to wipe out lock bits (encryption) from fuses on chips that secure SSDs - overall easier to erase data on SSD (with encryption) vs HDD Forensics: - Harder to fully erase data 9have to overwrite or physically damage) - easier to fully encrypt Jim handy: hacker could easily unsolder NAND chips from an SSD and read the data using a flash chip programmer, then reassembled using data recovery software. SSDs are hot, but not without security risks Scott A. Moulton presentations on data recovery and forensics. Contact Securabit Securabit Website and Forums IRC: #securabit on irc.feenode.net Join us on LinkedIn Skype Number: (469) 277-2248 Follow us on Twitter - Securabit Delicious Tag: securabit