American international information security company
POPULARITY
Nick Guttilla and Emily Astranova, from Mandiant Consulting's Offensive Security team, join host Luke McNamara for an episode on voice-based phishing, or "vishing." Nick and Emily cover their respective blogs and experiences, diving into how they employ vishing techniques to social engineer organizations--both organically and using AI-powered voice cloning to mimic specific employees--during red team engagements. https://cloud.google.com/blog/topics/threat-intelligence/technical-analysis-vishing-threats?e=48754805https://cloud.google.com/blog/topics/threat-intelligence/ai-powered-voice-spoofing-vishing-attacks?e=48754805.
We hit a milestone today as this is our 50th Podcast Episode! A Big thank you to You, our listeners for your continued support!* Kali Linux Users Face Update Issues After Repository Signing Key Loss* CISOs Advised to Secure Personal Protections Against Scapegoating and Whistleblowing Risks* WhatsApp Launches Advanced Chat Privacy to Safeguard Sensitive Conversations* Samsung Confirms Security Vulnerability in Galaxy Devices That Could Expose Passwords* Former Disney Menu Manager Sentenced to 3 Years for Malicious System AttacksKali Linux Users Face Update Issues After Repository Signing Key Losshttps://www.kali.org/blog/new-kali-archive-signing-key/Offensive Security has announced that Kali Linux users will need to manually install a new repository signing key following the loss of the previous key. Without this update, users will experience system update failures.The company recently lost access to the old repository signing key (ED444FF07D8D0BF6) and had to create a new one (ED65462EC8D5E4C5), which has been signed by Kali Linux developers using signatures on the Ubuntu OpenPGP key server. OffSec emphasized that the key wasn't compromised, so the old one remains in the keyring.Users attempting to update their systems with the old key will encounter error messages stating "Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify signature."To address this issue, the Kali Linux repository was frozen on February 18th. "In the coming day(s), pretty much every Kali system out there will fail to update," OffSec warned. "This is not only you, this is for everyone, and this is entirely our fault."To avoid update failures, users are advised to manually download and install the new repository signing key by running the command: sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpgFor users unwilling to manually update the keyring, OffSec recommends reinstalling Kali using images that include the updated keyring.This isn't the first time Kali Linux users have faced such issues. A similar incident occurred in February 2018 when developers allowed the GPG key to expire, also requiring manual updates from users.CISOs Advised to Secure Personal Protections Against Scapegoating and Whistleblowing Riskshttps://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727392520218001o5wvhttps://www.theregister.com/2025/04/28/ciso_rsa_whistleblowing/Chief Information Security Officers should negotiate personal liability insurance and golden parachute agreements when starting new roles to protect themselves in case of organizational conflicts, according to a panel of security experts at the RSA Conference.During a session on CISO whistleblowing, experienced security leaders shared cautionary tales and strategic advice for navigating the increasingly precarious position that has earned the role the nickname "chief scapegoat officer" in some organizations.Dd Budiharto, former CISO at Marathon Oil and Philips 66, revealed she was once fired for refusing to approve fraudulent invoices for work that wasn't delivered. "I'm proud to say I've been fired for not being willing to compromise my integrity," she stated. Despite losing her position, Budiharto chose not to pursue legal action against her former employer, a decision the panel unanimously supported as wise to avoid industry blacklisting.Andrew Wilder, CISO of veterinarian network Vetcor, emphasized that security executives should insist on two critical insurance policies before accepting new positions: directors and officers insurance (D&O) and personal legal liability insurance (PLLI). "You want to have personal legal liability insurance that covers you, not while you are an officer of an organization, but after you leave the organization as well," Wilder advised.Wilder referenced the case of former Uber CISO Joe Sullivan, noting that Sullivan's Uber-provided PLLI covered PR costs during his legal proceedings following a data breach cover-up. He also stressed the importance of negotiating severance packages to ensure whistleblowing decisions can be made on ethical rather than financial grounds.The panelists agreed that thorough documentation is essential for CISOs. Herman Brown, CIO for San Francisco's District Attorney's Office, recommended documenting all conversations and decisions. "Email is a great form of documentation that doesn't just stand for 'electronic mail,' it also stands for 'evidential mail,'" he noted.Security leaders were warned to be particularly careful about going to the press with complaints, which the panel suggested could result in even worse professional consequences than legal action. Similarly, Budiharto cautioned against trusting internal human resources departments or ethics panels, reminding attendees that HR ultimately works to protect the company, not individual employees.The panel underscored that proper governance, documentation, and clear communication with leadership about shared security responsibilities are essential practices for CISOs navigating the complex political and ethical challenges of their role.WhatsApp Launches Advanced Chat Privacy to Safeguard Sensitive Conversationshttps://blog.whatsapp.com/introducing-advanced-chat-privacyWhatsApp has rolled out a new "Advanced Chat Privacy" feature designed to provide users with enhanced protection for sensitive information shared in both private and group conversations.The new privacy option, accessible by tapping on a chat name, aims to prevent the unauthorized extraction of media and conversation content. "Today we're introducing our latest layer for privacy called 'Advanced Chat Privacy.' This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp announced in its release.When enabled, the feature blocks other users from exporting chat histories, automatically downloading media to their devices, and using messages for AI features. According to WhatsApp, this ensures "everyone in the chat has greater confidence that no one can take what is being said outside the chat."The company noted that this initial version is now available to all users who have updated to the latest version of the app, with plans to strengthen the feature with additional protections in the future. However, WhatsApp acknowledges that certain vulnerabilities remain, such as the possibility of someone photographing a conversation screen even when screenshots are blocked.This latest privacy enhancement continues WhatsApp's long-standing commitment to user security, which began nearly seven years ago with the introduction of end-to-end encryption. The platform has steadily expanded its privacy capabilities since then, implementing end-to-end encrypted chat backups for iOS and Android in October 2021, followed by default disappearing messages for new chats in December of the same year.More recent security updates include chat locking with password or fingerprint protection, a Secret Code feature to hide locked chats, and location hiding during calls by routing connections through WhatsApp's servers. Since October 2024, the platform has also encrypted contact databases for privacy-preserving synchronization.Meta reported in early 2020 that WhatsApp serves more than two billion users across over 180 countries, making these privacy enhancements significant for a substantial portion of the global messaging community.Samsung Confirms Security Vulnerability in Galaxy Devices That Could Expose Passwordshttps://us.community.samsung.com/t5/Suggestions/Implement-Auto-Delete-Clipboard-History-to-Prevent-Sensitive/m-p/3200743Samsung has acknowledged a significant security flaw in its Galaxy devices that potentially exposes user passwords and other sensitive information stored in the clipboard.The issue was brought to light by a user identified as "OicitrapDraz" who posted concerns on Samsung's community forum on April 14. "I copy passwords from my password manager all the time," the user wrote. "How is it that Samsung's clipboard saves everything in plain text with no expiration? That's a huge security issue."In response, Samsung confirmed the vulnerability, stating: "We understand your concerns regarding clipboard behavior and how it may affect sensitive content. Clipboard history in One UI is managed at the system level." The company added that the user's "suggestion for more control over clipboard data—such as auto-clear or exclusion options—has been noted and shared with the appropriate team for consideration."One UI is Samsung's customized version of Android that runs on Galaxy smartphones and tablets. The security flaw means that sensitive information copied to the clipboard remains accessible in plain text without any automatic expiration or encryption.As a temporary solution, Samsung recommended that users "manually clear clipboard history when needed and use secure input methods for sensitive information." This stopgap measure puts the burden of security on users rather than providing a system-level fix.Security experts are particularly concerned now that this vulnerability has been publicly acknowledged, as it creates a potential "clipboard wormhole" that attackers could exploit to access passwords and other confidential information on affected devices. Users of Samsung Galaxy devices are advised to exercise extreme caution when copying sensitive information until a more comprehensive solution is implemented.Former Disney Menu Manager Sentenced to 3 Years for Malicious System Attackshttps://www.theregister.com/2025/04/29/former_disney_employee_jailed/A former Disney employee has received a 36-month prison sentence and been ordered to pay nearly $688,000 in fines after pleading guilty to sabotaging the entertainment giant's restaurant menu systems following his termination.Michael Scheuer, a Winter Garden, Florida resident who previously served as Disney's Menu Production Manager, was arrested in October and charged with violating the Computer Fraud and Abuse Act (CFAA) and committing aggravated identity theft. He accepted a plea agreement in January, with sentencing finalized last week in federal court in Orlando.According to court documents, Scheuer's June 13, 2024 termination from Disney for misconduct was described as "contentious and not amicable." In July, he retaliated by making unauthorized access to Disney's Menu Creator application, hosted by a third-party vendor in Minnesota, and implementing various destructive changes.The attacks included replacing Disney's themed fonts with Wingdings, rendering menus unreadable, and altering menu images and background files to display as blank white pages. These changes propagated throughout the database, making the Menu Creator system inoperable for one to two weeks. The damage was so severe that Disney has since abandoned the application entirely.Particularly concerning were Scheuer's alterations to allergen information, falsely indicating certain menu items were safe for people with specific allergies—changes that "could have had fatal consequences depending on the type and severity of a customer's allergy," according to the plea agreement. He also modified wine region labels to reference locations of mass shootings, added swastika graphics, and altered QR codes to direct customers to a website promoting a boycott of Israel.Scheuer employed multiple methods to conduct his attacks, including using an administrative account via a Mullvad VPN, exploiting a URL-based contractor access mechanism, and targeting SFTP servers that stored menu files. He also conducted denial of service attacks that made over 100,000 incorrect login attempts, locking out fourteen Disney employees from their enterprise accounts.The FBI executed a search warrant at Scheuer's residence on September 23, 2024, at which point the attacks immediately ceased. Agents discovered virtual machines used for the attacks and a "doxxing file" containing personal information on five Disney employees and a family member of one worker.Following his prison term, Scheuer will undergo three years of supervised release with various conditions, including a prohibition on contacting Disney or any of the individual victims. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
We've been in enough conversations to know when something clicks. This one did — and it did from the very first moment.In our debut Brand Story with White Knight Labs, we sat down with co-founders John Stigerwalt and Greg Hatcher, and what unfolded was more than a company intro — it was a behind-the-scenes look at what offensive security should be.John's journey is the kind that earns your respect quickly: he started at the help desk and worked his way to CISO, before pivoting into red teaming and co-founding WKL. Greg's path was more unconventional — from orchestral musician to Green Beret to cybersecurity leader. Two very different stories, but a shared philosophy: learn by doing, adapt without a manual, and never take the easy route when something meaningful is on the table.That mindset now defines how White Knight Labs works with clients. They don't sell cookie-cutter pen tests. Instead, they ask the right question up front: How does your business make money? Because if you can answer that, you can identify what a real-world attacker would go after. Then they simulate it — not in theory, but in practice.Their ransomware simulation service is a perfect example. They don't just show up with a scanner. They emulate modern adversaries using Cobalt Strike, bypassing endpoint defenses with in-house payloads, encrypting and exfiltrating data like it's just another Tuesday. Most clients fail the test — not because they're careless, but because most simulations aren't this real.And that's the point.White Knight Labs isn't here to help companies check a box. They're here to expose the gaps and raise the bar — because real threats don't play fair, and security shouldn't pretend they do.What makes them different is what they don't do. They're not an all-in-one shop, and they're proud of that. They won't touch IR for major breaches — they've got partners for that. They only resell hardware and software they've personally vetted. That honesty builds credibility. That kind of focus builds trust.Their training programs are just as intense. Between live DEF CON courses and their online platform, they're giving both new and experienced professionals a chance to train the way they operate: no shortcuts, no watered-down certs, just hard-earned skills that translate into real-world readiness.Pass their ODPC certification, and you'll probably get a call — not because they need to check a hiring box, but because it proves you're serious. And if you can write loaders that bypass real defenses? You're speaking their language.This first conversation with John and Greg reminded us why we started this series in the first place. It's not just about product features or service offerings — it's about people who live and breathe what they do, and who bring that passion into every test, every client call, and every training they offer.We've got more stories with them on the way. But if this first one is any sign of what's to come, we're in for something special.⸻Learn more about White Knight Labs: Guests:John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/White Knight Labs Website | https://itspm.ag/white-knight-labs-vukr______________________Keywords: penetration testing, red team, ransomware simulation, offensive security, EDR bypass, cybersecurity training, White Knight Labs, advanced persistent threat, cybersecurity startup, DEF CON training, security partnerships, cybersecurity services______________________ResourcesVisit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukrLearn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labsLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Joshua Crumbaugh joins us for a special Thursday edition of The Virtual CISO Moment. With over 20 years of experience in cybersecurity, he is the CEO of PhishFirewall, a company that helps organizations solve their phishing problem. He has a credential in Offensive Security and has published a book on cybersecurity education and awareness. Join us as we discuss the human factor in securing information. Also, if you're in the Huntsville Alabama area, catch his keynote at BSides Huntsville THIS SATURDAY (April 12, 2025), where he will discuss the launch of an exciting new product. Here's a hint from a recent post of his: "Ready to STOP phishing COLD? 'Emotional Intelligence EQ' is the new superpower in combatting social engineering attacks."
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastIn this episode of Cyberwork Hacks, host Chris Sanko welcomes Infosec Skills Instructor Robert Morrell to discuss his learning path, "ChatGPT for Offensive Security." Morrell outlines the seven-course path, including five courses of learning and two interactive labs, focused on using ChatGPT in various offensive security tasks. The discussion includes crafting cross-site scripting attacks, generating phishing campaigns and engineering prompts for optimal results. Morrell also provides insight on effectively using ChatGPT to write detailed bug reports and demonstrate AI security skills to potential employers. Additionally, he shares information about his company, Pointless AI, a platform for bug bounty and vulnerability disclosure services. This episode offers a comprehensive guide for cybersecurity professionals looking to integrate AI tools into their offensive security toolkit.00:00 Introduction to Cyberwork Hacks and guest Robert Morrell00:08 Overview of ChatGPT for offensive security learning path02:53 Understanding ChatGPT and its applications04:57 Comparing ChatGPT with other AI models07:24 Deep dive into the offensive security learning path12:52 Using ChatGPT for offensive security in real-world scenarios14:43 Final thoughts and advice on using ChatGPT18:37 Conclusion and additional resources– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
Dr. Dave Chatterjee hosts a discussion on elevating your offensive program with Mark Carney, CEO @ Evolve Security, and Yaron Levi, Chief Information Security Officer (CISO) at Dolby Labs. They emphasize the importance of a proactive, continuous approach to cybersecurity, contrasting it with traditional reactive measures. Key points include the need for a threat-informed, programmatic mindset, continuous threat exposure management (CTEM), and the integration of business objectives. They stress the importance of intelligence, risk assessment, and the role of third-party providers as partners. The conversation highlights the necessity of senior leadership commitment and the challenges of defining and measuring risk in cybersecurity.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-81-elevating-your-offensive-security-program/Latest Articles and Press Release on The Cybersecurity Readiness Podcast Series:Dr. Dave Chatterjee Hosts Global Podcast Series on Cyber Readiness, Yahoo!Finance, Dec 16, 2024Dr. Dave Chatterjee Hosts Global Podcast Series on Cyber Readiness, Marketers Media, Dec 12, 2024.Cybersecurity Readiness Podcast by Dr. Dave Chatterjee Reaches 10,000 Downloads Globally, Business Insider/Markets Insider, Dec 10, 2024.Connect with Host Dr. Dave Chatterjee and Subscribe to the PodcastPlease subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes are released every two weeks. Connect with Dr. Chatterjee on these platforms: LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712Latest Publications & Press Releases:Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024.
Join us for this replay of episode 78 - an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360.Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense.Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire organizations.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
Oege de Moor, the creator of GitHub Copilot, discusses how XBOW's AI offensive security system matches and even outperforms top human penetration testers, completing security assessments in minutes instead of days. The team's speed and focus is transforming the niche market of pen testing with an always-on service-as-a-software platform. Oege describes how he is building a large and sustainable business while also creating a product that will “protect all the software in the free world.” XBOW shows how AI is essential for protecting software systems as the amount of AI-generated code increases along with the scale and sophistication of cyber threats. Hosted by: Konstantine Buhler and Sonya Huang, Sequoia Capital Mentioned in this episode: Semmle: Oege's previous startup, a code analysis tool to secure software, acquired in 2019 by GitHub Nico Waisman: Head of security at XBOW, previously a researcher at Semmle The Bitter Lesson: Highly influential post by Richard Sutton HackerOne: Cybersecurity company that runs one of the largest bug bounty programs Suno: AI songwriting app that Oege loves Machines of Loving Grace: Essay by Anthropic founder, Dario Amodei
Jane Lo, MySecurity Media Singapore Correspondent sat down with Syed Ubaid Ali Jafri, Head of Cyber Defense and Offensive Security at Habib Bank Limited (HBL), at Tech Week Singapore, to get his insights on the sophistication of these threats. We delved into:Motivations for Attacks on Financial Institutions:Financial gain and data exploitation are prime motivations behind phishing and cyber attacks targeting banks. Attackers seek customer data, card details, and account balances, which they can use to extort or sell for profit.Financial institutions are particularly vulnerable due to their reputational concerns, leading some to pay ransoms to protect customer privacy.Increasing Accessibility of Cybercrime Tools:Advanced phishing tools, previously available only on the dark web, are now accessible on the surface web, enabling even less-skilled cybercriminals to launch attacks.With the rise of AI, non-experts can craft convincing phishing emails, bypassing traditional spam filters and reaching unsuspecting targets.Role of AI in Sophisticated Cyber Attacks:Gen AI and voice cloning technology make phishing more personalized and convincing, allowing attackers to craft emails and messages that mimic the target's language and communication style.The evolution from simple phishing to sophisticated voice and deepfake attacks was also highlighted, showing how AI can now be used to clone voices and create realistic fake videos with as few as 15 images.Challenges in Detecting AI-Driven Phishing and Deepfake Attacks:Deepfake technology makes it challenging for the average user to distinguish between real and fake communications. Convincing voice and video deepfakes are increasingly used in spear-phishing, targeting specific individuals with tailored scams.AI-powered tools generate flawless text, removing traditional phishing indicators like spelling errors or urgency cues, which previously helped users identify phishing emails.Recommendations for Protection:Users are advised to be cautious about what they share online, as personal information posted publicly can help cybercriminals tailor their attacks.Security tools like deepfake detection software can help individuals identify fake voices or videos, though awareness and cautious online behavior remain critical.Cybersecurity education is essential, with both vendors and users needing awareness of AI-driven threats to implement better protective measuresRecorded 10th Oct 2024, Tech Week Singapore 2024, 12.40pm.#mysecuritytv
Send us a textGet ready to be inspired by Serena, also known as SheNetworks, as she shares her exciting transformation from a Best Buy employee to a leading voice in cybersecurity. Celebrating Tim's birthday and Election Day, this episode is packed with fascinating insights into Serena's career journey and the unexpected twists that led her from the world of network engineering to the challenging field of penetration testing. You'll hear firsthand how the monotony of network engineering sparked her interest in the fast-paced, ever-evolving world of offensive security.Join us as we uncover the intriguing world of penetration testing, where Serena reveals the techniques and tools employed by professionals to mimic real-world cyber threats. You'll learn about the concept of "assumed compromise," the thrill of privilege escalation, and the critical importance of thorough reporting and documentation. Discover how open-source tools like Mimikatz play a significant role in both protecting and threatening systems and why early detection and a robust incident response strategy are vital to cybersecurity.The ethical challenges faced by cybersecurity experts are also on the table, as Serena shares her experiences in educating clients while maintaining trust and avoiding blame. From the technical details of exploiting network protocols to the complexities of cloud penetration testing, this episode offers a deep dive into the human elements of the industry. Explore the necessity of understanding networking fundamentals, the nuances of zero trust security principles, and the dynamic interplay between pen testing and red teaming. Whether you're a cybersecurity enthusiast or simply curious about the field, this episode promises a wealth of knowledge and engaging anecdotes.How to connect with our guest:@shenetworks on Twitter/XCheck out the Fortnightly Cloud Networking Newshttps://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/Visit our website and subscribe: https://www.cables2clouds.com/Follow us on Twitter: https://twitter.com/cables2cloudsFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatj
If a business wants to know what an adversary might be capable of, they can seek the help of a red team. These cybersecurity professionals are tasked with emulating adversary activity to achieve specific objectives in their clients' environments. Their goal is to find an organization's weaknesses — before a real adversary does — so it can strengthen its security posture. But what does a red team actually do, and who are the people on these teams? In this episode, Cristian is joined by CrowdStrike Director of Professional Services Vincent Uguccioni and Professional Services Principal Consultant Brent Harrell to dive into all things red teaming. Both seasoned experts with fascinating backgrounds, Vincent and Brent define what red teaming is (and what it isn't), explain how it has evolved, debunk common misconceptions about what red teamers do and explain the value of the many different skills the members of a red team have. The goal of the red team is to help, not hurt. Red teamers may need to think like an adversary when they're navigating a client environment, but their broader strategy involves collaborating with the client and blue team to guide remediation and improve the client's security. Vincent and Brent also walk us through the process of a red team engagement, from initial client discussions to final reporting, and share how they adjust their approaches as adversary techniques evolve. And if you're interested in becoming a red teamer, they share some guidance for that as well. On a related note, we recently introduced CrowdStrike AI Red Team Services. Read our blog for more details: https://www.crowdstrike.com/en-us/blog/crowdstrike-launches-ai-red-team-services/
In this episode of the Trust Issues Podcast, host David Puner sits down with CyberArk's resident technical evangelist, white hat hacker and transhuman, Len Noe. They dive into Len's singular journey from a black hat hacker to an ethical hacker, exploring his identity reinvention and the fascinating world of subdermal microchip implants and offensive security. Len shares insights from his new book, "Human Hacked: My Life and Lessons as the World's First Augmented Ethical Hacker," which releases on October 29. They also discuss the relevance of Len's transhuman identity to his work in identity security.
Seemant Seghal is founder & CEO of BreachLock, a global leader in Penetration Testing as a Service (PTaaS) that serves over 900 clients in more than 20 countries, has been working with chief information security officers (CISOs) for 20 years. Learn more about BreachLock at https://breachlock.com. For more on cybersecurity, visit us at https://cybersecurityventures.com/
In this episode we sit down with the Founder/CEO of Horizon3.ai to discuss disrupting the Pen Testing and Offensive Security ecosystem, and building and scaling a security startup - from a founders perspective.From HP, to Splunk to JSOC - all leading to founding Horizon3, Snehal brings a unique perspective of business acumen and technical depth and puts on a masterclass around venture, founding and scaling a team and disrupting the industry!---- For those not familiar with your background who Horizon3AI, can you tell us a bit about both?You are building something special at Horizon3AI and I will dive into that here soon, but you've also been posting some great content about building a security startup, the team, the market dynamics and more, so I wanted to spend a little time chatting about that. - First off, your company was recently listed by Forbes as one of the top 25 venture backed startups likely to reach a $1 billion dollar valuation. How did that feel and what do you think contributed to your team landing on such a prestigious list?- Speaking of venture backed, you recently participated in the Innovators and Investors Summit at BlackHat where you and other panelists dove into the topic of what founders should look for in investors and how VC's can stand out in a highly competitive market. As someone who's navigated that journey and is now being listed on lists such as that from Forbes - what are some of your key lessons learned and recommendations for early-stage founders?- You've stressed the importance of the team over the initial idea and what you've called "pace setters" and "ankle weights" within the team and the importance of both. Can you elaborate on the terms and broader context around building a foundational team to scale the company successfully?- You also have discussed the 4 advantages iconic companies build over time, what are they and why do they help differentiate you?- Pivoting a bit, you have a really unique background, blending both the private and public/defense sector. How do you think that's helped shape you and the way you've build your team and company and approach the market?- Horizon3AI is big on the mantra of "offense informed defense". Why is that critical and why do you think we miss the value in this approach in many spaces in the security ecosystem?- You all have poked some fun at the way many organizations operate, running vuln scans, doing an annual pen test, and having a false sense of security. How is Horizon3AI disrupting the traditional Pen Testing space and leading to more secure organizational outcomes?
In this episode, Ron sits down at Black Hat with guest Seemant Sehgal, Founder & CEO of BreachLock, to learn more about how offensive security, such as red teaming and pen testing, fits into the cyber ecosystem. Seemant highlights how his background as a practitioner has helped him better understand the pain points that customers feel and assist them in making the most of their budget. Impactful Moments: 00:00 - Welcome 00:50 - Introducing Guest, Seemant Sehgal 02:47 - Penetration Testing vs Red Teaming 05:22 - What A Hacker Wants 06:17 - From our Sponsor, BreachLock 07:35 - There's Always A ‘Low Hanging Fruit' 08:49 - Trusted Partners 10:49 - Closing Doors On Hackers 13:08 - Advice to Entrepreneurs: Knowing Your ‘Why' Links: Connect with our guest, Seemant Sehgal: https://www.linkedin.com/in/s-sehgal/ Check out BreachLock: https://www.breachlock.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Text us feedback!Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented features and firmware flaws with far-reaching security implications.- Real-world examples highlighting the importance of pen testing medical devices, including the potential for increased medication dosing due to infusion pump flaws.- A deep dive into the broad-reaching impact of exploited vulnerabilities, from chaos in hospitals to privacy breaches through interconnected devices and mobile apps.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.comBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
Thoughts on shared responsibility models after the Snowflake credential attacks, looking at AI's current and future role in offensive security, secure by design lessons from Apple's Private Cloud Computer, and more! Show Notes: https://securityweekly.com/asw-289
Thoughts on shared responsibility models after the Snowflake credential attacks, looking at AI's current and future role in offensive security, secure by design lessons from Apple's Private Cloud Computer, and more! Show Notes: https://securityweekly.com/asw-289
Bishop Fox CEO and Cofounder Vinnie Liu joins the Nexus Podcast to discuss his team's role during security incidents in conducting offensive security testing alongside incident response activities. In healthcare environments where ransomware is the leading threat, red-teams and other offensive security specialists are called in, Liu said, to ensure that secondary attack vectors cannot be leveraged by attackers to maintain persistence inside an organization.
Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Vinnie Liu on Offensive Security Testing During IncidentsPub date: 2024-06-10Bishop Fox CEO and Cofounder Vinnie Liu joins the Nexus Podcast to discuss his team's role during security incidents in conducting offensive security testing alongside incident response activities. In healthcare environments where ransomware is the leading threat, red-teams and other offensive security specialists are called in, Liu said, to ensure that secondary attack vectors cannot be leveraged by attackers to maintain persistence inside an organization. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Vinnie Liu on Offensive Security Testing During IncidentsPub date: 2024-06-10Bishop Fox CEO and Cofounder Vinnie Liu joins the Nexus Podcast to discuss his team's role during security incidents in conducting offensive security testing alongside incident response activities. In healthcare environments where ransomware is the leading threat, red-teams and other offensive security specialists are called in, Liu said, to ensure that secondary attack vectors cannot be leveraged by attackers to maintain persistence inside an organization. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
On this episode of the Futurum Tech Webcast, host Shira Rubinoff is joined by JLL's Doug Shepherd, Senior Director Offensive Security, for a conversation on the key insights and takeaways from Tanium's Converge Conference. Their discussion covers: The evolving landscape of cybersecurity challenges faced by organizations today Strategic insights into offensive security measures Best practices for organizations to enhance their cybersecurity posture The role of collaboration and knowledge sharing in advancing cybersecurity defenses Future trends and predictions in cybersecurity Learn more at JLL.
Host Karl Palachuk interviews Wes Hutcherson and Stuart Ashenbrenner from Huntress on the challenges and (and victories) of securing macOS endpoints. As you know, MacOS represents a growing percentage of the business device operating system market, outperforming both Linux and ChromeOS. Since this is going to be a growing portion of the endpoints you support, it's good to know how you're doing to do that. And with so many "home" and personal devices now being used for company purposes, quick response is important as well. The panel addresses the challenges of the MacOS users - including their persistent reluctance to believe that their devices need protection at all! There is a false sense of security around MacOS, driven by old-school understandings of Mac security and the realities of well-funded adversaries on the dark web. MacOS malware now accounts for 6.2% of all endpoint OS malware. Half of all MacOS users have been affected by malware, hacking, or scams. You can expect that to grow as well. ----- Thanks to Huntress for sponsoring the SMB Community Podcast. Partners can learn more at https://www.huntress.com/karl Wes Hutcherson is the Director of Product Marketing for Huntress where he oversees market intelligence and go-to-market strategies. His multi-faceted technology and cyber security experience spans over a decade with market leaders such as Bishop Fox, eSentire, Hewlett-Packard, and Dell SecureWorks, covering Managed Detection and Response, Governance, Risk, and Compliance, Continuous Threat Exposure Management, Offensive Security, and other topics. Stuart Ashenbrenner works at Huntress as a Staff macOS Researcher, focusing on macOS security and development. He has spoken at various conferences about macOS security, including Objective by the Sea. He is co-author and core developer on the open source, macOS incident response tool called Aftermath. He has perviously worked as a macOS detections engineer and a software engineer. :-) — Our upcoming events and more: Register for James's class at ITSPU! 5W22 – MSP Professional Sales is live. Enroll today: https://www.itspu.com/all-classes/classes/msp-professional-sales-program/ MASTERMIND LIVE – Tampa, FL – June 27-28th http://bit.ly/kernanmastermind Use “EARLYBIRD” as the coupon code to save $200! Check out Amy's weekly newsletter! Sign up now: https://mailchi.mp/thirdtier/small-business-tech-news Kernan Consulting “Weekly Tips”! Sign up now: https://kernanconsulting.com/ Our Social Links: https://www.linkedin.com/in/james-kernan-varcoach/ https://www.facebook.com/james.kernan https://www.facebook.com/karlpalachuk/ https://www.linkedin.com/in/karlpalachuk/ https://www.linkedin.com/in/amybabinchak/ https://www.facebook.com/amy.babinchak/ https://thirdtier.net https://www.youtube.com/@ThirdTierIT --- Sponsor Memo: Huntress Today's SMB Community Podcast is brought to you by Huntress Managed Security. Cybersecurity is more than software—it's also the expertise needed to effectively fight against today's evolving threat landscape. Huntress Managed Security is custom-built to provide human expertise and save your clients from cyber threats. Huntress' suite of fully managed cybersecurity solutions is powered by a 24/7, human-led SOC dedicated to around-the-clock monitoring, expert investigation, and rapid response. While you focus on growing your business, we provide first response to hackers. Huntress has the #1 rated EDR for SMBs on G2 and a partner support Satisfaction score average of 99%. To start a trial today, visit https://huntress.com/karl
Podcast: teissPodcast - Cracking Cyber Security (LS 31 · TOP 5% what is this?)Episode: teissTalk: Assessing and mitigating risks in your OT environmentPub date: 2024-03-29Ensuring your risk management framework meets your organisation's needsRansomware, legacy devices and remote access - risk trends for OTWhy you should prioritise risks based on the likelihood of exploitation as well as impactThis episode is hosted by Thom Langfordhttps://www.linkedin.com/in/thomlangford/Syed Ubaid Ali Jafri, Head of Cyber Defence & Offensive Security, HBL - Habib Bank Limitedhttps://www.linkedin.com/in/ubaidjafriGiles Dunn, Partner & OT Cyber Security leader, EYhttps://www.linkedin.com/in/giles-dunn-6485a2117/Amir Preminger, VP Research, Clarotyhttps://www.linkedin.com/in/amir-preminger-207a0553/Max Higginson, Cyber Security Manager (ICS/OT), Dominos UKhttps://www.linkedin.com/in/max-higginson/The podcast and artwork embedded on this page are from TEISS, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: teissPodcast - Cracking Cyber Security (LS 31 · TOP 5% what is this?)Episode: teissTalk: Assessing and mitigating risks in your OT environmentPub date: 2024-03-29Ensuring your risk management framework meets your organisation's needsRansomware, legacy devices and remote access - risk trends for OTWhy you should prioritise risks based on the likelihood of exploitation as well as impactThis episode is hosted by Thom Langfordhttps://www.linkedin.com/in/thomlangford/Syed Ubaid Ali Jafri, Head of Cyber Defence & Offensive Security, HBL - Habib Bank Limitedhttps://www.linkedin.com/in/ubaidjafriGiles Dunn, Partner & OT Cyber Security leader, EYhttps://www.linkedin.com/in/giles-dunn-6485a2117/Amir Preminger, VP Research, Clarotyhttps://www.linkedin.com/in/amir-preminger-207a0553/Max Higginson, Cyber Security Manager (ICS/OT), Dominos UKhttps://www.linkedin.com/in/max-higginson/The podcast and artwork embedded on this page are from TEISS, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Guest: Tim Fowler, Offensive Security Analyst, Black Hills Information Security [@BHinfoSecurity]On LinkedIn | https://www.linkedin.com/in/roobixx/On Twitter | https://twitter.com/roobixxAt HackSpaceCon | https://www.hackspacecon.com/speakers24#tim-fowler____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this thought-provoking episode of On Location with Sean and Marco, we soar into the fascinating world of space cybersecurity with our esteemed guest, Tim Fowler. As a penetration tester at Black Hills Information Security, specializing in offensive security, Tim shares his intriguing transition from focusing on terrestrial cybersecurity challenges to those within the space domain.With the space industry rapidly democratizing, he highlights the urgency for better securing our assets in space, drawing a compelling parallel with the historical oversight in the industrial control systems (ICS) sector. The conversation explores the unique challenges and opportunities space cybersecurity presents, including the emerging need for governance, risk, and compliance (GRC) frameworks tailored for space. Tim's insights shed light on the importance of secure software development and contingency planning in this critical yet exhilarating field.Additionally, Tim enthuses about his upcoming workshop at HackSpaceCon, 'Bring Your Own Satellite' (BYOS), aimed at demystifying space cybersecurity through hands-on experience with virtual satellites. The episode also humorously touches upon the concept of 'Deorbit plans' and the fanciful notion of hacking the 'Death Star,' blending deep technical discussion with engaging speculative thought.This episode is a must-listen for anyone curious about the nexus of cybersecurity and space exploration, offering a unique perspective on a domain that is becoming increasingly integral to our daily lives and future aspirations.Key Questions AddressedHow can cybersecurity principles be applied to the space domain?What challenges does the democratization of space present to cybersecurity?How does one begin building a virtual satellite lab?____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage____________________________ResourcesHackSpaceCon: https://www.hackspacecon.com/About Tim's "Bring Your Own Satellite" Workshop: https://www.linkedin.com/posts/roobixx_satellitecommunication-virtuallab-spacetech-activity-7168236170760404992-uY1_/____________________________To see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More
Ensuring your risk management framework meets your organisation's needsRansomware, legacy devices and remote access - risk trends for OTWhy you should prioritise risks based on the likelihood of exploitation as well as impactThis episode is hosted by Thom Langfordhttps://www.linkedin.com/in/thomlangford/Syed Ubaid Ali Jafri, Head of Cyber Defence & Offensive Security, HBL - Habib Bank Limitedhttps://www.linkedin.com/in/ubaidjafriGiles Dunn, Partner & OT Cyber Security leader, EYhttps://www.linkedin.com/in/giles-dunn-6485a2117/Amir Preminger, VP Research, Clarotyhttps://www.linkedin.com/in/amir-preminger-207a0553/Max Higginson, Cyber Security Manager (ICS/OT), Dominos UKhttps://www.linkedin.com/in/max-higginson/
Guest: Tim Fowler, Offensive Security Analyst, Black Hills Information Security [@BHinfoSecurity]On LinkedIn | https://www.linkedin.com/in/roobixx/On Twitter | https://twitter.com/roobixxAt HackSpaceCon | https://www.hackspacecon.com/speakers24#tim-fowler____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this thought-provoking episode of On Location with Sean and Marco, we soar into the fascinating world of space cybersecurity with our esteemed guest, Tim Fowler. As a penetration tester at Black Hills Information Security, specializing in offensive security, Tim shares his intriguing transition from focusing on terrestrial cybersecurity challenges to those within the space domain.With the space industry rapidly democratizing, he highlights the urgency for better securing our assets in space, drawing a compelling parallel with the historical oversight in the industrial control systems (ICS) sector. The conversation explores the unique challenges and opportunities space cybersecurity presents, including the emerging need for governance, risk, and compliance (GRC) frameworks tailored for space. Tim's insights shed light on the importance of secure software development and contingency planning in this critical yet exhilarating field.Additionally, Tim enthuses about his upcoming workshop at HackSpaceCon, 'Bring Your Own Satellite' (BYOS), aimed at demystifying space cybersecurity through hands-on experience with virtual satellites. The episode also humorously touches upon the concept of 'Deorbit plans' and the fanciful notion of hacking the 'Death Star,' blending deep technical discussion with engaging speculative thought.This episode is a must-listen for anyone curious about the nexus of cybersecurity and space exploration, offering a unique perspective on a domain that is becoming increasingly integral to our daily lives and future aspirations.Key Questions AddressedHow can cybersecurity principles be applied to the space domain?What challenges does the democratization of space present to cybersecurity?How does one begin building a virtual satellite lab?____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage____________________________ResourcesHackSpaceCon: https://www.hackspacecon.com/About Tim's "Bring Your Own Satellite" Workshop: https://www.linkedin.com/posts/roobixx_satellitecommunication-virtuallab-spacetech-activity-7168236170760404992-uY1_/____________________________To see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring our event coverage with an ad placement in the podcast?Learn More
Seemant Sehgal is the founder and CEO at BreachLock, a global leader in continuous attack surface discovery and penetration testing. In this episode, he joins host Steve Morgan to discuss BreachLock's growth and the expansion of its product solutions, which strategically put an end to the four fundamental security challenges faced by customers – accuracy, agility, cost-effectiveness, and most of all, scalability of Offensive Security practices. Learn more about our sponsor at https://breachlock.com
Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech.- Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors that could be exploited through advanced hacking techniques.- Demonstrating the use of tools like ESP32, Hashcat, and attack scenarios to reveal how medical devices can be manipulated, compromising patient safety.- An in-depth analysis of a common air purifier APK, exposing undocumented features and firmware flaws with far-reaching security implications.- Real-world examples highlighting the importance of pen testing medical devices, including the potential for increased medication dosing due to infusion pump flaws.- A deep dive into the broad-reaching impact of exploited vulnerabilities, from chaos in hospitals to privacy breaches through interconnected devices and mobile apps.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
In this episode of The Cybersecurity Defenders Podcast, we talk about cybersecurity issues as they relate to the space industry with Tim Fowler, Offensive Security Analyst at Black Hills Information Security.Tim's unique blend of curiosity, determination, and passion for problem-solving make him stand out in the cybersecurity world. As a frequent speaker on topics ranging from Information Security to Open Source software, Tim's mission is clear: to empower others to take control of their journey and make a positive impact in the world of cybersecurity. Currently Tim is working as an offensive security analyst for Black Hills Information Security - and he is here today to talk to use about the research he has been doing around cybersecurity in space…. and yes, it is as awesome as it sounds.Tim's upcoming training: Introduction to Cybersecurity in Space SystemsResources mentioned in the show:TREKS Cybersecurity FrameworkSpace Attack Research & Tactic Analysis (SPARTA)SPACE-SHIELDOpenSatKitNASA Core Flight SystemTiny GSOpenC3NASA Operational Simulator for Small Satellites
In this episode, Bryan and Alex are joined by Micah McCrary. Micah is one of the most respected leaders in Global Security and until recently was the Global Head of Offensive Security for UBS. Within the conversation, Micah offers invaluable insights to the evolving nature of the Chief Information Security Officer role, including a deep dive into the optimal reporting structures of a CISO as well as their relationship with the Board. Micah offers valuable insights on the future of cybersecurity, geopolitical dynamics, and the role of technology that are sure to inspire both cyber security professionals and wider business leaders alike. Throughout the conversation, Micah shares some incredible stories from his career, including how he took advantage of the opportunities presented by the pandemic at UBS and the challenging experience he had conducting a strategic transformation whilst consulting for a major Asian manufacturer. Chapters:(00:00) Introduction: Bryan Introduces Today's Guest, Micah McCrary(03:41) Navigating Complexity: Micah's Insights on the Dynamic Landscape of the CISO Role in Cybersecurity(08:32) The Evolving Role of the CISO(14:10) The CISO Dilemma: Where to Report and Why It Matters(20:20) Cybersecurity Threat Landscape and Organisational Considerations(22:52) Cybersecurity Quantum Leap at UBS: Seizing the Opportunities Amidst the COVID-19 Pandemic(29:56) Good Governance Does Not Make Up For Bad Organisational Design: Micah's Consulting Experience with a Major Asian Manufacturer(32:57) Bryan, Alex and Micah's Take on the Evolving Role of Boards in Cybersecurity Oversight(40:31) Envisioning the Future: Cybersecurity in a Changing Landscape(43:24) Five Key Takeaways: Bryan and Alex Summarise the Takeaways From Their Conversation with Micah
Join us for an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360. Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career spent on the front lines of digital defense.Engage with real-life stories illustrating offensive cybersecurity's intense challenges and triumphant victories. Brad's narrative will transport you to the core of high-pressure operations, where strategic decisions can impact the security posture of entire organizations. Learn from a seasoned expert who has navigated complex cyber threats; he will shed light on sophisticated tactics, techniques, and procedures that define modern offensive security strategies. Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
In today's rapidly evolving cybersecurity landscape, where organizations of all verticals and industries are more and more being targeted, organizations must adopt a proactive approach to securing their systems and data. Penetration testing is an essential component of identifying vulnerabilities and weaknesses. However, many organizations fail to extract maximum value from their penetration tests, treating them as isolated events rather than continuous learning opportunities.This session aims to shed light on the concept of "Assume Breach" and explore how organizations can extract the most value from their penetration tests. By embracing the assumption that systems and users at some point will become compromised, organizations can develop a comprehensive security strategy that goes beyond a checklist approach.The session will feature real-world case studies and practical examples to illustrate successful Assume Breach penetration tests. Attendees will gain insights into developing a robust security strategy, optimizing resources, and aligning penetration tests with broader organizational goals.Whether you are a security professional, an IT admin, an MSP, or a business leader, this session will provide valuable insights to enhance your understanding of penetration testing as a continuous improvement process and empower you to strengthen your customer's security posture.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
In this episode, Zach Sims (Information Security Officer at SecurIT360) provides valuable insights into offensive security services from the perspective of a security leader. This episode explores the significance of these services in today's digital landscape. Listeners gain a concise understanding of the CISO's role, the alignment of offensive security goals with cybersecurity strategy, and the challenges faced in implementation. The discussion also delves into how CISOs balance the need for offensive and defensive security assessments, offering a compact yet informative overview of key aspects of the world of information security.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
The offensive security strategy for cyber resilience is hindered by limited budgets and understaffed teams. However, threat actors remain active and so security and technology leaders must find affordable, effective solutions to proactively address risks. In this episode, host Paul John Spaulding is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss how offensive security can prevent breaches. For more on this topic, visit https://www.forbes.com/sites/forbestechcouncil/2022/12/16/how-offensive-security-could-have-prevented-these-three-cyber-breaches/?sh=6624c75514c0. To learn more about our sponsor, BreachLock, visit https://breachlock.com.
In this episode, Dr. Stacy Thayer chats with Chris Gates, Sr. Offensive Security Manager at Robinhood and of The Sky Beckons (https://www.theskybeckons.com) about the relationship between hacking and security and mental health and happiness. Chris shares his personal journey to happiness and how hacking helped him become a spiritual fitness coach and energy healer. Contact us here: https://netography.com/contact/ #Netography
US most breached country last quarter OpenAI blames DDoS attacks for ongoing ChatGPT outages Clop exploits SysAid vulnerability Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.
Link to blog post This week's Cyber Security Headlines – Week in Review is hosted by Sean Kelly with guest Howard Holton, CTO, GigaOm Thanks to today's episode sponsor, OffSec OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve All links and the video of this episode can be found on CISO Series.com
US launches “Shields Ready” campaign Microsoft and Meta announced AI imagery rules App Defense Alliance moves under the Linux Foundation Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crème de la crème of talent. It's more than just an event – it's a masterclass helping you elevate your cybersecurity leadership game. Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more. Register today and get the insights you need to help shape the future of your company's security. Sign up now at offsec.com/evolve
Singapore's Marina Bay Sands customer data stolen in cyberattack Atlassian bug escalated to 10.0 severity Fake Ledger Live app steals over $700,000 in crypto Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, visit CISOseries.com.
Android Dropper-as-a-Service Bypasses Google's Defenses Increase in zero-day exploits worries CISA Google Calendar as a C2 infrastructure Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crème de la crème of talent. It's more than just an event – it's a masterclass helping you elevate your cybersecurity leadership game. Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more. Register today and get the insights you need to help shape the future of your company's security. Sign up now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.
Okta explains hack source and response timeline Looney Tunables now being exploited Lazarus Group uses KandyKorn against blockchain engineers Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.
Our guest today is Phillip Wylie, an offensive security professional and evangelist, author and podcast host who recently added director of services and training at Scythe to his extensive CV. Wylie talks with host David Puner about the critical need for ethical hacking in cybersecurity, identity security revelations from years of penetration testing, and his fascinating career arc, which began in professional wrestling. Considering a cybersecurity career? You won't want to miss this episode – Wylie's passion for cybersecurity education and mentorship is contagious. Plus, you'll discover many unexpected parallels between pro wrestling and red teaming – and how they can help strengthen your organization's digital defenses.
In a digital age marked by rapid technological advancements and increased global connectivity, ensuring cybersecurity for large corporations can often seem daunting. Today, I am joined by Doug Shepherd, Senior Director of Offensive Security and Global Insider Risk for Jones Lang LaSalle (JLL). This leading, billion-dollar real-estate services company spans 80 countries. JLL's challenges are multifaceted: ensuring the safety of a decentralized workforce, navigating the complex terrains of diverse privacy laws and regulations across continents, and maintaining real-time visibility into an impressive 100,000 endpoints. During our insightful chat, we delved deep into the previous security issues faced by JLL. The intricacies of having endpoint checks just every 75 days, coinciding with password changes, posed significant risks. Doug sheds light on the dynamics of managing security across different jurisdictions, emphasizing the importance of local expertise and overarching global strategies. Together, we explore the prevalent cyber threats that JLL and other organizations of its stature grapple with. Doug shares the transformative impact of real-time endpoint monitoring on JLL's cybersecurity posture, highlighting its role in enhancing incident response capabilities. The broader industry has its challenges. Doug and I discuss the relentless pace of the cybersecurity sector, the balancing act between data privacy and augmented security measures, and the critical symbiosis between security and business. The episode also touches on innovative training programs and technologies, such as Immersive Labs and CASB, that are ushering in a new era of cybersecurity preparedness. Wrapping up, Doug, with his rich background as a former 'spook' and red team leader, offers a nuanced perspective on the pressing need to find the middle ground between rigorous data collection and upholding privacy. Join us in this riveting episode as we journey through the cyber labyrinths of a global giant and uncover the strategies, challenges, and solutions that shape the future of organizational security.
In College Football the best way to win is with a strong defense.
Guest: Phillip Wylie, Security Solutions Specialist at CYE [@CyesecLtd]On Twitter | https://twitter.com/PhillipWylieOn LinkedIn | https://www.linkedin.com/in/phillipwylie/On YouTube | https://www.youtube.com/@PhillipWylieHost: Josh MasonOn ITSPmagazine
In this episode Brad and Spencer discuss the nuances around scoping offensive security engagements. Scoping an offensive security engagement involves defining boundaries, objectives, and limitations before starting. It includes objectives, rules, scope boundaries, legal considerations, timeframe, reporting, approval, and sign-off. Scoping is important for clarity, risk management, compliance, stakeholder involvement, and setting expectations.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
Red Team X is a security team at Meta that is responsible for finding and exploiting vulnerabilities in third-party products that could impact Meta's own security. The team acts as a hybrid between a traditional red team, which focuses on probing their own organisation's systems and products for vulnerabilities, and an elite bug-hunting group. The team was founded by Vlad I. in 2020 when the pandemic and the sudden shift to Work From Home challenged various previously-held assumptions about security. In his discussion with Pascal, Vlad explains the roles of different security teams within Meta, how they go about prioritising the highest-impact targets to exploit and how they work with vendors to ensure not just Meta but the entire world benefits from the fixes produced. Got feedback? Send it to us on Twitter (https://twitter.com/metatechpod), Instagram (https://instagram.com/metatechpod) and don't forget to follow our host @passy (https://twitter.com/passy and https://mastodon.social/@passy). Fancy working with us? Check out https://www.metacareers.com/. Links: The Diff episode about Velox: https://thediffpodcast.com/docs/episode-17 Risky Business Podcast: https://risky.biz/ RTX Blog: https://rtx.meta.security RTX Disclosures: https://rtx.meta.security/bugs RTX in WIRED: https://www.wired.com/story/facebook-red-team-x-vulnerabilities/ Timestamps: Intro 0:06 Vlad Intro 1:55 Red Teaming 2:43 Staying up-to-date 6:34 Different team colours 10:02 Defence-in-depth 12:44 Red Team X 15:57 Hardware v Software 19:43 Focus areas 21:29 Prioritising requests 22:44 Notable RTX Disclosures 26:05 Vulnerability disclosure policy 28:52 Getting into offensive security 38:48 Outro 40:51
Guest: Patrick Gorman, AKA InfoSec Pat, Director of Offensive Security at Cloud Computing ConceptsOn Twitter | https://twitter.com/InfosecpatOn LinkedIn | https://www.linkedin.com/in/infosecpat/On YouTube | https://www.youtube.com/c/InfoSecPatHost: Frankie ThomasOn ITSPmagazine