Podcasts about penetration tester

Dreaming of becoming a penetration tester? Here's how to turn that dream into a job!Want to become a Penetration Tester but not sure where to start? This Podcast is your complete guide to launching a career in ethical hacking and offensive cybersecurity. Get insider tips on the skills you need, certifications to pursue (like CEH, OSCP, and more), and what hiring managers look for in penetration testers.Our experts share their real-world experiences, challenges, and proven strategies to help you break into the field with confidence. Whether you're a beginner or switching from another IT role, this roadmap is tailored just for you!

As organisations big and small integrate artificial intelligence into their operations, understanding the vulnerabilities that come with AI systems is essential. In this episode, we'll explore the crucial intersection between AI and cybersecurity.  You'll gain insights on AI systems, common pitfalls in AI security and specialist tips for businesses to navigate this dynamic landscape.  This episode covers areas such as:  Adversarial machine learning (AML)   The fundamental difference between AI and IT security AI model vulnerabilities Expanded attack surface via unstructured inputs   Key pitfalls in AI adoption Risk mitigation  Tune in now for specialist advice from a leading expert in the field.    Host: Garreth Hanley, Podcast Producer, CPA Australia  Guest: Miranda R, an offensive security team manager at Malware Security, and an AI vulnerability researcher and a trainer with Mileva, where she conducts penetration testing for various sectors, including government and private industry.   Want to learn more? Head online to Malsec and Mileva.  And you can read an insightful post by Miranda R on her LinkedIn, as well as a news story about an ID system failure in the US involving a fraudster and how a North Korean hacker duped a cybersecurity firm. You can find a CPA at our custom portal on the CPA Australia website.   Would you like to listen to more INTHEBLACK episodes? Head to CPA Australia's YouTube channel.   CPA Australia publishes four podcasts, providing commentary and thought leadership across business, finance and accounting:   With Interest INTHEBLACK  INTHEBLACK Out Loud Excel Tips  Search for them in your podcast platform.   Email the podcast team at podcasts@cpaaustralia.com.au  

Today on the radio show 1:30 - Smoko chat. 7 - You had one job. 10:11 - UFC 304 review. 13:55 - Self help Singh. Don't force work. 16:40 - Peretration tester. 21:25 - The fruit test. 25:32 - Worst toy known to man. 29:16 - Late mail. 32:04 - Last drinks. Get in touch with us: https://linktr.ee/therockdriveSee omnystudio.com/listener for privacy information.

In this Audio, we delve into the Master Scenario Based Interview Prep Series for Penetration Testers. This series is designed to equip you with the skills and confidence needed to ace your penetration tester interviews by focusing on realistic, scenario-based questions. Whether you're new to the field or an experienced professional, this series will guide you through the most common scenarios you might face during interviews. We'll cover a range of topics, including vulnerability assessments, exploit development, and real-world penetration testing scenarios.

In this episode, Jacob speaks with Penetration Tester & Social Engineer Chris Silvers!Chris Silvers is the founder of CG Silvers Consulting! Chris has a vast amount of experience ranging from CMMC assessments to penetration testing. He even won the prestigious DEF CON black badge during the DEF CON 24 Social Engineering Capture the Flag (SECTF)!In this episode they focus on how organizations can defend against social engineering attacks!Here are some highlights from the episode:Winning the DEF CON SECTF black badgeSocial engineering tactics and toolsCEO impersonation / fraud attacksHow can GRC help defend against social engineering?Why businesses shouldn't start with a penetration testFollow Chris on LinkedIn: https://www.linkedin.com/in/cgsilvers/Chris's Website: https://www.cgsilvers.com/-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e24&utm_campaign=coursesNeed a FedRAMP authorized Password Manager?Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/

Nelson Santos is a principal sales engineer at Pentera. In this episode, he joins host Paul John Spaulding to discuss cybersecurity penetration testing, including how to become a pen tester, what some challenges associated with the role are, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.

Becoming a penetration tester in the world of cybersecurity can be more complex than you'd think, but don't let that spook you. Tune in this week as Jen Stone sits down with James Farnsworth (Team Lead / Senior Penetration Tester at SecurityMetrics) to discuss the various paths to becoming a penetration tester.Listen to learn:The best tools to learn penetration testing skills.The numerous roles within the penetration testing umbrella.Possible paths of education to start your penetration testing career.Hosted by Jen Stone, Principal Security Analyst (MCIS, CISSP, CISA, QSA)[Disclaimer] Before implementing any policies or procedures you hear about on this or any other episodes, make sure to talk to your legal department, IT department, and any other department assisting with your data security and compliance efforts.

In this episode, Ron Eddings is joined by Penetration Tester, Instructor, International Speaker, Best Selling Author, and Podcast Host, Phillip Wylie. Phillip shares how pen testing and the need to educate people helped motivate him to speak at conferences and become a central voice in the cyber community. But more than that, he explains how he's helped so many people get started on a similar path.   Impactful Moments: 00:00 - Intro 00:50 - Introducing Phillip Wylie 02:10 - Penetration testing Started it All 05:10 - Pen testing is a Job?! 08:50 - The Conference Game 12:55 - Cheers to Toastmasters 14:23 - Content Creation & Social Media Marketing 18:30 - Keeping it Simple 20:55 - Are you Smarter Than a 5th Grader? 25:30 - What's next for Phillip? 26:35 - Getting into Creating   Links: Connect with our guest Phillip Wylie: https://www.linkedin.com/in/phillipwylie/ Phillip's Book “The Pentester Blueprint”: https://www.amazon.com/Pentester-BluePrint-Your-Guide-Being/dp/1119684307/ref=asc_df_1119684307 Phillip's Podcasts: https://www.thehackermaker.com/phillip-wylie-show/ Check out our Previous Episode with Phillip: https://www.axonius.com/plus/hacker-valley-on-the-road/on-the-road-at-bh-2022/phillip-wylie Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

Penetration-Tester werden engagiert, um die Cyberabwehr von Unternehmen zu prüfen. Dafür dringen sie in deren Systeme ein und klauen Daten – mittels Hacking, Social Engineering und physischem Einbruch. Eine Pen-Testerin aus der Schweiz erzählt uns von ihren Abenteuern. Der Podcast im Überblick: (00:01:11) Fall 0: Der Netzwerkkasten (00:11:00) Pen-Testing: Fragen und Antworten (00:25:16) Fall 1: Die E-Mail Links: Darknet Diaries: https://darknetdiaries.com/ SRF Geek Sofa bei Discord: https://discord.gg/geeksofa

Penetration-Tester werden engagiert, um die Cyberabwehr von Unternehmen zu prüfen. Dafür dringen sie in deren Systeme ein und klauen Daten – mittels Hacking, Social Engineering und physischem Einbruch. Eine Pen-Testerin aus der Schweiz erzählt uns von ihren Abenteuern. Der Podcast im Überblick: (00:01:11) Fall 0: Der Netzwerkkasten (00:11:00) Pen-Testing: Fragen und Antworten (00:25:16) Fall 1: Die E-Mail Links: Darknet Diaries: https://darknetdiaries.com/ SRF Geek Sofa bei Discord: https://discord.gg/geeksofa

Overview of Network Penetration Testing Network Penetration Testing is a systematic and authorized attempt to assess the security of IT network infrastructure. It plays an important role in maintaining a strong security posture and minimizing the risks posed by cyber threats. It involves simulating real-world attack scenarios on a network to identify vulnerabilities and potential entry points that malicious actors could exploit. The primary goal is to assess the effectiveness of the network's security controls, detect weaknesses before they can be leveraged by unauthorized individuals or malicious hackers, and provide actionable recommendations for mitigating identified risks. During Network Penetration Testing, a skilled security professional, often called a Penetration Tester or Ethical Hacker, attempts to find and exploit vulnerabilities within the network systems, applications, and infrastructure by simulating malicious attackers' strategies and tactics. It may include vulnerability scanning, network mapping, exploitation of identified vulnerabilities, password cracking, social engineering, etc. View More: What is Network Penetration Testing?

In dieser Folge sprechen wir über Segeln, Webentwicklung und Penetration Testing. Wir besprechen Web-Development-Tools wie Svelte, Vite und Docker, und diskutieren über Penetration Testing in Unternehmen. Die Bedeutung von Sicherheitsmaßnahmen und Social-Engineering wird betont. Link zum Podcast, über den Georg in dieser Folge berichtet: Darknet Diaries - Deviant: https://overcast.fm/+PMNe8mVhE Links: LK-99 Paper von Sudkoreanischen Forschern Heise Artikel Heike Kamerlingh Onnes Tweet: Summary of current assessment https://deviating.net/lockpicking/resources.html https://www.art-of-lockpicking.com/interview-deviant-ollam/ Kapitel: 0:00:18 Ein sonniger Segeltag nach durchwachsenen Wochen 0:07:01 Webdevelopment: Von C zu JavaScript-Frameworks 0:09:52 Schnelle Iterationen und Positionieren von Elementen im Webdevelopment 0:12:50 ChatGPT vs. GitHub Copilot 0:18:02 Begeisterung für Airtable und Sammlungen von Tabellen 0:22:19 Erfahrungen mit Adaptive Noise Cancelling der AirPods 0:26:00 Update-Prozess bei Apple und Entwickleroptionen 0:30:28 Supraleiter nur bei sehr kaltem Wetter? 0:34:37 Konventionelle und Hochtemperatur-Supraleiter bekannt, aber sehr kalt 0:38:22 Cutting-Edge der physischen Forschung - Ein cooles Thema 0:40:55 Vorstellung von Deviant Olam 0:49:03 Einführung in Penetration Testing und Physical Penetration Testing 0:50:06 Wichtigkeit von Physical Penetration Testing 0:54:59 Manipulation durch Temperaturschwankungen mit Compressed Air 0:59:33 Einbruch mit Hilfe von Kartenlesegeräten und gefälschten Ausweisen 1:02:43 Der "Get-Out-of-Jail-Free-Card" Zettel und der Anruf beim Chef 1:06:43 Braucht man 100%ige Aufmerksamkeit für solche Jobs? 1:09:48 Plan, das Gelände durch den Fahrzeugcheck zu betreten 1:12:33 Verwirrung um Reparaturarbeiten an den Türen 1:15:46 Eine persönliche Frage wird gestellt 1:15:53 Die überzeugende Taktik, um an die Tür zu gelangen 1:17:45 Computerspiel "Gefeuert! Dein letzter Tag Computerspiel von 2003" weckt nostalgische Gefühle 1:21:10 Unterschiede zwischen Physical Penetration Testing und Lockpicking Kommentare via https://www.imprinzipvorbilder.de/kontakt

Penetration testing has evolved to become an essential component of any significant security approach. Organizations sometimes experience cyber attacks on their network or IT infrastructure, leading to detrimental consequences such as data loss, breaches, and unauthorized access to their network systems. But what if organizations or individuals make their security systems stronger? Penetration testing aims to assess the effectiveness of a system's security controls through the application of various malicious techniques. Performing regular penetration testing helps organizations prevent various malicious attacks. What is Penetration Testing? Penetration testing is a procedure used in cybersecurity to identify and exploit network or systems vulnerabilities. A Penetration Tester is responsible for conducting penetration testing in an organization. Penetration testing is an important aspect of an organization for finding vulnerabilities. Benefits of Performing Penetration Testing Penetration testing is a crucial methodology of any comprehensive security strategy, but its benefits extend far beyond preventing unauthorized access to the system. Some of the advantages are as follows: View More: Difference Between Internal and External Penetration Testing

With the rising prevalence of cybercrime, there is a growing need for penetration testing in organizations. This legitimate form of cyberattack allows organizations to proactively assess their network and system security, helping them avoid financial losses, comply with security laws, and address vulnerabilities in both their on-site and remote IT infrastructures. It is conducted more often in organizations with massive IT infrastructures that process vast business assets and financial data. The most common testing offered by information security vendors is black-box, white-box, and grey-box penetration testing. The level of access and knowledge provided to the Penetration Tester at the beginning of the project is used to categorize these penetration testing assignments. Table of Contents Black Box Penetration TestingWhite Box Penetration TestingGrey Box Penetration TestingDifference Between a Black-Box, White-Box, or Grey-Box Penetration Testing This article will help you determine the differences between black-box, white-box, and grey-box penetration testing. View More: Black Box vs. White Box vs. Grey Box Penetration Testing

Penetration Tester stories, dumb and funny stuff that's crazier than movies. Segment Resources: https://www.cyberpointllc.com/index.php https://www.cyberpointllc.com/srt.php In the security news: keystroke logs are stored in plain-text (and other atrocities in software used in schools), WPBT is the gift that keeps on giving and this time it's Gigabyte, PCI DSS 4.0 (drink!), immutable linux desktops, one packet exploits, neat linux malware, sock puppets, a must read new book about hacks, why SMB why?, boot girls, exposing customers....data, cracking GSM, you MUST use 2fa (not should, must), old wine in a new bottle, lab grown "meat", malicious bookmarks, and ChatGPT's secret reading list! All that and more on this episode of Paul's Security Weekly. Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

#SecurityConfidential #DarkRhinoSecurity Phillip is an offensive security professional, educator, mentor, author, and frequent public speaker. His passions outside of the technical side of cybersecurity are sharing resources, professional networking, and bringing people together. He is also the host of The Hacker Factory Podcast and his new podcast, the Phillip Wylie Show. Phillip is the concept creator and coauthor of The Pentester Blueprint: Starting a Career as an Ethical Hacker. 00:00 Introduction 00:18 Our Guest 01:45 Phillips Origin Story 04:06 Wrestling a 750 pound bear 07:41 From Wresting to Cyber 10:12 What motivated Phillip to pursue Ethical Hacking? 11:43 Vulnerability management: What are we getting wrong? 14:52 Changing the Mindset 26:51 What is the role of Threat Intel? 28:08 Asset Intel approaches31:05 Ransomware: It's still growing34:35 The Hacker Factory Podcast34:59 The Phillip Wylie Show36:17 News from Phillip37:44 Connecting with Phillip ---------------------------------------------------------------------- To learn more about Phillip visit :https://www.linkedin.com/in/phillipwylie/https://www.thehackermaker.com/Podcasts:https://www.thehackermaker.com/the-hacker-factory-podcast/https://www.thehackermaker.com/phillip-wylie-show/ To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com ---------------------------------------------------------------------- SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: @securityconfidential and @OfficialDarkRhinoSecurity Facebook: @Dark-Rhino-Security-Inc Twitter: @darkrhinosec LinkedIn: @dark-rhino-security Youtube: @Dark Rhino Security ​

Penetration Tester stories, dumb and funny stuff that's crazier than movies. Segment Resources: https://www.cyberpointllc.com/index.php https://www.cyberpointllc.com/srt.php In the security news: keystroke logs are stored in plain-text (and other atrocities in software used in schools), WPBT is the gift that keeps on giving and this time it's Gigabyte, PCI DSS 4.0 (drink!), immutable linux desktops, one packet exploits, neat linux malware, sock puppets, a must read new book about hacks, why SMB why?, boot girls, exposing customers....data, cracking GSM, you MUST use 2fa (not should, must), old wine in a new bottle, lab grown "meat", malicious bookmarks, and ChatGPT's secret reading list! All that and more on this episode of Paul's Security Weekly. Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Penetration Tester stories, dumb and funny stuff that's crazier than movies. Segment Resources: https://www.cyberpointllc.com/index.php  https://www.cyberpointllc.com/srt.php   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-787 

Penetration Tester stories, dumb and funny stuff that's crazier than movies. Segment Resources: https://www.cyberpointllc.com/index.php  https://www.cyberpointllc.com/srt.php   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-787 

In this episode I talk with Eric Kedrosky the CISO of Sonrai Security. We discuss his journey into security and what it is like to be the CISO at a security vendor that is redefining IAM in the cloud.This episode is sponsored by Sonrai Security. If you want to learn more about Sonrai Security then click the link below!https://sonraisecurity.com/The Imposter Syndrome Network PodcastThe Imposter Syndrome Network (ISN) is a community of technology professionals who...Listen on: Apple Podcasts SpotifySonrai Security Sonrai prides themselves on being able to reveal every over-privileged identity and all pathsDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Support the showAffiliate Links:NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902 Follow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today

The Code of Entry PodcastThe Code of Entry Podcast, hosted by the insightful Greg Bew, delves deep into the...Listen on: Apple Podcasts SpotifySupport the show

In this episode, Spencer and Tyler discuss Tyler's journey from working at Home Depot to getting a job as  a Penetration Tester. They also share first-hand advice for those that are looking to break into this exciting field.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this episode I talk with Matthew Devost who built his career on hacking the U.S. Military. Did you ever wonder how to pen test an aircraft carrier? In this episode we talk about that and much more. If you enjoy this episode please leave a review & share the podcast! If you enjoy this podcast then please consider becoming a subscriber at the link below!Matt's Links: LinkedIn: https://www.linkedin.com/in/devost/Website: https://www.ooda.com/Wear Many Hats: Interviewing Executive Business PeopleInterviewing leading executive business people to Inspire others...Listen on: SpotifySupport the showFollow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastTikTok: Not today China! Not today

"Tools and Code Analysis" is one of the essential domains of the penetration testing process. This CompTIA PenTest+ certification exam domain covers a weightage of 16%, and the domain will cover numerous code analysis methodologies and penetration testing tools. The ability to adapt to the ever-changing digital environment distinguishes a good Penetration Tester from a mediocre one. The ability to create, expand, and manipulate scripts and codes encountered in the field is one component of this adaptability. This domain delves into a variety of code and scripting languages that a Penetration Tester might come across when doing penetration testing. Penetration Testers should know how and when to use penetration testing tools to detect potential vulnerabilities and security holes and protect the organizations and cyber world from these security issues. The domain will further delve into the tools used in various phases of the penetration test. View More: CompTIA PenTest+ Domain 5: Tools and Code Analysis

CompTIA PenTest+ Domain 3: Attacks and Exploits Attacks and Exploits is the largest domain of the CompTIA PenTest+ certification exam, covering a vast number of potential attack and exploitation techniques with a weightage of 30%. The domain focuses on the types of attacks and exploits that a Penetration Tester might use to acquire access to an organization's IT environment and exploit vulnerabilities. The domain explains how to successfully attack the targeted organization's systems, networks, and software. Social engineering attacks, exploitation of wired and wireless networks, application-based vulnerabilities, local host and physical security flaws, and post-exploitation tactics are all covered within this domain. Domain expertise can also assist in the development of efficient cybersecurity defenses. View More: CompTIA PenTest+ Domain 3: Attacks and Exploits

Information gathering, also known as reconnaissance, is the first and most important stage in successful penetration testing. It is the process of learning about our target and gathering specific information about it so that we might exploit it in the future. The more helpful information you have on a target, the more likely you are to discover vulnerabilities and more severe issues in the target by exploiting them. The Penetration Tester or Ethical Hacker may not know what to target if no information is gathered. Furthermore, it is vital to perform a vulnerability scan. It evaluates the potential for cybercriminals to exploit security vulnerabilities in IT systems, internal and external networks, communications equipment, and other related resources. CompTIA PenTest+ delves into the information gathering and vulnerability scanning phase of penetration testing in domain 2. Domains of CompTIA PenTest+: Domain 1: Planning and Scoping (14%) Domain 2: Information Gathering and Vulnerability Scanning (22%) Domain 3: Attacks and Exploits (30%) Domain 4: Reporting and Communication (18%) Domain 5: Tools and Code Analysis (16%) View More: CompTIA PenTest+ Domain 2

GuestChris Southerland Jr.Penetration Tester at [Undisclosed]On LinkedIn | https://www.linkedin.com/in/chrissoutherlandjr/On YouTube | https://www.youtube.com/@chrisjr404On Instagram | https://www.instagram.com/ch.ris/Website | https://www.chrisjr404.com/HostPhillip WylieOn ITSPmagazine  

GuestChris Southerland Jr.Penetration Tester at [Undisclosed]On LinkedIn | https://www.linkedin.com/in/chrissoutherlandjr/On YouTube | https://www.youtube.com/@chrisjr404On Instagram | https://www.instagram.com/ch.ris/Website | https://www.chrisjr404.com/HostPhillip WylieOn ITSPmagazine  

GuestRichard ArdeleanPenetration Tester & Vulnerability Compliance Lead at [Undisclosed]On LinkedIn | https://www.linkedin.com/in/richard-ardelean-490216186/HostPhillip WylieOn ITSPmagazine  

GuestRichard ArdeleanPenetration Tester & Vulnerability Compliance Lead at [Undisclosed]On LinkedIn | https://www.linkedin.com/in/richard-ardelean-490216186/HostPhillip WylieOn ITSPmagazine  

Rob's interest in hacking started with 2600 Magazine and 2600 Groups. This fueled his curiosity and passion for technology and security.Rob started his career as a software developer but more he learned about security and pentesting, he was drawn to that passion and became a consulting providing pentesting services for clients._______________________GuestRob RaganPrincipal Security Researcher at Bishop Fox [@bishopfox]On Twitter | https://twitter.com/sweepthatlegOn LinkedIn | https://www.linkedin.com/in/robragan/______________________HostPhillip WylieOn ITSPmagazine  

Rob's interest in hacking started with 2600 Magazine and 2600 Groups. This fueled his curiosity and passion for technology and security.Rob started his career as a software developer but more he learned about security and pentesting, he was drawn to that passion and became a consulting providing pentesting services for clients._______________________GuestRob RaganPrincipal Security Researcher at Bishop Fox [@bishopfox]On Twitter | https://twitter.com/sweepthatlegOn LinkedIn | https://www.linkedin.com/in/robragan/______________________HostPhillip WylieOn ITSPmagazine  

Due to the increase in cybercrimes in recent years, cybersecurity has become extremely important. Companies do extensive security testing to determine their organization's current security posture. As a result, the company needs skilled Penetration Testers to conduct security tests to check if malicious attackers could breach the systems. The CPENT certification equips you with the knowledge and abilities you will need to become a professional Penetration Tester. How to prepare for C|PENT Exam?

Rory Meikle hosts this episode of Security Confidential with Erika Carrara. Erika is an influential, strategic, business-focused, and highly accomplished C-Suite executive. She has accomplished many things such as being a CISO, Director of Information Technology, Penetration Tester, an IT Security Specialist, and many more. Erika is also a Veteran of the United States Army and Mentor. She is currently the CISO of Wabtec Corporation. 00:00 Introduction 00:49 How did you start your career in cybersecurity? Was it something you did while in the military? 03:03 Advice for younger individuals stepping into cyber 04:27 Advice for Veterans transitioning into Cyber 06:29 Due diligence process when looking at an acquisition? 13:40 ISO 27,001 17:04 Security Frameworks for Small Businesses 22:00 What motivates bad actors? 26:40 Are there policies that you think the government should adopt that would better deter bad actors? 34:18 Can you shed some light on what defense in depth should entail for critical infrastructure companies? 37:45 3rd party risk mitigation 41:14 Small businesses: expectations regarding cybersecurity? 45:03 Code: Girl 50:00 Connecting with Erika To learn more about Erika visit https://www.linkedin.com/in/infosecpainpoints/ To learn more about coding programs for girls, check out these websites: https://girlswhocode.com/ https://code.org/girls https://www.blackgirlscode.com/ https://www.coding-girls.com/ https://www.techgirlz.org/ https://djangogirls.org/en/ To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: https://www.instagram.com/securityconfidential/ Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ Twitter: https://twitter.com/darkrhinosec LinkedIn: https://www.linkedin.com/company/dark-rhino-security Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

Dorota comes to us today with a great message and shares her life experience with us. It is never too late to chase and achieve your goals/dreams! Also whatever you are faced with you can overcome. She found the strength of her inner super hero by channeling her Wonder Woman persona. You have the power within you to overcome as well, by finding your inner super hero. We thank her for sharing and wish her great success on her career journey as a penetration tester.   Connect with Dorota: https://www.linkedin.com/in/dorota-kozlowska/  Visit Accenture: https://www.accenture.com/us-en    Visit Short Arms website: https://www.shortarmsolutions.com/    You can follow us at: Linked In: https://www.linkedin.com/company/shortarmsolutions  YouTube: https://www.youtube.com/channel/UCjUNoFuy6d1rouj_SBg3Qkw/featured  Twitter: https://twitter.com/ShortArmSAS

In this episode we have  @Alpha Cyber Security  join us to talk about different topics related to the Tech Industry.  Davin Jackson is a Father, Husband and Veteran. Professionally, he is a Senior Application Security Engineer, Penetration Tester, and Contributor at Alpha Cyber Security. He is also the host of his own weekly live podcast, "InfoSec Unplugged" where he interviews several people in the industry. Davin has over fifteen years of overall IT and Cyber Security experience and holds several certifications. However, he plans to continue learning like someone who is new to the field! Davin's goal is to share his experience to help teach and mentor people looking to start or further their careers. He also wants to help families secure their homes and devices as well as teach the youth about the dangers of the internet. When he isn't working or researching, Davin likes to spend time with his family, travel and occasionally play video games

Ever wonder what a day in the life of a penetration tester is like? in this special episode, we cover everything you need to know to get started in the CyberSecurity field.

Today on the podcast I talked to Matt Schmidt who works in Cyber Security as a Penetration Tester in North Carolina. We had an great conversation where we discussed everything Cyber Security it was an awesome and incredibly interesting conversation! If you're unsure about a future career give this podcast a listen with an open mind!

Penetration testers, or ethical hackers, are responsible for planning and performing authorized, simulated attacks within an organization's information systems, networks, applications and infrastructure to identify vulnerabilities and weaknesses. Findings are documented in reports to advise clients on how to lower or mitigate risk. Penetration testers often specialize in a number of areas such as networks and infrastructures, Windows, Linux and Mac operating systems, embedded computer systems, web/mobile applications, supervisory control data acquisition (SCADA) control systems, cloud systems and internet of things (IoT) devices.https://www.infosecinstitute.com/role-penetration-tester/0:00 - Intro 0:26 - What does a penetration tester do? 1:10 - Levels of penetration testers1:50 - How to become a penetration tester3:08 - Education needed to be a pentester3:50 - Skills needed to pentest4:24 - Common tools of the pentester5:07 - Training with the tools5:42 - Job options for pentesters6:36 - Work duty expectations7:45 - Can you move to a different role?9:09 - What can I do to become a pentester?9:54 - Outro About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

A Day in the Life of a NetSPI Penetration TesterIn this episode of Agent of Influence, Nabil sits down with NetSPI's very own security consultants Austin Altmann and Marissa Allen. They discuss what it's like to be a penetration tester, NetSPI's entry-level training program (NetSPI University), improvements to the current computer science curriculum, cybersecurity career misconceptions, characteristics of a successful pentester, refurbishing old Macs, and Kiwi the cockatiel.

[קישור לקובץ mp3] בפרק מספר 422 של רברס עם פלטרפורמה - אני מתכבד לארח באולפן הוירטואלי שלי את ארז מטולה(רן) אז אם אתם מזהים את הקול הזה, זה בגלל שאתם מאזינים ממש-ממש-ממש אדוקים - עם ארז נפגשנו לפני 10 שנים - או יותר, אולי אפילו 11 שנים [מפה לשם כמעט 12…] - והקלטנו פרק, אז, על נושא של Penetration Testing [058 אבטחת מידע בתכנה software security, כולל הפתיח ההיסטורי למטיבי שמע], והנה אנחנו נפגשים שוב אחרי 10 או 11 שנים, כדי לראות מה התעדכן. רמז - הרבה . . . אז לפני שנכנס לעולם ה-Pen-Testing, ארז - ספר לנו, ככה בכמה מילים, עליך - (ארז) בשמחה - אני נמצא בתחום הזה של ה-Security בערך מאז שאני זוכר את עצמי . . . עוד בתור ילד, התעסקתי עם כל מיני שפות פיתוח ועם לפרוץ למשחקים ולעשות כל מיני דברים [לכאורה].היה לי ברור שזה הכיוון שלי, עוד בתור ילד היה לי ברור שאני איכשהו אשלב בין עולם המחשבים ועולם האבטחה - “הפריצות” אז קראנו לזה, עוד לא הייתה הגדרה לכזה דבר.ובאמת, בשביל לעשות את זה בצורה רצינית, היה לי ברור שגם צריך לעשות את זה בצורה “נכונה” ו”אקדמאית”, נקרא לזה.אז לאחר שלמדתי תואר ראשון ותואר שני בתחום, אמרתי “רגע, מה אני עוד יכול לעשות?”אולי אני אלך לעבוד בחברת פיתוח, כי בסך הכל אני מפתח תוכנה - אבל מצד שני, אני מאוד אוהב את ה-Security . . .אז אמרתי - רגע, בדיוק נולד תחום חדש שנקרא Application Security - אני מדבר איתך על לפני 20 שנה, כן? כשנכנסתי לעניינים - ואמרתי “איזה מגניב!”זה תחום שמשלב בין Security לפיתוח - בדיוק החיתוך הזה - ווואלה, נשמע לי מאוד מגניב, משהו שאני מאוד מתחבר אליו. ומאז גם התחלתי להתעסק עם כל מיני דברים שקשורים לכלים שפיתחתי, למחקרים שביצעתי, הרצאות שעשיתי במקומות כמו Black Hat ו-DevConאפילו יצא לי לכתוב ספר בנושא, שנקרא Managed Code Rootkitsומאז מאוד פיתחתי את התחום והשתדלתי לקחת סביבי הרבה מאוד אנשים שיטפלו בנושא הזהולפני משהו כמו 10 שנים הקמתי חברה בשם AppSec Labs - זו חברה שמתמחה בתחום ה-Application Security, ומה שאנחנו עושים בעצם זה בדיוק זה: אנחנו 15 איש, עושים Penetration Testing, עושים Code Review, מייעצים איך לכתוב אפליקציות בצורה בטוחה . . . כאשר המטרה המרכזית שלנו, בסופו של דבר, היא לגרום לעולם להיות מקום בטוח יותר, בהקשר של Software.(רן) מצויין, באמת הסטוריה ארוכה ומכובדת - לא הרבה יודעים, אבל גם אני התחלתי את הקריירה שלי כ-Pen-Tester, באיזשהו שלב . . . אחרי שסיימתי את הלימודים, זה היה אחד הדברים הראשונים שעשיתי, ואח”כ עברתי לכיוונים אחרים של Frontend ו-Backend ותשתיות - והיום Data Science, אבל כן, יש לי עדיין פינה חמה בלב לעולם ה-Pen-Testing וגם אני הייתי ב-Black Hat וכאלה, מכיר את החבורה . . .אבל בכל אופן, למי שאולי לא מכיר - הזכרנו את המילה הזו מספר פעמים: Pen-Testing: מה המשמעות? מה זה Pen-Testing? מה המשמעות של להיות Pen-Tester?(ארז) Pen-Testing זה, בצורה הכי נקרא-לזה-ככה-“מסונתזת”-שלו, זו מערכת, שיכולה להיות מערכת We-App או Mobile-App . . .ויכול להיות Pen-Test תשתיתי בכלל - Pen-Test לשרת קבצים, ל-IAS, ל-Apache . . . לא משנה מה, תמיד יש Target.בשורה התחתונה - המטרה היא להפיק דוח, להפיק רשימת Vulnerabilities, בעיות שנמצאו במערכת - על מנת שהצד השני - בדרך כלל בעל המערכת - יוכל להבין בפני מה הוא עומד.אם בעל המערכת יודע שיש לו איזושהי מערכת, ואין לו כל כך מושג אילו בעיות יש שם - אז הדבר הכי קרוב לפורץ אמיתי, שיפרוץ לו למערכת וינצל את זה - זה לקחת מישהו, נקרא לזה “מהטובים” - Penetration Tester, שבצורה מסודרת ומבוקרת ובתיאום עם אותו גורם, יבצע לו [עבורו] סוג של “סימולציה של האיש הרע”רק שבמקום שהוא באמת ינצל את הפרצות האלה ויעשה עם זה משהו, הוא פשוט בא ואחרי זה אומר לו “הנה, תראה - אלו הן הבעיות שמצאתי והנה, מההבנה שלי את הבעיות, אני גם יכול להגיד לך איך כדאי לך לטפל ולתקן אותן”.(רן) בסדר גמור, מעולה - אז אפשר לחשוב על Pen-Tester כעל “שודד טוב”: מישהו שמדמה פריצה אבל בסופו של דבר נותן לך דוח ולא גונב לך את הכסף, או את שאר הדברים . . .אז המקצוע הזה, כמו שאמרת, התחיל כבר לפני 20 שנה או יותר - אבל בוא נדבר על מה שקורה היום, זאת אומרת - מה התחדש, לפחות נאמר ב 5-10 שנים האחרונות, מבחינה טכנולוגית, מבחינה מתודולוגית . . . מה חדש בזמן האחרון?(ארז) אז קודם כל המון השתנה . . . אם אני אקביל את זה למה שהיה אז, בפגישה הקודמת שלנו לפני ~15 שנה, אז העולם היה מאוד פשוט . . .אז היתה לך טכנולוגיה אחת, בדרך כלל, שרת Web אחד . . . הכל היה מאוד הומוגני.הרוב היה רץ על IAS-ים, בדרך כלל מה שכתבו היו Web-Apps עם ASP . . . בהמשך התחיל NET.אם כבר היו אפקליציות Web-יות אז הן היו רק Java . . . היה מאוד מצוצמם.בדרך כלל, מי שעשה Penetration Testing בתקופה ההיא היו סוג של לקוחות מאוד-מאוד ממוקד - זה יכול להיות . . . בדרך כלל בנקים או תעשיות בטחוניות וכאלה.היום,Literally, כולם עושים Penetration Testing - כי כולם מבינים שזה צורך מאוד חשובוזה איזשהו שינוי מאוד מהותי שאנחנו רואים היום - שכולם עושים כל הזמן, כולם עושים להכל, לא רק לאותן אפליקציות שהן, ככה חשופות.ואם נסתכל רגע על ההבדל המשמעותי - אני אגיד את זה במשפט אחד ואני אפתח את זה: בשורה התחתונה, היום הרבה יותר מורכב לבצע Penetration Testing ממה שבוצע בעבר.היום, למשל, כשאנחנו מסתכלים על Target - אני, ברשותך, אתמקד בעולם שאני מכיר ושוחה ומומחה בו, תחום ה - Applications . . . אם אני מסתכל על Applications - ואגב Applications זה מושג מאוד רחב: זה יכול להיות Web-Apps, זה יכול להיות Mobile-Apps, זה יכול להיות IOTs, זה יכול להיות REST APIs, ו . . . You-name-it . . . כל עולם ה-Softwareבקיצור, הום הרבה יותר מורכב לבצע Penetration Testing, כי הפרופיל של ה-Penetration Tester הוא כזה שהוא צריך להיות הרבה יותר ורסטיליהוא לא יכול להכיר רק טכנולוגיה אחת, הוא לא יכול לבוא ולהגיד “אני יודע רק טכנולגויה אחת - אני יודע רק לבדוק Web-App מסוג Java!”הוא צריך להכיר טכנולוגיות שונות, הוא צריך לדעת את ההבדלים . . . מה ההבדל בין אפליקציה שנגיד מותקנת On-Prem - שזה, אגב, היה בעבר בעיקר On-Prem - לבין, פתאום, אפליקציות שהן . . . היום כמעט שאין On-Prem, רק בסביבות מיוחדות אתה תראה On-Prem.היום הרוב זה SaaS - אם ניקח את זה עוד שלב קדימה, היום הכל כמעט בנוי מעל תשתיות Cloudו-SaaS לא בהכרח אומר Cloud, יכול להיות שיש מישהו שיש לו SaaS שלא בהכרח משתמש בכל ה-Advanced Features שיש ל-Cloud Providers, כמו Storage של Encryption Keys וכמו שירותים שאתה “זורק את הקוד שלך” ויש לך איזה Lambda Function . . . אתה זורק את הקוד ואתה לא צריך בכלל תשתיות . . .אלו דברים שמאוד השתנו - ולכל סוג של מערכת, לפי ה-Deployment שלה ולפי הטכנולוגיה שלה, יש ממש סט של בעיות שאותו Pen-Tester צריך להכיר.בשורה התחתונה - ב-Pen-Testing, יש לך זמן קבוע - זה לא, ככה, “תבדוק כמה שאתה רוצה”, תמיד יש זמן קבוע - בסופו של דבר, Pen-Testing זו פעילות מסחרית, שיש לה זמן מוקצב, ואחד מהאתגרים הכי גדולים שיש ל-Pen-Tester, מעבר לטכנולוגיה, זה לדעת איך הוא “משחק נכון” עם השעות - איך הוא עושה פיזור נכון, אופטימלי, של השעות שלואיפה הוא שם את השעות אל מול ההסתברות הגבוהה למציאת Vulnerabilities - הייתי אומר שזה שם המשחק היום.(רן) אז אני מנסה, ככה, לדמיין איך נראה היום שלך, או של אחד העובדים בחברה שלך . . . אז נגיד, יש לקוח עם חוזה חדש ועכשיו יש לך, לצורך העניין, איזשהו “בנק-שעות” שאותו אתה הולך להשקיע ב-Pen-Testing - מה, זה מתחיל באנליזה? ארכיטקטורה של המערכת? שיחה עם מהנדסים, או שאתה מתייחס לזה כמו אל קופסא שחורה? זו השאלה ראשונה - עד כמה המערכת צריכה להיות “שקופה” אליך?שאלה שנייה היא האם יש איזשהו סט-כלים, Tools-of-Trade, שאיתם אתה תמיד מתחיל ראשון - ואז משם ממשיך הלאה, לפי הממצאים?(ארז) שאלה מצויינת, שאלות מצויינות . . . יש כמה שאלות שמתחבאות במה שהעלת . . .אני אתחיל, קודם כל, מאיזושהי הצהרה - בשורה התחתונה, כשעושים Penetration Testing, אפשר להגיד שהעולם מתחלק לשלושה סוגים - סוג אחד זה Black-Box, סוג שני זה White-Box, בצד השני של הסקאלה; ובאמצע נמצא Gray-Box.אני מאוד מאמין ב-Gray-Box . . . ואני אתחיל רגע בהסבר של מה כל אחד אומר . . .אז Black-Box אומר “קח את המערכת, עזוב'תי באמ'שלך ותחזור אלי עם דוח” - זה ממש, בשפה פשוטה . . .במקרה הטוב אתה מקבל Username ו-Password, יש לך נגיד את ה-URL של המערכת ו-User ו-Password וזהו, לא משתפים איתך פעולה.זו גישה אנכרוניסטית, לדעתי . . . היא מתאימה מאוד למצב שבו אתה יודע לחלוטין שבדקת את המערכת ואין שום דבר ויש סבירות מאוד נמוכה שימצאו [משהו] ועוד הרבה מאוד סיבות למה שתעשה Black-Box, יש עוד כמה . . .בשורה התחתונה, היא לא אופטימלית - אתה יכול לבזבז כמות שעות אדירה על דברים שאתה יכול לחלץ, את אותו Vulnerability, בשיחה של חמש דקות עם מתכנת, בסדר? . . . .או בלהסתכל בדיוק, לעשות Pin-point, ללכת ל-Class המתאים בקוד, כשאתה יודע איפה כנראה מסתתרת הלוגיקה שאתה רוצה לבחון - ופשוט להסתכל על הקוד ולהבין מה קורה שם.מהצד השני נמצא White-Box, שזה בעצם אומר “תן לי את הקוד, בוא נעשה White-Box Testing - תן לי את הקוד, אני בעיקר אסתכל עליו, אשאל שאלות, אסתכל על ה-Sequence Data וכו'” . . . ונמצא בעיות - נסתכל על ה-Design ונמצא בעיות.ויש את האמצע - האמצע זה ה-Gray-Box, שבעצם אומר “בוא נעשה את שניהם - בוא נשתמש בשני המכשירים, גם במכשיר ה-Pen-Testing ‘ה-Black-box-י' וגם במכשיר ‘ה-White-box-י', על מנת לאתר Vulnerabilities”שם המשחק הוא שבהינתן זמן נתון - קבוע, Fixed - אני רוצה למצוא את מקסימום ה=Vulnerabilitiesאני, כ-Pen-Tester, מאוד ארצה- כמו רופא שיכול לנתח ויש לו סט של מכשירים, שיכול להרים פעם את האיזמל הזה ופעם את ההוא וכו'אני רוצה לבוא ולהגיד שהייתי מאוד שמח, בהינתן בעיה נתונה שאני רוצה לבחון, לחשוב ולהגיד רגע, האם אני ניגש אליה במסלול . . .עם המכשיר של ה-Black, כי זה יותר נכון לבדוק אותה עם Black?אולי יותר נכון להסתכל עליה ב-White?או אולי נכון להתחיל Black, לעבור ל-White, לחזור ל-Black, לחזור ל-White . . . וככה בעצם, בצורה מאוד יעילה, לאתר את הבעיותוזה מוביל אותי לשאלה ששאלת - מהי המתודולוגיה של צורת הבדיקה? הPipline הוא כזה:עוד לפני שמתחיל Penetration Testing, נהוג לעשות משהו שנקרא Scoping - ו-Scoping זה תהליך שהוא חצי-עסקי וחצי-טכנולוגי - תהליך שבו מדברים עם הלקוח, עוד לפני שיש הצעת מחיר, לפני שיודעים מה בכלל הולכים לבדוק וכו' - ושואלים אותו “תגיד, מה מעניין אותך? מה היית רוצה לבדוק? בוא - שרטט לי גבולות גזרה, שרטט לי את הרכיבים שלך . . . האם ה-Web-App כן ב-Scope או לא ב-Scope? ה-REST API, שמדבר עם השירות-צד-שלישי שלך - כן להכניס אותו או לא להכניס אותו?”קודם כל, מחליטים איתו מה בכלל רוצים, מהם הגבולות גזרה, מבינים מה המורכבות של המערכת, כמה דפים יש לכל מערכת . . . כי הרי מערכת - לא מודדים אותה לפי משקלה בק”ג . . . מודדים אותה לפי כמות הדפים, כמות ה-APIs, עד כמה הם מורכבים . . .יכולות להיות שתי מערכות, לשתיהן עשר End-Points - אבל אחת היא סופר-מורכבת והשנייה היא כזאת פשוטה כזאת, כמה GET-ים פשוטים שמחזירים אינפורמציה . . . .אחרי שקובעים עם הלקוח את היקף הפעילות, מקבלים הצעת מחיר, הוא מאשר אותה, כל הצד הביזנסי . . . עברנו אותו.קובעים Kick-off - זה שלב סופר-חשוב ב-Pen-Test, זה שלב שבו, ביחד עם הלקוח, קובעים, בשלב הראשון של המערכת - מזמנים את כל הגורמים הרלוונטיים, בין עם זה ה-Pen-Testers וה-Product וה-Project Managers - זה מהצד שלנו, למשלומהצד של הלקוח - בדרך כלל את מי שמכיר את המוצר הכי טוב - מנהלת הפיתוח, לפעמים ה-CISO, מנהל מערכות מידע . . . גורמים מצד הלקוח.ורואים שקודם כל יש לנו את כל המידע שאנחנו צריכים - URL-ים ו-Password-ים וכל מה שצריך למערכות - רואים שהכל עובד, סופר-חשוב . . . גרוע להתחיל פעילות, ואז לגלות שפתאום אחת המערכות לא זמינה, כי אתמול ה-QA החליטו לעשות בדיקה ועשו איזו Stress-test או לא משנה מה . . . . תמיד יש סיפורים.בשלב הזה, של ה-Kick-off, זה השלב שבו נרצה גם לאושש את הנחות הייסוד שלנו, לגבי גבולות הגזרה - אני יכול לתת . . . לא חסרות דוגמאות, שפתאום מישהו מתעורר, מהצד של הלקוח, ואומר “רגע! המערכת הזו, שאמרתם שהיא ב-Scope - היא לא מוכנה, או שלא אמורים לבדוק אותה” - ויכול להיות גם מקרה הפוך, שמישהו יבוא ויגיד “רגע! מה עם השירות ההוא-וההוא? מה עם השירות שעכשיו עושה את Event-rule הזה? הוספנו את זה לפני כמה ימים וכן צריך להכניס אותו ל-Scope . . . .”אז זה בדיוק המקום שבו כל מיני דברים צפים.אחרי שעברנו את השלב הזה, מה שנהוג לעשות - ואני אחבר את זה רגע ל-Gray-Box - זה לקבוע שיחה עם אחד המתכנתים, מישהו שמכיר טוב את המערכת, וללכת איתו בשיטה של Cross-cut, לכל האיזורים שמעניינים ב-Security - ללכת איתו ממש ברמת ה-IDE, להגיד לו, למשל, “תפתח עכשיו ב-Visual Studio ותראה לי בבקשה איך אתה עושה Authentication ל-User-ים”, “תראה לי איך אתה חותם על JWT Tickets”, “קח אותי, למשל, לאותוריזציה (Authorization) - אני רוצה לראות את המודל-הרשאות שלך”או “אמרת לי שיש לך Database מסוג SQL - תגיד, אתה משתמש ב-Dynamic queries?” או “אמרת לי שאתה עובד ב-ORM - אני רוצה לראות בעיניים . . . קח אותי בבקשה ל-DALL, אני רוצה לראות בעיניים . . . “למה אני אומר את הדברים? כי אני יודע שעוד מעט אני אעשה את ה-Pen-Test, ואחד הדברים שאני אסתכל עליהם זה, למשל, זה SQL Injection . . . כשאני אבוא ל-SQL Injection, אם אני יודע, היה לי מידע פנימי, שאומר שלמשל - אין מצב ל-Dynamic queries בקוד, כי ראיתי בעין שהמתכנת משתמש ב-ORM, בסדר . . .בוא נניח שאין בעיה באיך שהוא מימש ORM . . . אז נניח שאני אומר שיש ORM - הסבירות שבה יש SQL Injection, שה-Run-time בכלל ג'ינרט (Generated) על מנת לגשת לדבר הזה - היא קלושה . . .זאת אומרת שאני יודע שאני אולי, בקטנה ככה, אוודא SQL Injection - אבל בשעות היקרות האלה, שהייתי אמור לבדוק SQL Injection - אני אשים אותן על משהו אחר . . . אני אמצא בעיה אחרת.ושוב אני מזכיר - זה משחק של הסתברויות . . . התפקיד של ה-Pen-Tester הוא לבוא ולראות איפה לשחק עם השעות שלו.אם אני אלך רגע קדימה - אז היום של ה-Pen-Tester הוא כזה שבהתחלה הוא סוג של, אם מתחיל הפרויקט, אז הוא סוג-של עושה Reconnaissance על המערכת, Information gathering . . . עובר על המערכת, אילו API-ים יש, כן WebSocket, לא WebSocket, מה עובר . . . אם זה עובר ב-JSON או עובר ב-Proto-Buff, או מה . . . .אגב, היסטוריה - פעם זה לא היה ככה, פעם ה-HTTP Request היה פשוט פרמטרים, כל מה שהיה צריך לעשות זה לשחק עם פרמטרים . . . היום פתאום זה הרבה יותר מורכב, יש Single Page authentication, אתה כבר לא יכול לעשות Crawling על כל המערכת ולדעת בצורה פשוטה, היום הדברים הרבה יותר מורכבים.ולכן, אחד הדברים החשובים ש-Pen-Tester עושה בהתחלה - הוא בונה לעצמו מודל של איך שהמערכת בנויה, והוא חושב כמתכנת - “אם אני הייתי בונה את זה . . .” - אני נכנס לראש של המתכנת ואני מבין את השיקולים שלו . . . “למה, למשל, את ה-Request הזה הוא העביר over WebSocket, ואת זה הוא העביר ב- REST API?” - כנראה שהייתה סיבה . . . כנראה שאת ה-WebSocket הוא צריך ל-Long-running Connection או משהו, ואני אראה שאם יש לו Long-running Connection, אז כנראה שבצד השני ה-User הוא כנראה Authenticated ברגע שהוא פתח Connection . . . זאת אומרת שיכול להיות שב-WebSocket אני אומתתי רק בפעם הראשונה שפתחתי את ה-Connection, ויכול להיות שכשאני אני אשלח את הבקשות הבאות, אם אני אעשה משחק על פרמטרים ואזין ID של User אחר או של Resource אחר - יש סיכוי גבוה יותר שאני אמצא אותו . . . למה? כי ב-REST API, מראש, בגלל שהוא State-less, בהקשר הזה - אז תמיד בודקים . . . יש כל מיני ניואנסים קטנים, שברגע שאתה נכנס לראש של כל מתכנת, זה נותן לך כל מיני טיפים על איפה כדאי לך להסתכל . . .בקיצור - אחרי שעשינו את כל שלב ההכנה ואיך שהמערכת בנויה ואיפה כנראה יש בעיות ו . . . אחד הדברים זה גם למפות פיצ'רים - למשל, יש Features של File upload או Download . . . מדי פעם זה Import או Export של כל מיני קבצים וזה - אז כבר אני יודע שב-Security test-cases שלי אני צריך לכסות Vulnerabilities כגון Directory traversal ו-Path manipulation ודברים כאלה . . . אם לא היה פיצ'ר כזה, שימו לב - זה Feature-Driven - אם לא היה פיצ'ר בכלל של File-ים, כנראה שלהתחיל לחפש Directory traversal היה נמוך יותר ברשימה שלי . . .זאת אומרת שאחד הדברים שה-Pen-Tester עושה - הוא גם בונה לו סוג של “רשימה ממויינת”: אילו Test-cases יותר מעניינים, ספציפית במערכת הזאת.זה קטע מאוד מעניין ומאוד מאתגר - וככל שיש יותר ניסיון, אנחנו גם רואים את זה, ש-Pen-Testers מנוסים יותר, הראשי-צוותים, הרבה פעמים . . . גם אם יש Pen-Tester מאוד טוב, שיודע לזהות בעיה מאוד מאוד טוב - הוא צריך את הניסיון של ה-Pen-Tester המנוסה יותר, שיגיד לו “שמע, יש לי תחושת בטן . . . יש לי הרגשה שבאיזור הזה יהיה לך Directory traversal . . . “הצעיר יותר, שיודע למצוא Directory traversal, ו”שד בזה” - יסתכל על המישהו המנוסה יותר ויגיד לו “איך אתה יודע?, מאיפה יש לך את התחושת בטן הזאת?” - וזה בדיוק הניסיון, שגורם לך להבין לאיפה לחלק את השעות . . . ואם אני כבר קופץ רגע לסוף, רק לשלב האחרון - אחרי שמצאנו, במהלך הפעילות, מצאנו Vulnerabilities . . .היועץ שם לו אותן בצד - ובשלב הסופי הוא כותב דוח שממפה את כל אותן בעיות, ואני אשמח עוד מעט להרחיב על מה נמצא בדוח ומה עושים איתו . . .(רן) כן . . . אז אני מניח שאיזשהו Sub-text שלא כל כך דיברנו עליו הוא שלך יש אולי איזושהי מגבלת זמן, אבל אתה יוצא מתוך נקודת הנחה שלפורץ אין מגבלת זמן . . . זאת אומרת, גם אם אין לו, כמובן, גישה ל-White-Box, אין לו גישה ל-Source-Code - או לפחות אנחנו מקווים שאין לו את הגישה הזאת, אם לא התכוונו לתת לו . . . .אבל כן יש לו הרבה מאוד זמן לשחק - אז הוא לא יודע אם יש Directory traversal או לא אז הוא פשוט מנסה, והוא לא יודע אם יש פה בעיה ב-WebSocket אז הוא פשוט מנסה - ולפורץ יש, נגיד, “אינסוף זמן”, אבל לך אין . . . יש סוף לזמן שלך, יש סוף לשעות שאותן אתה יכול להשקיע, לפי החוזה, ולכן אתה צריך לתעדף לפי סיכונים.רציתי לשאול - יש לנו בסך הכל הרבה נושאים שאנחנו רוצים לכסות והזמן קצר, כמו ב-Pen-Testing . . . - אז רציתי להתמקד על כמה דברים - ואחד הדברים המשמעותיים, אני חושב, ביותר בעולם של ה-Security activities זה ההתפתחות של שפות התכנות, זאת אומרת - אם בעבר פריצות טיפוסיות היו משתמשות ב-Buffer overflow ודריסות זכרון ודברים כאלה בשפות שהן פחות מנוהלות כגון C, היום השפות הן כבר הרבה יותר מנוהלות, ועדיין יש להן פגיעויות - אבל הן מסוג שונה.אז שפות שהן הרבה יותר מתקדמות, דוגמאת הגרסאות האחרונות של Java ו-TypeScript ו-Go ו-Rust מנהלות בצורה מאוד מאוד יפה את הזכרון שלהן, ויש להן לא מעט פיצ'רים של Security כבר Built-in בתוך השפה - אבל אני מנחש שיש להן פגיעויות אחרות . . .אז איך אתם ניגשים, נגיד, אם אתם לומדים שיש Code base שכתוב, לצורך העניין, ב-Go או ב-Rust או ב-TypeScript או בשפה מודרנית אחרת - האם אתם ניגשים לזה בצורה שונה, עם סט שונה של כלים או מתודולוגיה אחרת?(ארז) חד משמעית כן, כי בכל שפה יש את ה-Common Vulnerabilities שלה, או שאני אגיד את זה אחרת - לכל שפה יש את “המקומות האפלים האלה”, שמתכנת עלול “לירות לעצמו ברגל” . . .מה הכוונה? הסביבה והשיטה וכל ה-Community הרבה פעמים מעודד אותך לעבוד בצורה מסויימת, שהיא, בוא נגיד את זה ככה - קצת יותר מסוכנת מהממוצע, או יותר מסוכנת מבשפה אחרת . . . בעיקר בדברים דינאמיים או בדברים שאתה עושה בצורה שכזו, שנגיד שאולי בשפות אחרות לא היית עושהלמשל - בסביבות כמו Node.js ודומיהן, מאוד מאוד מעודדים אותך, יותר מבסביבות אחרות, להשתמש ב-Open Source Components . . . ו-Open Source Components, למרות שזה לא קוד שאתה כתבת, יש סבירות יותר גבוהה שבקומפוננטה (Component) שלא תפתח בעצמך, יהיה Vulnerability.גם לך תדע מאיפה הגיע ה-Package הזה ל-npm, ואתה מושך אותו ואלוהים יודע מה קורה איתו . . .אז יש סביבות שבהן ה-Package זה האיום המרכזי, ויש סביבות שבהן אתה יודע שהסביבה עצמה היא כזו שבה יש יותר סבירות לטעות . . .אגב, דיברת על זיכרון מנוהל וכו' - גם לפני 10 שנים, הרוב היה זיכרון מנוהל . . . בעיות כמו Buffer overflow ו-Format String ו-XSS וכו' - אלו בעיות שבאמת עוד בעבר הפסקנו להסתכל עליהן.זאת אומרת שהסבירות שאתה תמצא Buffer overflow באיזו Web-App הוא קלוש.לכן, רוב הבעיות מתמקדות בעיקר בבעיות טכניות - זה המונח, “בעיה טכנית”.“בעיה טכנית” זו בעיה כגון Directory traversal שהזכרתי קודם ו-SQL Injection ו-XSS ועוד כל מיני בעיות.ויש “בעיות לוגיות” . . . .(רן) כן, אני אוסיף לרשימה דברים שאני ראיתי - שימוש לא נכון ב-Encryption או בכל הספריות שקשורות ל-Encryption . . . (ארז) זה בעיות לוגיות . . . (רן) . . . ושימוש לא נכון באות'נטיקציה (Authentication) . . .(ארז) . . . לוגיות!(רן) אוקיי . . .(ארז) בדיוק . . . זה בדיוק מה שבאתי להגיד - לשם העולם הולך.אני אתן רקע - בעיות טכניות אלו בעיות שקל מאוד לפרמל (Formalize) אותן - לצורך העניין, אם אני עכשיו סורק את הקוד, קל לי, יחסית, לזהות או להגדיר Pattern של איך שנראה SQL Injectionתחשוב שמשהו רץ על הקוד, יש איזשהו Static Code Analysis, איזשהו מוצר של Security שעושה scanning, וידע לזהות איך נראה SQL Injection או XSS או כל בעיה אחרת . . .יש לזה Pattern בקוד, אני יכול להגדיר ולהגיד “אם אתה רואה קוד שיש בו Class של SQL Query ויש “הדבקת String-ים” בלה-בלה-בלה . . . “ - אני יכול לפרמל, לוגיקה כזו - “… - אז יש בעיה”.אלו בעיות טכניות.בעיות לוגיות, מהצד השני, הן בעיות יותר קשות - כי מכונה לא יכולה להסתכל על מכונה ולהכריע . . . זה הולך כל כך רחוק, עד כדי בעיית עצירה של Turing . . . זאת אומרת שאנחנו לא נוכל אף פעם, גם אם יש הרבה חברות AI שמספרות לנו כל מיני סיפורים - זה לא יקרה . . .בבעיות לוגיות, מכונה לא תוכל להכריע - זאת אומרת, יש דברים שהיא תוכל אולי, אני לא ראיתי . . . - אבל לדוגמא, הכי פשוטה:מי אמר שעל שדה מסויים, סופר-רגיש, צריך להיות Encryption? מי אמר שעל השדה הזה ב-Database או על השדה ההוא ב-Database צריך להיות Encryption? זה לא צריך להיות Encryption . . . מכונה לא תוכל להגיד לך את זה, בסדר?נכון שיהיה אפשר להסיק . . .(רן) אתה עושה את החלוקה בין “לוגיות” ל”טכניות” מנקודת הראות שלך, כ-Pen-Tester . . . דברים שבצורה טכנית, באופן טכני, אני יכול למצוא - ודברים שבאופן טכני אני לא יכול למצוא, ולכן אתה קורה לזה “לוגי”.אבל כמפתח, אני לא כל כך מודע לחלוקה הזאת . . . מבחינתי, הכל זה . . . לא יודע אם אפשר לקטלג את זה, אבל הכל זה בעיות לוגיות, כנראה . . . - זאת אומרת, מימוש לא נכון, הליכה כנגד ה-Best-Practices, בהרבה מקרים, או סתם חוסר הבנה או חוסר ידע שלי . . .(ארז) כן, תראה - הטרמינולוגיה של “בעיה טכנית” או “בעיה לוגית” היא לא טרמינולוגיה . . . זו טרמינולוגיה שבאה מעולם הPenetration Testing - זה מונח מקובל ונהוג לעשות את החלוקה הזאת.בשורה התחתונה - אתה צודק, מנקודת מבטו של מתכנת “הכל לוגי, כי הכל זה קוד שאני כותב”, ברור . . .אבל בהקשר של בעיה, כן - רוב הבעיות שאנחנו רואים היום הן בעיות כגון זה שלא שמת Encryption או שעשית Encryption לא נכון, או שלא עשיתי אות'וריזציה (Authorization), בסדר? לא עשית אות'וריזציה או שיכול להיות שהאות'וריזציה שלך לא טובה . . . .או למשל - מישהו שעושה Parameter Manipulation על איזה ערך, כן? . . . והוא נותן ערך Valid-י, זאת אומרת, תחשוב רגע שיש איזשהו ערך שאני מעביר - הערך עצמו, כערך, הוא אחלה ערך! הוא עובר RegExr, הכל תקין . . .אממה, לי אסור לשלוח אותו - הוא ה-CartID שלך, לא שלי, לדוגמא . . . . שזו בעיה לוגית, זו בעיה שמאוד קשה לעלות עליה מבחוץ - אתה ממש צריך להבין את ה-Business-Logic של המערכת.וזה, אגב, משהו שאומר שאיפשהו, ככל שהטכנולוגיה תתקדם ויהיו ל-Pen-Testing יותר שיטות ויותר כלים - תמיד אנחנו נצטרך Human בתמונה . . .(רן) אז נושא אחד שככה קצת נגעת בו מקודם, כשדיברנו על Node.js - הזכרנו קוד פתוח והזכרנו Package Managers, ורציתי קצת להכליל את זה ולדבר עוד כמה דקות על הנושא של Supply-Chain Attacks - התקפות על שרשרת האספקה.עכשיו, מי שמגיע מעולם התפעול מכיר שרשרת אספקה - זה אוניות, זה משאיות, זה מטוסים, זה מחסנים וכו' . . . . אבל מה, למעשה, זו שרשרת האספקה בעולם התוכנה? אז בעולם התוכנה, שרשרת האספקה כוללת כמה דברים - זה כולל את כל ה-Tool-ים שעוזרים לנו בסופו של דבר לכתוב את התוכנה ולדלבר (Deliver) אותה, אם זה IDE, אם זה ה-Package Manager, אם זה חבילות ה-Open-Source השונות, ה-CI, ה-Deployment System, ה-Docker ו-Kubernetes וכו' - כל מה שעוזר לנו בסופו של דבר - כל מה שהוא לא התוכנה שלנו, אבל עוזר לנו לייצר את התוכנה.ובזמן האחרון - טוב, אני לא יודע אם זה בזמן האחרון אבל שאולי זה רק עלה יותר למודעות בזמן האחרון - יש לא מעט התקפות על שרשרת האספקה הזאת, אם זה התקפה על ה-CI, אם זו התקפה על החבילות, Hijacking וכו' . . .איך זה משנה את עולם ה-Pen-Testing?(ארז) תראה, בשורה התחתונה אני אגיד שזה משהו שחלקית אנחנו . . . זאת אומרת, אפשר להתייחס אליו ב-Pen-Testing.ולמה אני אומר את זה? כי אם יש בעיה, כשהבעיה הזו היא, לצורך העניין, חשופה כלפי חוץ - אז אתה תראה אותה ב-Pen-Test, וזה לא משנה אם המתכנת טעה ועשה Bug של Security, שזה רוב המקרים, או אם המתכנת בכוונה הזריק וקטור לקוד - נדיר, אבל קורה . . . .או אם זה סוג של . . . מישהו אחר, נגיד, הכניס בכוונה Bug איפשהו - בסוף זה יצא כלפי חוץ, זאת אומרת - ב-Pen-Testing אתה אמור לזהות את הבעיות שקיימות.מה אתה לא תזהה ב-Pen-Testing? אם למשל מישהו החביא, איפשהו ב-Supply-Chain עמוק בפנים, איזשהו Backdoor שכזה . . . אין סיכוי שאתה תעלה עליו, אתה יודע . . .אתה לא יכול לחזות, למשל שאם אתה תוסיף איזה ערך מאוד-מאוד-מאוד מיוחד ל-Request - פתאום ה-Backdoor יתעורר . . . זה לא משהו, זה לא סביר שאתה תעלה על זה ב-Pen-Test.אגב - מאוד יהיה קשה לעלות על זה גם בשיטות אחרות.לכן Supply Chain אלו בעיות מאוד קשות . . . כי תחשוב רגע, הזכרת למשל אוניות ומחסנים וכאלו - בעולם ה-Software זה יותר באמת “מישהו החביא לי איזושהי הפתעה, עוד לפני שאני, כמתכנת, קימפלתי ל-Production בכלל, מישהו החביא הפתעה עמוק בתוך ה-Complier” . . . סתם דוגמא - בתוך ה-IDE החביאו לי איזושהי הפתעה, החביאו לי בתוך ה-Docker Image . . . תחשוב - אם אני מושך איזה איזשהו Docker Image, והוא כבר בפנים החביא לי הפתעה . . . הקוד שלי סבבה, פצצה - עבר Code Review, עבר Pen-Test - על הסביבה הרגילה . . . אבל כשהוא רץ על ה-Docker Image הזה, אני בבעיה.לא חסרות סיבות שכאלו, שבהן אתה אומר שיכול להיות שאיפשהו לאורך הדרך מישהו שתל לי איזה משהו - ולכן, בהקשר של Supply Chain, מאוד חשוב לשים לב שבאמת, זה מאוד טריוויאלי - שכל השרשרת מאובטחת.שאת ה- Package-ים אתה לוקח ממקום תקין, שאת הסביבה אתה מעלה נקי . . . Docker Image? אין בעיה, אבל אל תביא Docker Image שמישהו אחר אפה, בוא תאפה אתה . . . תעשה את ה-Buildיש בפנים Binaries מיוחדים? תקמפל אתה . . . וכמובן שים לב מאיפה אתה מושך את הקוד . . .היום זה גם מאוד קל, כי היום להרבה מאוד דברים יש Digital Signature - פעם לא היה לנו Digital Signature כמעט על כל דבר, והיום יש.היום אתה יכול לוודא שהחבילה הגיעה מה-Trusted source שאתה מצפה לו.היום אתה יכול לאמת חתימות של כמעט כל דבר שיש.אפילו היום אתה יכול - הנה דוגמא למשהו שפעם לא היה - CDN, בסדר? נהוג למשוך כל מיני Static content מ-CDNהיום זה כל כך טריויאלי . . . פעם הייתה שם את הכל אצלך, את כל ה-JavaScript-ים והכלהיום יש יכולת להגיד, אני בתור מפתח המערכת שלי - כשאני מושך External backend, כשאני מושך למשל jQuery ממקור חיצוני, אני לספק את החתימה שלו כחלק מה-HTML - לא הייתי יכול לעשות את זה בעבר.בעבר הייתי צריך למשוך JavaScript ולכניס אותו “לקודש הקודשים” - ל-Domain שלי, בתוך ה-Domain שלי, להכניס משהו מבחוץ שאין לי מושג מאיפה הוא בא, אין לי מושג האם מישהו שינה אותו מאיפה שמשכתי אותו וכו'היום אני יכול ממש לספק Hash עם חתימה של מה שאני מצפה לקבל - ואם ה-Browser יקבל Package לא מתאים הוא ידחה אותו, הוא לא יטען אותו - שזה נהדר.יש הרבה מאוד שיפורים מהסוג השזה, שפעם לא היו לנו - וזה אגב אחד הטריקים שאני ממליץ להשתמש בהם.(רן) זה באמת מביא אותי לשאלה הבא - אולי לא יהיה לנו זמן לדבר על ה-Report שאתם מייצרים, אבל האם, אחרי שמצאתם אוסף של Vulnerabilities - רגישויות, פגיעויות - האם אתם גם הולכים הלאה ומספקים בסופו של דבר פתרונות, או מיטיגציות (Mitigations) לאותן בעיות?(ארז) יש הפרדה בין עולם ה-Pen-Testing לעולם הייעוץ - זאת אומרת שכשאתה עושה Penetration Testing, יש לך Mission - וה-Mission שלך זה לבוא ולמצוא כמה שיותר בעיות ולהנגיש אותן, זה חלק מהמשימה.מה זה אומר להנגיש אותן? - זה אומר שאני צריך לקחת בחשבון שמי שקורה את הדוח הוא לא Penetration Tester, ואני לא יכול לדבר בשפה שלי . . .אני צריך להסביר לו את הבעיות, אני צריך להסביר לו איפה הבעיות . . .אני צריך לשים לב לא ליפול לטעות הנפוצה - שהוא יחשוב שהבעיה שנתתי לו היא רק בדוגמא מסויימת, ויתקן רק אותה . . .ואחד הדברים שחשוב מאוד להנגיש במסמך זה את ה-Mitigations . . .אז לשאלתך - כן, נהוג לתת Mitigations במסמך, להגיד איך ניתן לטפל בזה - אמרתי לך, סתם לדוגמא, שה-Encryption שלך לא טוב - אגב יש לזה שם, משחק מילים: En-crap-tion . . . אם אתה עושה En-crap-tion, וה-Encryption שלך לא טוב, אז אחד מהדברים שאני ארשום לך במסמך זה שהשתמשת, למשל, בהצפנה סימטרית מסוג . . . . וה-Encruption mode שלך הוא ECB - זה לא טוב, תחליף בבקשה ל-CBC, ויכול להיות שאני אפילו אתן לך את ה-Flag המתאים בשפה שלך, כי אני, נגיד, יודע באיזו שפה אתה עובד וואני אתן לך גם ממש דוגמת קוד שעובדת.זה החלק של הדוח, זה החלק של ה-Pen-Test - מי שמקבל דוח, צריך שיהיה לו את כל מה שצריך בשביל לתקן את זה.יש לקוחות ויש מקרים שבהם באים ואומרים “תשמע - בואו תסייעו לי גם ממש ליישם את ההמלצות”אבל הנחת הייסוד היא שלא - אתה לא חייב להישען עלינו בשביל זהמי שעושה Pen-Test אמור לקבל את כל המידע ואמור לקחת מישהו שמבין מספיק, מפתח נורמלי, שידע מה לעשות עם הדברים - וכל מפתח נורמלי יידע איך לעשות את המיטיגציות (Mitigations) בהתאם להנחיות שהוא קיבל.(רן) אוקיי, הזמן שלנו כבר קצר ואני עדיין מאוד סקרן, אז אני אבחר לעצמי עוד שאלה אחת וננסה לענות עליה - בעצם, היום הרבה מאוד שירותים נשענים על שירותי-צד-שלישי - אם זה לצורך, נגיד, Monitoring אז Datadog וכאלה, אם זה לצורך תשתיות אז AWS או GCP או Azure . . . זאת אומרת, הרבה מאוד הישענות על שירותי-צד-שלישי, והשאלה האם זה גם משהו שאתה לוקח בחשבון כשאתה בא לעשות Pen-Testing? זאת אומרת - לא רק את הקוד שאני כתבתי, אלא גם את כל השירותים האחרים שבהם אני משתמש ואולי ה-Data שאני שולח אליהם, ואולי הפגיעויות שלהם, עצמם . . . לצורך העניין יש Vulnerability ב-PagerDuty - איך זה הולך להשפיע עלי?(ארז) שאלה מצויינת . . . מה שאתה מדבר עליו, יש לו שם כללי בעולם שלנו: זה נקרא TCB, שזה Trusted Computing Baseזה בעצם אומר אילו דברים מבחינתך זה הבסיס, שכהנחת יסוד אתה אומר “את זה אני לא בודק” . . .לדוגמא - כשאתה עכשיו עושה Pen-Test לאיזה Web Application שכתוב ב-Node.js, אתה לא תלך ותבדוק את המערכת הפעלה שלו . . . למה? כי אתה אומר ש”הנחת היסוד שלי היא שהמערכת הפעלה שלו היא תקינה” . . .כמובן שאתה יכול לעשות Pen-Test על לראות שאין Vulnerabilities במערכת הפעלה, אבל באנלוגיה, נגיד - אני עכשיו עושה Pen-Test על איזשהו Web App, שפתאום משתמש בשירות צד-שלישי . . . נגיד שהוא משתמש עכשיו בשירות שליחת SMS של Twilio או לא יודע מה, משהו של צד שלישיאני לא הולך לעשות עכשיו Pen-Test על Twilio . . . מבחינתי, Twilio הוא בהנחת יסוד שלנו, והוא צד שלישי שהוא Secure.קודם כל - אני לא יכול ללכת עד אינסוף ולבדוק את כל הלוויינים סביבי . . . זוכר? זה משהו עסקי . . . דבר שני - חוקית, אני לא יכולדבר שלישי - גם אם הייתי יכול, הם היו אומרים לי “לך מפה” . . .דבר רביעי - תשמע, זו אחריות שלהם . . .[כל זה לא משנה אם הטלויזיה מאזינה . . . ]מה שכן עושים זה מסתכלים על ה-Interface, זאת אומרת - אם אני עכשיו עובד עם צד-שלישי, אז כן אני אסתכל - וזה כן דברים שמסתכלים עליהם- כן אני אסתכל שאם למשל אני עובד מולו, אז אני עובד עם HTTPS, לדוגמא.כי אני רוצה לוודא שה-Data עובר לשם כשהוא Encrypted בצורה נכונה.כלל נוסף - אני עובד מולו אז אני רוצה לעשות Server Authentication.זה Concern שלי, אני רוצה כשכשאני הולך לצד שלישי, לעשות אות'נתיקציה (Authentication) שלו, אני רוצה לוודא שכשאני עובד עם שירות צד-שלישי, אני רוצה לוודא שבאמת אני עובד איתו ולא עם איזה Man-in-the-Middle . . . .למשל, אחד הדברים שעולים ב-Pen-Test זה שבזמן הפיתוח, כיבו את ה-Certificate Validation . . . למה? כי בפיתוח לא היה לי Certificate של צד-שלישי כלשהו וביטלתי, עשיתי . . . . דרסתי את המתודה שעושה Certificate Validation, ואמרתי “ניתן True - עזוב אותי באמא'שך . . . פונקצית-עזוב'תי-באמא'שך . . . ”וכשבאים ל-Production - “וואלה מעולה - זה עובד!”, כי זה עבד גם מקודם . . . .אלא הם דברים שב-Pen-Test, למשל, כן בודקים אותם - כי כשמכניסים Man-in-the-Middle, ורואים שכשאני מגיש Certificate שהוא לא חתום ע”י ה-CA שאותו Client אמור לוודא, אז באמת אני מבין שיש בעיה . . . בקיצור - לא בודקים את הצד-שלישי, כן בודקים את האינטגרציה מולו ואת ה-Interface-ים מולו - מה נשלח? איך מאמתים אותו? כו' . . .(רן) אני מניח שבהקשר הזה, יש גם עניין של זליגה של מידע פרטי - אולי אם שלחת SMS, או שאתה שולח רק את הפרטים שאתה רוצה ולא בטעות מידע של מישהו אחר . . . (ארז) נכון, וברשותך אני אקח דוגמא מעולם ה-Mobile Apps - בעולם ה-Mobile Apps אתה רואה שפתאום, Out-of-the-blue . . . כאילו, זה בדיוק מהכיוון ההפוך, כן? . . . אם מקודם אמרתי שאני יודע שיש תקשורת לשרת מסויים, פתאום אני מזהה תקשורת שהולכת לאיזשהו שרת כלשהו, שאין לי מושג מי הוא, מאיפה הוא, מהו . . . ומסתבר שה-Vendor, ברוב נחמדותו, הוסיף בפנים לוגיקה של Monitoring ושל טלמטריה . . . ולפעמים זה נעשה אפילו בצורה זדונית.אגב, אחד מה-Side-effects של Pen-Test זה פתאום, במקרה, לזהות תקשורת שבכלל לא ידענו שהיא קיימת, שמגיעה מתוך איזשהו SDK שלקחנו והכנסנו פנימה . . . אנחנו רואים את זה מלא, וזה אגב אחד הדברים ש”על הדרך” פתאום אנחנו יכולים להאיר עליהם . . .לפעמים, אגב, זה לא עניין של Security - לפעמים אנחנו, על הדרך, רואים משהו שעוזר לצד השני והוא אומר “וואלה, לא ידעתי בכלל שדברים כאלה קורים . . . .”(רן) אז לדוגמא, יכול להיות מקרה שבו אתה מתקין SDK בתוך ה-Mobile-App שלך ובלי ידיעתך הוא שולח כל מיני אנליטיקות על ה-User שלך, אולי אפילו PII, זאת אומרת Personally Identifiable Information על ה-User-ים שלך, בלי שבכלל ידעת ובלי, כמובן, שהסכמת.(ארז) נכון - ופתאום אתה מגלה שאתה לא עומד ברגולציה . . . שבעצם אותו צד שלישי, אותו Package תמים, שכל מה שהוא אמור לעשות זה לספק לך איזשהו חישוב של משהו מסוייםפתאום אתה מגלה שהוא, ברוב חוצפתו, לוקח את אותו מידע של ה-End-user ושולח לשרת שלו . . . עכשיו - גם אם זה לא בצורה זדונית, גם אם הם צריכים את זה בשביל לשפר את המוצר שלהם או לבנות איזשהו מודל Data-Science כזה או אחר - אני בבעיה, אני כ-Vendorכי פתאום הוא גורם לי לא לעמוד ברגולציה שאני אמור לעמוד בה - בגלל שהוא שולח את הנתונים של הלקוחות שלי אליו . . . זה מסבך אותנו וכמובן שהרבה פעמים זה גם גובל בבעיות Security - אבל זה חלק מהדברים שעלולים למצוא ב-Pen-Test על הדרך.(רן) כן, ברוראז כמו שאמרנו קודם - זמננו קצר ואנחנו צריכים לסיים.אז תודה, ארז! היה כיף והיה מעניין - ותודה על העדכון, אני מקווה שניפגש שוב ולא בעוד 10 שנים . . . .אז עולם ה-Pen-Testing מתחדש, אני מניח, כל יום, וזה מרתק - וזהו. תודה!(ארז) בכיף - שמחתי מאוד לבוא, שמחתי מאוד לדבר, וכמובן שאם יש עוד נושאים מעניינים אז אני בכיף אבוא וארחיב עליהם, תמיד כיף לדבר ולספר ככה את מה שבסופו של דבר עובד בצד הזה, כי אני גם רואה שברגע שגם עולם הפיתוח רואה ומבין את השיקולים של ה-Pen-Test, בסוף זה נותן יכולת טובה יותר לבצע את הפעילות הזאת.תודה ארז, ולהתראות! האזנה נעימה ותודה רבה לעופר פורר על התמלול!

Christian chats to Sunaina about penetration testing and leaving her job. He then learns about the pressures of playing rugby in New Zealand and finally meets Shane, who left his career in banking to help people as a financial counsellor. Follow Aussie Rideshare on InstagramFollow Aussie Rideshare on TikTokLike Aussie Rideshare on FacebookSupport the podcast on Patreon See acast.com/privacy for privacy and opt-out information.

In this episode I sit down with Chris Roberts who has been known for hacking airplanes via the entertainment systems, NASA and many other well known companies & technologies. In this episode we dive into all of that and much more. Support the show (https://www.buymeacoff.ee/secunf)

This week, we kick off the show with an interview featuring Joe Gray, Senior OSINT Specialist at Qomplx, where we talk OSINT & Social Engineering ! Next up, we welcome Kyle Avery, a Penetration Tester for Black Hills Information Security, to delve into Offensive Operations with Mythic! In the Security News for this week: Accenture gets Lockbit, $600 million in cryptocurrency is stolen, and they've started returning it, Lee and Jeff's data is leaked (among other senior citizens), authentication bypass via path traversal, downgrade attacks, Apple's backdoor, super duper secure mode, re-defining end-to-end encryption and how that doesn't work out, pen testers file suit against Dallas County Sherrif's department, Fingerprinting Windows, & double secret quadrupal extortion!   Show Notes: https://securityweekly.com/psw706 Visit https://www.securityweekly.com/psw for all the latest episodes!   Follow us on Twitter: https://twitter.com/securityweekly Follow us on Facebook: https://facebook.com/secweekly

This week, we kick off the show with an interview featuring Joe Gray, Senior OSINT Specialist at Qomplx, where we talk OSINT & Social Engineering ! Next up, we welcome Kyle Avery, a Penetration Tester for Black Hills Information Security, to delve into Offensive Operations with Mythic! In the Security News for this week: Accenture gets Lockbit, $600 million in cryptocurrency is stolen, and they've started returning it, Lee and Jeff's data is leaked (among other senior citizens), authentication bypass via path traversal, downgrade attacks, Apple's backdoor, super duper secure mode, re-defining end-to-end encryption and how that doesn't work out, pen testers file suit against Dallas County Sherrif's department, Fingerprinting Windows, & double secret quadrupal extortion!   Show Notes: https://securityweekly.com/psw706 Visit https://www.securityweekly.com/psw for all the latest episodes!   Follow us on Twitter: https://twitter.com/securityweekly Follow us on Facebook: https://facebook.com/secweekly

About NickNick Frichette is a Penetration Tester and Team Lead for State Farm. Outside of work he does vulnerability research. His current primary focus is developing techniques for AWS exploitation. Additionally he is the founder of hackingthe.cloud which is an open source encyclopedia of the attacks and techniques you can perform in cloud environments.Links: Hacking the Cloud: https://hackingthe.cloud/ Determine the account ID that owned an S3 bucket vulnerability: https://hackingthe.cloud/aws/enumeration/account_id_from_s3_bucket/ Twitter: https://twitter.com/frichette_n Personal website:https://frichetten.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Corey: This episode is sponsored in part by our friends at Lumigo. If you've built anything from serverless, you know that if there's one thing that can be said universally about these applications, it's that it turns every outage into a murder mystery. Lumigo helps make sense of all of the various functions that wind up tying together to build applications. It offers one-click distributed tracing so you can effortlessly find and fix issues in your serverless and microservices environment. You've created more problems for yourself; make one of them go away. To learn more, visit lumigo.io.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I spend a lot of time throwing things at AWS in varying capacities. One area I don't spend a lot of time giving them grief is in the InfoSec world because as it turns out, they—and almost everyone else—doesn't have much of a sense of humor around things like security. My guest today is Nick Frechette, who's a penetration tester and team lead for State Farm. Nick, thanks for joining me.Nick: Hey, thank you for inviting me on.Corey: So, like most folks in InfoSec, you tend to have a bunch of different, I guess, titles or roles that hang on signs around someone's neck. And it all sort of distills down, on some level—in your case, at least, and please correct me if I'm wrong—to ‘cloud security researcher.' Is that roughly correct? Or am I missing something fundamental?Nick: Yeah. So, for my day job, I do penetration testing, and that kind of puts me up against a variety of things, from web applications, to client-side applications, to sometimes the cloud. In my free time, though, I like to spend a lot of time on security research, and most recently been focusing pretty heavily on AWS.Corey: So, let's start at the very beginning. What is a cloud security researcher? “What is it you'd say it is you do here?” For lack of a better phrasing?Nick: Well, to be honest, the phrase ‘security researcher' or ‘cloud security researcher' has been, kind of… I guess watered down in recent years; everybody likes to call themselves a researcher in some way or another. You have some folks who participate in the bug bounty programs. So, for example, GCP, and Azure have their own bug bounties. AWS does not, and too sure why. And so they want to find vulnerabilities with the intention of getting cash compensation for it.You have other folks who are interested in doing security research to try and better improve defenses and alerting and monitoring so that when the next major breach happens, they're prepared or they'll be able to stop it ahead of time. From what I do, I'm very interested in offensive security research. So, how can I as, a penetration tester, or red teamer or, I guess, an actual criminal, [laugh] how can I take advantage of AWS, or try to avoid detection from services like GuardDuty and CloudTrail?Corey: So, let's break that down a little bit further. I've heard the term of ‘red team versus blue team' used before. Red team—presumably—is the offensive security folks—and yes, some of those people are, in fact, quite offensive—and blue team is the defense side. In other words, keeping folks out. Is that a reasonable summation of the state of the world?Nick: It can be, yeah, especially when it comes to security. One of the nice parts about the whole InfoSec field—I know a lot of folks tend to kind of just say, “Oh, they're there to prevent the next breach,” but in reality, InfoSec has a ton of different niches and different job specialties. “Blue teamers,” quote-unquote, tend to be the defense side working on ensuring that we can alert and monitor potential attacks, whereas red teamers—or penetration testers—tend to be the folks who are trying to do the actual exploitation or develop techniques to do that in the future.Corey: So, you talk a bit about what you do for work, obviously, but what really drew my notice was stuff you do that isn't part of your core job, as best I understand it. You're focused on vulnerability research, specifically with a strong emphasis on cloud exploitation, as you said—AWS in particular—and you're the founder of Hacking the Cloud, which is an open-source encyclopedia of various attacks and techniques you can perform in cloud environments. Tell me about that.Nick: Yeah, so Hacking the Cloud came out of a frustration I had when I was first getting into AWS, that there didn't seem to be a ton of good resources for offensive security professionals to get engaged in the cloud. By comparison, if you wanted to learn about web application hacking, or attacking Active Directory, or reverse engineering, if you have a credit card, I can point you in the right direction. But there just didn't seem to be a good course or introduction to how you, as a penetration tester, should attack AWS. There's things like, you know, open S3 buckets are a nightmare, or that server-side request forgery on an EC2 instance can result in your organization being fined very, very heavily. I kind of wanted to go deeper with that.And with Hacking the Cloud, I've tried to gather a bunch of offensive security research from various blog posts and conference talks into a single location, so that both the offense side and the defense side can kind of learn from it and leverage that to either improve defenses or look for things that they can attack.Corey: It seems to me that doing things like that is not likely to wind up making a whole heck of a lot of friends over on the cloud provider side. Can you talk a little bit about how what you do is perceived by the companies you're focusing on?Nick: Yeah. So, in terms of relationship, I don't really have too much of an idea of what they think. I have done some research and written on my blog, as well as published to Hacking the Cloud, some techniques for doing things like abusing the SSM agent, as well as abusing the AWS API to enumerate permissions without logging into CloudTrail. And ironically, through the power of IP addresses, I can see when folks from the Amazon corporate IP address space look at my blog, and that's always fun, especially when there's, like, four in the course of a couple of minutes, or five or six. But I don't really know too much about what they—or how they view it, or if they think it's valuable at all. I hope they do, but really not too sure.Corey: I would imagine that they do, on some level, but I guess the big question is, you know that someone doesn't like what you're doing when they send, you know, cease and desist notices, or have the police knock on your door. I feel like at most levels, we're past that in an InfoSec level, at least I'd like to believe we are. We don't hear about that happening all too often anymore. But what's your take on it?Nick: Yeah, I definitely agree. I definitely think we are beyond that. Most companies these days know that vulnerabilities are going to happen, no matter how hard you try and how much money you spend, and so it's better to be accepting of that and open to it. And especially because the InfoSec community can be so, say, noisy at times, it's definitely worth it to pay attention, definitely be appreciative of the information that may come out. AWS is pretty awesome to work with, having disclosed to them a couple times, now.They have a safe harbor provision, which essentially says that so long as you're operating in good faith, you are allowed to do security testing. They do have some rules around that, but they are pretty clear in terms of if you were operating in good faith, you wouldn't be doing anything like that. It tends to be pretty obviously malicious things that they'll ask you to stop.Corey: So, talk to me a little bit about what you've found lately, and been public about. There have been a number of examples that have come up whenever people start googling your name or looking at things you've done. But what's happening lately? What have you found that's interesting?Nick: Yeah. So, I think most recently, the thing that's kind of gotten the most attention has been a really interesting bug I found in the AWS API. Essentially, kind of the core of it is that when you are interacting with the API, obviously that gets logged to CloudTrail, so long as it's compatible. So, if you are successful, say you want to do, like, Secrets Manager, ListSecrets, that shows up in CloudTrail. And similarly, if you do not have that permission on a role or user and you try to do it, that access denied also gets logged to CloudTrail.Something kind of interesting that I found is that by manually modifying a request, or mal-forming them, what we can do is we can modify the content-type header, and as a result when you do that—and you can provide literally gibberish. I think I have VS Code window here somewhere with a content-type of ‘meow'—when you do that, the AWS API knows the action that you're trying to call because of that messed up content type, it doesn't know exactly what you're trying to do and as a result, it doesn't get logged to CloudTrail. Now, while that may seem kind of weirdly specific and not really, like, a concern, the nice part of it though is that for some API actions—somewhere in the neighborhood of 600. I say ‘in the neighborhood of' just because it fluctuates over time—as a result of that, you can tell if you have that permission, or if you don't without that being logged to CloudTrail. And so we can do this enumeration of permissions without somebody in the defense side seeing us do it. Which is pretty awesome from a offensive security perspective.Corey: On some level, it would be easy to say, “Well, just not showing up in the logs isn't really a security problem at all.” I guess that you disagree?Nick: I do, yeah. So, let's sort of look at it from a real-world perspective. Let's say, Corey, you're tired of saving people money on their AWS bill, you'd instead maybe want to make a little money on the side and you're okay with perhaps, you know, committing some crimes to do it. Through some means you get access to a company's AWS credentials for some particular role, whether that's through remote code execution on an EC2 instance, or maybe find them in an open location like an S3 bucket or a Git repository, or maybe you phish a developer, through some means, you have an access key and a secret access key. The new problem that you have is that you don't know what those credentials are associated with, or what permissions they have.They could be the root account keys, or they could be literally locked down to a single S3 bucket to read from. It all just kind of depends. Now, historically, your options for figuring that out are kind of limited. Your best bet would be to brute-force the AWS API using a tool like Pacu, or my personal favorite, which is enumerate-iam by Andres Riancho. And what that does is it just tries a bunch of API calls and sees which one works and which one doesn't.And if it works, you clearly know that you have that permission. Now, the problem with that, though, is that if you were to do that, that's going to light up CloudTrail like a Christmas tree. It's going to start showing all these access denieds for these various API calls that you've tried. And obviously, any defender who's paying attention is going to look at that and go, “Okay. That's, uh, that's suspicious,” and you're going to get shut down pretty quickly.What's nice about this bug that I found is that instead of having to litter CloudTrail with all these logs, we can just do this enumeration for roughly 600-ish API actions across roughly 40 AWS services, and nobody is the wiser. You can enumerate those permissions, and if they work fantastic, and you can then use them, and if you come to find you don't have any of those 600 permissions, okay, then you can decide on where to go from there, or maybe try to risk things showing up in CloudTrail.Corey: CloudTrail is one of those services that I find incredibly useful, or at least I do in theory. In practice, it seems that things don't show up there, and you don't realize that those types of activities are not being recorded until one day there's an announcement of, “Hey, that type of activity is now recorded.” As of the time of this recording, the most recent example that in memory is data plane requests to DynamoDB. It's, “Wait a minute. You mean that wasn't being recorded previously? Huh. I guess it makes sense, but oh, dear.”And that causes a reevaluation of what's happening in the—from a security policy and posture perspective for some clients. There's also, of course, the challenge of CloudTrail logs take a significant amount of time to show up. It used to be over 20 minutes, I believe now it's closer to 15—but don't quote me on that, obviously. Run your own tests—which seems awfully slow for anything that's going to be looking at those in an automated fashion and taking a reactive or remediation approach to things that show up there. Am I missing something key?Nick: No, I think that is pretty spot on. And believe me, [laugh] I am fully aware at how long CloudTrail takes to populate, especially with doing a bunch of research on what is and what is not logged to CloudTrail. I know that there are some operations that can be logged more quickly than the 15-minute average. Off the top of my head, though, I actually don't quite remember what those are. But you're right, in general, the majority at least do take quite a while.And that's definitely time in which an adversary or someone like me, could maybe take advantage of that 15-minute window to try and brute force those permissions, see what we have access to, and then try to operate and get out with whatever goodies we've managed to steal.Corey: Let's say that you're doing the thing that you do, however that comes to be—and I am curious—actually, we'll start there. I am curious; how do you discover these things? Is it looking at what is presented and then figuring out, “Huh, how can I wind up subverting the system it's based on?” And, similar to the way that I take a look at any random AWS services and try and figure out how to use it as a database? How do you find these things?Nick: Yeah, so to be honest, it all kind of depends. Sometimes it's completely by accident. So, for example, the API bug I described about not logging to CloudTrail, I actually found that due to [laugh] copy and pasting code from AWS's website, and I didn't change the content-type header. And as a result, I happened to notice this weird behavior, and kind of took advantage of it. Other times, it's thinking a little bit about how something is implemented and the security ramifications of it.So, for example, the SSM agent—which is a phenomenal tool in order to do remote access on your EC2 instances—I was sitting there one day and just kind of thought, “Hey, how does that authenticate exactly? And what can I do with it?” Sure enough, it authenticates the exact same way that the AWS API does, that being the metadata service on the EC2 instance. And so what I figured out pretty quickly is if you can get access to an EC2 instance, even as a low-privilege user or you can do server-side request forgery to get the keys, or if you just have sufficient permissions within the account, you can potentially intercept SSM messages from, like, a session and provide your own results. And so in effect, if you've compromised an EC2 instance, and the only way, say, incident response has into that box is SSM, you can effectively lock them out of it and, kind of, do whatever you want in the meantime.Corey: That seems like it's something of a problem.Nick: It definitely can be. But it is a lot of fun to play keep-away with incident response. [laugh].Corey: I'd like to reiterate that this is all in environments you control and have permissions to be operating within. It is not recommended that people pursue things like this in other people's cloud environments without permissions. I don't want to find us sued for giving crap advice, and I don't want to find listeners getting arrested because they didn't understand the nuances of what we're talking about.Nick: Yes, absolutely. Getting legal approval is really important for any kind of penetration testing or red teaming. I know some folks sometimes might get carried away, but definitely be sure to get approval before you do any kind of testing.Corey: So, how does someone report a vulnerability to a company like AWS?Nick: So AWS, at least publicly, doesn't have any kind of bug bounty program. But what they do have is a vulnerability disclosure program. And that is essentially an email address that you can contact and send information to, and that'll act as your point of contact with AWS while they investigate the issue. And at the end of their investigation, they can report back with their findings, whether they agree with you and they are working to get that patched or fixed immediately, or if they disagree with you and think that everything is hunky-dory, or if you may be mistaken.Corey: I saw a tweet the other day that I would love to get your thoughts on, which said effectively, that if you don't have a public bug bounty program, then any way that a researcher chooses to disclose the vulnerability is definitionally responsible on their part because they don't owe you any particular duty of care. Responsible disclosure, of course, is also referred to as, “Coordinated vulnerability disclosure” because we're always trying to reinvent terminology in this space. What do you think about that? Is there a duty of care from security researchers to responsibly disclose the vulnerabilities they find, or coordinate those vulnerabilities with vendors in the absence of a public bounty program on turning those things in?Nick: Yeah, you know, I think that's a really difficult question to answer. From my own personal perspective, I always think it's best to contact the developers, or the company, or whoever maintains whatever you found a vulnerability in, give them the best shot to have it fixed or repaired. Obviously, sometimes that works great, and the company is super receptive, and they're willing to patch it immediately. And other times, they just don't respond, or sometimes they respond harshly, and so depending on the situation, it may be better for you to release it publicly with the intention that you're informing folks that this particular company or this particular project may have an issue. On the flip side, I can kind of understand—although I don't necessarily condone it—why folks pursue things like exploit brokers, for example.So, if a company doesn't have a bug bounty program, and the researcher isn't expecting any kind of, like, cash compensation, I can understand why they may spend tens of hours, maybe hundreds of hours chasing down a particularly impactful vulnerability, only to maybe write a blog post about it or get a little head pat and say, “Thanks, nice work.” And so I can see why they may pursue things like selling to an exploit broker who may pay them hefty sum, if it is a—Corey: Orders of magnitude more. It's, “Oh, good. You found a way to remotely execute code across all of EC2 in every region”—that is a hypothetical; don't email me—have a t-shirt. It seems like you could basically buy all the t-shirts for [laugh] what that is worth on the export market.Nick: Yes, absolutely. And I do know from some experience that folks will reach out to you and are interested in, particularly, some cloud exploits. Nothing, like, minor, like some of the things that I've found, but more thinking more of, like, accessing resources without anybody knowing or accessing resources cross-account; that could go for quite a hefty sum.Corey: This episode is sponsored by ExtraHop. ExtraHop provides threat detection and response for the Enterprise (not the starship). On-prem security doesn't translate well to cloud or multi-cloud environments, and that's not even counting IoT. ExtraHop automatically discovers everything inside the perimeter, including your cloud workloads and IoT devices, detects these threats up to 35 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS today at extrahop.com/trial.Corey: It always feels squicky, on some level, to discover something like this that's kind of neat, and wind up selling it to basically some arguably terrible people. Maybe. We don't know who's buying these things from the exploit broker. Counterpoint, having reported a few security problems myself to various providers, you get an autoresponder, then you get a thank you email that goes into a bit more detail—for the well-run programs, at least—and invariably, the company's position is, is whatever you found is not as big of a deal as you think it is, and therefore they see no reason to publish it or go loud with it. Wouldn't you agree?Because, on some level, their entire position is, please don't talk about any security shortcomings that you may have discovered in our system. And I get why they don't want that going loud, but by the same token, security researchers need a reputation to continue operating on some level in the market as security researchers, especially independents, especially people who are trying to make names for themselves in the first place.Nick: Yeah.Corey: How do you resolve that dichotomy yourself?Nick: Yeah, so, from my perspective, I totally understand why a company or project wouldn't want you to publicly disclose an issue. Everybody wants to look good, and nobody wants to be called out for any kind of issue that may have been unintentionally introduced. I think the thing at the end of the day, though, from my perspective, if I, as some random guy in the middle of nowhere Illinois finds a bug, or to be frank, if anybody out there finds a vulnerability in something, then a much more sophisticated adversary is equally capable of finding such a thing. And so it's better to have these things out in the open and discussed, rather than hidden away, so that we have the best chance of anybody being able to defend against it or develop detections for it, rather than just kind of being like, “Okay, the vendor didn't like what I had to say, I guess I'll go back to doing whatever [laugh] things I normally do.”Corey: You've obviously been doing this for a while. And I'm going to guess that your entire security researcher career has not been focused on cloud environments in general and AWS in particular.Nick: Yes, I've done some other stuff in relation to abusing GitLab Runners. I also happen to find a pretty neat RCE and privilege escalation in the very popular open-source project. Pi-hole. Not sure if you have any experience with that.Corey: Oh, I run it myself all the time for various DNS blocking purposes and other sundry bits of nonsense. Oh, yes, good. But what I'm trying to establish here is that this is not just one or two companies that you've worked with. You've done this across the board, which means I can ask a question without naming and shaming anyone, even implicitly. What differentiates good vulnerability disclosure programs from terrible ones?Nick: Yeah, I think the major differentiator is the reactivity of the project, as in how quickly they respond to you. There are some programs I've worked with where you disclose something, maybe even that might be of a high severity, and you might not hear back four weeks at a time, whereas there are other programs, particularly the MSRC—which is a part of Microsoft—or with AWS's disclosure program, where within the hour, I had a receipt of, “Hey, we received this, we're looking into it.” And then within a couple hours after that, “Yep, we verified it. We see what you're seeing, and we're going to look at it right away.” I think that's definitely one of the major differentiators for programs.Corey: Are there any companies you'd like to call out in either direction—and, “No,” is a perfectly valid [laugh] answer to this one—for having excellent disclosure programs versus terrible ones?Nick: I don't know if I'd like to call anybody out negatively. But in support, I have definitely appreciated working with both AWS's and the MSRC—Microsoft's—I think both of them have done a pretty fantastic job. And they definitely know what they're doing at this point.Corey: Yeah, I must say that I primarily focus on AWS and have for a while, which should be blindingly obvious to anyone who's listened to me talk about computers for more than three and a half minutes. But my experiences with the security folks at AWS have been uniformly positive, even when I find things that they don't want me talking about, that I will be talking about regardless, they've always been extremely respectful, and I have never walked away from the conversation thinking that I was somehow cheated by the experience. In fact, a couple of years ago at the last in-person re:Invent, I got to give a talk around something I reported specifically about how AWS runs its vulnerability disclosure program with one of their security engineers, Zach Glick, and he was phenomenally transparent around how a lot of these things work, and what they care about, and how they view these things, and what their incentives are. And obviously being empathetic to people reporting things in with the understanding that there is no duty of care that when security researchers discover something, they then must immediately go and report it in return for a pat on the head and a thank you. It was really neat being able to see both sides simultaneously around a particular issue. I'd recommend it to other folks, except I don't know how you make that lightning strike twice.Nick: It's very, very wise. Yes.Corey: Thank you. I do my best. So, what's next for you? You've obviously found a number of interesting vulnerabilities around information disclosure. One of the more recent things that I found that was sort of neat as I trolled the internet—I don't believe it was yours, but there was a ability to determine the account ID that owned an S3 bucket by enumerating by a binary search. Did you catch that at all?Nick: I did. That was by Ben Bridts, which is—it's pretty awesome technique, and that's been something I've been kind of interested in for a while. There is an ability to enumerate users' roles and service-linked roles inside an account, so long as the account ID. The problem, of course, is getting the account ID. So, when Ben put that out there I was super stoked about being able to leverage that now for enumeration and maybe some fun phishing tricks with that.Corey: I love the idea. I love seeing that sort of thing being conducted. And AWS's official policy as best I remember when I looked at this once, account IDs are not considered confidential. Do you agree with that?Nick: Yep. That is my understanding of how AWS views it. From my perspective, having an account ID can be beneficial. I mentioned that you can enumerate users' roles and service-linked roles with it, and that can be super useful from a phishing perspective. The average phishing email looks like, “Oh, you won an iPad,” or, “Oh, you're the 100th visitor of some website,” or something like that.But imagine getting an email that looks like it's from something like AWS developer support, or from some research program that they're doing, and they can say to you, like, “Hey, we see that you have these roles in your account with account ID such-and-such, and we know that you're using EKS, and you're using ECS,” that phishing email becomes a lot more believable when suddenly this outside party seemingly knows so much about your account. And that might be something that you would think, “Oh, well only a real AWS employee or AWS would know that.” So, from my perspective, I think it's best to try and keep your account ID secret. I actually redact it from every screenshot that I publish, or at the very least, I try to. At the same time, though, it's not the kind of thing that's going to get somebody in your account in a single step, so I can totally see why some folks aren't too concerned about it.Corey: I feel like we also got a bit of a red herring coming from AWS blog posts themselves, where they always will give screenshots explaining what they do, and redact the account ID in every case. And the reason that I was told at one point was, “Oh, we have an internal provisioning system that's different. It looks different, and I don't want to confuse people whenever I wind up doing a screenshot.” And that's great, and I appreciate that. And part of me wonders on one level how accurate is that?Because sure, I understand that you don't necessarily want to distract people with something that looks different, but then I found out that the system is called Isengard and, yeah, it's great. They've mentioned it periodically in blog posts, and talks, and the rest. And part of me now wonders, oh, wait a minute. Is it actually because they don't want to disclose the differences between those systems, or is it because they don't have license rights publicly to use the word Isengard and don't want to get sued by whoever owns the rights to the Lord of the Rings trilogy. So, one wonders what the real incentives are in different cases. But I've always viewed account IDs as being the sort of thing that eh, you probably want to share them around all the time, but it also doesn't necessarily hurt.Nick: Exactly, yeah. It's not the kind of thing you want to share with the world immediately, but it doesn't really hurt in the end.Corey: There was an early time when the partner network was effectively determining tiers of partner by how much spend they influenced, and the way that you've demonstrated that was by giving account IDs for your client accounts. The only verification at the time, to my understanding was that, “Yep, that mapped to the client you said it did.” And that was it. So, I can understand back in those days not wanting to muddy those waters. But those days are also long passed.So, I get it. I'm not going to be the first person to advertise mine, but if you can discover my account ID by looking at a bucket, it doesn't really keep me up at night.So, all of those things considered, we've had a pretty wide-ranging conversation here about a variety of things. What's next? What interests you as far as where you're going to start looking and exploring—and exploiting as the case may be—various cloud services? hackthe.cloud—which there is the dot in there, which also turns it into a domain; excellent choice—is absolutely going to be a great collection for a lot of what you find and for other people to contribute and learn from one another. But where are you aimed at? What's next?Nick: Yeah, so one thing I've been really interested in has been fuzzing the AWS API. As anyone who's ever used AWS before knows, there are hundreds of services with thousands of potential API endpoints. And so from a fuzzing perspective, there is a wide variety of things for us to potentially affect or potentially find vulnerabilities in. I'm currently working on a library that will allow me to make that fuzzing a lot easier. You could use things like botocore, Boto3, like, some of the AWS SDKs.The problem though, is that those are designed for, sort of like, the happy path where you can format your request the way Amazon wants. As a security researcher or as someone doing fuzzing, I kind of want to send random gibberish sometimes, or I want to malform my requests. And so that library is still in production, but it has already resulted in a bug. While I was fuzzing part of the AWS API, I happened to notice that I broke Elastic Beanstalk—quite literally—when [laugh] when I was going through the AWS console, I got the big red error message of, “[unintelligible 00:29:35] that request parameter is null.” And I was like, “Huh. Well, why is it null?”And come to find out as a result of that, there is a HTML injection vulnerability in the Elastic—well, there was a HTML injection vulnerability in the Elastic Beanstalk, for the AWS console. Pivoting from there, the Elastic Beanstalk uses Angular 1.8.1, or at least it did when I found it. As a result of that, we can modify that HTML injection to do template injection. And for the AngularJS crowd, template injection is basically cross-site scripting [laugh] because there is no sandbox anymore, at least in that version. And so as a result of that, I was able to get cross-site scripting in the AWS console, which is pretty exciting. That doesn't tend to happen too frequently.Corey: No that is not a typical issue that winds up getting disclosed very often.Nick: Definitely, yeah. And so I was excited about it, and considering the fact that my library for fuzzing is literally, like, not even halfway done, or is barely halfway done, I'm looking forward to what other things I can find with it.Corey: I look forward to reading more. And at the time of this recording, I should point out that this has not been finalized or made public, so I'll be keeping my eyes open to see what happens with this. And hopefully, this will be old news by the time this episode drops. If not, well, [laugh] this might be an interesting episode once it goes out.Nick: Yeah. I hope they'd have it fixed by then. They haven't responded to it yet other than the, “Hi, we've received your email. Thanks for checking in.” But we'll see how that goes.Corey: Watching news as it breaks is always exciting. If people want to learn more about what you're up to, and how you go about things, where can they find you?Nick: Yeah, so you can find me at a couple different places. On Twitter I'm @frichette_n. I also write a blog where I contribute a lot of my research at frechetten.com as well as Hacking the Cloud. I contribute a lot of the AWS stuff that gets thrown on there. And it's also open-source, so if anyone else would like to contribute or share their knowledge, you're absolutely welcome to do so. Pull requests are open and excited for anyone to contribute.Corey: Excellent. And we will of course include links to that in the [show notes 00:31:42]. Thank you so much for taking the time to speak with me. I really appreciate it.Nick: Yeah, thank you so much for inviting me on. I had a great time.Corey: Nick Frechette, penetration tester and team lead for State Farm. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with a comment telling me why none of these things are actually vulnerabilities, but simultaneously should not be discussed in public, ever.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Darin Fredde discusses his career journey and background. He shares how he went from a CAD drafter to a pentester, and what he went through to get there.Darin shares how he went from not taking education seriously, attending trade school to learn CAD drafting, and how he went on to getting a degree, and becoming a professional hacker.GuestDarin Fredde, Penetration Tester at an Undisclosed National Bank (@dkfredde on Twitter)HostPhillip WylieThis Episode's SponsorsIf you'd like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorshipsFor more podcast stories from The Hacker Factory with Phillip Wylie, visit: https://www.itspmagazine.com/the-hacker-factory-podcastAre you interested in sponsoring an ITSPmagazine Channel?https://www.itspmagazine.com/podcast-series-sponsorships

In dieser Folge gibt Tim Herres Einblicke in den Arbeitsalltag eines Security Experts und erzählt, mit welchen Skills man den Einstieg in die Cyber Security schafft. Tim spricht über seinen Arbeitsalltag bei Daimler TSS und verrät, welche Fähigkeiten ihn täglich weiterbringen.

In dieser Folge gibt Tim Herres Einblicke in den Arbeitsalltag eines Security Experts und erzählt, mit welchen Skills man den Einstieg in die Cyber Security schafft. Tim spricht über seinen Arbeitsalltag bei Daimler TSS und verrät, welche Fähigkeiten ihn täglich weiterbringen.

In dieser Folge gibt Tim Herres Einblicke in den Arbeitsalltag eines Security Experts und erzählt, mit welchen Skills man den Einstieg in die Cyber Security schafft. Tim spricht über seinen Arbeitsalltag bei Daimler TSS und verrät, welche Fähigkeiten ihn täglich weiterbringen.

Today I will discuss: 1. What is the role of Penetration Tester? 2. How to become a Pentester? 3. What are different types of Pentesting? Watch

Today I will discuss: 1. What Is a Security Audit? 2. What is the difference between Security Auditor & Penetration Tester? 3. What are the possible jobs for a security auditor? Watch

Host Tanya Janca Learns what it's like to be a Penetration Tester, with Gabrielle Botbol! Gabrielle is a pentester, cybersecurity blogger and podcaster! https://twitter.com/Gabrielle_BGB https://gabrielleb.fr/blog/ This episode sponsored by Thread Fix! https://threadfix.it/ Don’t forget to check out We Hack Purple Academy’s NEW Application Security Foundations certification program! The course textbook is Alice and Bob Learn Application Security! Subscribe to our newsletter here: https://newsletter.wehackpurple.com/ For corporate virtual training contact info@wehackpurple.com

Společnosti kladou často důraz na rychlé uvedení produktu na trh, a zhodnocení investic do vývoje produktu, na úkor bezpečnosti vyvíjené aplikace. Co by tedy měla udělat společnost, pokud agilně vyvíjí vlastní aplikaci, a to nejen v rámci procesů DevOps? Jak postavit aplikaci bezpečnou ještě před uvedením do provozu? Co obnáší bezpečnostní část v rámci Software Development Lifecycle? To jsou otázky, na které dostanete odpovědi na našem podcastu s Tomášem Kubicou a Markem Šottlem. Moderátor: Michal HoráčekHosté nebo členové Cyber Rangers Elite Community:Jan Pilař, Microsoft Security ExpertMarek Šottl, Penetration Tester & Architect AWS SolutionsTomáš Kubica, Microsoft DevOps Guru

Anastasios Stasinopoulos is a Senior Penetration Tester at Obrela Labs - Obrela Security Industries and has a professional experience over 6 years in the field of Information Security working exclusively as a Penetration Tester. Anastasios earned the Bachelor of Science (B.Sc.) degree in "Surveying & Geoinformatics Engineering" from Technological Institution of Athens, the Master of Science (M.Sc.) degree in "Security of Digital Systems" from the Department of Digital Systems of University of Piraeus and also served as Ph.D. candidate at the same department.Anastasios is the author of Commix Project, an automated tool that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.

In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Kim Crawley an independent cyber security writer and researcher to learn what it's like to write, find contracts, make a name for yourself, and more! We also talked about her conference, Disinfosec . Kim Crawley can be found here: Twitter, her book the Penetration Tester's Blueprint , her conference she founded Disinfosec , and you can read many writing samples here. Sponsored by Ubiq Security! Don’t forget to check out We Hack Purple Academy’s NEW course, Application Security Foundations! On top of that there is so much awesome content you can subscribe to for only 7$ a month! Also, check out Tanya's book, Alice and Bob Learn Application Security!Subscribe to our newsletter here: https://newsletter.wehackpurple.com/ For corporate virtual training contact info@wehackpurple.com

Matt Body is an ex MoD penetration tester turned mobile security specialist. He has reverse-engineered hundreds of mobile malware samples reviewing the techniques used by cyber crooks to steal data or money from their targets. With this information and knowledge, he has helped craft an AI-based system to help thwart mobile malware with Traced. I recently learned more about what threats businesses face on their mobile devices. For example, the rise of Stalkerware is even affecting users in Apple's walled garden. But 61% of companies still say they have no employee mobile protection whatsoever. However, I wanted to learn more about how machine learning can detect suspicious apps. But also why just detecting apps isn't enough. Matt shares with me Traced's vision to make the invisible visible. It's about creating software that shines a light on threats that are invisible to traditional forms of detection. It's about transparency in pricing and making sure their software protects people by being easy to understand and effective. All while respecting users' and employees' privacy by being transparent about what you're doing and why. Matt shares the inspiration behind building a different kind of security company. A company that understands and talks about the threats that businesses face every day, rather than the ones that get the best headlines or induce the greatest fear.

In this episode, we catch up with Charl van der Walt (@charlvdwalt), Head Of Security Research at Orange Cyberdefense and one of the original founders of SensePost. We talk through the origins of how SensePost got started, what it was like to build a business over 20 plus years and eventually sell and become part of a much larger company. Charl also spoke about a personal topic he is driving around gettings organisations to think differently in their approach to gender diversity.

This week, we talk to Jek, a physical penetration tester whose job is to infiltrate offices, data centers, store stockrooms, and other supposedly "secure" locations and either steal information or install a tool so that other hackers can exfiltrate data. She relies on the most reliable vulnerability of all: human weakness. Jek tells host Ben Makuch how she does it, some of her most memorable operations, and why other hackers think that what she does is "witchcraft." See acast.com/privacy for privacy and opt-out information.

This week, we talk to Jek, a physical penetration tester whose job is to infiltrate offices, data centers, store stockrooms, and other supposedly "secure" locations and either steal information or install a tool so that other hackers can exfiltrate data. She relies on the most reliable vulnerability of all: human weakness. Jek tells host Ben Makuch how she does it, some of her most memorable operations, and why other hackers think that what she does is "witchcraft." See acast.com/privacy for privacy and opt-out information.

In this episode, we catch up with Michael Skelton (@Codingo) Global Head of Security Operations and Researcher Enablement at Bugcrowd.Codingo has a non-traditional career path and he shares his journey on how he got to where he is, including the challenges of breaking into the infosec industry. As someone who got to be a Top 20 bug hunter on Bugcrowd and now the Global Head of Security Operations and Researcher Enablement at Bugcrowd, Codingo shares not only career advice but also tips on bug bounties.

Vor fast 10 Jahren hat der Slogan des IT-Unternehmers und Gründers von Netscape Marc Andreessen »Software isst die Welt« (»Software is eating the world«) seine Kreise gezogen. Er hatte mit einem Recht: Software ist das digitale Nervensystem unserer modernen Gesellschaft geworden. Es gibt keine Lebensbereiche mehr – vom fließenden Wasser über die Versorgung mit Lebensmitteln, Mobilität, Kommunikation, Medizin bis zur Politik und Verwaltung – die nicht vollständig von Software abhängig geworden ist. Die meisten traditionellen Unternehmen und Organisationen (auch Verwaltungen) haben diese fundamentale Erkenntnis noch nicht vollzogen: sie sind in den letzten Jahrzehnten (ob sie das wollen oder nicht) zu Software-Unternehmen geworden, mit allen positiven aber auch negativen Effekten.  Dabei haben wir als Management, als Entwickler, als Fachbereiche, als Nutzer, als Gesellschaft vergessen auf die Qualität und die Architektur dieser überlebenswichtigen Systeme zu achten. Software hat – ohne dass das den meisten Menschen bewusst wäre – vielfach bei weitem nicht die Qualität, die für die Rolle die sie spielt angemessen und notwendig wäre. Etwas direkter ausgedrückt: wir haben ein richtiges, tiefreichendes Problem. In dieser Episode spreche ich mit Tom Konrad, einem Kollegen von mir und langjährigen Software- und Security-Experten über dieses Themenfeld. Er ist seit über zehn Jahren als Penetration-Tester und Software-Entwickler im Security-Team bei SBA Research tätig und ist Mitbegründer der sec4dev-Konferenz, einer Security-Konferenz speziell für Softwareentwickler. Eine wichtig Anmerkung dabei: Dieses Gespräch richtet sich nicht in erster Linie an Techniker oder Software-Entwickler, sondern auch und besonders an nicht-Experten. An eine breitere Gesellschaft, Bürger, Management und Politik. Wir sprechen über die Rolle von Software in unserer Gesellschaft, welche gravierenden Folgen mangelnde Qualität bereits heute hat und was für die Zukunft zu erwarten ist.  Was bedeutet dies für kritische Infrastruktur und wie kommt es, dass große Unternehmen nicht in der Lage sind etablierte (und offen gesagt langweilige) Standardsoftware einzuführen und diese Projekte häufig in große Probleme mit Millionen-Verlusten geraten? Als Nutzer, der nicht hinter die Kulissen blicken kann, lassen wir uns zu häufig vom »Glanz an der Oberfläche« täuschen. Tatsächlich ist Software heute mehr eine Art von Archäologie, wo die Aquädukte der Römer noch ein Kern-Bestandteil der Wasserversorgung einer modernen Stadt sind (ohne, dass die meisten Bürger das wissen und ohne, dass wir in der Lage sind, diese noch zu warten). xkcd – Dependency Wir haben die zahlreichen neuen Möglichkeiten (Programmiersprachen, Tools, Prozesse) leider nicht genutzt, um wichtige Software stabiler und besser zu machen, sondern um immer mehr Software auf fragwürdigem Niveau zu entwickeln. Welche Rolle spielt dabei Komplexität verteilter Systeme? Wie steht es um Abhängigkeiten innerhalb und außerhalb von Unternehmen? 80% des Softwarecodes eines typischen Softwareprojektes sind externe Abhängigkeiten, die nicht im direkten Einflussgebiet der Entwickler liegen, aber integraler Teil der eigenen Software sind. Zuletzt stellen wir die Frage: wie können wir diese fundamentale Infrastruktur auf ein Qualitätsniveau heben, das unbedingt für eine resiliente Gesellschaft notwendig ist? Wer hat welche Verantwortung? Was ist konkret die Verantwortung von Entwicklern? Vom Management? Von Gesellschaft und Politik? Wie verhält es sich mit kurzfristigen und langfristigen Anreizsystemen? Was ist die geopolitische Dimension und – in die Zukunft gedacht – für Europa? Wir benötigen neue Narrative – organische Bilder. Software ist viel besser als Ökosystem begreiflich als als »technisches System des 19. Jahrhunderts« oder als »Projekt«.  Wir brauchen aber auch klare gesellschaftliche und politische Rahmenbedingungen und Gesetze. Referenzen Tom Konrad SBA-Research / Professional Services Tom @ SBA Tom auf Twitter Sec4Dev Konferenz Andere Episoden Episode 30: (Techno)Optimismus – ein Gespräch mit Tim Pritlove Episode 27: Wicked Problems Episode 24: Hangover, Was wir vom Internet erwartet und was wir bekommen haben – Gespräch mit Peter Purgathofer Episode 19 und Episode 20: Offene Systeme  Episode 10: Komplizierte Komplexität fachliche Referenzen Marc Andreessen, Software is eating the world I Pencil (When ideas have sex) I, Pencil, Artikel I, Pencil, YouTube Video Matt Ridley, When ideas have sex, TED-Talk World biggest data breaches and hacks (website) Fingerabdruck von Foto von Glas BSI/NIS-Richtlinie Lidl 500Mio Projekt scheitert Nachfolge von Safe Harbour gekippt (Max Schrems)

The power of community. This episode I sit down with Mr. Davin Jackson and we talk about what it's like being Black in the Cybersecurity field, burnout, and the "hacker" mentality.  Meet DavinDavin Jackson is a Father, Husband and United States Air Force Veteran. Professionally, he is an Application Security Architect, Penetration Tester, and Contributor at Alpha Cyber Security.Davin has over fourteen years of overall IT and Cyber Security experience working in government, banking, education, medical and fintech doing penetration tests, vulnerability assessments and consulting helping companies improve their security. He currently holds several certifications including his CISSP. However, he still considers himself to be a "noob" as a part of his plan to never stop learning. Davin's goal is to share his experience and mentor people looking to start or further their cybersecurity and tech careers. He also wants to help families secure their homes and devices as well as teach the youth about the dangers of the internet.

Cipher's Portugal CTO Sergio Alves joins the podcast with an eye-opening episode on penetration testing. He covers the difference between a vulnerability assessment and penetration test. Sergio understands how hackers operate. Then he goes into the Cyber Kill Chain components, including phishing and web server exploits. The guys also go over noteworthy attack techniques and tactics. Finally, Sergio goes over how application security testing works.Learn more about Cipher's penetration testing services on www.cipher.com.

In this episode, we speak with Afterpay CISO Marc Bown.Marc's career started on the technical side as a Penetration Tester and has progressed to become CISO for one of the fastest-growing e-commerce payment companies in the market.We discuss the differences between working in the Bay Area and Australia, how he moved in his career and share advice for aspiring CISOs.

It’s been a while since we’ve talked penetration testing and offense-oriented network security on the show, and I know some of you have been asking for it, so today’s your lucky day! On the show we have Dr. Wesley McGrew, the director of Cyber Operations for HORNE Cyber. We’re going to talk about going on the offense as a good defense, the current state of pentesting and the raw work of reverse engineering malicious software and vulnerability testing. If you’re looking for the type of job that gets you out on the cybersecurity battlefield and fighting the bad guys, you’re going to want to give this episode your undivided attention!Wesley McGrew is the author of penetration testing and forensic tools used by many practitioners. He is a frequent presenter at DEF CON and Black Hat USA. At the National Forensics Training Center, he provided digital forensics training to law enforcement and wounded veterans. As an adjunct professor he designed a course he teaches on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. This effort was undertaken as part of earning National Security Agency CAE Cyber Ops certification for the university. He has presented his work on critical infrastructure security to the DHS joint working group on industrial control systems. Wesley earned his Ph.D. in computer science at Mississippi State University for his research in vulnerability analysis of SCADA HMI systems used in national critical infrastructure. He served as a research professor in MSU’s Department of Computer Science & Engineering and Distributed Analytics and Security Institute.– Enter code “cyberwork” to get 30 days of free training with Infosec Skills: https://www.infosecinstitute.com/skills/– View transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Today we'll be talking with Chad Holmes.Chad is a Product Marketing Manager for Security Innovation with a focus on educating customers on emerging Cyber Range technologies and how they can improve security education within organizations. Prior to joining Security Innovation, Chad was a Penetration Tester, Product Manager, Security Program Manager and Team Lead at Cigital, Veracode and Red Hat.We'll be talking about our next chapter meeting CMD+CTRL Web Application Cyber Range Tuesday, February 11 2020 @ 5:30 PM at Zapproved. Go to meetup.com to RSVP. https://www.meetup.com/OWASP-Portland-Chapter/events/267265705/ You won't want to miss this amazing event Chad is interviewed by John L. Whiteman Follow us, join us:https://twitter.com/portlandowasp?lang=enhttps://www.meetup.com/OWASP-Portland-Chapterhttps://www.linkedin.com/groups/4223013/Support the show (https://www.owasp.org/index.php/Membership#tab=Other_ways_to_Support_OWASP)

Cybersecurity careers series where we discuss the role of a Penetration Tester , #cybesecurity, #careers, jobs

“Your most unhappy customers are your greatest source of learning  -- Business @ the Speed of Thought; Bill Gates, 1999   “I think most people either forget or don’t know that Microsoft only hires people with IQs well over 130”  -- NY Times; Douglas Coupland, 1998   Last week, Microsoft Windows turned 34 years old. Next year, it can be President of the United States.   You think that means Microsoft is getting old and losing touch? Maybe… but consider the facts that, as of May 07, 2019, 1.5 BILLION machines run Windows AND… according to Microsoft, over 900 MILLION machines run Windows 10.   Every day, Microsoft analyzes over 6.5 TRILLION signals in order to identify emerging threats and protect customers.   While Microsoft may not be rolling out streaming services or dropping new devices in splashy events every fall, this summer, they quietly became only the third company in world history  to be valued at over ONE TRILLION DOLLARS.   Say what you will about them, but it’s a lot harder to go through a day without Office, Windows and Azure than it is without an iPad, Linux or Amazon   And… don’t even get us started on gaming…   Halo? End of discussion. Steam? As of November 2018, 90% of Steam gaming machines were running Windows 10   There’s a reason Bill Gates overtook Warren Buffet as the world’s wealthiest person.   This week on InSecurity, Matt Stephenson chats with CQURE founder & CEO Paula Januszkiewicz about the security orbit around Microsoft… what are the misconceptions? What is Microsoft doing right? How does security training impact an organization? What is hype and what is legit in security? And a bit more…   About Paula Januszkiewicz   Paula Januszkiewicz (@PaulaCqure) is the founder and CEO of CQURE Inc., a a provider of specialized services in IT infrastructure security, business applications, consulting and advisory services.   She is an IT Security Auditor and Penetration Tester, Cloud and Datacenter Management MVP and trainer (MCT), and Microsoft Security Trusted Advisor.   Paula is also a top speaker at many well-known conferences including TechEd conferences around the world, Microsoft Ignite, RSA, Black Hat USA, and CyberCrime.   She is engaged as a keynote speaker for security related events and writes articles on Windows Security. She drives her own company, CQURE, working on security related issues and projects. Paula has conducted hundreds of IT security audits and penetration tests, some for governmental organizations.   Her distinct specialization is on Microsoft security solutions-she holds multiple Microsoft certifications, and is familiar with and possesses certifications in other related technologies. Paula is passionate about sharing her knowledge with others. In private, she enjoys researching new technologies, which she converts to authored trainings.   Oh… and… Paula has access to the Windows source code!   About CQURE Inc. and CQURE Academy   CQURE  is a provider of specialized services in IT infrastructure security, business applications, consulting and advisory services. Our projects Every project is discussed in detail with Clients. We believe that this is the only way to achieve full satisfaction in IT projects. Our key to success are: highly qualified team and good planning. We build the detailed project schedules, thus avoiding a delay.   CQURE was formed in November 2008 and since that time we finalized many projects: starting from IT, Security Audits, ending up with trainings and implementations. Clients range from the global corporations to small companies. For large and medium companies they offer authorship training packs, intensive IT Security audits for the whole IT environment and solutions adjusted to their needs.   CQURE Academy (@CQUREAcademy) is a part of CQURE company that was formed in 2008 in Poland and since then has expanded to the rest of Europe, the Americas, Middle East and Asia – as well as opening offices in New York and in Dubai.   On a daily basis, they deliver IT services — ranging from IT security audits, to penetration tests or solution implementations in big and small organisations around the world. In CQURE Academy they share our expertise offline at seminars and conferences and online through videos and blog posts.   About Matt Stephenson   Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the host of the InSecurity podcast and video series at events all over the world.   Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come   Every week on InSecurity, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.   Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!  

Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

It is important to use a secure and unique password, especially now that there are a number of people who lose their personal information and fall victim to data breaches and password leaks. To avoid this, you can take the precaution of making sure you craft strong usernames and passwords for your online accounts.Salih Ismail, Lecturer, School of IT & Engineering, Curtin University Dubail shares some pro hacks in protecting your password.About Salih IsmailSalih Ismail is an industry experienced academician who is working as a Lecturer in the School of IT and Engineering. He is currently pursuing his doctoral research in the security of cloud computing. His research interests include Cyber Security, Internet of Things, Cloud Computing and Semantic Web. He graduated with a distinction in MSc Computer Systems Management from Heriot-Watt University. He received his BSc (hons) in Information Technology from the University of Bedfordshire.Prior to academia he worked in the industry in various posts like IT Manager, Technology Officer, Database Administrator, etc. and sat on the advisory board for tech startups. He has provided consultancy to various organizations around the globe as a Penetration Tester, Forensic Investigator, and Security Consultant. He has received various awards showcasing his Excellency in Cyber Security including the prestigious Dubai Electronic Cyber Security Innovation Award.Support the show (https://www.edarabia.com/edtalk/)

Cybersecurity focuses on the various methods and techniques used to protect information and data systems. It is a field of study that combines technical and business skills such as data recovery, database applications, and systems administration to preserve the integrity of data and information systems.Salih Ismail, Lecturer, School of IT & Engineering at Curtin University, walks us through an overview of the Cybersecurity Degree - requirements, specializations, and career options for majors.Read more about the Cybersecurity Degree here: https://www.edarabia.com/what-can-you-do-cyber-security-degree/About Salih IsmailSalih Ismail is an industry experienced academician who is working as a Lecturer in the School of IT and Engineering. He is currently pursuing his doctoral research in security of cloud computing. His research interests include Cyber Security, Internet of Things, Cloud Computing and Semantic Web. He graduated with a distinction in MSc Computer Systems Management from Heriot-Watt University. He received his BSc (hons) in Information Technology from University of Bedfordshire.Prior to academia he worked in the industry in various posts like IT Manager, Technology Officer, Database Administrator etc. and sat on the advisory board for tech startups. He has provided consultancy to various organizations around the globe as a Penetration Tester, Forensic Investigator and Security Consultant. He has received various awards showcasing his Excellency in Cyber Security including the prestigious Dubai Electronic Cyber Security Innovation Award.Support the show (https://www.edarabia.com/edtalk/)

This episode is with Phil Bosco from Security Illusion, LLC. He is the CEO // Lead Tester for the firm. In this episode we will talk about his career and life as a penetration tester. He will also give some great advice to future pentesters in how they can get into the field."My interests and passions go further than just the cybersecurity industry. I'm a tech enthusiast and always enjoy getting my hands dirty with the latest and greatest technology from IoT to Machine Learning, and beyond! I also love combining these passions by looking for opportunities that crossover between the latest tech available and aiding the security industry."-Phil BoscoLinkedIn Profile URL: https://www.linkedin.com/in/phillip-boscoTwitter Url: https://twitter.com/SecIllusionSupport the show (https://www.patreon.com/devseclead)

Did you slurp down a frozen Lean Cuisine pasta meal for lunch today while stressed out and answering emails at your desk? Do you know someone else who did? This episode is for you (and your whole office). In today’s episode, Dan and Rudhdi get into sad desk lunches -- what makes them so sad and how to make them happier. Post lunch, join us for a round of “Can I Get Paid For That?” where we’ll discuss jobs you didn’t know were jobs. (You know what you want to find out what a Penetration Tester is.)Subscribe on Apple Podcasts and wherever you listen to your podcasts, rate and review us, share our podcast with your friends, your coworkers, your boss if you’re so bold. Follow us on insta: @whineto5, and don’t forget to write us at whineto5podcast@gmail.com.

SPaMCAST 566 features our interview with Christopher Gerg. Security issues can range from clicking on the wrong thing in emails to ransomware and is painful and costly. Security might be everybody’s responsibility however someone needs to lead the charge. Our conversation covered the role of the CISO in today’s organization, security in software development, and cybersecurity in the real world.   Chris’s bio: Christopher Gerg is the CISO and Vice President of Cyber Risk Management at Gillware. He is a technical lead with over 15 years of information security experience. Christopher has worked as a Systems Administrator, Network Engineer, Penetration Tester, Information Security Architect, Vice President of Information Technology, Director and Chief Information Security Officer.  He has experience in the challenges of information security in cloud-based hosting, DevOps, managed security services, e-commerce, healthcare, financial, and payment card industries. He has worked in mature information security teams and has built information security programs from scratch and leading them into maturity in wide variety of compliance regimes. While an expert in the theoretical aspects of information security best practice, he is also experienced in the practical aspects of building secure technical environments – and working with the boardroom to promote executive understanding and support. He also authored the O’Reilly and Associates book “Managing Network Security with Snort and IDS Tools.” Company Website: www.gillware.com Email Adress: cgerg@gillware.com  Re-Read Saturday News This week in our re-read of Thinking, Fast and Slow, Kahneman discusses when expert intuition can be trusted. A chapter that is germane to all walks of life.   Remember, if you do not have a favorite, dog-eared copy of Thinking, Fast and Slow, please buy a copy.  Using the links in this blog entry helps support the blog and its alter-ego, The Software Process and Measurement Cast. Buy a copy on Amazon,  It’s time to get reading!   The installments: Week 1: Logistics and Introduction – http://bit.ly/2UL4D6h Week 2: The Characters Of The Story – http://bit.ly/2PwItyX Week 3: Attention and Effort – http://bit.ly/2H45x5A Week 4: The Lazy Controller – http://bit.ly/2LE3MQQ Week 5: The Associative Machine – http://bit.ly/2JQgp8I Week 6: Cognitive Ease – http://bit.ly/2VTuqVu Week 7: Norms, Surprises, and Causes – http://bit.ly/2Molok2 Week 8: A Machine for Jumping to Conclusions - http://bit.ly/2XOjOcx  Week 9: How Judgement Happens and Answering An Easier Question - http://bit.ly/2XBPaX3  Week 10:  Law of Small Numbers - http://bit.ly/2JcjxtI  Week 11: Anchors - http://bit.ly/30iMgUu  Week 12: The Science of Availability - http://bit.ly/30tW6TN  Week 13: Availability, Emotion, and Risk - http://bit.ly/2GmOkTT  Week 14: Tom W’s Speciality - http://bit.ly/2YxKSA8  Week 15: Linda: Less Is More - http://bit.ly/2T3EgnV  Week 16: Causes Trump Statistics - http://bit.ly/2OTpAta  Week 17: Regression To The Mean - http://bit.ly/2ZdwCgu  Week 18: Taming Intuitive Predictions — http://bit.ly/2kAHClJ   Week 19: The Illusion of Understanding - http://bit.ly/2lK954p   Week 20: The Illusion of Validity -   http://bit.ly/2mfyrYh  Week 21: Intuitions vs Formulas - http://bit.ly/2kx7kri  Week 22: Expert Intuition - http://bit.ly/2ooe50h  Upcoming Events It is nearly time for the Agile Online Summit!  This year’s summit will be held October 7 - 11th --- EVERYWHERE, it’s a virtual conference.  Visit the website to sign-up. The basic conference is FREE. Register now at https://www.agileonlinesummit.com/2019 Pacific NW Software Quality Conference will be held in Portland, Oregon beginning October 14th through the 16th.  I will be speaking on the 15th! Register now https://www.pnsqc.org/2019-conference/ Next SPaMCAST SPaMCAST 567 will tackle the concept of herding.  Herding is a pattern where an individual or team acts based on the behavior of others. Stated very simply, herding is just like the children’s game follow-the-leader. Sounds innocuous?  This type of behavior can lead to work entry problems and other team level snafus!   We will also have a visit from Gene Hughson! 

Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

Seconda puntata della rubrica digital job di questo podcast. Dopo aver parlato di growth hacking con Raffaele Gaito, è arrivato il momento di parlare di cybersicurezza, e in particolare del ruolo del "Penetration tester". Per discutere di questo nuovo mestiere ho intervistato Gianluca Boccacci, un consulente per la cybersecurity che mi ha parlato di tante cose interessanti. Per esempio ho scoperto i cosiddetti CTF (https://capturetheflag.it/about/), ovvero giochi di hacking dove team o singoli cercano vulnerabilità in sistemi e software messi a disposizione dagli organizzatori della competizionehttps://ctftime.org/. Altri link per approfondire questi temi: https://pentesterlab.com/http://fsecurity.it/Segui Gianluca su Twitter: @brucelee1975--> Segui il mio videocorso gratis sull'igiene digitale in famiglia: http://www.gianluigibonanomi.com/videocorso-gratis-per-genitori-10-esercizi-di-igiene-digitale--> Scopri tante altre risorse gratuite sul mio sito Web: http://www.gianluigibonanomi.com/risorse-gratis-gianluigi-bonanomi--> Iscriviti alla mia newsletter (avrai un mio eBook in omaggio!): www.gianluigibonanomi.com/newsletter/--> Iscriviti al mio canale YouTube:https://www.youtube.com/user/Gianluigibonanomi?sub_confirmation=1--> Seguimi sulla Mia Pagina Facebook: www.fb.com/gianluigibonanomiformatore

Seconda puntata della rubrica digital job di questo podcast. Dopo aver parlato di growth hacking con Raffaele Gaito, è arrivato il momento di parlare di cybersicurezza, e in particolare del ruolo del "Penetration tester". Per discutere di questo nuovo mestiere ho intervistato Gianluca Boccacci, un consulente per la cybersecurity che mi ha parlato di tante cose interessanti. Per esempio ho scoperto i cosiddetti CTF (https://capturetheflag.it/about/), ovvero giochi di hacking dove team o singoli cercano vulnerabilità in sistemi e software messi a disposizione dagli organizzatori della competizionehttps://ctftime.org/. Altri link per approfondire questi temi: https://pentesterlab.com/http://fsecurity.it/Segui Gianluca su Twitter: @brucelee1975--> Segui il mio videocorso gratis sull'igiene digitale in famiglia: http://www.gianluigibonanomi.com/videocorso-gratis-per-genitori-10-esercizi-di-igiene-digitale--> Scopri tante altre risorse gratuite sul mio sito Web: http://www.gianluigibonanomi.com/risorse-gratis-gianluigi-bonanomi--> Iscriviti alla mia newsletter (avrai un mio eBook in omaggio!): www.gianluigibonanomi.com/newsletter/--> Iscriviti al mio canale YouTube:https://www.youtube.com/user/Gianluigibonanomi?sub_confirmation=1--> Seguimi sulla Mia Pagina Facebook: www.fb.com/gianluigibonanomiformatore

In this episode of Cryptochat the hosts Elmi and Yaser had a very engaging conversation with 2 brilliant minds of the core team at Resistance, CEO Anthony Khamsei who founded a public online security company Gold Security in 2012 and their CTO Luke Wegryn who worked at Cisco for 2 years as a Security Research Engineer and Penetration Tester. Their star studded team of 14 core members and an advisory team of 7 global powerhouses including Ivan on Tech and David Kravitz (the inventor of the digital signature) just to mention 2 of the 7. Truly a team of cybersecurity, cryptography and tech geniuses (and that’s being modest). Resistance’s measured approach upon their introduction into the cryptospace about 1 and a half years ago during the easy cash grab ICO era and resisting (see what we did there, pun intended) the characteristics of ICO’s over promising and under delivering (or never delivering) just gives you a glimpse of their character and ethics. It comes as no surpise as to why or how they won the best ICO of 2019 at the World Economic Forum held in Davos-Klosters, Switzerland. The Resistance CPU-optimized miner makes it straightforward for anyone with a typical PC or desktop computer running MacOS, Windows or Linux, to mine on the Resistance blockchain. Block rewards and transaction fees are split between masternodes, supporting upstream project developments, Proof of work mining, and Proof of research on whitelisted BOINC (Berkeley Open Infrastructure for Network Computing) projects that advance research for the furtherance of humanity. To find out more or get involved in their private sale visit www.resistance.io --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app

We’re often asked about the career pathway to becoming an ethical hacker, or penetration tester. So, we thought it would be best to let a current penetration tester share her thoughts on working in the industry. Whether you’re interested in penetration testing, computer science or security in general, Holly Grace's intro to becoming a penetration tester is packed full of tips you can use when getting started in cybersecurity. 1’00 What is a penetration tester? 1’35 What makes a good candidate? 4’10 Paths into pentesting. 5’00 Practising pentesting 6’36 Do I need programming skills? 7’30 The benefits of attending security conferences 8’36 Exams and certifications Useful links: Damn vulnerable web app http://www.dvwa.co.uk/ Download on iTunes: apple.co/2Ji61Ek Listening time: 12 minutes For more information, follow us on Twitter @secarma or @secarlabs or email us at podcast@secarma.com Hosted by: Holly Grace Williams, Technical Director at Secarma

Di Episode ini kita akan ngomongin soal Cyber Security. Apa sih akibatnya apabila data - data yang kita pakai di sosial media disalahgunakan orang? apa gadget yang kita pakai di sekitar aman dari peretas? Dimaz Arno, CEO dari Ethic Ninja, salah satu penyedia layanan Penetration Tester terbaik di Indonesia angkat bicara untuk sekedar membangkitkan kesadaran kita soal cyber security dan juga memberi masukan langkah apa yang kita ambil sebagai pencegahaan perdana terhadap scamming dan hacking. Check the podcast out!! Feel free to contact him at www.ethic.ninja / twitter @ethic_ninja Poke us with comment and Question via podcast.sambiljalan@gmail.com

This week, we talk to Jek, a physical penetration tester whose job is to infiltrate offices, data centers, store stockrooms, and other supposedly "secure" locations and either steal information or install a tool so that other hackers can exfiltrate data. She relies on the most reliable vulnerability of all: human weakness. Jek tells host Ben Makuch how she does it, some of her most memorable operations, and why other hackers think that what she does is "witchcraft." See acast.com/privacy for privacy and opt-out information.

This week, we talk to Jek, a physical penetration tester whose job is to infiltrate offices, data centers, store stockrooms, and other supposedly "secure" locations and either steal information or install a tool so that other hackers can exfiltrate data. She relies on the most reliable vulnerability of all: human weakness. Jek tells host Ben Makuch how she does it, some of her most memorable operations, and why other hackers think that what she does is "witchcraft." See acast.com/privacy for privacy and opt-out information.

Hello everyone and welcome back. In this episode, Patrick talks with Lisa Forte. Lisa is a Cyber Security Expert and Trainer, International Speaker, Writer and Penetration Tester. Lisa spent many years working for one of the U.K.'s Police Cyber Units before founding her own compnay, Red Goat Cyber Security.  Patrick and Lisa talk about the cyber security threats facing the world and some ways to prevent them, the importance of social engineering and other informative topics. Enjoy. Find Lisa here: https://www.linkedin.com/in/lisa-forte/ @redgoatcyber Want to try some amazing mushroom coffee? Head over to www.cjevolution.com and click the link to Four Sigmatic. You will get 15% off of your purchases and you will not be dissapointed in the products. Check this and other great episodes at www.cjevolution.com   Patrick  

How do stock exchanges, nuclear power plants or the military check their computer security ? They hire penetration testers - Cyber security experts who secretly test both IT and organisational security. Dr Karl gets the low-down from Chris Gatford, director of a company called Hacklabs. You will not believe how some places make it easy to get inside.

Andrew (@Andrew___Morris) is a security researcher at Endgame. Before he got that role he was a penetration tester. I had an opportunity to get to know Andrew at some events in the Columbia, SC. He's very knowledgeable and excited about what he does in the information security space. In this two-part series we discuss some of the nuances of being a pen tester and how to find yourself in that particular role.

Andrew (@Andrew___Morris) is a security researcher at Endgame. Before he got that role he was a penetration tester. I had an opportunity to get to know Andrew at some events in the Columbia, SC. He's very knowledgeable and excited about what he does in the information security space. In this two-part series we discuss some of the nuances of being a pen tester and how to find yourself in that particular role.

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Evilrob-Xaphan-TLS-Canary-Keeping-Your-Dick-Pics-Safer.pdf Canary: Keeping Your Dick Pics Safe(r) Rob Bathurst (evilrob) Security Engineer and Penetration Tester Jeff Thomas (xaphan) Senior Cyber Security Penetration Testing Specialist The security of SSL/TLS is built on a rickety scaffolding of trust. At the core of this system is an ever growing number of Certificate Authorities that most people (and software) take for granted. Recent attacks have exploited this inherent trust to covertly intercept, monitor and manipulate supposedly secure communications. These types of attack endanger everyone, especially when they remain undetected. Unfortunately, there are few tools that non-technical humans can use to verify that their HTTPS traffic is actually secure. We will present our research into the technical and political problems underlying SSL/TLS. We will also demonstrate a tool, currently called “Canary”, that will allow all types users to validate the digital certificates presented by services on the Internet. Evilrob is a Security Engineer and Penetration Tester with over 14 years of experience with large network architecture and engineering. His current focus is on network security architecture, tool development, and high-assurance encryption devices. He currently spends his days contemplating new and exciting ways to do terrible things to all manner of healthcare related systems in the name of safety. Twitter: @knomes xaphan is a "Senior Cyber Security Penetration Testing Specialist" for a happy, non-threatening US government agency. He has been a penetration tester for 17 years, but maintains his sanity with a variety of distractions. He is the author of several ancient and obsolete security tools and the creator of DEFCOIN. Twitter: @slugbait

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Ian-Latter-Remote-Access-the-APT.pdf Remote Access, the APT Ian Latter Midnight Code ThruGlassXfer (TGXf) is a new and exciting technique to steal files from a computer through the screen. Any user that has screen and keyboard access to a shell (CLI, GUI or browser) in an enterprise IT environment has the ability to transfer arbitrary data, code and executables in and out of that environment without raising alarms, today. This includes staff, partners and suppliers, both on and off-shore. And implementation of best practice Data Center (Jump hosts), Perimeter / Remote Access (VPN, VDI, ..) and End Point Security (DLP, AV, ..) architectures have no effect on the outcome. In this session I will take you from first principles to a full exploitation framework. At the end of the session you'll learn how build on this unidirectional file transfer and augment the solution into a full duplex communications channel (a virtual serial link) and then a native PPP link, from an user owned device, through the remote enterprise-controlled screen and keyboard, to the most sensitive infrastructure in the enterprise. In this special DEF CON presentation I will also be releasing the new high-speed data exfiltration tool, hsTGXf. This is an exciting and cross-discipline presentation that picks up the story in the DEC VT220 terminal era and will take you on a journey to exploiting modern enterprise security architectures. So join me, whatever your knowledge or skill-set and learn something interesting! A 20 year veteran of the IT industry, Ian has spent 15 years working in security in a number of positions including Penetration Tester, Security Architect and most recently, a Security Governance role at a blue chip corporate. Ian teaches the Practical Threat Intelligence course at Black Hat and has spoken at key international hacking and security conferences including COSAC (Ireland), Ruxcon (Australia), and Kiwicon (New Zealand). If he had spare time, Ian would be pursuing a number of private software and robotics projects, including the Barbie Car that he promised his daughter (wiser friends have advised that I finish this project before she's old enough to ask for a real Corvette).

 Bonnie Cashman  one of our favorites, as Co- founder of LAB5 Fitness and Cashman Lifestyle in Seattle Washington with her special guest University of Washington star women's softball player, Kimi Pohlman Julius “Jules” Steiner, former US CEO, Gamesa Wind Energy, currently practicing law in Philadelphia, Pennsylvania with Offit Kurman, specializing in representing companies in all areas of employment law.  Dr. Ritamarie Loscalzo, MS, DC, CCN, DACBN “The Women's Fatigue Expert and Vibrant Health Mentor”. Ritamarie Loscalzo has been an integrative practitioner for over 20 years, combining the best from modern functional medicine with the natural healing wisdom of fresh, raw foods and herbs. A Chiropractic Doctor, Certified in Acupuncture, Nutrition and Herbal Medicine, as well as a certified living foods chef, instructor, coach, speaker and author.  Joshua Harper  is a Digital Forensic Analyst and Penetration Tester at Radix (RAY-dix) Forensics LLC, based in Austin Texas.  He's performed forensic investigations in a wide variety of cases - including finding evidence of spousal misconduct, tracking down runaways, and recovering company data destroyed by disgruntled employees.  Rob Colville "The man who has mentored over a thousand people worldwide in how to trade financial markets profitably - from just 10 minutes a day....it's self-styled Lazy Trader, Rob Colville"

Synopsis This episode of Down the Rabbithole microcast (~15 minutes length) was recorded live at the Ohio Information Security Summit. Albert and Paul were kind enough to sit down with me and discuss metrics and process - and essentially what demonstrating "good security" means to an enterprise.  "Can we ever get there?"  Where is there?  Understanding the basics of security, measurement, and whether if we really do a great job, Information Security can work itself out of a job ... those are some heavy topics for a mini-podcast.  Enjoy! Feedback is always welcome Guests Paul Elwell - Security Specialist for a Fortune 500 company Albert School - Application Security Specialist and Penetration Tester at a Fortune 500 company

We set a record for the longest episode EVER!  Almost two hours of geeky and gaming fun!  From Apple to Zed!  This week we cover AT&T, Facebook, Skype, Google, Hacking a police car, Spyware on Rental Computers, Android, STERN Pinball, Groupon, Nintendo, Wii, 360, Hacking, Other OS, Obama and much much more! Special thanks to: […]

We set a record for the longest episode EVER!  Almost two hours of geeky and gaming fun!  From Apple to Zed!  This week we cover AT&T, Facebook, Skype, Google, Hacking a police car, Spyware on Rental Computers, Android, STERN Pinball, Groupon, Nintendo, Wii, 360, Hacking, Other OS, Obama and much much more! Special thanks to: […]