Podcasts about pentesting

In this episode of Resilience Unravelled, Dr Russell Thackeray interviews Rene Sylvain Bedard, an IT veteran with over 30 years of experience primarily in IT architecture. Currently based in Montreal, Rene discusses the critical connection between cybersecurity and business resilience. He shares his journey from founding Indominus to focusing on cybersecurity solutions for small and medium-sized businesses (SMBs). Rene elaborates on the various types of cybercriminals, the importance of employee awareness in preventing cyber attacks, and the consequences of ransomware. He outlines his 'Secure Method' for building cybersecurity resilience, which includes steps like surveying IT landscape, educating staff, and continuously reviewing and evolving security measures. Rene emphasizes the significant risks businesses face and underscores that leadership and a proactive approach are key to safeguarding any organization. He also highlights his book "Secure by Design," aimed to guide business leaders in protecting their companies from cyber threats.00:00 Introduction and Today's Topic00:32 Meet the Expert: Rene Sylvain Bedard01:09 Rene's Background in IT and Cybersecurity04:29 Understanding Cyber Attacks and Online Scams07:23 The Mechanics of Cyber Attacks11:46 The Importance of Cybersecurity Awareness14:19 Real-World Examples and Prevention Tips19:13 The Secure Method for SMB Owners19:37 Understanding Your IT and Data Landscape19:50 Building and Testing Cyber Defenses20:51 The Importance of Unified Cybersecurity22:24 Managed Service Providers vs. Managed Security Service Providers24:39 The Role of Pen Testing and Configuration Audits26:07 Balancing Cybersecurity Costs and Risks27:55 Real-World Cybersecurity Incidents and Lessons28:56 The Human Element in Cybersecurity29:56 Writing the Book: Secure by Design37:05 Final Thoughts and Contact InformationYou can contact us at info@qedod.comResources can be found online or link to our website https://resilienceunravelled.com#resilience, #burnout, #intuition

Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastEd Williams, Vice President of EMEA Consulting and Professional Services (CPS) at TrustWave, shares his two decades of pentesting and red teaming experience with Cyber Work listeners. From building his first programs on a BBC Micro (an early PC underwritten by the BBC network in England to promote computer literacy) to co-authoring award-winning red team security tools, Ed discusses his favorite red team social engineering trick (hint: it involves fire extinguishers!), and the ways that pentesting and red team methodologies have (and have not) changed in 20 years. As a bonus, Ed explains how he created a red team tool that gained accolades from the community in 2013, and how building your own tools can help you create your personal calling card in the Cybersecurity industry! Whether you're breaking into cybersecurity or looking to level up your pentesting skills, Ed's practical advice and red team “war stories,” as well as his philosophy of continuous learning that he calls “Stacking Days,” bring practical and powerful techniques to your study of Cybersecurity.0:00 - Intro to today's episode2:17 - Meet Ed Williams and his BBC Micro origins5:16 - Evolution of pentesting since 200812:50 - Creating the RedSnarf tool in 201317:18 - Advice for aspiring pentesters in 202519:59 - Building community and finding collaborators 22:28 - Red teaming vs pentesting strategies24:19 - Red teaming, social engineering, and fire extinguishers27:07 - Early career obsession and focus29:41 - Essential skills: Python and command-line mastery31:30 - Best career advice: "Stacking Days"32:12 - About TrustWave and connecting with EdAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Hey friends! Today Joe “The Machine” Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory).  In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

Building Trust Through Technology: Responsible AI in Practice // MLOps Podcast #301 with Rafael Sandroni, Founder and CEO of GardionAI.Join the Community: https://go.mlops.community/YTJoinIn Get the newsletter: https://go.mlops.community/YTNewsletter // AbstractRafael Sandroni shares key insights on securing AI systems, tackling fraud, and implementing robust guardrails. From prompt injection attacks to AI-driven fraud detection, we explore the challenges and best practices for building safer AI.// BioEntrepreneur and problem solver. // Related LinksGardionAI LinkedIn: https://www.linkedin.com/company/guardionai/~~~~~~~~ ✌️Connect With Us ✌️ ~~~~~~~Catch all episodes, blogs, newsletters, and more: https://go.mlops.community/TYExploreJoin our slack community [https://go.mlops.community/slack]Follow us on X/Twitter [@mlopscommunity](https://x.com/mlopscommunity) or [LinkedIn](https://go.mlops.community/linkedin)] Sign up for the next meetup: [https://go.mlops.community/register]MLOps Swag/Merch: [https://shop.mlops.community/]Connect with Demetrios on LinkedIn: /dpbrinkmConnect with Rafael on LinkedIn: /rafaelsandroniTimestamps:[00:00] Rafael's preferred coffee[00:16] Takeaways[01:03] AI Assistant Best Practices[03:48] Siri vs In-App AI[08:44] AI Security Exploration[11:55] Zero Trust for LLMS[18:02] Indirect Prompt Injection Risks[22:42] WhatsApp Banking Risks[26:27] Traditional vs New Age Fraud[29:12] AI Fraud Mitigation Patterns[32:50] Agent Access Control Risks[34:31] Red Teaming and Pentesting[39:40] Data Security Paradox[40:48] Wrap up

Hey friends, our good buddy Joe “The Machine” Skeen and I are back this week with part 2 (check out part 1!) tackling GOAD SCCM again!  Spoiler alert: this time we get DA!  YAY! Definitely check out these handy SCCM resources to help you – whether it be in the lab or IRL (in real life): GOAD SCCM walkthrough MisconfigurationManager – tremendous resource for enumerating/attacking/privesc-ing within SCCM This gist from Adam Chester will help you decrypt SCCM creds stored in SQL

Are you passionate about ethical hacking and cybersecurity? Want to break into the exciting world of Red Teaming and Penetration Testing? In this episode of the InfosecTrain podcast, our experts guide you through everything you need to know to start and grow a career in these advanced cybersecurity domains.

Cybersecurity in Italy: ITASEC 2025 Recap & Future Outlook with Professor Alessandro ArmandoCybersecurity is no longer a niche topic—it's a fundamental pillar of modern society. And in Italy, ITASEC has become the go-to event for bringing together researchers, government officials, and industry leaders to tackle the biggest security challenges of our time.Although we weren't there in person this year, we're diving into everything that happened at ITASEC 2025 in this special On Location recap with Professor Alessandro Armando. As Deputy Director of the Cybersecurity National Laboratory at CINI and Chairman of the Scientific Committee of the SERICS Foundation, Alessandro has a front-row seat to the evolution of cybersecurity in Italy.This year's event, held in Bologna, showcased the growing maturity of Italy's cybersecurity landscape, featuring keynotes, technical sessions, and even hands-on experiences for the next generation of security professionals. From government regulations like DORA (Digital Operational Resilience Act) to the challenges of AI security, ITASEC 2025 covered a vast range of topics shaping the future of digital defense.One major theme? Cybersecurity as an investment, not just a cost. Italian companies are increasingly recognizing security as a competitive advantage—something that enhances trust and reputation rather than just a compliance checkbox.We also discuss the critical role of education in cybersecurity, from university initiatives to national competitions that are training the next wave of security experts. With programs like Cyber Challenge.IT, Italy is making significant strides in developing a strong cybersecurity workforce, ensuring that organizations are prepared for the evolving threat landscape.And of course, Alessandro shares a big reveal: ITASEC 2026 is heading to Sardinia! A stunning location for what promises to be another exciting edition of the conference.Join us for this insightful discussion as we reflect on where cybersecurity in Italy is today, where it's headed, and why events like ITASEC matter now more than ever.

Send us a text SummaryIn this conversation, Joe and Aaron discuss Aaron's journey into cybersecurity, highlighting the importance of curiosity, perseverance, and continuous learning in the field. Aaron shares his early experiences with hacking, his transition into professional security roles, and the unique challenges of pen testing SaaS applications. The discussion emphasizes the need for passion and dedication in overcoming obstacles and achieving success in cybersecurity. In this conversation, Joe and Aaron discuss the importance of sharing knowledge in the field of SaaS security, highlighting how personal initiatives like blogging can lead to unexpected career opportunities. They delve into the challenges organizations face regarding SaaS application risks, the significance of inventory management, and the shared responsibility model in security. The discussion also emphasizes the need for awareness of misconfigurations and reassures listeners that coding skills are not a prerequisite for entering the SaaS security space.Chapters00:00 Introduction and Personal Background08:27 Journey into Cybersecurity17:00 Perseverance in Learning and Growth20:49 Pen Testing SaaS Applications26:51 The Power of Sharing Knowledge29:06 Discovering New Opportunities in SaaS Security32:45 Understanding SaaS Application Risks35:32 The Importance of SaaS Inventory Management38:43 Shared Responsibility in SaaS Security41:51 Misconfigurations and Security Awareness45:01 Navigating SaaS Security Without Coding Skills Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager!  Attacks include: Unauthenticated PXE attack PXE (with password) attack Relaying the machine account of the MECM box over to the SQL server to get local admin

Hi friends, today we're talking about pentesting potatoes (not really, but this episode is sort of a homage to episode 333 where I went to Boise to do a controls assessment and ended up doing an impromptu physical pentest and social engineer exercise).  I talk about what a blast I'm having hunting APTs in XINTRA LABS, and two cool tools I'm building with the help of Cursor: A wrapper for Netexec that quickly finds roastable users, machines without SMB signing, clients running Webclient and more. A sifter of Snaffler-captured files to zero in even closer on interesting things such as usernames and passwords in clear text.

Digital Trust in the Age of AIHear from Aaron Shilts, CEO of NetSPI, as he sits down with Nabil Hannan, NetSPI Field CISO and host of Agent of Influence, to explore NetSPI's evolution and cyber predictions for 2025. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

pentesting

Ende Januar ist Schluss mit dem Digital Podcast. Was haben wir bloss gemacht in all den Jahren? Viel! So viel, dass eine repräsentative Auswahl unmöglich ist. Wir schauen trotzdem zurück - mit einem lachenden und einem weinenden Auge. Der ganze Podcast im Überblick: (05:33) Die Messe (10:10) Die Cyberdetektivin (13:12) Der Kebab auf dem Scanner und das Gedicht im Supermarkt (19:18) Retro: Es lebe das Tonband! (27:15) Der Chiphändler und der Bericht aus Fukushima (33:56) Kabel! (37:06) Selbstversuche: Morsen, ernähren und fliegen (45:39) Der Gametipp aus der Kiesgrube Link auf die Episode zu Pen-Testing: https://www.srf.ch/audio/digital-podcast/pen-testing-undercover-mit-andrea?id=89042de0-77f8-4864-b790-8cbec017340c Link auf unser Video-Archiv: https://geeksofa.ch/geek-sofa/www/index.html

The Centers for Medicare and Medicaid Services (CMS) Cyber Integration Center (CCIC) is the hub of cybersecurity strategy and response at the agency. The collaborative center focuses on internal assessments to protect sensitive patient data and improve threat detection. Acting CISO Keith Busby explained how CCIC red, blue and purple security engagements teams are conducting Penetration Testing (PenTesting) to monitor the agency's critical infrastructure and prevent malicious actors from causing devastating cyber attacks. Busby shared details about the agency's Risk Management Strategy, which uses secret scanning and other enterprise level technologies to mitigate risks. He also highlighted the Department of Health and Human Services (HHS) cyber performance goals agencies should be prioritizing to boost their resiliency.  

Offensive penetration testing, or offensive pentesting, involves actively probing a system, network, or application to identify and exploit vulnerabilities, mimicking the tactics of real-world attackers. The goal is to assess security weaknesses and provide actionable insights to strengthen defenses before malicious actors can exploit them. Bishop Fox is a private professional services firm focused on The post The Future of Offensive Pentesting with Mark Goodwin appeared first on Software Engineering Daily.

Offensive penetration testing, or offensive pentesting, involves actively probing a system, network, or application to identify and exploit vulnerabilities, mimicking the tactics of real-world attackers. The goal is to assess security weaknesses and provide actionable insights to strengthen defenses before malicious actors can exploit them. Bishop Fox is a private professional services firm focused on The post The Future of Offensive Pentesting with Mark Goodwin appeared first on Software Engineering Daily.

This could be none other than a certified B. Key special, an eclectic investigation into domination magic, intelligence gathering, and sorcerous pentesting for optimal results. Building off Episode 23: Troubleshooting Your Sorcery, Key leads the gang through the many ways you can work over targets that prove harder to crack, especially when it comes to boss fixing. And it wouldn't be a Key episode without a long-requested foray into the magic of lockpicking as a compliment to all of the above and more! Support us on patreon.com/TheFrightfulHowls and follow us at twitter.com/FrightfulHowls.

Mainframe pentester Michelle Eggers joins us to share her incredible journey into cybersecurity, and specifically her niche in mainframe security.George K and George A talk to Michelle about:

In this episode of the Other Side of the Firewall podcast, Ryan Williams and Shannon Tynes discuss the latest trends in cybersecurity, focusing on the recruitment of pen testers by ransomware gangs, the ethical implications of working in this space, and the importance of having an AI acceptable use policy to protect data privacy. They explore the dark web's role in facilitating these activities and the potential consequences for those who engage in them. Article: Ransomware Gangs on Recruitment Drive for Pen Testers https://www.infosecurity-magazine.com/news/ransomware-gangs-pen-testers/?fbclid=IwZXh0bgNhZW0CMTAAAR2J4Tvz2RZRU9PUg8wAq1S8lDpugrl4Q6LHpamW5__P0m0QJzEHqoxVSd8_aem_EWyfJeJpFHjpzfgt4j2DtQ Please LISTEN

Do you deserve to be hacked? With that bold tagline, CovertSwarm is pushing leaders to rethink how they test and defend their systems, and in this episode, they're sharing firsthand how organizations can prepare for adversaries in the wild. Recorded at Black Hat 2024, Ron is joined by Ilan Fehler, US Sales Lead at CovertSwarm, and Dahvid Schloss, Hive Leader at CovertSwarm to explore the world of adversary emulation. From physical breaches to API exploits, this conversation covers the human, digital, and physical elements of cybersecurity. Impactful Moments: 00:00 - Introduction 01:25 - You Deserve To Be Hacked 03:05 - Emulating criminal behavior: The hive structure 07:55 - Social engineering tactics that really work 20:16 - Physical breaches: Pentesting in action 24:09 - Past the firewall: Second- and third-layer testing 29:14 - Digital exploits and real-world vulnerabilities 35:24 - Why organizations hesitate to invest in red teams 37:33 - Building muscle memory for security   Links: Connect with our guests, Ilan Fehler https://www.linkedin.com/in/fehler/ and Dahvid Schloss https://www.linkedin.com/in/dahvidschloss/ Learn more about CovertSwarm here: https://covertswarm.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Don't just react to cyber attacks, stop them happening in the first place. Find a verified remote pentester to identify your weaknesses. Work with HireADeveloper.net! More details at https://www.hireadeveloper.net/pentesters-florida/ HireADeveloper.net City: Las Vegas Address: 6920 S Cimarron Rd, Suite 100 Website: https://www.hireadeveloper.net/ Email: contact@hireadeveloper.net

Don't just react to cyber attacks, stop them happening in the first place. Find a verified remote pentester to identify your weaknesses. Work with HireADeveloper.net! More details at https://www.hireadeveloper.net/pentesters-florida/ HireADeveloper.net City: Las Vegas Address: 6920 S Cimarron Rd, Suite 100 Website: https://www.hireadeveloper.net/ Email: contact@hireadeveloper.net

Guests: Ante Gojsalic, Co-Founder & CTO at SplxAI Topics: What are some of the unique challenges in securing GenAI applications compared to traditional apps? What current attack surfaces are most concerning for GenAI apps, and how do you see these evolving in the future? Do you have your very own list of top 5 GenAI threats? Everybody seem to! What are the most common security mistakes you see clients make with GenAI? Can you explain the main goals when trying to add automation to pentesting for next-gen GenAI apps?  What are your AI testing lessons from clients so far? Resources: EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side EP135 AI and Security: The Good, the Bad, and the Magical EP185 SAIF-powered Collaboration to Secure AI: CoSAI and Why It Matters to You SAIF.google Next SAIF presentation with top 5 AI security issues Our Security of AI Papers and Blogs Explained  

BreachLock is Recognized as a Prominent Vendor in both PTaaS and EASM Categories in the 2024 Gartner® Hype Cycle™ for Security Operations. Learn more about our sponsor BreachLock at https://www.breachlock.com/

After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible. While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview. We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to. Microsoft delays Recall AGAIN, Project Zero uses an LLM to find a bugger underflow in SQLite, the scourge of infostealer malware, zero standing privileges is easy if you have unlimited time (but no one does), reverse engineering Nintendo's Alarmo and RedBox's... boxes. Bonus: the book series mentioned in this episode The Lost Fleet by Jack Campbell. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-306

After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible. While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview. We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to. Show Notes: https://securityweekly.com/asw-306

After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible. While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview. We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to. Microsoft delays Recall AGAIN, Project Zero uses an LLM to find a bugger underflow in SQLite, the scourge of infostealer malware, zero standing privileges is easy if you have unlimited time (but no one does), reverse engineering Nintendo's Alarmo and RedBox's... boxes. Bonus: the book series mentioned in this episode The Lost Fleet by Jack Campbell. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-306

After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible. While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview. We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to. Show Notes: https://securityweekly.com/asw-306

Welcome to the weekend edition of Cybersecurity Today! Join host Jim Love as he delves into the top cybersecurity stories of the month with industry experts David Shipley of Beauceron Security, Terry Cutler of Cyology Labs, and special guest Kim Schreader from TELUS. This episode covers a range of vital topics, including AI's impact on cybersecurity, the alarming rise in API vulnerabilities, and a shocking report on the Canadian Revenue Agency's fraud losses. The panel also discusses cybersecurity awareness, the overlooked importance of protecting our libraries, and innovative ways to educate the next generation on cybersecurity. Don't miss their insights, expert opinions, and the debut of the cyber stinky award! 00:00 Introduction and Panelist Welcome 00:39 Kim Schreader's Background and Cybersecurity Insights 01:44 Cybersecurity Awareness Month Highlights 02:11 Phishing Milestones and Challenges 03:34 Home Cybersecurity and Public Engagement 04:59 SecTor Event and Cyber Insurance Study 06:10 Sextortion Emails and Ransomware Threats 07:30 Revenue Canada Fraud Scandal 14:31 Legacy Systems and Cybersecurity Accountability 17:55 AI in Cybersecurity: Threats and Opportunities 26:43 Medical Imaging Vulnerabilities 27:35 IoT Device Security Concerns 29:25 API Vulnerabilities and Exploits 31:45 Importance of Pen Testing 39:41 AI and Prompt Injection Risks 46:58 Education and Cybersecurity Awareness 52:23 Library Cyber Attacks and Conclusion

In this episode of Resilient Cyber I will be chatting with industry leaders Tyler Shields and James Berthoty on the topic of "Shift Left".This includes the origins and early days of the shift left movement, as well as some of the current challenges, complaints and if the shift left movement is losing its shine.We dive into a lot of topics such as:Tyler and Jame's high-level thoughts on shift left and where it may have went wrong or run into challengesTyler's thoughts on the evolution of shift left over the last several decades from some of his early Pen Testing roles and working with early legacy applications before the age of Cloud, DevOps and MicroservicesJames' perspective, having started in Cyber in the age of Cloud and how his entire career has come at shift left from a bit of a different perspectiveThe role that Vendors, VC's and products play and why the industry only seems to come at this from the tool perspectiveWhere we think the industry is headed with similar efforts such as Secure-by-Design/Default and its potential as well as possible challenges

Can you pen test yourself? Paula Januszkiewicz says yes! Richard talks to Paula about taking an active role in understanding your organization's security vulnerabilities. Paula talks about the low-hanging fruit she often finds as a professional penetration tester - typically on poorly maintained infrastructure like PKI servers. The conversation digs into tooling you can use to find vulnerabilities - just make sure you trust the source of those tools. Not everyone is a good guy in open source! And, of course, there's always a time to bring in professionals to do a deeper level of testing. Don't wait until the breach happens to take some action!LinksCqurePenetration TestingGitHub Secrets ScanningHaveIBeenPwnedRecorded August 22, 2024

Seemant Seghal is founder & CEO of BreachLock, a global leader in Penetration Testing as a Service (PTaaS) that serves over 900 clients in more than 20 countries, has been working with chief information security officers (CISOs) for 20 years. Learn more about BreachLock at https://breachlock.com. For more on cybersecurity, visit us at https://cybersecurityventures.com/

In today's episode, we will be talking for a 2nd time with our good friend, Rafay Baloch. He is an internationally renowned ethical hacker and security researcher known for his discovery of vulnerabilities on the Android operating system. He has been featured and known by both national and international media and publications like Forbes, BBC, The Wall Street Journal, and The Express Tribune. We do a deep dive into his recently released book "Web Hacking Arsenal: A Practical Guide to Modern Web Pentesting". You can connect with Rafay in the following ways: Book Purchase: https://www.amazon.com/Web-Hacking-Arsenal-Practical-Pentesting/dp/1032447192/ Website: https://redseclabs.com/ Twitter: @rafaybaloch At Tech & Main, we want to be YOUR technology partner. Let our 20+ years of expertise help you achieve the outcomes that are best for your business: cybersecurity.  We have engineers and project managers available to assist you. Call our office at 678-575-8515, email us at info@techandmain.com or visit us at www.techandmain.com.  Thanks for listening!

Have you ever lost something important, only to find out someone moved it without telling you? The same thing happens with our personal and business data. But what if you could see what the adversary sees?  In this episode, Jason Haddix, Field CISO at Flare, shares his experiences in red teaming, accessing dark web credentials, and protecting against malicious actors. Whether you're curious about data exposure or how threat actors operate, this conversation offers insights into the constant changes in cybersecurity.   Impactful Moments: 00:00 - Introduction 01:11 - The Basics of the Dark Web and How Criminals Operate 07:16 - Flare's Role in Cybersecurity 11:14 - Common Security Mistakes 20:04 - Pen Testing with Flare 21:33 - Exploiting Exposed Credentials 22:19 - Reconnaissance Tools and Techniques 24:38 - Email Security Concerns 28:43 - The Power of Stealer Logs 38:21 - Dark Web Tactics and AI 39:33 - Advice for Cybersecurity Leaders 42:04 - Exploring Flare's Platform for Threat Intelligence 44:26 - Conclusion and Final Thoughts Links: Connect with our guest, Jason Haddix: https://www.linkedin.com/in/jhaddix/ Check out Flare here: https://flare.io Check out Arcanum here: https://www.arcanum-sec.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Text us feedback!In this episode, Spencer and Tyler share what they love and hate about the current state of penetration testing, they discuss current and future trends, and what it means to be a true cybersecurity partner. We hope you enjoy this episode!Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

video: https://youtu.be/ow1S0hWk0E0 On this weeks episode we're going to discuss malware that's so ruthless it's ready for a street fight. Welcome to Destination Linux, where we discuss the latest news, hot topics, gaming, mobile, and all things Open Source & Linux. Also this week, we're going to discuss Pentesting distro tools and running full Linux on your Android. Plus we got some Linux Gaming, and our Software Spotlight, and more. Now let's get this show on the road toward Destination Linux! Download as MP3 (https://aphid.fireside.fm/d/1437767933/32f28071-0b08-4ea1-afcc-37af75bd83d6/cb8b3a9a-06a5-438a-ab07-08c5f227e4ba.mp3) Support the show by becoming a patron at tuxdigital.com/membership (https://tuxdigital.com/membership) or get some swag at tuxdigital.com/store (https://tuxdigital.com/store) Hosted by: Ryan (DasGeek) = dasgeek.net (https://dasgeek.net) Jill Bryant = jilllinuxgirl.com (https://jilllinuxgirl.com) Michael Tunnell = michaeltunnell.com (https://michaeltunnell.com) Chapters: 00:00:00 Intro 00:01:02 Community Feedback 00:06:08 Kali Linux 00:22:25 News: New Malware Street Fighter Style 00:31:28 Hackers Target Teens 00:35:25 Spying Cars 00:38:02 Mobile News: Apple Gives Up On Pegasus Lawsuit 00:46:07 Gaming: Sword and Shield Idle 00:48:39 Software Spotlight: CSI Linux 00:56:01 Tip of the Week: Lindroid 01:00:16 Support the Show Links: Community Feedback https://tuxdigital.com/comments (https://tuxdigital.com/comments) https://tuxdigital.com/forum (https://tuxdigital.com/forum) Kali Linux https://www.kali.org/ (https://www.kali.org/) News: New Malware Street Fighter Style https://www.bleepingcomputer.com/news/security/new-linux-malware-hadooken-targets-oracle-weblogic-servers/ (https://www.bleepingcomputer.com/news/security/new-linux-malware-hadooken-targets-oracle-weblogic-servers/) https://www.scmagazine.com/news/akira-takes-in-42-million-in-ransom-payments-now-targets-linux-servers (https://www.scmagazine.com/news/akira-takes-in-42-million-in-ransom-payments-now-targets-linux-servers) Mobile News: Apple Gives Up On Pegasus Lawsuit https://www.moneycontrol.com/technology/apple-seeks-to-withdraw-legal-case-against-pegasus-spyware-creator-heres-why-article-12821708.html (https://www.moneycontrol.com/technology/apple-seeks-to-withdraw-legal-case-against-pegasus-spyware-creator-heres-why-article-12821708.html) Gaming: Sword and Shield Idle https://store.steampowered.com/app/2882710/SwordandShield_Idle/ (https://store.steampowered.com/app/2882710/Sword_and_Shield_Idle/) Software Spotlight: CSI Linux https://csilinux.com/ (https://csilinux.com/) https://hackernoon.com/csi-linux-linux-distribution-for-cyber-and-osint-investigation (https://hackernoon.com/csi-linux-linux-distribution-for-cyber-and-osint-investigation) Tip of the Week: Lindroid https://gist.github.com/AngelaCooljx/14ba722346da0479050be924d96e8c5e (https://gist.github.com/AngelaCooljx/14ba722346da0479050be924d96e8c5e) https://hackaday.com/2024/06/18/lindroid-promises-true-linux-on-android/ (https://hackaday.com/2024/06/18/lindroid-promises-true-linux-on-android/) Support the Show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://tuxdigital.com/store (https://tuxdigital.com/store) https://tuxdigital.com/discord (https://tuxdigital.com/discord)

In today's episode, we'll hear from Craig Jeffery on pentests. What are they, who performs them, and why are they vital for cyber security? Listen in to learn more.

Join Robert and Chris Romeo as they dive into the world of pen testing with their guest Philip Wiley. In this episode, Philip shares his unique journey from professional wrestling to being a renowned pen tester. Hear some great stories from his wrestling days, in-depth discussions on application security, and good advice on starting a career in cybersecurity. Whether you're interested in pen testing techniques, learning about security origin stories, or gaining insights into career development, this episode has something for everyone!The Pentester Blueprint Starting a Career as an Ethical Hacker written by Phillip WylieThe Web Application Hacker's Handbook written by Dafydd Stuttard, Marcus PintoWhere to find Phillip:Website:  https://thehackermaker.com/Podcast: https://phillipwylieshow.com/X: https://x.com/PhillipWylieLinkedIn: https://www.linkedin.com/in/phillipwylie/FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Snehal Antani, co-founder of Horizon3.AI, to discuss the crucial interplay between offensive and defensive cybersecurity tactics. They explore the technical aspects of how observing attacker behavior can enhance defensive strategies, why traditional point-in-time pen testing may be insufficient, and how autonomous pen testing can offer continuous, scalable solutions. The conversation delves into Snehal's extensive experience, the importance of readiness over compliance, and the future of cybersecurity tools designed with humans out of the loop. Tune in to learn how to elevate your cybersecurity posture in a rapidly evolving threat landscape. Horizon3 - https://www.horizon3.ai Snehal Antani - https://www.linkedin.com/in/snehalantani/ Transcripts: https://docs.google.com/document/d/1IFSQ8Uoca3I7TLqNHMkvm2X-RHk8SWpo Chapters: 00:00 Introduction and Guest Welcome 01:43 Background and Experience of Snehal Antani 03:09 Challenges and Limitations of Traditional Pen Testing 14:47 The Future of Pen Testing: Autonomous Systems 23:10 Leveraging Data for Cybersecurity Insights 24:02 Expanding the Attack Surface: Cloud and Supply Chain 24:46 Third-Party Risk Management Evolution 44:37 Future of Cyber Warfare: Algorithms vs. Humans

In this episode we sit down with the Founder/CEO of Horizon3.ai to discuss disrupting the Pen Testing and Offensive Security ecosystem, and building and scaling a security startup - from a founders perspective.From HP, to Splunk to JSOC - all leading to founding Horizon3, Snehal brings a unique perspective of business acumen and technical depth and puts on a masterclass around venture, founding and scaling a team and disrupting the industry!---- For those not familiar with your background who Horizon3AI, can you tell us a bit about both?You are building something special at Horizon3AI and I will dive into that here soon, but you've also been posting some great content about building a security startup, the team, the market dynamics and more, so I wanted to spend a little time chatting about that. - First off, your company was recently listed by Forbes as one of the top 25 venture backed startups likely to reach a $1 billion dollar valuation. How did that feel and what do you think contributed to your team landing on such a prestigious list?- Speaking of venture backed, you recently participated in the Innovators and Investors Summit at BlackHat where you and other panelists dove into the topic of what founders should look for in investors and how VC's can stand out in a highly competitive market. As someone who's navigated that journey and is now being listed on lists such as that from Forbes - what are some of your key lessons learned and recommendations for early-stage founders?- You've stressed the importance of the team over the initial idea and what you've called "pace setters" and "ankle weights" within the team and the importance of both. Can you elaborate on the terms and broader context around building a foundational team to scale the company successfully?- You also have discussed the 4 advantages iconic companies build over time, what are they and why do they help differentiate you?- Pivoting a bit, you have a really unique background, blending both the private and public/defense sector. How do you think that's helped shape you and the way you've build your team and company and approach the market?- Horizon3AI is big on the mantra of "offense informed defense". Why is that critical and why do you think we miss the value in this approach in many spaces in the security ecosystem?- You all have poked some fun at the way many organizations operate, running vuln scans, doing an annual pen test, and having a false sense of security. How is Horizon3AI disrupting the traditional Pen Testing space and leading to more secure organizational outcomes?

Hello friends, I'm excited to release BPATTY[RELOADED] into the world at https://bpatty.rocks! – which stands for Brian's Pentesting and Technical Tips for You! It's a knowledge base of IT and security bits that help me do a better job doing security stuff! Today I do an ACTUAL 7-minute episode (GASP…what a concept!) covering my favorite bits on the site so far. Enjoy!

Artificial hype alert!  I'm working on a NEW version of BPATTY (Brian's Pentesting and Technical Tips for You), but it is delayed because of a weird domain name hostage negotiation situation.  It's weird.  But in the meantime I want to talk about the project (which is a pentest documentation library built on Docusaurus) and how I think it will be bigger/better/stronger/faster/cooler than BPATTY v1 (which is now in archive/read-only mode).

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Danny Jenkins, CEO, ThreatLocker. In this episode: The limits of zero-trust Pentesting for SMBs An ounce of prevention is worth a pound of response The cream of the security crop Thanks to our podcast sponsor, ThreatLocker! ThreatLocker® is a global leader in Zero Trust endpoint security offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne EventsFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest: https://x.com/SinSinologyBlog: https://sinsinology.medium.com/Resources:WhatsUp Gold Pre-Auth RCEAdvanced .NET Exploitation TrainingdnSpyExQEMUUnicorn EngineQilinglibAFLAlex Plaskett interviewTippingPointFlashback TeamTimestamps:(00:00:00) Introduction(00:12:45) Learning, Mentorship, and Failure(00:29:34) Pentesting and Pwn2Own(00:40:05) Hacking methodology(01:01:57) Debuggers and shells in IoT Devices(01:35:40) Differences between ZDI and HackerOne(02:02:27) Pwn2Own Steps and Stories(02:14:06) Master of Pwn Title(02:29:54) Bug reports

In the latest episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with Rogier Fischer, co-founder and CEO of Hadrian, to delve into the evolving landscape of cybersecurity. The discussion navigates through the intricacies of modern cybersecurity challenges and how Hadrian is providing innovative solutions to tackle these issues. Sean Martin sets the stage by emphasizing the importance of operationalizing cybersecurity strategies to manage risk and protect revenue. Rogier Fischer shares his journey from an ethical hacker working with Dutch banks and tech companies to co-founding Hadrian, a company that leverages advanced AI to automate penetration testing.Fischer highlights the limitations of traditional cybersecurity tools, noting they are often too passive and fail to provide adequate visibility. Hadrian, on the other hand, offers a proactive approach by simulating hacker behavior to identify vulnerabilities and exposures. The platform provides a more comprehensive view by combining various aspects of offensive security, enabling organizations to prioritize their most critical vulnerabilities.One of the key points Fischer discusses is Hadrian's event-driven architecture, which allows the system to detect changes in real-time and reassess vulnerabilities accordingly. This ensures continuous monitoring and timely responses to new threats, adapting to the ever-changing IT environments. Another significant aspect covered is Hadrian's use of AI and machine learning to enhance the context and flexibility of security testing. Fischer explains that AI is selectively applied to maximize efficiency and minimize false positives, thus allowing for smarter, more effective security assessments.Fischer also shares insights on how Hadrian assists in automated risk remediation. The platform not only identifies vulnerabilities but also provides clear guidance and tools to address them. This is particularly beneficial for smaller security teams that may lack the resources to handle vast amounts of raw data generated by traditional vulnerability scanners. Additionally, Hadrian's ability to integrate with existing security controls and workflows is highlighted. Fischer notes the company's focus on user experience and the need for features that facilitate easy interaction with different stakeholders, such as IT teams and security engineers, for efficient risk management and remediation.In conclusion, Rogier Fischer articulates that the true strength of Hadrian lies in its ability to offer a hacker's perspective through advanced AI-driven tools, ensuring that organizations not only identify but also effectively mitigate risks. By doing so, Hadrian empowers businesses to stay ahead in the ever-evolving cybersecurity landscape.Top Questions AddressedWhat drove the creation of Hadrian, and what gaps in the cybersecurity market does it fill?How does Hadrian's event-driven architecture ensure continuous risk assessment and adaptation to changing environments?How does Hadrian leverage AI and machine learning to improve the effectiveness of penetration testing and risk remediation?Learn more about Hadrian: https://itspm.ag/hadrian-5eiNote: This story contains promotional content. Learn more.Guest: Rogier Fischer, Co-Founder and CEO, Hadrian [@hadriansecurity]On LinkedIn | https://www.linkedin.com/in/rogierfischer/ResourcesView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The UK's NCSC highlights evolving cyberattack techniques used by Chinese state-sponsored actors.A severe cyberattack targets Frankfurt University of Applied Sciences. Russian government agencies fall under the spell of CloudSorcerer. CISA looks to Hipcheck Open Source security vulnerabilities. Avast decrypts DoNex ransomware. Neiman Marcus data breach exposes over 31 million customers. Lookout spots GuardZoo spyware. Cybersecurity funding surges. Our guest is Caroline Wong, Chief Strategy Officer at Cobalt, to discuss the state of pentesting and adapting to the impact of AI in cybersecurity. Scalpers Outsmart Ticketmaster's Rotating Barcodes. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Dave Bittner is joined by Caroline Wong, Chief Strategy Officer at Cobalt, to discuss the state of pentesting and adapting to the impact of AI in cybersecurity. You can learn more about the state of pentesting from Cobalt's State of Pentesting 2024 report here.  Selected Reading The NCSC and partners issue alert about evolving techniques used by China state-sponsored cyber attacks (NCSC) ‘Serious hacker attack' forces Frankfurt university to shut down IT systems (The Record) New group exploits public cloud services to spy on Russian agencies, Kaspersky says (The Record) Continued Progress Towards a Secure Open Source Ecosystem (CISA) Decrypted: DoNex Ransomware and its Predecessors (Avast Threat Labs) Neiman Marcus data breach: 31 million email addresses found exposed (Bleeping Computer) GuardZoo spyware used by Houthis to target military personnel (Help Net Security) Cybersecurity Funding Surges in Q2 2024: Pinpoint Search Group Report Highlights Year-Over-Year Growth (Pinpoint Search Group) Scalpers Work With Hackers to Liberate Ticketmaster's ‘Non-Transferable' Tickets (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest: Jack Leidecker, Chief Information Security Officer, GongLinkedIn: https://www.linkedin.com/in/leideckerHost: Dr. Rebecca WynnOn ITSPmagazine  

Guest: Gabrielle Botbol, Offensive Security Advisor, DesjardinsWebsite: https://csbygb.github.io/LinkedIn: https://www.linkedin.com/in/gabriellebotbol/Twitter/X: https://twitter.com/Gabrielle_BGBHost: Dr. Rebecca WynnOn ITSPmagazine  

The Security Weekly crew and special guest Seemant Sehgal explore what PTaaS involves, how it differs from traditional penetration testing, and why it's becoming a crucial service for companies of all sizes to protect their digital assets. We'll discuss the how PTaaS is using the latest technologies (e.g machine learning), the benefits of having a third-party service, and real-world scenarios where PTaaS has successfully thwarted potential security breaches. PTaaS can be a game-changer in enhancing your organization's security posture! This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlock to learn more about them! An exploit that makes you more secure, pardon the interruption, water heater company in hot water, IoT devices are vulnerable, Squeege and RDP scraping, free laundry for everyone!, Wifi routers and Apple Air tags, North Koreans fill US IT positions, taking out drones, the NVD backlog, IBM is no longer a security company?, and DNSBombs! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-830