Podcasts about vulnerability research

Nati Tal, Head of Guardio Labs, sits down to share their work on “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack. Guardio Labs has uncovered a critical vulnerability in the Opera browser, enabling malicious extensions to exploit Private APIs for actions like screen capturing, browser setting changes, and account hijacking. Highlighting the ease of bypassing extension store security, researchers demonstrated how a puppy-themed extension exploiting this flaw could infiltrate both Chrome and Opera's extension stores, potentially reaching millions of users. This case underscores the delicate balance between enhancing browser productivity and ensuring robust security measures, revealing the alarming tactics modern threat actors employ to exploit trusted platforms. The research can be found here: “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack Learn more about your ad choices. Visit megaphone.fm/adchoices

Consider supporting the show by joining our Patreon!

In this Risky Business News sponsored interview, Tom Uren talks to Dan Guido, the CEO of security research company Trail of Bits. Dan and Tom discuss DARPA's upcoming AI cyber challenge, in which Trail of Bits will compete to solve very difficult bug discovery challenges. They also talk about Trail of Bits' approach to making some of its own tools available to the community.

Podcast: Nexus: A Claroty Podcast (LS 31 · TOP 5% what is this?)Episode: Team82 Answers Your Vulnerability Research QuestionsPub date: 2023-12-06Team82 researchers Sharon Brizinov and Noam Moshe join the Claroty podcast for a special episode where they answer questions submitted by users. This Ask-Me-Anything style of podcast covers the team's OT and IoT vulnerability research process, resources for experienced and beginner vulnerability researchers, and insights from their point of view on the threat landscape for cyber-physical systems. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Team82 Answers Your Vulnerability Research QuestionsPub date: 2023-12-06Team82 researchers Sharon Brizinov and Noam Moshe join the Claroty podcast for a special episode where they answer questions submitted by users. This Ask-Me-Anything style of podcast covers the team's OT and IoT vulnerability research process, resources for experienced and beginner vulnerability researchers, and insights from their point of view on the threat landscape for cyber-physical systems. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Team82 researchers Sharon Brizinov and Noam Moshe join the Claroty podcast for a special episode where they answer questions submitted by users. This Ask-Me-Anything style of podcast covers the team's OT and IoT vulnerability research process, resources for experienced and beginner vulnerability researchers, and insights from their point of view on the threat landscape for cyber-physical systems. 

Nikki -  I wanted to ask you first what got you so passionate about vulnerability management - what was it that first sparked your curiousity and interest into security research?  Nikki -  You do a lot of awesome graphics and visualizations of vulnerability data from both CISA KEV and around types of CVE's - what kind of statistics do you think are most important for security practitioners to know - and on the other side, what is most important for executives to understand? Chris - You've now begun to even start to submit known exploited vulnerabilities to CISA to be added to the KEV, can you tell us about that experience, how you're identifying them and how the process has been?Chris - We talk a lot about the need for vulnerability context, going beyond CVSS and using things such as KEV and EPSS. In your work, how do you see organizations leveraging context to help vulnerability prioritization?Nikki -  We know that organizations could have a backlog of up to 10k vulnerabilities - based on some recent statistics. Where do organizations start? How do they get a handle on vulnerability management? Chris - What are some other trends you see in Vulnerability Management that organizations can use to start to get a handle on things?Chris - You've made the transition from marketing to vulnerability research, visualization and some would say industry leader. Can you speak about the journey and advice for others looking to follow a similar path?Nikki -  What's next for you - besides being the pre-eminent vulnerability researcher in this space?

Podcast: ICS Cyber Talks PodcastEpisode: Cyber Women-3: Sara Bitan D.Sc Co-Founder & CEO @CyCloak on women in cyber & PLC vulnerability researchPub date: 2023-08-22Nachshon Pincu hosts Sara Bitan D.Sc, Co-Founder and CEO at CyCloak, PLC (controllers) vulnerability researcher at Technion - Israel Institute of Technology, and Blackhat speaker, in a conversation about her experience as a woman in cyber. And the need for PLC vulnerabilities research. Way must a woman demonstrate higher abilities than a man to receive a higher initial credit? Following the previous question, you said, "A woman has to work harder than a man, there is no glass ceiling, but the road is more difficult." Why is that? You told me that when you started your studies at the Technion, 50% of the students in your class were women. Where did they disappear in the world of employment? You investigate the controller's weaknesses to show the industry, especially the controller manufacturers, their direction is wrong. Please explain. From your research, the weakness that runs through all the studies is an attack on inscription key management. Please explain in a language that we laypeople can understand. There is no technological challenge in attacking controllers; all the attacker needs, is the right motivation. How has that motivation? The window of opportunity for a direct OT attack is opening more and more, mainly because of the connection of the OT network to the corporate network and the cloud. Does this mean OT attacks can only come through the corporate network/cloud? The technological bar for cyber attacks, including OT attacks, is becoming lower than before. Attackers didn't know how to attack OT's old school. Today the situation has changed, and a new front has opened, like the attacks on Black Energy and the dam in Upstate New York. What to do? And More נחשון פינקו מארח את ד"ר שרה ביתן, ד"ר למדעים, מייסדת שותפה ומנכ"לית סייקלוק, חוקרת חולשות בקרים בטכניון ודוברת בבלאקהט, בשיחה על הניסיון שלה כאישה בסייבר. והצורך במחקר חולשות בבקרים. מדוע אישה חייבת להפגין יכולות גבוהות יותר מגבר כדי לזכות בהכרה? בעקבות השאלה הקודמת אמרת "אישה צריכה לעבוד קשה יותר מגבר, אין תקרת זכוכית, אבל הדרך יותר קשה". למה? אמרת לי שכשהתחלת את לימודיך בטכניון, 50% מהתלמידים בכיתה שלך היו נשים. לאן הם נעלמו בעולם התעסוקה? את חוקרת את החולשות של הבקר כדי להראות לתעשייה, במיוחד ליצרני הבקרים, שהכיוון שלהם שגוי. אנא הסברי? מהמחקר שלך, הבעיה שעוברת כחוט השני בכל המחקרים היא התקפה על ניהול מפתחות הצפנה, אנא הסבירי בשפה שאנו ההדיוטות יכולים להבין. "אין אתגר טכנולוגי בתקיפת בקרים, כל מה שהתוקף צריך הוא את המוטיבציה הנכונה". למי יש את המוטיבציה הזו? חלון ההזדמנויות למתקפות ישירות על מערכות תפעוליות נפתח יותר ויותר, בעיקר בגלל החיבור של הרשתות התפעוליות לרשת הארגונית ולענן. האם זה אומר שהתקפות על הסביבות התפעוליות יכולות להגיע רק דרך הרשת הארגונית או ענן? הרף הטכנולוגי למתקפות סייבר, כולל מתקפות על סביבות תפעוליות, הופך נמוך מבעבר. התוקפים לא ידעו איך לתקוף את הסביבות התפעוליות הישנות, כיום המצב השתנה, ונפתחה חזית חדשה, כמו ההתקפות על בלאק אנרג'י והסכר באפסטייט ניו יורק. מה עושים? ועודThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Nachshon Pincu hosts Sara Bitan D.Sc, Co-Founder and CEO at CyCloak, PLC (controllers) vulnerability researcher at Technion - Israel Institute of Technology, and Blackhat speaker, in a conversation about her experience as a woman in cyber. And the need for PLC vulnerabilities research. Way must a woman demonstrate higher abilities than a man to receive a higher initial credit? Following the previous question, you said, "A woman has to work harder than a man, there is no glass ceiling, but the road is more difficult." Why is that? You told me that when you started your studies at the Technion, 50% of the students in your class were women. Where did they disappear in the world of employment? You investigate the controller's weaknesses to show the industry, especially the controller manufacturers, their direction is wrong. Please explain. From your research, the weakness that runs through all the studies is an attack on inscription key management. Please explain in a language that we laypeople can understand. There is no technological challenge in attacking controllers; all the attacker needs, is the right motivation. How has that motivation? The window of opportunity for a direct OT attack is opening more and more, mainly because of the connection of the OT network to the corporate network and the cloud. Does this mean OT attacks can only come through the corporate network/cloud? The technological bar for cyber attacks, including OT attacks, is becoming lower than before. Attackers didn't know how to attack OT's old school. Today the situation has changed, and a new front has opened, like the attacks on Black Energy and the dam in Upstate New York. What to do? And More נחשון פינקו מארח את ד"ר שרה ביתן, ד"ר למדעים, מייסדת שותפה ומנכ"לית סייקלוק, חוקרת חולשות בקרים בטכניון ודוברת בבלאקהט, בשיחה על הניסיון שלה כאישה בסייבר. והצורך במחקר חולשות בבקרים. מדוע אישה חייבת להפגין יכולות גבוהות יותר מגבר כדי לזכות בהכרה? בעקבות השאלה הקודמת אמרת "אישה צריכה לעבוד קשה יותר מגבר, אין תקרת זכוכית, אבל הדרך יותר קשה". למה? אמרת לי שכשהתחלת את לימודיך בטכניון, 50% מהתלמידים בכיתה שלך היו נשים. לאן הם נעלמו בעולם התעסוקה? את חוקרת את החולשות של הבקר כדי להראות לתעשייה, במיוחד ליצרני הבקרים, שהכיוון שלהם שגוי. אנא הסברי? מהמחקר שלך, הבעיה שעוברת כחוט השני בכל המחקרים היא התקפה על ניהול מפתחות הצפנה, אנא הסבירי בשפה שאנו ההדיוטות יכולים להבין. "אין אתגר טכנולוגי בתקיפת בקרים, כל מה שהתוקף צריך הוא את המוטיבציה הנכונה". למי יש את המוטיבציה הזו? חלון ההזדמנויות למתקפות ישירות על מערכות תפעוליות נפתח יותר ויותר, בעיקר בגלל החיבור של הרשתות התפעוליות לרשת הארגונית ולענן. האם זה אומר שהתקפות על הסביבות התפעוליות יכולות להגיע רק דרך הרשת הארגונית או ענן? הרף הטכנולוגי למתקפות סייבר, כולל מתקפות על סביבות תפעוליות, הופך נמוך מבעבר. התוקפים לא ידעו איך לתקוף את הסביבות התפעוליות הישנות, כיום המצב השתנה, ונפתחה חזית חדשה, כמו ההתקפות על בלאק אנרג'י והסכר באפסטייט ניו יורק. מה עושים? ועוד

Dive into cybersecurity's captivating world with our latest episode on Vulnerability Research! Discover the secrets of ethical hackers, uncover different vulnerabilities, and explore responsible disclosure processes. Get insider tips and tricks to level up your cybersecurity knowledge. Our guest  Kevin is a renowned cybersecurity specialist and ethical hacker with years of experience and a keen eye for security flaws. Full Interview below:https://youtu.be/YURVs70d4ikOther Links:Blog Post: https://thecyberriddler.com/blog/vulnerability-research-kevin-backhouseTwitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com

We sit down with Nico Waisman to discuss vulnerability research and other security-related topics!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw777

We sit down with Nico Waisman to discuss vulnerability research and other security-related topics!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw777

Join myself (@shellsharks) and VoidSec as we discuss Exploit Development and Vulnerability Research!   Show Notes VoidSec The Shellcoder's Handbook Offensive Security | EXP-401 | AWE | OSEE Google Project Zero PrintDemon (Alex Ionescu & Yarden Shafir) VoidSec CVE-2020-1337 Zerodium Immunefi - Web3 has huge bounty payouts IDA Pro Burp Suite Professional 010 Editor Ghidra BinaryNinja The Art of Software Security Assessment RET2SYSTEMS Training Zero Day Initiative (ZDI) TrendMicro Corelan CVE North Stars Pwn2Own secret club UpdatedSecurity - Security Forum

Join myself (@shellsharks) and VoidSec as we discuss Exploit Development and Vulnerability Research! Show Notes VoidSec The Shellcoder's Handbook Offensive Security | EXP-401 | AWE | OSEE Google Project Zero PrintDemon (Alex Ionescu & Yarden Shafir) VoidSec CVE-2020-1337 Zerodium Immunefi - Web3 has huge bounty payouts IDA Pro Burp Suite Professional 010 Editor Ghidra BinaryNinja The Art of Software Security Assessment RET2SYSTEMS Training Zero Day Initiative (ZDI) TrendMicro Corelan CVE North Stars Pwn2Own secret club UpdatedSecurity - Security Forum

Jane Lo, Singapore Correspndent speaks with Zoltán Balázs, Head of Vulnerability Research at CUJO AI. CUJO AI is a company focusing on home IoT Security. Before joining CUJO AI he worked as a CTO for an AV tester company, an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes.
He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras. Zoltán has been invited to give presentations at information security conferences worldwide including DEF CON, SyScan360, SAS2018, Virusbulletin, Disobey, Deepsec, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Nopcon, Hacktivity, and Ethical Hacking. Proud OSCE. In this on-site interview at “Hack-in-the-Box” held at the Singapore Intercontinental Hotel, Zoltán gives some highlights of his presentation on “Web3 + Scams = It's a Match!” Sharing his perspective on what the Web3 world encompasses – including non-fungible tokens (NFTs) – he explains how some of the over-valuations reported in the media for NFTs may leave an impression of fraud and scams. He also points out how some of the old fashion investment scams such as “rug pulls” and “pump and dump” still plagues the Web3 world. One common tactic, such as preying on victim's “fear of missing out” (FOMO) on an attractive investment, can also be seen in the promotion of Bored Apes Yacht Club NFT collection. Zoltán also outlines a highly notable scam known as the “Squid Game” rug pull, where the combination of the ease of creating tokens, and the popularity of the Netflix TV show lured victims to put money into the fraudulent investment scheme. To avoid falling victim to one of the scams, Zoltán's advice is “take time, don't rush.” Recorded on-site at the Singapore Intercontinental Hotel in Bugis, 26th August 2022, 11am Singapore Time.

In episode 77 of The Cyber5, we are joined by our guest, Eric Lekus, Senior Manager for Threat Intelligence at Deloitte. Eric delivers for Deloitte's internal security team and is not a client-facing consultant.  We talk about how to evolve cyber threat intelligence in a SOC environment, beyond basic indicators of compromise (IOC) integration. We discuss the different stakeholders a CTI team has beyond a SOC, but also focus on what a CTI team needs to push and pull from a SOC to be relevant for a broader audience. We also outline success metrics for a CTI team. Four Takeaways: 1. Indicators of Compromise are a Baseline Activity, Not Holistic Threat Intelligence Indicators of compromise consist of known malicious IPs and domains. Stakeholders expect security teams to be doing this as a baseline. However, IPs and domains can change in the matter of seconds so it's not fruitful to only rely on IOCs to be integrated into a SIEM that alerts with other network traffic and logging.  2. A Security Operations Team Already Has A Rich Source of Baseline Activity; Enrich with Threat Intelligence Security teams should be integrating many sources of logging, such as IPs from emails, using threat intelligence to alert on malicious activity. This should then establish two-way communication where a threat intelligence team is pulling information from the SOC to enrich and provide feedback. A SOC team is generally writing tickets for alerts and a threat intelligence team can't just ask for bulk data; therefore automation to integrate into threat intelligence platforms is critical. A SOC analyst will ask, “what's in it for me” and a threat intelligence professional should address this. 3. Threat Intelligence Should be a Separate Entity from the SOC; They Have Numerous Customers The following services are generally associated with cyber threat intelligence teams. Since the SOC is a major stakeholder, the CTI usually has the following functions: Adversary infrastructure analysis Attribution analysis Dark Web tracking Internal threat hunting Threat research for identification and correlation of malicious actors and external datasets Intelligence report production Intelligence sharing (external to the organization) Tracking threat actors' intentions and capabilities Malware analysis and reverse engineering Vulnerability Research and indicator of compromise analysis (enrichment, pivoting, and correlating to historical reporting) 4) Success for Security Teams Means Reducing Risk Through Outcomes Regardless of who the stakeholders are in an organization, improving security should be focused around reducing risk and influencing outcomes for disrupting actors. This should be accomplished in alignment with the executive team and the culture of the organization. Showing how you are reducing risk over time is what makes threat intelligence teams successful in the eyes of business executives. 

Show Notes: NSO: https://www.zdnet.com/article/commerce-dept-sanctions-nso-group-positive-technologies-and-more-for-selling-spyware-and-hacking-tools/https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/ https://www.theverge.com/2021/12/21/22848485/pegasus-spyware-jamal-khashoggi-murder-nso-hanan-elatr-new-analysis https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/https://www.theguardian.com/us-news/2021/nov/08/nso-israeli-spyware-company-whatsapp-lawsuit-ruling https://www.wired.com/story/nso-group-forcedentry-pegasus-spyware-analysis/https://citizenlab.ca/2018/11/mexican-journalists-investigating-cartels-targeted-nso-spyware-following-assassination-colleague/ Offensive Cyber Capabilities https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/a-primer-on-the-proliferation-of-offensive-cyber-capabilities/ Coseinc: https://risky.biz/RB310/

Cyber policy papers: https://docs.google.com/spreadsheets/d/1pnISykZe1nn1wwWBJRiaxYaqDoj4ADeBtsoUL41Hw2Y/edit?usp=drive_web&ouid=116612216017356103570The Modern Mercenary: https://www.amazon.com/Modern-Mercenary-Private-Armies-World/dp/0199360103

Edward Wu, senior principal data scientist at ExtraHop, joins Dave to discuss the company's research, "A Technical Analysis of How Spring4Shell Works." ExtraHop first noticed chatter from social media in March of 2022 on a new remote code execution (RCE) vulnerability and immediately started tracking the issue. In the research, it describes how the exploit works and breaks down how the ExtraHop team came to identify the Spring4Shell vulnerability. The research describes the severity of the vulnerability, saying, "The impact of an RCE in this framework could have a serious impact similar to Log4Shell." The research can be found here: How the Spring4Shell Zero-Day Vulnerability Works

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/getting-into-vulnerability-research-and-a-fuse-use-after-free.html We are joined by Cts for a discussion about getting into vulnerability research and some thoughts about the higher-level bug hunting process, then a look at some black-box fuzzing of MS Defender for IoT and a FUSE use-after-free. [00:00:44] Spot the Vuln - What do I need? [00:03:11] Discussion: Getting into Vulnerability Research [00:39:43] Inside the Black Box - How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities [00:43:25] FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes [00:46:51] FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

Continuing the “Kenna 101” series over at Talos Takes, Ed Bellis re-joins the show to talk about patching and mitigation strategies. So far, we've talked about how to tell when you should take a CVE seriously. But what if there's no patch for it? Or what if you have to patch 50 vulnerabilities in the same product? We talk about how Kenna can help security teams of all sizes prioritize their patching strategies and create mitigation strategies in the worst-case scenario. For the other entries in our Kenna 101 series, listen here and here.

Michael is Co-Founder and CTO at Five Sigma, an InsurTech company helping insurers optimize claims handling processes using data. Previously, Michael was leading R&D teams within the Prime Minister's office. Michael worked on multiple groundbreaking projects, including one that has received the "Israel Defense Prize". Michael is a data science and math enthusiast with a BSC and MSC in mathematics from Bar Ilan University.

We mainly spend this episode doing some catching up because it's been a while since we recorded. But on the actual, helpful, front, we discuss a recently released list of the vulnerabilities that are most often exploited in the wild, according to the U.S. Cybersecurity and Infrastructure Security Agency. It's particularly interesting to compare the lists from 2020 and 2021 to see how threat actors have changed up their tactics and parse through all the information to tell you what you need to know. It's also important to question these types of reports and how helpful they are to defenders. This is also a great episode for any Snort fans out there who are interested in the old days of writing rules for some Y2K-era malware.

Guest Jake Valletta, Director of Professional Services at Mandiant, joins Dave to talk about the critical vulnerability Mandiant disclosed that affects millions of IoT devices. Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant's Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow an adversary to remotely control affected devices. The research can be found here: Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices

דע את האויב שיחה מרתקת עם עודד וענונו מבכירי חוקרי הסייבר בעולם וראש מחקר חולשות מוצרים בצ'ק פוינט על תוקפים, פשעי סייבר והתגוננות.   Know the Enemy A fascinating conversation with Oded Vanunu, one of the top cyber researchers in the world and the head of products vulnerability research @Check Point on attackers, cybercrime, and defense.

הרצאה מרתקת של עודד וענונו ראש מחקר חולשות בצ'קפוינט על עולם פשעי הסייבר 2021 עם הסבר על מבנה הסינדיקטים, אופן הפעולה ומפני מה צריך להתגונן ההרצאה מתוך כנס פתרונות הגנת סייבר לתעשייה יולי 2021 בהשתתפות חיון טכנולוגיות, צ'קפוינט ולקלארוטי A fascinating speech by Oded Vanunu, Head of products vulnerability research Check Point Software Technologies, Ltd. on the world of cybercrime 2021, explaining the syndicates' structure, their operations, and what to defend against. A Speech from the Cyber Protection Solutions Conference for ICS Cybersecurity July 2021 with, Check Point Software Technologies, Ltd., and Claroty.

Amol Naik is a CISO at an Indian Ed-Tech company. He has about 16+ years of experience and has led multiple teams in both the offensive and defensive side of security. Apart from helping and building a security program for organizations, he finds his interests in Security Research, Bug Bounties, Vulnerability Research and Exploit Development. He is also an author of a playground focused on learning the exploitation of client-side web vulnerabilities - Bodhi. He is an active member at various Infosec Communities and has also been a speaker & trainer at multiple conferences like NullCon, c0c0n & Ground Zero Summit. In case you want to reach out to him, you can find him on twitter by the handle @amolnaik4.

It's one of the more controversial topics within the information security realm - vulnerability research. It's the practice of pulling software and services apart and finding how they were put together incorrectly. What you do with that research, whether it be submitting to a bug bounty, responsibly disclosing, or selling the information on an exploit broker, can seriously impact individuals and corporations. It's an interesting topic with compelling arguments on most sides, and we're going to dig into the details here today.

Episode 4 – Kelly Todd of the CVE Program interviews security researcher Larry Cashdollar about how he got started researching vulnerabilities and his experiences over the years, how he became the CVE Program's first-ever independent vulnerability researcher CVE Numbering Authority (CNA), best practices, and the benefits of being able to assign his own CVE IDs to the vulnerabilities he discovers. CVE - https://cve.mitre.org/ Larry Cashdollar - https://twitter.com/_larry0

Our rockstars are also dot-connectors, community creators and story tellers. Bill Nelson, CEO and Chairman of the Global Resilience Federation (GRF) joins us to talk about cybersecurity communities created around the world to share information and improve the resilience of entire industries and verticals. Bill has travelled the planet carrying this community message and has countless anecdotes to share. Before joining the GRF, He led the Financial Services Information Sharing and Analysis Center (FS-ISAC) with an impressive growth that led him to become a point of reference in the IT world, and was also an executive VP at NACHA, leading the evolution of electronic payments across institutions. He chose "I can get no satisfaction" from the Stones. A classic!/ Find Bill here: https://www.linkedin.com/in/bill-nelson-6b4b174/ Flexera sponsors this podcast. To learn more about their Vulnerability Research, visit https://www.flexera.com/products/operations/software-vulnerability-research.html

Interested in criminal law and vulnerability theory? Ever wanted to join or create a research network? Learn from Dr. Roxanna Dehaghani about the birth and benefits of the new British Society of Criminology Vulnerability Research Network! Dr. Dehaghani's Profile: https://www.cardiff.ac.uk/people/view/924047-dehaghani-roxanna Dr. Dehaghani's SSRN Page: https://papers.ssrn.com/sol3/cf_dev/AbsByAuth.cfm?per_id=2612536 Website: https://www.britsoccrim.org/networks/vrn/

Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix about one in ten of those vulnerabilities. But as a security practitioner you still need to keep your organization secure, so how do you do that when you can’t possibly fix ALL of your vulnerabilities? Ed Bellis will: Review what years of joint research into vulnerability management with the Cyentia Institute uncovered about the scope of the challenge A breakdown in performance factors by industry and platforms Lay out several factors that drive better remediation performance Provide a deeper understanding on the scope of exposures and how risk informs remediation strategies   This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw203

Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix about one in ten of those vulnerabilities. But as a security practitioner you still need to keep your organization secure, so how do you do that when you can’t possibly fix ALL of your vulnerabilities? Ed Bellis will: Review what years of joint research into vulnerability management with the Cyentia Institute uncovered about the scope of the challenge A breakdown in performance factors by industry and platforms Lay out several factors that drive better remediation performance Provide a deeper understanding of the scope of exposures and how risk informs remediation strategies   This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw203

Alissa Knight returns as the first ever three-peat Cyber Work guest, and the topic this week is — herself! Recorded at the end of pride month, Alissa talks about the benefits of diversity and inclusion when it comes to cybersecurity, her work hacking Bluetooth LE smart devices, her new company Knight Ink and a concept she’s created called “adversarial content.”– Enter code “cyberwork” to get 30 days of free training with Infosec Skills: https://www.infosecinstitute.com/skills/– View transcripts and additional episodes: https://www.infosecinstitute.com/podcastAlissa Knight is a published author, the managing partner at Knight Ink, principal analyst at Alissa Knight & Associates and group CEO at Brier & Thorn. She is a recovering hacker of 20 years and as a serial entrepreneur has started and sold two companies prior to her ventures she runs now. Alissa is a cybersecurity influencer working for market leaders and challenger brands in cybersecurity as a content creator. Follow her on Twitter and LinkedIn, and subscribe to her YouTube channel to follow her adventures in entrepreneurship and cybersecurity.– YouTube: https://www.youtube.com/channel/UCejZj1i5m_UlwPqu_7IqBwQ– Twitter: https://twitter.com/alissaknight?lang=en– LinkedIn: https://www.linkedin.com/in/alissaknight/About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

From not being able to get himself a second-hand bicycle to being financially free at 26, Manish is one of the most inspiring people I have met in my life. He's one of the best bug bounty experts in the world and has worked with Google, Facebook, and a bunch of startup in Silicon Valley. He talks more about financial freedom in his latest TedX talk. His story has been featured in YourStory, ScoopWhoop, Storypick, and many others. He's shared about his bug bounty experiences in his quora answers and his website, he also happens to be one of the first 60 Tech Scholars to get attend Plaksha Tech Fellowship, which is one of its kind in India. I had the privilege to meet him a couple of years ago and finally got the opportunity to record this podcast where we cover everything on how his intention to pay his student debt made introduced him to internet security and changed his life. We get deeper in how one can find themselves and do deliberate practice to become an expert in any domain. This podcast is for all dreamers who want to achieve greatness and learn how to start that journey from scratch. Please support this podcast by sharing it with your friends and rate us on Spotify, iTunes or wherever you're listening. Receive my weekly Newsletter where I share some amazing lessons and exercises to help you become your best version http://shreyabadonia.com/ --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app

Welcome to podcast 338. I catch up with you on my workings on the Braille Transcription course and the work I'm doing with it now. After that, we bring you the IHS vulnerability research webinar from December 2019. I thought I had the link to the blog post talking about this webinar, but I guess I didn't post it unfortunately. I've posted some but need to do a better job on it. If this wasn't december's, it must be November's, but be that as it may, its a great webinar. My contact information is made available at the end of the program as usual, and thanks so much for reading and participating on the blog!

Researchers at McAfee's Advanced Threat Research Team recently published the results of their investigation into a popular VOIP system, where they discovered a well-know, decade-old vulnerability in open source software used on the platform.  Steve Povolny serves as the Head of Advanced Threat Research at McAfee, and he joins us to share their findings. The original research can be found here: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware/ The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.

Tensions in the Gulf are accompanied by an increase in cyber optempo. A warning about vulnerable airliner avionics. Phishing is moving to the cloud, and so is ransomware. Android’s August patches address important Wi-Fi issues. An EU court decision clarifies data responsibilities. The US bans contractors from dealing with five Chinese companies. Bogus Equifax settlement sites are established for fraud. Our guests are both offering insights and observations from this year’s Black Hat conference. Matt Aldridge is from Webroot and Bob Huber is CSO at Tenable.

LeetSpeak with Alissa Knight Episode 9: Bounty Hunters, Bugcrowd, The End of Penetration Testing, and Crowd Sourced Vulnerability Research In this 9th Episode of LeetSpeak, I interview Casey Ellis, Founder and CTO of Bugcrowd. Together, we discuss crowd sourced vulnerability research, bounty hunters, and the end of the penetration testing as we know it.

Recorded 3/29/18 - Joel is sitting out this week and Bill Largent from the Outreach team fills in. We are pretty sure he was just wrong late trying to live on Joel Mean Time, which is now a GitHub project thanks to Moses (link below). We cover a wide range in this episode, so stay with us! We chat about the Talos Threat Research Summit coming in June, we wonder where the carrots to match the sticks in security are, and the value of finding your own damn vulns. The last part of the show starts with discussing GoScanSSH which ends up being a discussion on the larger battle for the edge.

Bastille provides full visibility into the known and unknown mobile, wireless and Internet of Things (IoT) devices inside an enterprise's corporate airspace. Together known as the Internet of Radios. Director of Vulnerability Research at Bastille Networks, Balint Seeber talks about his company's signature software-defined radio and machine learning technology. Bastille senses, classifies and localizes threats, granting security teams the aptitude to precisely measure risk and control airborne weaknesses that could pose a danger to network framework. Make sure to subscribe, review and stay tuned to Future Tech Podcast for more on Future Tech news. Contribute Bitcoin to fuel our interviews and keep us going!

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Collin-Anderson-Tom-Cross-Export-Controls-on-Intrusion-Software.pdf Do Export Controls on “Intrusion Software” Threaten Vulnerability Research? Tom Cross aka Decius CTO, Drawbridge Networks Collin Anderson Independent Researcher At the end of 2013, an international export control regime known as the Wassenaar Arrangement was updated to include controls on technology related to “Intrusion Software" and “IP Network Surveillance Systems." Earlier this year, the US Government announced a draft interpretation of these new controls, which has kicked off a firestorm of controversy within the information security community. Questions abound regarding what the exact scope of the proposed rules is, and what impact the rules might have on security researchers. Is it now illegal to share exploit code across borders, or to disclose a vulnerability to a software vendor in another country? Can export controls really keep surveillance technology developed in the west out of the hands of repressive regimes? This presentation will provide a deep dive on the text of the new controls and discuss what they are meant to cover, how the US Government has indicated that it may interpret them, and what those interpretations potentially mean for computer security researchers, and for the Internet as a whole. Tom Cross is the CTO of Drawbridge Networks. He is credited with discovering a number of critical security vulnerabilities in enterprise class software and has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. Tom was previously Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has spoken at numerous security conferences, including DEF CON, Blackhat Briefings, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides. Twitter: @_decius_ Collin Anderson is a Washington D.C.-based researcher focused on measurement and control of the Internet, including network ownership and access restrictions, with an emphasis on countries that restrict the free flow of information. Through open research and cross-organizational collaboration, these efforts have included monitoring the international sale of surveillance equipment, identifying consumer harm in disputes between core network operators, exploring alternative means of communications that bypass normal channels of control, and applying big data to shed new light on increasingly sophisticated restrictions by repressive governments. These involvements extend into the role of public policy toward promoting online expression and accountability, including regulation of the sale of surveillance technologies and reduction of online barriers to the public of countries under sanctions restrictions. Twitter: @cda

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Hariri-Spelman-Gorenc-Abusing-Adobe-Readers-JavaScript-APIs.pdf Abusing Adobe Reader’s JavaScript APIs Brian Gorenc Manager, HP’s Zero Day Initiative Abdul-Aziz Hariri Security Researcher, HP’s Zero Day Initiative Jasiel Spelman Security Researcher, HP’s Zero Day Initiative Adobe Reader’s JavaScript APIs offer a rich set of functionality for document authors. These APIs allow for processing forms, controlling multimedia events, and communicating with databases, all of which provide end-users the ability to create complex documents. This complexity provides a perfect avenue for attackers to take advantage of weaknesses that exist in Reader’s JavaScript APIs. In this talk, we will provide insight into both the documented and undocumented APIs available in Adobe Reader. Several code auditing techniques will be shared to aid in vulnerability discovery, along with numerous proofs-of-concept which highlight real-world examples. We’ll detail out how to chain several unique issues to obtain execution in a privileged context. Finally, we’ll describe how to construct an exploit that achieves remote code execution without the need for memory corruption. Brian Gorenc is the manager of Vulnerability Research with Hewlett-Packard Security Research (HPSR). In this role, Gorenc leads the Zero Day Initiative (ZDI) program, which is the world’s largest vendor-agnostic bug bounty program. His focus includes analyzing and performing root-cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. The ZDI works to expose and remediate weaknesses in the world’s most popular software. Brian is also responsible for organizing the ever-popular Pwn2Own hacking competitions. Prior to joining HP, Gorenc worked for Lockheed Martin on the F-35 Joint Strike Fighter (JSF) program. In this role, he led the development effort on the Information Assurance (IA) products in the JSF’s mission planning environment. Twitter: @maliciousinput Abdul-Aziz Hariri is a security researcher with Hewlett-Packard Security Research (HPSR). In this role, Hariri analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero Day Initiative (ZDI) program, which is the world's largest vendor-agnostic bug bounty program. His focus includes performing root-cause analysis, fuzzing and exploit development. Prior to joining HP, Hariri worked as an independent security researcher and threat analyst for Morgan Stanley emergency response team. During his time as an independent researcher, he was profiled by Wired magazine in their 2012 article, “Portrait of a Full-Time Bug Hunter”. Twitter: @abdhariri Jasiel Spelman is a vulnerability analyst and exploit developer for the Zero Day Initiative (ZDI) program. His primary role involves performing root cause analysis on ZDI submissions to determine exploitability, followed by developing exploits for accepted cases. Prior to being part of ZDI, Jasiel was a member of the Digital Vaccine team where he wrote exploits for ZDI submissions, and helped develop the ReputationDV service from TippingPoint. Jasiel's focus started off in the networking world but then shifted to development until transitioning to security. He has a BA in Computer Science from the University of Texas at Austin. Twitter: @wanderingglitch HP’s Zero Day Initiative, Twitter: @thezdi

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Yaniv-Balmas-Lior-Oppenheim-Key-Logger-Audio-Mouse.pdf Key-Logger, Audio, Mouse — How To Turn Your KVM Into a Raging Key-logging Monster Yaniv Balmas Security Researcher, Check Point Software Technologies Lior Oppenheim Security Researcher, Check Point Software Technologies Key-Loggers are cool, really cool. It seems, however, that every conceivable aspect of key-logging has already been covered: from physical devices to hooking techniques. What possible innovation could be left in this field? Well, that's what we used to think too. That is until we noticed that little grey box sitting there underneath a monitor, next to yesterday's dirty coffee cup. The little grey box that is most commonly known as 'KVM'. The talk will tell the tale of our long journey to transform an innocent KVM into a raging key-logging monster. We will safely guide you through the embedded wastelands, past unknown IC's, to explore uncharted serial protocols and unravel monstrous obfuscation techniques. Walking along the misty firmware woods of 8051 assembly we will challenge ambiguous functions and confront undebuggable environments. Finally, we will present a live demo of our POC code and show you that air-gapped networks might not be as segregated as you imagined. You will witness that malware code could actually reside outside your computer, persisting through reboots, wipes, formats, and even hardware replacements. You might laugh, you might cry, but one thing is certain - you will never look at your KVM the same as before. Yaniv is a software engineer and a seasoned professional in the security field. He wrote his very first piece of code in BASIC on the new Commodore-64 he got for his 8th birthday. As a teenager, he spent his time looking for ways to hack computer games and break BBS software. This soon led to diving into more serious programming, and ultimately, the security field where he has been ever since. Yaniv is currently working as a security researcher and deals mainly with analyzing malware and vulnerability research Twitter: @ynvb Lior Oppenheim is a vulnerability researcher in the Malware and Vulnerability Research group at Check Point Software Technologies. Oppenheim was trained and served in an elite technological unit performing security research in the IDF. In his spare time, he loves tap dancing, reversing, playing his guitar and pwning embedded devices. Twitter: @oppenheim1

Slides here; https://defcon.org/images/defcon-22/dc-22-presentations/Gorenc-Molinyawe/DEFCON-22-Brian-Gorenc-Matt-Molinyawe-Blowing-Up-The-Celly-UPDATED.pdf Blowing up the Celly - Building Your Own SMS/MMS Fuzzer Brian Gorenc ZERO DAY INITIATIVE, HP SECURITY RESEARCH Matt Molinyawe ZERO DAY INITIATIVE, HP SECURITY RESEARCH Every time you hand out your phone number you are giving adversaries access to an ever-increasing attack surface. Text messages and the protocols that support them offer attackers an unbelievable advantage. Mobile phones will typically process the data without user interaction, and (incorrectly) handle a large number of data types, including various picture, audio, and video formats. To make matters worse, you are relying on the carriers to be your front line of defense against these types of attacks. Honestly, the mobile device sounds like it was custom built for remote exploitation. The question you should be asking yourself is: How do I find weaknesses in this attack surface? This talk will focus on the "do-it-yourself" aspect of building your own SMS/MMS fuzzer. We will take an in-depth look at exercising this attack surface virtually, using emulators, and on the physical devices using OpenBTS and a USRP. To help ease your entry into researching mobile platforms, we will examine the messaging specifications along with the file formats that are available for testing. The value of vulnerabilities in mobile platforms has never been higher. Our goal is to ensure you have all the details you need to quickly find and profit from them. Brian Gorenc is the manager of Vulnerability Research in HP's Security Research organization where his primary responsibility is running the world’s largest vendor-agnostic bug bounty program, the Zero Day Initiative (ZDI). He’s analyzed and performed root cause analysis on hundreds of zero-day vulnerabilities submitted by ZDI researchers from around the world. Brian is also responsible for organizing the ever-popular Pwn2Own hacking competitions. Brian’s current research centers on discovering new vulnerabilities, analyzing attack techniques, and identifying vulnerability trends. His work has led to the discovery and remediation of numerous critical vulnerabilities in Microsoft, Oracle, Novell, HP, open-source software, SCADA systems, and embedded devices. He has also presented at numerous security conferences such as Black Hat, DEF CON, and RSA. Matt Molinyawe is a vulnerability analyst and exploit developer for HP’s Zero Day Initiative (ZDI) program. His primary role involves performing root cause analysis on ZDI submissions to determine exploitability. He was also part of HP’s winning team at Pwn2Own/Pwn4Fun who exploited Internet Explorer 11 on Windows 8.1 x64. Prior to being part of ZDI, he worked at L-3 Communications, USAA, and General Dynamics – Advanced Information Systems. In his spare time, he was also a 2005 and 2007 US Finalist as a Scratch DJ. He also enjoys video games and has obtained National Hero status in QWOP and beat Contra using only the laser without dying a single time. Matt has a B.S. in Computer Science from the University of Texas at Austin.