Exploring Information Security - Exploring Information Security

Summary: Timothy De Block is joined by Shane McCombs and John McCombs of the Innocent Lives Foundation (ILF), Josh Huff and Rev3Dood who volunteer their time with ILF, as they delve into an adventurous and charitable whiskey barrel pick trip from April 2024. This live episode gives an insider’s look into the process of selecting exclusive bourbon barrels and the exciting world of whiskey enthusiasts. From Four Roses to Starlight Distillery, Tim and the team explore unique blends, share laughs, and reflect on how each sip supports a meaningful cause. In this Episode, You’ll Learn: The Origins of ILF's Barrel Pick Club: Learn about how the passion for whiskey and charity combined to form this unique fundraising avenue for the ILF. The Complexity of Barrel Picking: Discover why selecting a barrel involves more than just a good taste – it requires considering the community’s preferences, uniqueness, and the impact on the ILF mission. Inside Four Roses & Starlight Distilleries: Hear about the in-depth tours, the science of barrel aging, and the behind-the-scenes processes that make these distilleries so iconic. Unique Barrels and Bottles: Highlights include details on Four Roses’ single-tier rickhouses, rare yeast strains, and the exceptional Starlight Mizunara cask, a rarity in the whiskey world. The Auction and Community Impact: John McCombs from ILF explains how the auction supports ILF and offers tips for placing bids on exclusive bottles. Memorable Moments: Whiskey Tasting: A breakdown of tasting notes for Four Roses and Starlight bottles, featuring everything from minty finishes to complex layers of caramel, chocolate, and spices. Funny Stories: From almost puking in a 15-passenger van to accidental whiskey spills, Tim and the team share some hilarious moments from their trip. Chris Hadnagy’s Unique Taste: Chris’s love for scotch sets him apart as he humorously describes notes like “pine sol” that others struggle to find. Auction Information: The auction, hosted by Unicorn Auctions, is open for two weeks, and all proceeds go to supporting ILF’s mission. Bids can be placed on unique bottles hand-picked by the ILF team, with Unicorn waiving all fees to maximize impact. Check out the auction site for updates and be ready to place your bids! Connect with ILF: Innocent Lives Foundation: Innocent Lives Foundation Website Follow on Instagram: @innocentlivesfoundation

Summary: In this episode of Exploring Information Security, host Timothy De Block sits down with Thomas Ritter, a seasoned attorney specializing in cybersecurity and privacy law, to discuss the often-overlooked legal complexities surrounding incident response (IR). From breach terminology to ransomware negotiations, Ritter shares insights from his years of experience navigating legal pitfalls that can arise when responding to security incidents. Key Takeaways: Understanding "Incident" vs. "Breach": Ritter emphasizes the importance of careful communication within an organization during a security incident. Misusing legally significant terms, like "breach," can lead to premature obligations, such as breach notifications, which may have serious consequences for an organization. Attorney-Client Privilege in IR: External counsel's role can extend attorney-client privilege over critical aspects of IR, including the involvement of forensic specialists. This protection can prove essential if an incident escalates into litigation. Ransomware Negotiation Nuances: With ransomware incidents on the rise, Ritter provides a detailed look at the negotiation process, advising organizations to work with professional negotiators. He recounts instances where attackers leveraged knowledge of clients' cyber insurance coverage to increase ransom demands. Tabletop Exercises for IR Preparedness: Ritter highlights the value of tabletop exercises, especially involving executive leadership. He notes that regular, comprehensive drills help organizations refine incident response policies and minimize legal exposure during actual incidents. Navigating Class Action Exposure: As data breaches often trigger class action lawsuits, organizations must take steps to prepare, including consulting legal professionals to reduce risk through privilege-protected documentation. Resources Mentioned: International Association of Privacy Professionals (IAPP): A valuable source for privacy and security trends. Cybersecurity Law Report: An in-depth publication on current legal issues in cybersecurity. Ritter Gallagher Blog: Thomas Ritter’s firm provides regular insights on emerging legal topics in cybersecurity. About Our Guest: Thomas Ritter is a cybersecurity and privacy attorney at Ritter Gallagher, where he focuses on helping organizations navigate the legal landscape of security incidents and data breaches. For more information, or to get in touch, visit RitterGallagher.com or email Thomas directly at thomas@rittergallagher.com.

Around this time each year the SANS Holiday Hack Challenge releases under the direction of Ed (@edskoudis) and instructor with the SANS institute. This year Santa has been kidnapped and it’s up to use to figure out who did it and save Christmas. The challenge is for new people in infosec, and for those who have been in the industry for many years. As Ed notes in the episode it is even for children. The challenge itself has been around for years and several past years are still available for people to go through.

ShowMeCon is one of my favorite security conferences. The organizers are awesome and take care of their speakers like no other conference. The venue is fantastic. The content is mind blowing. I can't say enough good things about the even that Dave and Renee Chronister put on every year in St. Louis, Missouri. They know how to put on a conference. Regular listeners of the podcast will note that I recorded an episode with Dave on ShowMeCon several weeks ago. After that recording he asked if I was interested in doing a recording at the conference. I said yes and thus the birth of this epic episode. This format is experimental. First, it is marked as explicit, because there is swearing. Second, It's over 90 minutes long. I didn't think breaking it up into four or five pieces would serve the recording well. Send me your feedback good or bad on this episode, because I'd like to do more of these. I would really like to hear it for this episode.

Amanda was charged with setting up a security awareness program for her company from scratch. Setting up a security awareness program is hard work, making it effective is even harder, but Amanda rose to the challenge and came up with some creative ways to help fellow employees get a better handle on security.

Summary: In this episode, Dave Chronister, founder of Parameter Security and ShowMeCon, shares valuable insights into the world of penetration testing (pentesting). Listeners will learn about the differences between vulnerability assessments and penetration tests, what red teaming is, and why organizations should lean towards white-box pentests. Dave and Tim discuss how to avoid common pitfalls when engaging with pentest companies, the importance of rules of engagement, and how to ensure you're getting a high-quality test. Dave also shares stories from his 17+ years in the field, illustrating the critical lessons organizations need to understand. Key Topics Covered: Difference between vulnerability assessments and penetration tests. Red teaming vs. penetration testing: When and why to use each. How to choose the right pentest company. The importance of setting clear rules of engagement. Real-world examples of pentesting gone wrong.

Summary: In this timely episode of Exploring Information Security, host Timothy De Block is joined by Pieter Arntz from Malwarebytes to discuss the growing threat of election-related scams. With election season upon us, scammers are becoming more active, and this episode dives deep into how these scams work, what tactics scammers use, and how to protect yourself from falling victim. You can check out Pieter’s article How To Avoid Election Related Scams at the Malwarebytes blog. Key Topics: Seasonal Scams: Scams are often timed with key events, including elections, holidays, and tax season. Pieter discusses how scammers shift focus from elections to events like Black Friday or Christmas. Common Election Scams: Scammers often target voters through text messages, social media, and robocalls, attempting to steal personal information or solicit fake donations. Mobile Devices as a Target: With more focus on mobile devices, Android and Apple users are increasingly targeted through phishing texts and malicious links. Social Engineering: Scammers manipulate users by pretending to represent political parties, asking for donations, or engaging in online discussions to steal information. Detecting Scams: Pieter and Timothy offer practical advice on identifying scam messages, such as unsolicited communications, urgency in messaging, and phishing links with suspicious domains (e.g., .xyz, .top). Who’s Behind These Scams?: The episode touches on the actors behind the scams, ranging from cybercriminal gangs to state actors, and how they profit from fraudulent activities. Scams Beyond Elections: While elections are a prime target, natural disasters and other events are also exploited by scammers to steal donations and personal information. Privacy Concerns: A survey revealed that 3% of people are hesitant to vote due to privacy concerns, highlighting the critical need for secure election processes. Key Takeaways: Be Wary of Unsolicited Messages: If you receive unsolicited texts or emails, always double-check the source before acting. Election scams often use urgency to push people into making hasty decisions. Verify Political Donations: Only donate through verified websites. Scammers frequently clone official websites to trick people into giving money to fraudulent causes. Protect Your Personal Information: Avoid sharing personal details through unofficial or unfamiliar channels. Scammers can use this information for identity theft or phishing attacks. Report Scams: If you suspect a scam, report it to organizations like the FTC or the FBI to help others stay safe. Resources Mentioned: Report Fraud – Federal Trade Commission’s fraud reporting site. Do Not Call Registry – Sign up to reduce unwanted calls. National Association of Secretaries of State – Provides resources on election security. FBI Alerts – Stay updated on the latest scams from the FBI.

Summary: In this episode, Jennifer VanAntwerp shares her journey of sobriety and how it inspired her to create the Sober in Cyber community. They discuss the challenges of navigating industry events saturated with alcohol, tips for staying sober, and how the younger generation's attitude towards alcohol is changing. Jennifer also emphasizes the importance of offering alternative options at events and how the sober community is growing in cybersecurity. Key Topics Covered: Jennifer's personal journey of 23 years of sobriety. The impact of alcohol at cybersecurity conferences. Tips for avoiding pressure to drink at social events. The role of Sober in Cyber in creating inclusive, alcohol-free spaces. How companies can support sober individuals. Resources Mentioned: Sober in Cyber Mental Health Hackers Get Involved: Join the Sober in Cyber Discord community to connect with others in the industry who are sober or looking to reduce alcohol consumption Follow Sober in Cyber on social media for updates on events and community resources

Summary: In this episode, Timothy De Block chats with Renee DiResta about the role of disinformation in elections, particularly as we approach the 2024 cycle. Renee discusses her work in tracking narratives across social media, how state actors like Russia and Iran manipulate public opinion, and the growing importance of platform integrity in identifying inauthentic behavior. Key Topics: The Evolution of Propaganda: How modern disinformation connects to historical propaganda efforts. State-Sponsored Disinformation: Tactics used by Russia, Iran, and China in shaping election narratives. Platform Integrity Teams: How social media platforms now combat disinformation networks. Disinformation Trends: Recurring themes in election-related rumors, such as false claims about voter fraud. The Role of Social Media: How users, not just state actors, influence and spread misinformation. Recommended Resources: Digital Forensics Research Lab (DFR Lab) Stanford Journal of Trust and Safety

In this episode, Timothy De Block and Jonathan Singer dive into the challenges of modern enterprise security. The conversation covers how organizations—using McDonald's as an example—face threats from both digital and physical vectors. They explore how hackers might exploit everything from public Wi-Fi to social engineering tactics and touch on the evolving role of security leaders in dealing with both controllable and uncontrollable risks. Key Topics: Digital & Physical Attack Vectors: Discussion on hacking tactics such as public Wi-Fi, kiosk vulnerabilities, API exploitation, and social engineering. Security Beyond the Firewall: Why enterprise security involves more than just digital defense—physical security, insider threats, and brand manipulation also pose risks. The Growing Complexity of Security: How new technologies, like IoT devices and AI, are adding layers of complexity to enterprise security. Insider Threats & Social Engineering: The impact of internal threats, from disgruntled employees to social engineering attacks, on large organizations. Rapid-Fire Hacking Vectors: Public Wi-Fi Self-service kiosks Badge cloning Typo-squatting for domains Supply chain dependencies Insider threats

In this episode, Timothy De Block chats with Ben Burkert about the challenges of managing internal certificate authorities (CAs) and certificates. Ben shares his experiences working with internal CAs at major companies and how those challenges inspired the creation of Anchor.dev. Key Topics: The Importance of Certificates: Ben explains how certificate mismanagement can lead to outages and business interruptions, and why automation is crucial. TLS and ACME: Understanding how TLS secures communications and how ACME clients automate certificate management. Anchor.dev: A cloud service that simplifies internal CA management and helps companies secure their internal networks with automated renewals and distribution. LCL Host: A tool from Anchor.dev that enables HTTPS in local development environments, improving deployment workflows.

Tim (@LaNMaSteR53) is one of the leading names within the application security field. A former instructor for many organizations, he wanted to do more with training. He wanted to provide attendees to training with more hands on work. Get into an application, exploit it, and then provide remediation steps. He came up with the PWAPT training.

Samy (@samykamkar) shouldn't need too much of an introduction to most people. He's been in the news for hacking garage doors, credit cards, cars, and much much more. Samy likes to hack things and has a knack for finding vulnerabilities in everything from locked machines to wireless doorbells. His site has the full list of vulnerabilities as well as videos and press appearances. Which made him the perfect guess for talking about how to find vulnerabilities. In this episode we discuss: how Samy got started; what is a vulnerability; what skills are needed; how he decides his next project; steps to finding vulnerabilities; what he does when he discovers a vulnerability; how long the process takes.

Episode Summary: Patrick Gray, the host of the Risky Business podcast, shares how he transitioned from a tech journalist to a leading voice in cybersecurity podcasting. Patrick discusses the origins of his podcast, the evolution of his content, and how he maintains integrity with sponsors. He also offers advice for aspiring podcasters on focusing on the audience and using the right tools. Key Topics: The unexpected inspiration behind Risky Business. Moving from general tech journalism to focused security content. The importance of understanding technical details in reporting. The growth of the Risky Business team and their venture into video content. Navigating sponsorships while maintaining editorial independence. Advice for new podcasters: prioritize your audience and use the right tools.

Summary: In this episode, Timothy De Block sits down with Ralph Collum, a cybersecurity educator with over a decade of experience in the field. They delve into Ralph's career journey, discussing his transition from a chemist to a cybersecurity professional and the various roles he's taken on, including server administration, auditing, and penetration testing. Ralph shares insights on the importance of soft skills, continuous learning, and the evolving landscape of cybersecurity. Key Topics Discussed: Ralph’s Career Journey The Impact of the Pandemic on Cybersecurity Groups Getting Into Cybersecurity The Role of Soft Skills in Cybersecurity The Impact of AI on Cybersecurity Careers Resources and Recommendations Resources Mentioned: Books: The Code to the Dead Cow Joseph Menn Spam Nation by Brian Krebs The Art of Invisibility by Kevin Mitnick Social Engineering: The Science of Human Hacking by Christopher Hadnagy Websites: Help Net Security Bleeping Computer Hacker News Dark Reading Tools: Feedly for organizing cybersecurity news TryHackMe and Hack The Box for practical labs

Episode Summary: In this exchanged episode, Timothy De Block chats with Mubix about the intricacies of SIM swapping, an attack vector that has seen significant attention. They discuss the current state of SIM swapping, how attackers exploit this technique, and the measures carriers have implemented to mitigate these risks. Mubix highlights the importance of understanding your risk profile and the practical steps organizations and individuals can take to protect themselves.

In this engaging episode, Timothy De Block speaks with Steve Orrin about the intersection of artificial intelligence and cybersecurity. The conversation delves into the challenges and opportunities that AI presents in the cybersecurity landscape, exploring topics such as deep fakes, disinformation, and the implementation of AI in security practices.

In this automatic episode of Exploring Information Security, Timothy De Block talks with Mark Baggett about automating information security tasks using Python. They delve into the SANS SEC573 and SEC673 courses, which cover Python basics, advanced automation techniques, and real-world applications. Mark shares insights on using AI for coding, highlights his YouTube series "Infosec Tool Shed," and discusses upcoming workshops and conferences. The conversation also touches on the importance of Python in information security and practical experiences in automating security tasks.

In this off-the-cuff episode, Timothy De Block brings a mic to the floor of ShowMeCon for the first-ever HallwayCon podcast episode. He walks around with a mic and recorder, engaging in spontaneous conversations with random attendees. Timothy highlights the immense value of attending security conferences, emphasizing that these real, impromptu conversations with professionals are crucial for expanding knowledge and building relationships within the industry. This unique approach captures some just some of the many conversations going on at security conferences.

In this episode, we sit down with Geoff Hill from Tutamantic_Sec to explore the innovative approach of Rapid Threat Model Prototyping (RTMP). Geoff shares his journey from being a C++ developer to becoming a threat modeling expert, highlighting the challenges and successes he encountered along the way. This episode dives deep into how RTMP can help streamline threat modeling processes, making them more efficient and scalable.