DiscoverSecTools Podcast Series
SecTools Podcast Series
Claim Ownership

SecTools Podcast Series

Author: InfoSec Campus

Subscribed: 1Played: 5
Share

Description

SecTools Podcast is a series of audio podcast hosting free or opensource tool authors from Information Security space, sharing their interesting experience on developing and maintaining amazing tools for the security community.

Hosted by Sanoop Thomas from InfoSec Campus
https://infoseccampus.com
https://twitter.com/InfoSecCampus
21 Episodes
Reverse
Emily Wenger is a PhD student at the University of Chicago studying machine learning security and privacy. She’s particularly interested in understanding and preventing the unintended uses/abuses of facial recognition technology. Emily and team has built Fawkes, a system that helps individuals inoculate their images against unauthorized facial recognition models. Fawkes achieves this by helping users add imperceptible pixel-level changes (we call them "cloaks") to their own photos before releasing them. When used to train facial recognition models, these "cloaked" images produce functional models that consistently cause normal images of the user to be misidentified. * More about Fawkes http://sandlab.cs.uchicago.edu/fawkes/ * Full Research Paper - http://people.cs.uchicago.edu/~ravenben/publications/pdf/fawkes-usenix20.pdf* Fawkes - http://sandlab.cs.uchicago.edu/fawkes/ * Source Code - https://github.com/Shawn-Shan/fawkes
Isaac Evans is the leader of r2c (https://r2c.dev/), a small startup working on giving security tools directly to developers. Previously, he conducted research into binary exploitation bypasses for techniques like control-flow integrity and novel hardware defenses on new architectures like RISC-V as a researcher at the US Defense Department under a SFS program and at MIT Lincoln Laboratory. Isaac received his BS/MS degrees in EECS from MIT. Other interests include next-generation programming languages, secure-by-design frameworks, software-defined radio, and the intersection of cryptography and public policy.Isaac spoke about semgrem and its capabilities in this episode. - Source code: https://github.com/returntocorp/semgrep- Test in your browser: https://semgrep.live/
Kai Jern (xwings), is Lab Director of The ShepherdLab, of JD Security. His research topic mainly on embedded device, hardware security, blockchain security, reverse engineering and various security topics. He presented his findings in different international security conferences like Defcon, HITB, Codegate, QCon, KCon, Brucon, H2HC and etc. He conducted hardware Hacking course in various places around the globe. He is also the owner of hackersbadge.com, actively involved in Unicorn (https://unicorn-engine.org) development and founder of Qiling Framework (https://qiling.io)
H.D Moore founded the Metasploit Project in early 2003 and later the project was aquired by Rapid7. He spent the last 20 years conducting security assessments, building security products, and pushing the status quo through research, with leadership roles at Digital Defense, BreakingPoint Systems, Rapid7, and Atredis Partners. HD founded Critical Research to address a long-standing need for better network discovery tools. Currently, his research is focused on asset discovery.Metasploit Project - https://www.metasploit.com/
Brian leads the digital forensics team at Basis Technology, which builds software for incident response, digital forensics, and custom mission needs. He is the author of the book File System Forensic Analysis and developer of several open source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response team. Brian is the chair person for the Open Source Digital Forensics Conference (OSDFCon) and has been on the committees of many conferences, workshops and technical working groups. Autopsy - https://www.autopsy.com/ The Sleuth Kit - http://sleuthkit.org/ Open Source Digital Forensics Conference https://www.osdfcon.org/
Miroslav Stampar is an IT Security Advisor - Expert at Croatian Government's CERT, part of the Information Systems Security Bureau (ZSIS). Born in 1982., writing and breaking computer code for as long as I can remember. A PhD candidate with Master's Degree in Computer Science at Faculty of Electrical Engineering and Computing (FER), University of Zagreb, Croatia.Hacker, challenge solver, occasional CTF-er and an author of sqlmap, open source project for automated detection and exploitation of SQL injection vulnerabilities, along with numerous other offensive and defensive information security tools (e.g. Maltrail, DSSS, DSXS, DSVW, tsusen, etc.). Also, Croatian Chapter Lead for The Honeynet Project.SQLmap was initially by Daniele Bellucci in 2006, the project was soon taken over by Bernardo Damele who developed and promoted it. Later in 2009, Miroslav Stampar answered a call for developers and joined the project.
Joakim Kennedy is a Threat Intelligence Manager for Anomali. His job involves analyzing malware, tracking threat actors and numerous other responsibilities around threat intelligence. He often leads efforts around the Anomali Threat Research Team’s reports and blogs. His tool the “Go Reverse Engineering Toolkit” (https://go-re.tk/) was presented at Black Hat Arsenal 2019 and he has been a featured speaker at multiple BSides and other industry events.
Giovanni is a senior cyber security expert and manager based in Paris, old Italian Backtrack Linux ambassador/staff and ex DEFT Linux developer, now is the Tsurugi Linux core developer. DFIR instructor in his free time, he has spoken in several security conferences and he is passionate of many other topics like cyber-threat intelligence investigations, OSINT and interpersonal communication.
SecTools Podcast Series Episode 13 with Ajin AbrahamAjin Abraham is a Security Engineer with 8+ years of experience in Application Security including 4 years of Security Research. He is passionate on developing new and unique security tools. Some of his contributions to Hacker's arsenal include OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), Xenotix xBOT, NodeJsScan etc to name a few. He has been invited to speak at multiple security conferences including ClubHack, Nullcon, OWASP AppSec Eu, OWASP AppSec AsiaPac, BlackHat Europe, Hackmiami, Confidence, BlackHat US, BlackHat Asia, ToorCon, Ground Zero Summit, Hack In Paris, Hack In the Box, c0c0n and PHDays.
Mohammed A. “secfigo” Imran is the Founder and CTO of Eracorp Technologies/Practical DevSecOps and a seasoned security professional with 8 years of experience in helping organisations with their Information Security Programs. He has a diverse background in R&D, consulting and product-based industries with a passion to solve complex security programs. Imran is the founder of Null Singapore, the largest information security community in Singapore where he has organised more than 60 events & workshops to spread security awareness.He was also nominated as a community star for being the go-to person in the community whose contribution and knowledge sharing has helped many professionals in the security industry. He is usually seen speaking and giving trainings in conferences like Blackhat, DevSecCon, AppSec, All Day DevOps, Nullcon and many other international conferences.
Aseem Jakhar is the Director, research at Payatu Software Labs payatu.com a boutique security testing company. He is a renowned security researcher with extensive experience in system programming, security research and consulting. He is well known in the hacking and security community as the founder of null - The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference nullcon.net and hardwear.io security conference http://hardwear.io He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon, Hack.lu, Hack in Paris, PHDays and many more. He has authored various open source projects including Linux thread injection kit – Jugaad and Indroid which demonstrate a stealthy in-memory malware infection technique, DIVA (Damn Insecure and Vulnerable App) for Android which gamifies Android App vulnerabilities and Expliot - Internet of Things Exploitation framework.
Yiannis is a Director at one of the big 4 consulting firm with over 10 years of technical experience providing physical security assessments, penetration tests and red team operations. Yiannis is the developer of the WarBerryPi which has been presented at Blackhat USA 2016, Blackhat Europe 2016 and Blackhat USA 2018 among other conferences. Yiannis lives in Cyprus with his wife and daughter. Music: Royalty Free Music from HookSounds (hooksounds.com)
Tanya Janca is a senior cloud security advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs and community events. As an ethical hacker, OWASP Project and Chapter Leader, Cyber Ladies Ottawa founder and leader, software developer and professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.
Mike Hodges is a Senior Security Engineer at Red Ventures leading Red Team Operations and Incident Response. He comes from a background of application development and penetration testing consulting. Currently, his focus is on developing evasive offensive capabilities and fighting off the ever-present imposter syndrome brought on by working in InfoSec.
Anant Shrivastava has worked on computer and open source software since 2000. He grouped Linux user groups in Bhopal and was also active in other major Linux user groups across India. Anant now working as Regional Director Asia Pacific for NotSoSecure Global Service. He has been Speaker/Trainer at various conferences including BlackHat, RuxCon, Nullcon, C0c0n, Rootconf, Clubhack, G0s, etc. He is active in information security community null and is teaching not only local but also offensive Web test framework (OWTF). In addition, he is a skilled person who actively participates in the Open Web Application Security Project (OWASP) and has contributed to reviewing and documenting various technical documents such as Mobile Security Testing Guide, Mobile ASVS, Web Testing Guide. Since 2011 Anant actively manages the open source project AndroidTamer. Anant leads both Android Tamer and CodeVigilant projects.
Fotis Chantzis has been a member of the main Nmap development team since 2009, when he wrote Ncrack under the mentorship of Fyodor, the original author of Nmap, during Google Summer of Code 2009 and 2010. He also represented Nmap at the Google Mentor Summit in October 2016. His work includes exploiting the TCP Persist Timer to magnify the effect of a classic network attack (paper published on Phrack #66), the development of Ncrack, a high-speed network authentication tool with a dynamic and optimized timing engine under the Nmap toolset and inventing a new stealthy port scanning attack by abusing the popular XMPP.
OJ Reeves TheColonial is an Australian security professional who specializes in attack simulation. When not breaking networks and software, he is actively contributing to the Metasploit framework on Meterpreter for years. He is also a member of the Corelan team. Today OJ runs a specialist security consultancy called Beyond Binary based in Australia.
Ryan Dewhurst has been testing web applications professionally for security issues since 2009. He has a BSc (hons) Ethical Hacking for Computer Security that he completed with a First. Ryan is very active in the information security community, contributing to various OWASP projects and releasing his own popular tools such as Damn Vulnerable Web App (DVWA) and WPScan. In 2013 Ryan was recognised by his peers when he was awarded the European Information Security Magazine Rising Star Award. Ryan has also appeared on the BBC and in many magazine and online publications for his work. In the past he has been known to identify security issues in companies such as Facebook, Apple and others while conducting independent security research. Currently Ryan runs his own consultancy business called Dewhurst Security, where he helps his clients with offensive web application security testing.Listen to his wonderful journey of building amazing security tools.
Simon is the project leader for the OWASP Zed Attack Proxy (ZAP), one of the world’s most popular free security tools, which he first released in 2010.Previously a Java web application developer he now works in the Mozilla Firefox Operations Security team helping to protect the core services that Mozilla relies on to build, ship and run Firefox.Listen to his long experience of building OWASP ZAP Proxy
SecTools Podcast E02 2018.04.29 PodCast with Didier Stevens by InfoSec Campus
loading
Comments 
Download from Google Play
Download from App Store