DiscoverSecTools Podcast Series
SecTools Podcast Series
Claim Ownership

SecTools Podcast Series

Author: InfoSec Campus

Subscribed: 5Played: 61


SecTools Podcast is a series of audio podcast featuring free or opensource tool authors from Information Security industry, sharing their interesting experience on developing and maintaining amazing tools for the security community.

Hosted by Sanoop Thomas (s4n7h0)
45 Episodes
Erlend has worked as a developer and security consultant for over 14 years, trying to build and break many different types of systems. He spends some of his free time on security research and open source tools, and is the main author behind retire.js - a free and open source scanner for JavaScript. He is also the chapter leader of the Norwegian OWASP chapter.For more SecTools podcast episodes, visit
Jeff Foley has over 20 years of industry experience focused on applied research & development and assessment of security in critical information technology and infrastructure. He is the Project Leader for Amass, an OWASP (Open Web Application Security Project) Foundation flagship project that performs in-depth attack surface mapping and asset discovery. Jeff is also an Adjunct Lecturer teaching Penetration Testing at the SUNY (State University of New York) Polytechnic Institute. Previously, he was the US Manager for Penetration Testing & Red Teaming at National Grid, a multinational electricity and gas utility company. Prior to this, Jeff served as the Director of Penetration Testing & Security Assessment at Northrop Grumman Corporation, an American global aerospace and defense technology company. Jeff is currently working as the Vice President of Attack Surface Protection at ZeroFox. In his spare time, Jeff enjoys experimenting with new blends of coffee and giving back to the information security community.In this episode, Jeff explained his journey of developing and maintaining Amass project - an open-source tool for In-depth DNS enumeration, attack surface mapping and external asset discovery.For more SecTools podcast episodes, visit
Anand Tiwari is an information security professional with a strong technical background working as a Technical Product Manager (PM), focusing on the more technical aspects of a cloud security product. He tries to fill it in by doing in-depth technical research and competitive analysis, given business issues, strategy, and a deep understanding of what the product should do and how the products actually work.He has authored ArcherySec—an open source-tool and has presented at BlackHat, DEF CON USA, and HITB conferences. He has successfully given workshops at many conferences such as DevOpsDays Istanbul, Boston.In this episode, Anand explained his journey of developing and maintaining ArcherySec - an open-source tool for application security orchestration and correlation.For more SecTools podcast episodes, visit
Nicolas is a French security researcher, a proud dad of two children. He started Wapiti in 2006 when he was learning Python programming language. Nicolas is currently working in the infosec field as a programmer at CybelAngel (since 2015).Wapiti is a web-application vulnerability scanner that allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. In this episode, Nicolas explained his journey of developing and maintaining Wapiti project for over a decade. For more SecTools podcast episodes, visit
unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats, extracts their content recursively, and carves out unknown chunks that have not been accounted for.unblob is free to use, licensed under MIT license, it has a command line interface and can be used as a Python library. This turns unblob into the perfect companion for extracting, analyzing, and reverse engineering firmware images.unblob was originally developed and currently maintained by ONEKEY and it is used in production in ONEKEY analysis platform.For more SecTools podcast episodes, visit
Christian Folini is a Swiss security engineer and web application firewall expert working at Christian studied History and Computer Science and graduated with a PhD in Medieval History. He is the author of the ModSecurity Handbook (2ed), He also co-lead the OWASP ModSecurity Core Rule Set (CRS) project that runs on millions of servers globally. Furthermore he serves as the program chair of the Swiss Cyber Storm conference.Christian also teaches ModSecurity and Core Rule Set courses and consult companies who want to integrate ModSecurity and the Core Rule Set into their services or products, also in high security setups. For more SecTools podcast episodes, visit
Graduated in 1999 from Epita (France) as IT security engineer, Philippe endorsed many roles before creating its latest company CrowdSec. From Pentester to community builder (Magento) or even eCommerce expert (author of 4 books), or CTO, he is tech curious and loves to dive into new trends like IoT, crypto currencies or AI. But whatever the context is, his crush is and will forever be IT security, SecOps and entrepreneurship. LP or investor in several different companies, CrowdSec is not its full time obsession.CrowdSec is an open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.For more SecTools podcast episodes, visit
Alexandre Dulaunoy: Alexandre Dulaunoy leads the Luxembourgian Computer Security Incident Response Team (CSIRT) CIRCL in the research and operational fields. He enjoys working on projects that blend “free information,” innovation, and direct social improvement. When not gardening binary streams, he likes facing the reality of ecosystems while gardening plants or doing photography. He enjoys it when humans use machines in unexpected ways. He also a core contributor to many open source projects such as MISP, ail-framework, cve-search and many others.Raphaël Vinot is a security researcher at the Computer Incident Response Center Luxembourg (CIRCL) since 2012. Raphaël wants to increase the IT consciousness of the human beings populating the internet in order to make it safer for everyone. His day job is a mixture of forensic and malware analysis with a lot of Python on top of it to glue all the pieces together. He loves sharing and thinks everyone should contribute to open source projects.For more SecTools podcast episodes, visit
Ai Ho (mostly known as j3ssie) is a self-taught security engineer with a computer science background who loves automation. He got Interested in responsible disclosure/bug bounty nearly three years ago and have been building some of my own tools to do it. He wrote Osmedeus, Jaeles and Metabigor to help his bug bounty efforts and made these projects open source for the community.For more SecTools podcast episodes, visit
Ruslan Habalov has a computer science background with a focus on code analysis and is interested in scalable solutions to challenging security problems. His security research covered an exploitable remote code execution bug in PHP used against a popular platform in a bug-bounty context as well as side-channel attacks against browsers. As a machine learning enthusiast he's looking for options to unite the best of both worlds.He is currently working as a Senior Security Engineer at Google.Ruslan started the Vulncode-DB project which is a crowd-sourced platform providing vulnerable code for corresponding real world vulnerabilities.For more SecTools podcast episodes, visit
Jack Baker is a professional security researcher and amateur video game hacker. Jack has spoken at a handful of conferences including DEF CON on subjects relating to reverse engineering and vulnerability research. Jack started his infosec career as a software developer in the fintech space before realizing that breaking things is less stressful than defending them. Since then, Jack has had the opportunity to hack banks, airplanes, and spacecrafts.Jack is the author of Cetus and WAIL, a set of tools used to hack modern web browser games.For more SecTools podcast episodes, visit
Lukas Rist authored several open source honeypot projects. After spending a couple of years studying mathmatics and physics, Lukas ventured out to work with Bing and Microsoft Research on making the web a safer place, got payed by DARPA to hunt hackers and taught students in Taiwan open source security.His passion for security and open source got nurtured by The Honeynet Project which lead to a five year stint with Norman Shark, Blue Coat, and Symantec, working on large scale malware analysis and behavioral detection systems.Looking for more purpose, he worked as Senior Software Engineer at Corti, doing real time emergency call classification, striving to build a great engineering team and making sure those tensors keep flowing in order to classify life threatening situations.Currently Lukas is working as Lead Software Engineer with the world largest online wine retail platform Vivino. His team build personalization, recommendation, and prediction systems. In his free time he is working on various open source projects.For more SecTools podcast episodes, visit
Joxean Koret has been working for the past 15 years in many different computing areas. He started as a database software developer and DBA for a number of different RDBMS. Eventually he turned towards reverse engineering and applied this DB insights to discover dozens of vulnerabilities in major database products, especially Oracle. He also worked in areas like malware analysis, anti-malware software development and developing IDA Pro at Hex-Rays. He is currently a senior security engineer. Joxean is the author and maintainer for Diaphora and Pigaios projects focused on diffing techniques. For more SecTools podcast episodes, visit
Chris Em (also known as Cookie Engineer) has almost 2 decades of experience in IT and security industry. He specializes in multiple domains including web intelligence, network security and forensics. During spare time, Chris is working on the Web of Knowledge with his project called the [Tholian Network](, which aims to automate the Semantic Web whilst using a unique distributed peer-to-peer Network Architecture combined with (co-)evolutionary adaptive AI methodologies and compositional game theory ideas to learn and adapt from user interactions with the Web.Chris has contributed to various open source projects including steganography, network security, drones, adblock proxy and other automation works as well. For more SecTools podcast episodes, visit
Marc Ochsenmeier is the author of Pestudio on Pestudio is a unique tool that allows you to perform an initial assessment of a malware without even infecting a lab system or studying its code. Marc has initially worked as software developer with a focus on Windows hardening security. He also has a vast expertise in penetration testing and forensics area.For more SecTools podcast episodes, visit
In 2001, NJ founded the Infosec community tools portal And since 2011, he is co-managing & helping to improve the Black Hat Arsenal the World’s largest security event dedicated to open source tools demonstrations. NJ is also the founder of vFeed, Inc a niche startup that provides top-notch correlated vulnerability & threat intelligence feed to 100+ Worldwide customers.For more SecTools podcast episodes, visit
Martin Donath is the creator of Material for MkDocs, a static site from a set of Markdown files to host the documentation.For more SecTools podcast episodes, visit
Charlie Belmer is a security and privacy engineer at DuckDuckGo. He authored NoSQLi, an open source NoSql Injection CLI tool, for finding vulnerable websites using MongoDB. He writes about security and privacy research on his personal blog nullsweep.comFor more SecTools podcast episodes, visit
Guillaume Valadon is the Security Agent Team Lead at Datadog, and holds a PhD in IPv6 networking. He likes looking at data and crafting packets. In his spare time, he co-maintains Scapy and learns reversing embedded devices. Also, he still remembers what AT+MS=V34 means! Guillaume regularly gives technical presentations, classes and live demonstrations, and writes research papers for conferences and magazines.For more SecTools podcast episodes, visit
Vipin Pavithran is a cyber-security professor at Amrita Center for Cybersecurity Systems and Networks, Amrita Vishwa Vidyapeetham. He is the founder and chief mentor of internationally recognized student clubs - amFOSS, Team bi0s, and Team Shakti . He is also known for organizing the premiere InCTF and InCTF Junior - cyber-security contests, which were first of its kind in India when they were introduced. For more SecTools podcast episodes, visit
Download from Google Play
Download from App Store