Claim Ownership

Author:

Subscribed: 0Played: 0
Share

Description

 Episodes
Reverse
It's the last episode of our fourth season! The security gods were kind to us and gave us a softball with some exploits that are in the news recently; code execution in Confluence and a new ms-msdt code execution exploit in Windows. Lastly, we talk about preparations for DEF CON (we hope to see you there)!We've loved his journey so far and are so thankful to have you all as listeners. Come say hi at DEF CON and grab a beer with us.- Windows ms-msdt PoC - https://gist.github.com/tothi/66290a42896a97920055e50128c9f040- Confluence OGNL Injection PoC - https://github.com/Nwqda/CVE-2022-26134
Anatomy of a Hack!

Anatomy of a Hack!

2022-05-2550:45

We directly address the question of how hacking actually works by going through some of the underlying issues that contribute to a hack, tell hacking stories, then wrap up with a very brief explanation of the differences with state sponsored hacking!https://xkcd.com/327/ - Little Bobby Tableshttps://www.saleae.com/ - Example Logic Analyzer
We cover 3 security related news events as well as 1 space related news event in this weeks episode. From ransomware to NASA sending nudes into space, get your download of news that sparked our interest in this episode. 
Radio Security & Ukraine

Radio Security & Ukraine

2022-05-0401:03:09

Join us as we discuss the black magic of radio communications! What is a radio? Why do phones have so many of them? After covering the basics of radio  we delve into radio security (confidentiality/availability/integrity) and its implications with the war in Ukraine.
How inclined are you to use tobacco? What were your salaries at your previous jobs? Your family and friends may not know, but data brokers sure do!Join us as we discuss CCPA and GDPR, two foundational privacy laws which lay the groundwork for taking back our privacy. We discuss actions citizens of California and EU can take to exercise the rights afforded to them under their respective laws.Later in the conversation we discuss privacy as a human right, the impact of surveillance capitalism on our everyday actions, and possible ways of unwinding the assimilation of your private data into large machine learning models.Links from the show:https://www.wired.com/story/verizon-user-privacy-settings/https://www.oag.ca.gov/privacy/ccpahttps://gdpr.eu/
It's been a bit over a week since some troublesome photos were posted to Twitter that appeared to show a breach of Okta's administrative portal. In the days since there have been a number of statements from Okta that leave us... disappointed to say the least. When you're such a critical part of modern digital infrastructure (and a security product to boot) one would hope that a breach and the remediation process would be handled with diligence and care. That doesn't seem to be the case here.Join us as we talk about Oofta, our new tag line for the Okta breach.- Okta "We Made a Mistake" - https://www.bleepingcomputer.com/news/security/okta-we-made-a-mistake-delaying-the-lapsus-hack-disclosure/- Okta Breach FAQ - https://support.okta.com/help/s/article/Frequently-Asked-Questions-Regarding-January-2022-Compromise?language=en_US- Mandiant Forensic Report for Okta Breach - https://twitter.com/BillDemirkapi/status/1508527487655067660- KrebsOnSecurity A Closer Look at the LAPSUS Group - https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/
Electronic Warfare

Electronic Warfare

2022-03-1759:59

It's been a few weeks since the start of the Russian invasion of Ukraine. Throughout the war we have seen repeated examples of what it means to be engaged in a 21st century war. In this episode we dive in to some of the electronic warfare that we've observed so far coming from both sides of the conflict. It's no exaggeration to say that there have been a number of surprises in a short amount of time.Links from the show:- Generations of Warfare - https://en.wikipedia.org/wiki/Generations_of_warfare- Network Battalion 65 Twitter - https://twitter.com/xxnb65- Live UA Map - https://liveuamap.com/
Today we have the pleasure of speaking with Royal Rivera, CCO of HaasOnline. We discuss some of the major hacks and current cases in the Crypto space. HAAS Onlinehttps://www.haasonline.com/4.5 Billion of Stolen Crypto https://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrencyOpen Seas Social Engineering Hackhttps://threatpost.com/nft-investors-lose-1-7m-in-opensea-phishing-attack/178558/Bitfinex Exchange Hack in Hong Konghttps://fortune.com/2016/08/03/bitcoin-stolen-bitfinex-hack-hong-kong/SOL Wormhole Hackhttps://www.cnbc.com/2022/02/02/320-million-stolen-from-wormhole-bridge-linking-solana-and-ethereum.htmlCrypto CEOs testify before lawmakers on digital assets — 12/8/21https://www.youtube.com/watch?v=F_kZELcynKQRap video from 4.5 Billion Dollars Defendent (NSFW, and terrible)https://www.youtube.com/watch?v=7jlSHGAem6g
Today we have Covert Entry expert Deviant Ollam to talk about physical security, how he got into the industry, his stories from in the field as a Red Teamer, and how he is looking to change a phrase that many have adopted in the industry. https://deviating.net/ YouTube:https://www.youtube.com/user/DeviantOllam  Twitter:https://twitter.com/deviantollam Instagram:https://instagram.com/deviantollam GitHub:https://github.com/deviantollam Trainings:https://www.redteamalliance.com/RTCG.html
Hello and welcome back!It's been a bit of a hiatus for us here at Security Explained, but we're BACK in action and kicking things off with a casual conversation with our good friend Samy Kamkar.Samy has been a staple in the infosec community for years and even has a worm named after him (the Samy Worm!). He's got a list of wild projects longer than most resumes and has recently been part of an acquisition in his role at OpenPath.Join us for a fun conversation with one of the sharpest hackers you're likely to meet!Samy Kamkarhttps://samy.plhttps://www.openpath.com/https://twitter.com/samykamkar
Log4j Holiday Special!

Log4j Holiday Special!

2021-12-2250:54

We're currently on an extended break between seasons 3 and 4 but LO AND BEHOLD the Internet has given us an early Christmas (non)gift .Log4j has been all over the news recently as one of the most impactful vulnerabilities disclosed in recent memory. From AWS to GCP, Cloudflare to DigitalOcean, the Log4shell vulnerability is forcing all manners of security teams to stay up late patching their systems.Join us in this impromptu dive into what is arguably the most impactful vulnerability of the last decade!
In this final episode of our third season we take the time to chat about a topic near and dear to our hearts - security research! We each picked one of our favorite projects to discuss, ranging from enumerating IPv6 addresses on the Internet to hacking the fledgling Ubuntu mobile phone to Drew's mischievous habits spinning up his own cellular base stations. We've mentioned security research time and again on the show, but this is the first time that we're diving into specific research that has played a significant role in our respective lives and careers.Thank you so much for joining us on our journey thus far and we can't wait to come back in season 4 with even better tips and tricks!
Worms and Antivirus

Worms and Antivirus

2021-10-2758:47

With the spectacular new Dune movie just having been released, it's only appropriate to talk about one of the most devious of Internet malware denizens - worms!! While certainly technologically interesting, worms are some of the most destructive instances of malware to ever be created. What's more is that these days, worming technology is so ubiquitous that it's not something that even distinguishes malware from the pack!Join us in this conversation about the trickiest of Internet beasts and the tool that is meant to (if unsuccessfully) protect against them!
We weren't planning on it, but too much happened since our last episode to not do another security in the news episode! We'll be covering the Twitch hack, Facebook global outage, another Epik hack release from Anonymous, and the Pandora Papers.
The news has been ripe with some pretty wild security stories recently, and in this episode we dive into the nitty gritty on the two that we found most interesting. Specifically, we're talking about the multiple Apple zero days which have been released and the controversy around them as well as the Epik hack named Epik Fail. Join us!
In this episode we dive into the details of recent (ie: the last 5 years) security trends, where things stand currently, and where those trends are likely to continue. From application security, to corporate security, to infrastructure security, to physical security, the last half a decade has seen some serious changes with respect to how secure modern enterprises are and the problems they face on a regular basis. The future of security looks bright in many ways, dark in some, but interesting in all.
If you've been keeping up on security news recently you've likely heard of the Pegasus spyware and its authors, the Israeli firm NSO Group. While Pegasus is an impressive piece of software, the capabilities it brings to the table are nothing new (nor are the ethical and moral implications of government surveillance programs).Join us as we sit down with renowned security journalist Kim Zetter and hear what she has to say about these recent events and surveillance programs more generally.More of Kim's work can be found at:- https://zetter.substack.com/- https://www.penguinrandomhouse.com/books/219931/countdown-to-zero-day-by-kim-zetter/
Today we have special guest Kevin Mitnick. The most wanted hacker in the world now helps secure businesses worldwide. We cover the topic of social engineering as Kevin talks about his real-world exploits, he performed on some of the largest companies in the world. Join us on our lighthearted conversations on social engineering with one of the greats in the field. Kevin Mitnick Site:https://www.mitnicksecurity.com/Where to find Kevin Mitnick's books:https://www.mitnicksecurity.com/bestselling-books-by-kevin-mitnick
With DEFCON about to start, we wanted to give folks a peek inside of what one should expect during a hacking conference as well as list some of our favorite conferences. From everyday tips and tricks for surviving the con to how to make the most of it, join us as we talk about hacker summer camp and more. 
Just because you’re paranoid doesn’t mean they aren’t after you. Government spying on citizens is so common place that folks are not even surprised by it any more. While US citizens are often not surprised, they are unaware of the particular details. So, sit back and relax while we walk you through some of the history of government spying on its citizens and how it impacts you.Links:https://www.eff.org/https://www.aclu.org/https://www.pbs.org/video/frontline-room-641a/ https://www.pbs.org/video/frontline-united-states-secrets-part-one/https://signal.org/blog/cellebrite-vulnerabilities/
Comments 
Download from Google Play
Download from App Store