Bots are actionable scripts that can slow your day to day business, be enlisted in denial of service attacks, or even keep you from getting those tickets Taylor Swift you desperately want. Antoine Vastel from DataDome explains how it's an arms

EP 84: When Old Medical Devices Keep Pre-shared Keys

Nov 14th, 2023 43m 38s

You would think there is a procedure to End-of-Life a medical device, right? Erase personal health info. Erase network configuration info. Speaking at SecTor 2023, Deral Heiland from Rapid 7 said he found that he was able to buy infusion pumps

EP 83: Tales From The Dark Web: Ransomware, Data Extortion, and Operational Technology

Nov 1st, 2023 37m 7s

With the recent Clop attack on customers of MoveIt, ransomware is now old news. Attackers are skipping the encryption and simply extorting the exfiltrated data, according to Thomas “Mannie” Wilken, from the Accenture Cyber Threat Intelligence D

EP 82: The Vulkan Files

Oct 17th, 2023 35m 9s

Imagine a data dump of files similar to the Snowden Leaks in 2013, only this it’s not from the NSA but from NT Vulkan, a Russian contractor. And it’s a framework for targeting critical IT infrastructures. In a talk at DEF CON 31, Joe Slowick fr

EP 81: Hacking Visual Studio Code Extensions

Oct 3rd, 2023 49m 11s

Rather than use backdoor exploits, attackers are stealing credentials going through the front door. How are they gaining credentials. Sometimes it’s from the tools we trust. Paul Geste and Thomas Chauchefoin discuss their DEF CON 31 presentatio

EP 80: Ghost Token

Sep 19th, 2023 36m 35s

What if an GPC project OAUTH access token wasn’t deleted? This could expose databases to bad actors. Tal Skverer from Astrix discusses his DEF CON 31 presentation GhostToken: Exploiting Google Cloud Platform App Infrastructure to Create Unremov

EP 79: Conducting Incident Response in Costa Rica Post Conti Ransomware

Sep 6th, 2023 56m 50s

How do you conduct an incident response for an entire country? When it’s 27 different life-critical government ministries each with up to 850 individual devices -- that’s uncharted territory. Esteban Jimenez of ATTI Cyber talks about his experi

EP 78: Defending Costa Rica From Conti Ransomware

Aug 23rd, 2023 56m 46s

What is is like to hack an entire country, to take it’s government services offline, to deny a government an ability to function? Costa Rica knows. Esteban Jimenez of ATTI Cyber has been helping Costa Rica improve its cybersecurity posture for

EP 77: Security Chaos Engineering with Kelly Shortridge

Aug 8th, 2023 40m 32s

Speaking at Black Hat 2023, Kelly Shortridge is bringing cybersecurity out of the dark ages by infusing security by design to create secure patterns and practices. It’s a subject of her new book on Security Chaos Computing, and it’s a topic tha

EP 76: Hacking Medical Systems

Jul 25th, 2023 42m

Are we doing enough to secure our health delivery organizations? Given the rise of ransomware attacks, one could day we are not. Karl Sigler from Trustwave SpiderLabs, talks about a new report that his team has written that is focused on the th

EP 75: Hacking .Mil And Other TLD Domains (Ethically)

Jul 12th, 2023 48m 45s

Internet domains are brittle. One could hack into a military, a foreign government, or even global commercial web services domain using flaws in the underlying architecture. Fredrik Nordberg Almroth, co-founder of Detectify, talks about how he

EP 74: Disarming Document Threats

Jun 27th, 2023 41m 37s

Phishing is everywhere. Who among us has not seen phish in their inbox? Aviv Grafi, from Votiro, gets into the weeds about how malicious documents are formed and how they might (despite good secure posture) still end up in your inbox or browser

EP 73: Hacking Human Behavior

Jun 13th, 2023 36m 48s

Could the nudges and prompts like those from our Fitbits and Apple watches be effective in enforcing good security behavior as well? Oz Alashe, CEO and founder of CybSafe, brings his experience in the UK Intelligence Community to the commercial

EP 72: Tales From A Ransomware Negotiator

May 30th, 2023 41m 31s

Say you’re an organization that’s been hit with ransomware. At what point do you need to bring in a ransomware negotiator? Should you pay, should you not? Mark Lance, the VP of DFIR and Threat Intelligence for GuidePoint Security, provides The

EP 71: The Internet As A Pen Test

May 18th, 2023 44m 49s

Small to Medium Business are increasingly the target of APTs and ransomware. Often they lack the visibility of a SOC. Or even basic low level threat analysis. Chris Gray of Deepwatch talks about the view from the inside of a virtual SOC, the ab

EP 70: Hacking Real World Criminals Online

May 3rd, 2023 58m

More and more criminals are identified through open source intelligence (OSINT). Sometimes a negative Yelp review can reveal their true identity. Daniel Clemens, CEO of ShadowDragon, talks about his more than two decades of digital investigatio

EP 69: Self-Healing Operating Systems

Apr 19th, 2023 49m 19s

It’s time to evolve beyond the UNIX operating system. OSes today are basically ineffective database managers, so why not build an OS that’s a database manager? Michael Coden, Associate Director, Cybersecurity, MIT Sloan, along with Michael Sto

EP 68: Incident Response in the Cloud

Apr 4th, 2023 43m 59s

Incident response in the cloud. How is it different, and why do we need to pay more attention to it today, before something major happens tomorrow. James Campbell, CEO of Cado Security, shares his experience with traditional incident response,

EP 67: When The Dark Web Discovered ChatGPT

Mar 21st, 2023 40m 54s

We’ve seen drug marketplaces and extremists use the Dark Web. Will generative AI tools like ChatGPT make things crazier by lowering the barrier to entry? Delilah Schwartz, from Cybersixgill, brings her extensive background with online extremism

EP 66: Shattering InfoSec’s Glass Ceiling

Mar 8th, 2023 42m 55s

Booth babes and rampant sexism were more of a problem in infosec in the past. That is, until Chenxi Wang spoke up. And she’s not done changing the industry. She’s an amazing person who has done an incredible number of things in a short amount o

EP 65: The Hacker Revolution Will Be Televised

Feb 22nd, 2023 50m 32s

What if DEF CON CTFs were televised? What if you could see their screens and have interviews with the players in the moment? Turns out, you can. Jordan Wiens, from Vector 35, maker of Binary Ninja, is no stranger to CTFs. He’s played in ten fin

EP 64: Gaining Persistence On Windows Boxes

Feb 8th, 2023 38m 59s

When we hear about bad actors on a compromised system for 200+ days, we wonder how they survived for so long. Often they hide in common misconfigurations. From her talk at SecTor 2022, Paula Januszkiewicz, CEO of Cqure, returns to The Hacker Mi

EP 63: What Star Wars Can Teach Us About Threat Modeling

Jan 25th, 2023 42m 57s

Having a common framework around vulnerabilities, around threats, helps us understand the infosec landscape better. STRIDE provides an easy mnemonic. Adam Shostack has a new book, Threats: What Every Engineer Should Learn From Star Wars. that u

EP 62: Tib3rius

Jan 10th, 2023 43m 22s

Hacking websites is perhaps often underestimated yet is super interesting with all its potential for command injections and cross site scripting attacks. Tib3rius from White Oak Security discusses his experience as a web application security pe

EP 61: Never Mess With A Hacker

Dec 20th, 2022 15m 6s

Holiday air travel tips from The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin Mitnick and Robert Vamosi. This is a short episode until The Hacker Mind returns in