Securabit

On this episode we had special guest Christofer Hoff on to discuss Cloud and Virtualized security.  We touched on some pretty amazing points and we hope you'll enjoy this show!   Please visit our wiki for full show notes!

Please visit our Wiki for full show notes

  Join us as we interview Saviour Emmanuel Ekiko, author of the Ghost Phisher tool. Show notes are now at our wiki:  http://wiki.securabit.com/ShowNotes/EP90

  Hosts Chris Gerling - @secbitchris Chris Mills - @chrisam Andrew Borel - @andrew_secbit Tony Huffman - @myne_us Guests Rafal Los - @Wh1t3Rabbit http://h30499.www3.hp.com/t5/Following-the-White-Rabbit-A/bg-p/sws-119 Topics Vericode vs Oracle Root Certificate Authorities Anonymous Item X Use Our Discount Code Use "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all [...]

  We are now doing our show notes inside of our wiki.  If you have suggestions or comments please feel free to leave them here. http://wiki.securabit.com/ShowNotes/EP88 Thank you for listening!  

Check out our wiki for show notes! http://wiki.securabit.com/ShowNotes/EP87

Join us as we interview Lance Spitzner, Technical Director for the SANS Securing the Human Program. Show notes are now at our wiki:  http://wiki.securabit.com/ShowNotes/EP86

Hosts myne-us @myne_us Jacob hammack @hammackj Guest Host Dave Kennedy @dave_rel1k Guest Dr. Tyler Bletsch (Tyler.Bletsch {at} gmail.com) Tyler's former security group at NC State University under Xuxian Jiang - http://www.csc.ncsu.edu/faculty/jiang/ Topics JOP programming Turing complete exploit development (http://en.wikipedia.org/wiki/Turing_completeness) links JOP JOP technical report ftp://ftp.ncsu.edu/pub/tech/2010/TR-2010-8.pdf JOP academic paper http://www.csc.ncsu.edu/faculty/jiang/pubs/ASIACCS11.pdf Tyler's dissertation (JOP in x86 and MIPS, and a few other techniques) http://repository.lib.ncsu.edu/ir/bitstream/1840.16/6698/1/etd.pdf ROP http://cseweb.ucsd.edu/~hovav/dist/rop.pdf http://blog.zynamics.com/2010/03/12/a-gentle-introduction-to-return-oriented-programming/ http://sandsprite.com/CodeStuff/Understanding_imports.html http://j00ru.vexillium.org/?p=893 http://www.braid-game.com/ http://qubes-os.org/Architecture.html If you like the intro music and the closing music check out http://du

Hostsmyne-us @myne_usJabob hammack @jhammack GuestDave Kennedy @dave_rel1khttp://www.derbycon.com/http://www.secmaniac.com/http://seorg.org/ Topicsis BOF deadwhat got you startedwhat are some of things that helped you get startedHeaposx exploitationand more.... linkshttp://advancedwindowsdebugging.com/https://net-ninja.net/blog/?p=293http://www.exploit-db.com/http://www.offensive-security.com/live-information-security-training/ Intro by http://dualcoremusic.com/nerdcore/ @dave_rel1k

SecuraBit Episode 84:  Tech Talk with Scott Moulton June 15, 2011    Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling  – @chrisgerling Christopher Mills – @thechrisam Andrew Borel –  @andrew_secbit Tony Huffman – @myne_us Guests: Scott Moulton - @scottamoulton - http://www.myharddrivedied.com/ Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events #BSidesLasVegas (3-4 August 2011) BlackHat Vegas (3 - 4 August 2011) DEFCON 19 (4 - 7 August 2011) #BSidesLA Los Angeles, CA (18 - 19 August 2011) #BSidesMO(21 Oct 2011) #BSidesNewDelhi (22 - 23 October 2011) VB Barcelona October 2011 Links: http://www.securabit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

SecuraBit Episode 83:  Hey look its the Human Hacker!!! June 1, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling  – @chrisgerling - MIA Christopher Mills – @thechrisam - MIA Jason Mueller – @securabit_jay - MIA Andrew Borel –  @andrew_secbit Tony Huffman – @myne_us Tim Krabec  - @tkrabec Guests: Chris Hadnagy ( @humanhacker on Twitter ) discusses Social Engineering: The Art of Human Hacking General topics: Social Engineering: The Art of Human Hacking http://www.amazon.com/Social-Engineering-Human-Hacking-ebook/dp/B004EEOWH0/ref=tmm_kin_title_0?ie=UTF8&m=AG56TWVU5XWC2 Social-Enginer.org - variety of guests who use social enginering Does Social Engineering Always Involve Deception? Marketing or Social Engineering Stereotypes online help from skype :)

SecuraBit Episode 82:  Totally Rad Man! May 18, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling  – @chrisgerling Christopher Mills – @thechrisam Jason Mueller – @securabit_jay Andrew Borel –  @andrew_secbit Tony Huffman – @myne_us Guests: Carl Herberger from http://www.radware.com/  General topics:  DDOS: Recent attacks from groups like anonymous , attack vectors, technique information and how it can effect you. Signatures: Signature based detection and the effects it had on todays security General security: Some general discussion on security  Securibit exploit development group (SEG)  starting up blog post coming soon.   NEWS: PSN hacked again! :   Just two days after the PlayStation Network was restored after a near month-long outage, the PSN password page has apparently been exploited. According to reports, the exploit allows other users to reset your account password using only your e-mail address and date of birth. This personal data was made available to ha

SecuraBit Episode 81:  Network Admins Takeover May 4, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Andrew Borel –  @andrew_secbit Tim Krabec  - @tkrabec Guests: Sam Bowne discusses IPv6 and the RA 0day attack Twitter: @sambowne Home page: samsclass.info General topics: IPv6 Info: http://samsclass.info/ipv6/60_S11.php RA 0day attack: http://samsclass.info/ipv6/proj/flood-router6a.htm http://orchilles.com/2011/04/ssl-renegotiation-dos-faq.html NIST Guidelines for the Secure Deployment of IPv6 http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf Hurricane Electric cert and info http://ipv6.he.net/certification/ BackTrack 5 Available on May 10, 2011 http://www.backtrack-linux.org/ Netwitness http://www.netwitness.com/products-services/investigator-freeware http://www.netwitness.com/resources/videos/investigator-tutorial-1-overview-navigation Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS c

SecuraBit Episode 80:  Our 8080 Episode April 20, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Christopher Mills – @thechrisam Andrew Borel –  @andrew_secbit Tony Huffman – @myne_us Dan Mitchell - @danmitchell Guests: int80 - @dualcoremusic DualcoreMusic General topics: http://dualcoremusic.com/nerdcore/ http://www.youtube.com/watch?v=CMNry4PE93Y NEWS: Patch Tuesday April 2011 64 patched: http://www.microsoft.com/technet/security/current.aspx http://isc.sans.edu/diary.html?date=2011-04-11 Oracle Critical Patch Update Advisory - April 2011 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Verizon 2011 Data Breach Report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf Barracuda http://www.thetechherald.com/article.php/201115/7044/Malaysian-group-hits-Barracuda-Networks-Update?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+SecurityBloggersNetwork+%28Security+Bloggers+Network%29 http://blog.bar

SecuraBit Episode 79:  Back to the basics with Marcus Carey!April 6, 2011 Hosts:Christopher Mills – @thechrisamJason Mueller – @securabit_jayTony Huffman – @myne_us Guests:Marcus J Carey- @iFailhttp://hackersforcharity.org/ General topics: NEWS:Epsilon:http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.htmlhttp://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411http://www.epsilon.com/News%20&%20Events/Press_Releases_2011/Epsilon_Notifies_Clients_of_Unauthorized_Entry_into_Email_System/p1057-l3 "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or c

Securabit Episode 78:  Comodogate and Social Penetration! March 23, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling  – @chrisgerling Christopher Mills – @thechrisam Jason Mueller – @securabit_jay Andrew Borel –  @andrew_secbit Tony Huffman (myne-us)  – @myne_us Guests: Dave Kennedy - @dave_rel1k Carlos “Darkoperator” Perez - @Carlos_Perez General topics: Rogue SSL certificates ("case comodogate") http://www.f-secure.com/weblog/archives/00002128.html PTES - Penetration Testing Execution Standard http://www.pentest-standard.org/ Social Enginer Toolkit http://www.social-engineer.org/podcast/ http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET) BackTrack http://www.backtrack-linux.org/ DerbyCon http://www.derbycon.com/ Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events: #BSidesChicago (16 - 17 Apr 2011) #BSid

Securabit Episode 77:  Return to the Rabbit HoleMarch 9, 2011Hosts:Anthony Gartner – @anthonygartner http://anthonygartner.comChris Gerling  – @chrisgerlingChristopher Mills – @thechrisamJason Mueller – @securabit_jayTony Huffman (myne-us)  – @myne_usAndrew Borel –  @andrew_secbitGuests:Rafal Los - @wh1t3RabbitGeneral topics:Preview the upcoming BlackHat EU talk "Defying Logic."Researchers Build Tool That Roots Out Business Logic Flaws In Web Appshttp://www.darkreading.com/database-security/167901020/security/application-security/229300667/researchers-build-tool-that-roots-out-business-logic-flaws-in-web-apps.html--News-Malware on the andoid market place. (DroidDream)List of infected app http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/-Google nukes 150,000 email accounts on accidenthttp://gmailblog.blogspot.com/2011/02/gmail-back-soon-for-everyone.htmlUse our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is g

SecuraBit Episode 76: E-viting you to your demise! February 23, 2011 SecuraBit would like to apologize for the audio issues in this episode. We were not able to use the normal recording method due to a complete power failure.  Thanks for understanding! Hosts: Christopher Mills – @thechrisam Jason Mueller – @securabit_jay Tony – @myne_us Dan Mitchell - @danmitchell Andrew Borel –  @andrew_secbit Guests: Bill Swearingen - @hevnsnt Trent Lo - @surbo General topics: History of i-hacked [HackerRun] - @HackerRun http://hackerrun.com/doku.php Messing with evites http://www.i-hacked.com/content/view/293/2/ http://www.csoonline.com/article/661365/evite-program-easily-tampered-with-researcher-says Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats. Upcoming events #BSidesHalifax (5 Mar 2011) #BSidesGSO Greensboro, NC (9 Mar 2011) CanSecWest2011 (9 - 11 Mar 2011) #BSidesAustin (11 - 12 March 2011) http://www.keepsecu

Securabit Episode 75:  Booze over IP February 9, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling  – @chrisgerling Christopher Mills – @thechrisam Jason Mueller – @securabit_jay Andrew Borel –  @andrew_secbit Tony  (myne-us)  – @myne_us Guests: Mike Dahn twitter:  @mikd Joe Gottlieb Twitter: joe_gottlieb General topics: Mike:Bsides origins and other.  http://chaordicmind.com/blog/ Joe: Open Security Intelligence http://www.opensecurityintelligence.com/ On Monday, February 14th, SIEM and log management vendor SenSage will introduce the Open Security Intelligence forum to the security community to become involved in. The concept of the community is to share best practices in open security analytics to improve our collective security defenses. Specifically, Joe Gottlieb, President and CEO of SenSage would like to discuss: - Current challenges with today’s SIEM tools, which are a decade old - Why security analytics needs to be ‘open’ - Why integrating business intelligenc

Securabit Episode 74: Podcasting in the Dark with Brian Krebs January 26, 2011 Hosts: Anthony Gartner – @anthonygartner http://anthonygartner.com Chris Gerling  – @chrisgerling Christopher Mills – @thechrisam Andrew Borel –  @andrew_secbit Guests: Brian Krebs - @briankrebs - http://krebsonsecurity.com/ General topics: I recall reading about various greeting card based attacks over the years.  Do you think they've all been originated by the same folks who did this one?  Or at least, with the same goals in mind? How prevalent do you think ATM skimmers are?  What are some ways the common person can look out for them? Do you think financial institutions are getting better at educating their customers about the protections provided/not provided under Regulation E? Do you anticipate payment processing centers becoming a bigger target for criminals vs the individual businesses? Since many financials are under pressure from new reserve requirements, do you think new security requirements will force smaller fin