show episodes
 
Cybersecurity with 1337% ABV. BarCode is a place where Cybersecurity professionals can unite in a relaxed atmosphere while getting to hear experts opensource their wisdom and insight....outside of conference walls. Untap the knowledge of an industry guru, find out what fuels their drive, or simply kick back, relax, and listen to their story. Due to COVID-19 restrictions, most bars are limited or closed for on-prem service. Therefore, each episode will feature Tony, a virtual bartender who wi ...
 
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2005 was held July 27-28 in Las Vegas at Caesars Palace. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-05/bh-usa-05-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washi ...
 
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html Black Hat Briefings bring together a unique mix in security: the best minds from governm ...
 
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2006 was held August 2-3 in Las Vegas at Caesars Palace. Two days, fourteen tracks, over 85 presentations. Dan Larkin of the FBI was the keynote speaker. Celebrating our tenth year anniversary. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-06/bh-usa-06-index.html Black Hat Briefings bring together a unique mix in security: the best minds from governm ...
 
Past speeches and talks from the Black Hat Briefings computer security conferences. Black Hat Briefings Japan 2004 was held October 14-15 in Tokyo at the at the Tokyo International Exchange Center. Two days, two tracks. Raisuke Miyawaki was the keynote speaker.Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages. A post convention wrap up can be found at http://www.blackhat.com/html/bh-asia-04/bh-jp-04-index.html Black ...
 
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings in Japan 2006 was held October 5-6 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Mitsugu Okatani, Joint Staff Office, J6, Japan Defense Agency was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages. A post convention wrap up can be found at http://www.blackhat.com/html/b ...
 
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and ...
 
Past speeches and talks from the Black Hat Briefings computer security conferences. Black Hat Briefings Europe was held March 27-30 at the Moevenpick Amsterdam Centre Hotel. Twdays, four different tracks. Roger Cumming, Head of Device Delivery and Knowledge at CPNI (Center for the Protection of National Infrastructure), spoke on "How can the Security Researcher Community Work Better for the Common Good." A post convention wrap up can be found at http://www.blackhat.com/html/bh-europe-07/bh-e ...
 
Past speeches and talks from the Black Hat Briefings computer security conferences. October 17-18 in Tokyo at the Keio Plaza Hotel. Two days, four different tracks. Katsuya Uchida was the keynote speaker. Some speeches are translated in English and Japanese. Unfortunately at this time speeches are not available in Both languages. A post convention wrap up can be found at http://www.blackhat.com/html/bh-japan-05/bh-jp-05-main.html Black Hat Briefings bring together a unique mix in security: t ...
 
Loading …
show series
 
MD5 is trending in 2021...a few kernel vulnerabilities, and some drama around pwn2own. [00:00:26] Update on git.php.net incident https://externals.io/message/113981 [00:06:38] Pwn2Own 2021 - Results https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results [00:18:53] CSGO exploit allows hackers to steal passwords, and V…
 
The 2020 Xfinity Cyber Health Report cites an estimate that 854 million connected-home devices will be shipped by manufacturers in 2020, with that number is projected to grow to nearly 1.4 billion by 2024. Most of the consumers of these products don’t realize is that once a smart devices goes online, it poses serious security risks. Tony Reinert ma…
 
One episode and several failed attempts to fix vulnerabilities, an interesting Rocket.Chat XSS and an exploitable TXT file abusing some weird features. [00:00:46] nOtWASP bottom 10: vulnerabilities that make you cry https://portswigger.net/research/notwasp-bottom-10-vulnerabilities-that-make-you-cry [00:07:28] Click here for free TV! - Chaining bug…
 
The major cause of insecurity is the lack of secure software development practices. It’s crucial to understand the importance of security within the SDLC. Jim Manico is the founder of MANICODE Security where he trains software developers on secure coding and security engineering. He stops by BarCode to help us define “DevSecOps”, building an Effect…
 
Long episode this week as we talk about Google's decision to thwart a western intelligence operation (by fixing vulns), multiple authorization and authentication issues, and of course some memory corruption. [00:00:46] Google's unusual move to shut down an active counterterrorism operation being conducted by a Western democracy https://www.technolo…
 
Overseeing security and privacy challenges in COVID era is an extremely difficult task—and it’s even more complicated if you’re a Healthcare CISO. You must monitor the vital signs of your security program while keeping the pulse on threat vectors and adversaries. Anahi Santiago meets with me at the bar to discuss being a CISO during the pandemic, m…
 
Time to rewrite Linux in Rust? Probably not, but it has landed in linux-next which we talked about. We also look at a couple interesting GitHub vulns, and talk about fuzzing. [00:00:28] Rust in the Linux Kernel https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/rust?id=c77c8025525c36c9d2b9d82e4539403701276a1d https://www.you…
 
The great Philosopher Seneca once said "While we teach, we learn”. The Protege Effect states that the best way to learn is to teach someone else. This powerful theory is further explained by cybersecurity leader and mentor, Naomi Buckwalter during her stop at Barcode. We also get into topics such as cybersecurity mentoring, privacy post-pandemic, c…
 
RCE while cloning a Git repo, injecting video into network cameras, and stealing logins with HTML injection when XSS isn't possible. [00:00:32] Critics fume after Github removes exploit code for Exchange vulnerabilities https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/ https://bornc…
 
Data is always the main target in an attacker’s scope. Therefore, organization’s should take a “data first” approach to preventing a strike that could cripple them with one shot. I catch up with Purandar Das, Founder and CEO of Sotero, to discuss his data protection strategy. Purandar started Sotero with the conviction that today’s data protection …
 
This week we get to take a look into some basic heap grooming techniques as we examine multiple heap overflows. We also briefly discuss the hand-on (by the DoD and Synack) assessment of the "unhackable" morpheus chip, and briefly discuss the new-ish paper claiming to defeat RSA. [00:00:53] "This destroys the RSA cryptosystem." - Fast Factoring Inte…
 
Debbie Reynolds, AKA “The Data Diva,” is a world-renowned technologist, thought leader and advisor to multinational corporations for handling global data privacy, cyber data breach response, and complex cross-functional data-driven projects. She's also an internationally published author, highly sought-after speaker, and top media presence for glob…
 
This week we talk a bit about newly released Black Hat 2020 and NDSS 2021 presentation videos, before jumping into several pre-auth RCEs, and some interesting exploitation research to bring a PAC enforced Shadow Stack to ARM and an examination of JSON parser interoperability issues. [00:00:41] Microsoft open sources CodeQL queries used to hunt for …
 
We can't believe it's here but today marks our first ever season finale. We're going out with a bang - or a Spark - by discussing two of the most iconic millennial romances, written by multi-millionaire Nicholas Sparks. First up, it's the Shane West/Mandy Moore leukemia love story "A Walk to Remember" featuring a score by Moore and emo Christian ro…
 
A couple privacy violations, PDF exploits, and a complicated API being misused by developers. [00:00:48] Brave browser leaks onion addresses in DNS traffic https://ramble.pw/f/privacy/2387 [00:07:05] Tales of Favicons and Caches: Persistent Tracking in Modern Browsers https://www.ndss-symposium.org/ndss-paper/tales-of-favicons-and-caches-persistent…
 
An aviator is an expert of the skies and must know how to properly navigate through clouds. Fully understanding cloud formations and their potential dangers when flying is a vital part their profession. Flying through clouds is just like driving through fog – little visibility can represent extreme danger for those unaware of the circumstance. To h…
 
The 90s and 2000s might be the most ubiquitous time for romantic comedies, but they also gave us some of the most truly unhinged entries the genre had to offer. This week, we're discussing a pair of malicious magazine themed rom-coms that pair a couple of successful sociopaths and unemployed losers as they search for love in the big city (and Bosto…
 
"Beg Bounty" hunters, dependency confusion, iOS kernel vuln, and how not to respond to security research. [00:00:59] Florida Water Treatment Facility Hacked https://twitter.com/Bing_Chris/status/1358873543623274499 [00:09:19] Have a domain name? "Beg bounty" hunters may be on their way https://news.sophos.com/en-us/2021/02/08/have-a-domain-name-beg…
 
Often, data goes Absent Without Official Leave. No one within the organization grants it permission to vacate the premises. How do organizations protect and secure their data and stay ahead of the bad actors? A data breach is the intentional or unintentional release of private/confidential information to an untrusted environment. It's extremely cru…
 
We signed up for a free week of Peacock Premium so that we could endure six hours of BDSM-lite and talk about what we learned for you, our loyal listeners. That's right: we watched all three "Fifty Shades" movies and now we get to discuss the transfixing effect they had on us with our favorite horny correspondent, Johnny Langan. Grab your favorite …
 
A lot of discussion this week about OSS security and security processes, an iOS kernel type confusion and MediaTek Bootloader bypass impacting everything since atleast 2014. [00:04:54] Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source https://security.googleblog.com/2021/02/know-prevent-fix-framework-…
 
We're kicking off our month long series of Rotten Romances with a couple of supernatural fuckboys and the doctors that love them unconditionally. First up, it's the "holy shit I can't believe this actually exists" 1998 studio bomb "Meet Joe Black" starring Anthony Hopkins as the lamb sandwich loving rich guy who's about to watch his daughter (Clair…
 
To defend against modern day hackers, you must train your mind to think like one. Ted Harrington is the author of "HACKABLE: How To Do Application Security Right", which is an Amazon BEST SELLER in 9 Categories. He is also Executive Partner at Independent Security Evaluators (ISE), the security organization famous for hacking everything from cars t…
 
Starting with a long discussion about the North Korean hackers targeting security reseachers, and some thoughts (rants) about the newly released Windows exploit dev course from Offensive Security before getting into some real exploits including NAT Slipstreaming 2.0 and a new Sudo vuln. [00:00:52] About the security content of iOS 14.4 and iPadOS 1…
 
How do Ouija Boards work? What makes this movie so scary? And which movie had the highest ROI of all time? Listen now to find out! Scott Croco and Jay Holavarri unhack Paranormal Activity (2007). A young couple records video of freaky happenings inside their home. Paranormal Activity (2007)! Episode Log: Summary of Paranormal Activity's story/plot …
 
Hola Chica. It's our second installment of Auteur Misfires, where we pay tribute to a pair of rotten films from otherwise acclaimed auteurs. Were they misfires or just misunderstood? This time, we're going deep undercover with two of Michael Mann's most divisive thrillers: the 2006 update of his hit 1980s series "Miami Vice" starring Colin Farrell …
 
A "Suplex" is an offensive move used in wrestling by which an attacker uses his weight to throw a defender. Phillip Wylie’s unusual journey into the field of cybersecurity is preceded by his career as a powerlifter and pro wrestler for the WCW. He has since taken full control in the industry as an offensive security professional. He is an establish…
 
This week is a shorter episode, but still some solid bugs to look at. From a full chain Chrome exploit, to a Kindle chain from remote to root and a eBPF incorrect calculation leading to OOB read/write. [00:00:41] Albicla launch clusterfuck https://www.reddit.com/r/programminghorror/comments/l25ppk/albicla_launch_clusterfuck/ [00:04:41] [NordVPN] RC…
 
TW: This episode does contain discussion of rape, abuse and domestic violence.This week, we're taking a look back at a pair of divisive teen true crime dramas: the sweaty, lurid Florida-set thriller "Bully" from provocateur Larry Clark and Nick Cassavetes' San Fernando Valley-based drama "Alpha Dog." Both films were met with their own set of contro…
 
Several lockscreen-related vulnerabilities this week, a cross-site leak, and the hijacking of all .cd domains. One important thing to mention about this weeks episode that was neglected during the discussion is that the BitLocker Lockscreen Bypass is a lockscreen bypass. It does not necessarily provide access to data Bitlocker protects. If Bitlocke…
 
In our most personal episode to date, we're serving up our thoughts on a pair of rotten restaurant industry movies: the 2005 gross-out comedy "Waiting" with a pre-Deadpool era Ryan Reynolds, Anna Faris and Justin Long, and the 2015 bad boy chef drama, "Burnt" starring Bradley Cooper, Sienna Miller and Matthew Rhys. Is it possible to make a good res…
 
Grayson Milbourne is the Security Intelligence Director for Webroot, Inc., an OpenText company that focuses on endpoint security and threat intelligence. He joins me at the bar to discuss new and emerging threats, securing our homes during the COVID era, IoT security and cybersecurity trends we should expect to develop in 2021 and beyond. Deepfake …
 
A new universal deserialization gadget for Ruby, a Rocket.Chat SAML auth bypass, and some heap exploitation research. [00:00:36] Cybersecurity Knowledge and Skills Taught in Capture the Flag Challenges https://arxiv.org/pdf/2101.01421v1.pdf [00:10:36] Universal Deserialisation Gadget for Ruby 2.x-3.x https://devcraft.io/2021/01/07/universal-deseria…
 
Since the holidays are over, we're back to our regularly scheduled programming. This week, we're evaluating two feminist themed rehabilitation dramas: the 1999 cult favorite "Girl, Interrupted" starring 90s royalty Winona Ryder, podcast favorite Brittany Murphy and an Academy Award winning performance by Angelina Jolie, as well as the underseen Mar…
 
An update on Apple v. Corellium, some 3DS vulnerabilities, and some drama on this weeks episode. [00:00:34] Remote Chaos Experience https://media.ccc.de/c/rc3 [00:20:06] Apple Inc. v. Corellium, LLC https://www.courtlistener.com/docket/16064642/784/apple-inc-v-corellium-llc/ [00:28:17] The Great Suspender - New maintainer is probably malicious http…
 
Loading …

Quick Reference Guide

Copyright 2021 | Sitemap | Privacy Policy | Terms of Service
Google login Twitter login Classic login