
450.6K
Downloads
81
Episodes
The Hacker Mind is an original podcast from the makers of Mayhem Security. It’s the stories from the individuals behind the hacks you’ve read about. It’s about meeting some of the security challenges in software through advanced techniques such as fuzz testing. It’s a view of the hackers and their world that you may not have heard before.
Episodes

Tuesday Sep 19, 2023
EP 80: Ghost Token
Tuesday Sep 19, 2023
Tuesday Sep 19, 2023
What if an GPC project OAUTH access token wasn’t deleted? This could expose databases to bad actors. Tal Skverer from Astrix discusses his DEF CON 31 presentation GhostToken: Exploiting Google Cloud Platform App Infrastructure to Create Unremovable Trojan Apps. Transcript here.

Wednesday Sep 06, 2023
EP 79: Conducting Incident Response in Costa Rica Post Conti Ransomware
Wednesday Sep 06, 2023
Wednesday Sep 06, 2023
How do you conduct an incident response for an entire country? When it’s 27 different life-critical government ministries each with up to 850 individual devices -- that’s uncharted territory. Esteban Jimenez of ATTI Cyber talks about his experience with the reconstruction of the cybersecurity system following Conti, how the country handled a second ransomware attack from the Hive ransomware group, and we'll discuss what yet remains to be done to secure Costa Rica -- and other Latin American countries from future attacks. Transcript here.

Tuesday Aug 22, 2023
EP 78: Defending Costa Rica From Conti Ransomware
Tuesday Aug 22, 2023
Tuesday Aug 22, 2023
What is is like to hack an entire country, to take it’s government services offline, to deny a government an ability to function? Costa Rica knows. Esteban Jimenez of ATTI Cyber has been helping Costa Rica improve its cybersecurity posture for more than 16 years, and he has been helping them recently recover from a crippling ransomware attack in April 2022 that hit 28 ministries of the government. Central and Latin America appear to be a new playground for bad actors testing new malware. But Central and Latin America are learning how to fight back. Transcript here.

Tuesday Aug 08, 2023
EP 77: Security Chaos Engineering with Kelly Shortridge
Tuesday Aug 08, 2023
Tuesday Aug 08, 2023
Speaking at Black Hat 2023, Kelly Shortridge is bringing cybersecurity out of the dark ages by infusing security by design to create secure patterns and practices. It’s a subject of her new book on Security Chaos Computing, and it’s a topic that’s long overdue to be discussed in the field. Transcript.

Tuesday Jul 25, 2023
EP 76: Hacking Medical Systems
Tuesday Jul 25, 2023
Tuesday Jul 25, 2023
Are we doing enough to secure our health delivery organizations? Given the rise of ransomware attacks, one could day we are not. Karl Sigler from Trustwave SpiderLabs, talks about a new report that his team has written that is focused on the threat landscape for medical devices and the healthcare industry in general. Transcript here.

Tuesday Jul 11, 2023
EP 75: Hacking .Mil And Other TLD Domains (Ethically)
Tuesday Jul 11, 2023
Tuesday Jul 11, 2023
Internet domains are brittle. One could hack into a military, a foreign government, or even global commercial web services domain using flaws in the underlying architecture. Fredrik Nordberg Almroth, co-founder of Detectify, talks about how he did just that -- hack .mil, hack the top level domain of the Democratic Republic of Congo, and even Gmail or Wordpress -- just by looking for basic misconfigurations. Transcript.

Tuesday Jun 27, 2023
EP 74: Disarming Document Threats
Tuesday Jun 27, 2023
Tuesday Jun 27, 2023
Phishing is everywhere. Who among us has not seen phish in their inbox? Aviv Grafi, from Votiro, gets into the weeds about how malicious documents are formed and how they might (despite good secure posture) still end up in your inbox or browser. He’s created a rather novel method to strip out the good content from the bad without affecting your overall productivity. And maybe, just maybe, stop phishing as a viable attack vector.

Tuesday Jun 13, 2023
EP 73: Hacking Human Behavior
Tuesday Jun 13, 2023
Tuesday Jun 13, 2023
Could the nudges and prompts like those from our Fitbits and Apple watches be effective in enforcing good security behavior as well? Oz Alashe, CEO and founder of CybSafe, brings his experience in the UK Intelligence Community to the commercial world along with some solid science around what motivates us to make changes in our lives. It’s not just one-off phishing examples, it’s also about providing positive feedback, even gamification, to make things stick in future insider trust programs.
Transcript here.

Tuesday May 30, 2023
EP 72: Tales From A Ransomware Negotiator
Tuesday May 30, 2023
Tuesday May 30, 2023
Say you’re an organization that’s been hit with ransomware. At what point do you need to bring in a ransomware negotiator? Should you pay, should you not? Mark Lance, the VP of DFIR and Threat Intelligence for GuidePoint Security, provides The Hacker Mind with stories of ransomware cases he’s handled and best practices for how to handle such an event.

Wednesday May 17, 2023
EP 71: The Internet As A Pen Test
Wednesday May 17, 2023
Wednesday May 17, 2023
Small to Medium Business are increasingly the target of APTs and ransomware. Often they lack the visibility of a SOC. Or even basic low level threat analysis. Chris Gray of Deepwatch talks about the view from the inside of a virtual SOC, the ability to see threats against a large number of SMB organizations, and the changes to cyber insurance we’re seeing as a result.