The Hacker Mind
EP 20: MITRE ATT&CK Evaluations

EP 20: MITRE ATT&CK Evaluations

May 4, 2021

MITRE ATT&CK catalogs the known tactics, techniques, and procedures of past advanced persistent threats, providing a roadmap for any red or blue team.

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it.

EP 19: Hacking IoT

EP 19: Hacking IoT

April 20, 2021

It seems everything smart is hackable, with startups sometimes repeating security mistakes first made decades ago. How then does one start securing IoT?

In this episode, Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things. They talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices today.

EP 18: Hacking Diversity

EP 18: Hacking Diversity

April 6, 2021

You’d think that having an amazing resume, a couple of bug bounties, or a CTF win would land you that dream infosec job. For many, though, that isn’t true.

That’s why Tennisha Martin founded Black Girls Hack, an organization designed to help the next generation receive the skills and experience they need to land jobs in the C-suites, and perhaps begin to address the acute shortage of infosec professionals with qualified people of color.

EP 17: Shellshock

EP 17: Shellshock

March 23, 2021

Shortly after OpenSSL’s Heartbleed, Shellshock was discovered lurking in Bash code two decades old. How could open source software be vulnerable for so long?

This episode looks at how fuzz testing has evolved over the years, how open source projects have for the most part gone untested over time, and how new efforts to match fuzzing to software development are today helping to discover dangerous new vulnerabilities before they become the next Shellshock.

EP 16: The Gentle Art of Lockpicking

EP 16: The Gentle Art of Lockpicking

March 9, 2021

What is the allure of lockpicking at hacker conferences? In this episode Deviant Ollam explains why these mechanical puzzles remain popular with hackers.

Ollam, who was an early member of Toool, The Open Organization of Lockpickers, discusses his career as a physical pen tester and also shares some basic lockpicking hacks.

EP 15: So You Want To Be A Pentester

EP 15: So You Want To Be A Pentester

February 23, 2021

To help more people become penetration testers, Kim Crawley and Phillip L. Wylie wrote The Pentester BluePrint: Starting A Career As An Ethical Hacker

 

In this episode of The Hacker Mind, Kim talks about the practical steps anyone can take to gain the skills and confidence necessary to become a successful pentester -- from gaining certifications, to building your own lab, to participating in bug bounties and even CTFs. 

EP 14: The Right To Repair

EP 14: The Right To Repair

February 9, 2021

How do the current DMCA laws impact those who hack digital devices? And why doesn’t the basic right to repair our devices extend into the digital world?

To answer these questions, Paul Roberts, Editor-in-Chief of The Security Ledger, has founded securepairs.org, a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. In this episode of The Hacker Mind, Paul talks about the consequences of not paying enough attention today.

EP 13: Shall We Play A Game?

EP 13: Shall We Play A Game?

January 26, 2021

Capture the Flag is a game, a community, and a really cool hacker culture. But will we one day stream CTFs like we do World of Warcraft or League of Legends?

Whether it’s designing or just playing CTFs, John Hammond knows a lot about the gamification of infosec. He even has his own YouTube channel where he shares what he’s learned from different challenges. In this episode of The Hacker Mind John shares his experiences building and executing his own CTFs.

EP 12: Hacking Healthcare

EP 12: Hacking Healthcare

January 12, 2021

After breaches like SolarWinds, companies pledge to improve their digital hygiene. What if they don’t? And what parallels might infosec learn from COVID-19?

In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. Mike notes how some basic rules of physical hygiene that can slow the spread of COVID-19 can also map into the digital world.

EP 11: Hacking OpenWRT

EP 11: Hacking OpenWRT

December 8, 2020

For three years OpenWRT had a severe validation problem with its download package manager, until a fuzz tester found and reported the vulnerability.  

 

In this episode, Guido Vranken talks about his approach to hacking, about the differences between memory safe and unsafe languages, his use of fuzz testing as a preferred tool, and how he came to discover the validation error in OpenWRT, as well as a serialization error in Cereal, and other vulnerabilities. 

Podbean App

Play this podcast on Podbean App