The Hacker Mind
EP 37: A Hacker From Hollywood

EP 37: A Hacker From Hollywood

January 4, 2022

This is the story of a film star who connected the simple concept behind a player piano to complex communication technology in use in our devices today.

Hedy Lamarr is perhaps best known for the dozen or so motion pictures she made -- and as the most beautiful woman in the world -- but did you know that she also co-patented the frequency hopping spread spectrum technology that is the foundation for cellular, Wi-Fi, and even Bluetooth communications?

EP 36: Fuzzing Message Brokers

EP 36: Fuzzing Message Brokers

December 14, 2021

Fuzzing makes it possible to locate vulnerabilities even in “safe” environments like Erlang, a language designed for high availability and robust services.

Jonathan Knudsen from Synopsys joins The Hacker Mind to discuss his presentation at SecTor 2021 on fuzzing common message brokers such as RabbitMQ and VerneMQ, both written in Erlang, demonstrating that any type of software in any environment can still be vulnerable.

EP 35: Digital Forensics

EP 35: Digital Forensics

November 30, 2021

So you’ve been hit with ransomware and, for whatever reason, you paid the bitcoin but now the decryptor doesn’t work. Who are you going to call for help?

Paula Januszkiewicz, from Cqure, joins The Hacker Mind to discuss her two presentations at SecTor 2021 on digital forensics. She talks about the various ways criminal hackers hide their work, what happens after ransomware hits on a system, how investigators go about looking for recovery information, and what type of skills those practitioners need to succeed.

EP 34: Hacking Behavioral Biometrics

EP 34: Hacking Behavioral Biometrics

November 16, 2021

AI is almost good enough at simulating human activity to defeat the biometric systems designed to fight fraud, effectively putting us back at square one.

Iain Paterson and Justin Macorin join The Hacker Mind podcast to share insights from their SecTor 2021 talk on hacking behavioral biometrics. If an adversarial actor wants to simulate user behavior, that actor can use techniques similar to those that a behavioral biometrics firm would use to detect abnormal usage. The researchers predict that soon it'll be hard to tell a human user at the keyboard, or at the mouse, from a bot or AI-driven entity.

EP 33: Scanning the Internet

EP 33: Scanning the Internet

November 2, 2021

Traditional anti-malware research relies on customer systems but what if a particular malware wasn’t on the same platform as your solution software?

Marc-Etienne M.Léveillé from ESET joins The Hacker Mind podcast to talk about the challenges of building his own internet scanner to scan for elusive malware. Speaking at this year’s SecTor 2021, he shares some of his findings on Kabolos, a stealthy malware that uses SSH credentials to hide, that is perhaps exposed much easier through scanning the IPv4 space -- all 3.7 billion addresses.

EP 32: The Hunt For Ghost #1

EP 32: The Hunt For Ghost #1

October 19, 2021

Ghost #1 was a digital film server that should have stayed blacklisted but due to a unique software flaw it continued to produce pirated films.

Patrick Von Sychowski from the Celluloid Junkie joins the Hacker Mind podcast to discuss his SecTor 2021 talk on Ghost #1, explaining how the transition from 35mm to digital in theaters and how the unique third iteration of cinema in China also allowed this digital projector to evade anti-piracy safeguards for nearly three years. He credits one engineer at the Chinese propaganda department for helping solve a mystery that resulted in the largest film piracy takedown operation of all time, anywhere in the world.

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

EP 31: Stopping the Mirai IoT Botnet, One CnC Server At A Time

October 5, 2021

In 2016, the Mirai IoT botnet shut down part of the internet, yet variations still plague us today. Maybe our current approach to IoT botnets isn’t working? 

Ali Davanian and Ahmad Darki join the Hacker Mind podcast to discuss their Black Hat USA 2021 talk and their tool, CnCHunter, which looks for active CnC servers that can be discovered, so law enforcement can take them down, or at least networks can block them, effectively denying them access to the 100s of thousands of compromised devices worldwide.

EP 30: Surviving Stalkerware

EP 30: Surviving Stalkerware

September 21, 2021

What role does technology play in facilitating intimate partner abuse? What role might the security industry have in identifying or even stopping it?

Martijn Grooten and Lodrina Cherne join the The Hacker Mind podcast to discuss their Black Hat USA 2021 presentation. They talk about how software and IoT companies can avoid becoming the next Black Mirror episode and share resources that can help survivors (and those who want to help them) deal with the technology issues that can be associated with technologically facilitated abuse. 

EP 29: Learn Competitive Hacking with picoCTF

EP 29: Learn Competitive Hacking with picoCTF

September 7, 2021

PPP wanted to give their past high school selves the infosec education they didn’t have. But if you think picoCTF is only for HS students, think again. 

Megan Kearns of Carnegie-Mellon University's Cylab joins The Hacker Mind to talk about the early days and the continued evolution of this popular online infosec competition site. No matter what your age or interest level, picoCTF probably has something new for you to learn.

 

EP 28: Fuzzing Hyper-V

EP 28: Fuzzing Hyper-V

August 24, 2021

At Black Hat USA 2021, two researchers presented how they used their own fuzzer designed for hypervisors to find a critical vulnerability in Microsoft Azure. 

 

Ophir Harpaz and Peleg Hadar join The Hacker Mind to discuss their journey from designing a custom hypervisor fuzzer to identifying a vulnerability within Hyper-V and how their new research tool, hAFL1, can benefit others looking to secure cloud architectures.

Podbean App

Play this podcast on Podbean App