January 4, 2022
This is the story of a film star who connected the simple concept behind a player piano to complex communication technology in use in our devices today.
Hedy Lamarr is perhaps best known for the dozen or so motion pictures she made -- and as the most beautiful woman in the world -- but did you know that she also co-patented the frequency hopping spread spectrum technology that is the foundation for cellular, Wi-Fi, and even Bluetooth communications?
December 14, 2021
Fuzzing makes it possible to locate vulnerabilities even in “safe” environments like Erlang, a language designed for high availability and robust services.
Jonathan Knudsen from Synopsys joins The Hacker Mind to discuss his presentation at SecTor 2021 on fuzzing common message brokers such as RabbitMQ and VerneMQ, both written in Erlang, demonstrating that any type of software in any environment can still be vulnerable.
November 30, 2021
So you’ve been hit with ransomware and, for whatever reason, you paid the bitcoin but now the decryptor doesn’t work. Who are you going to call for help?
Paula Januszkiewicz, from Cqure, joins The Hacker Mind to discuss her two presentations at SecTor 2021 on digital forensics. She talks about the various ways criminal hackers hide their work, what happens after ransomware hits on a system, how investigators go about looking for recovery information, and what type of skills those practitioners need to succeed.
November 16, 2021
AI is almost good enough at simulating human activity to defeat the biometric systems designed to fight fraud, effectively putting us back at square one.
Iain Paterson and Justin Macorin join The Hacker Mind podcast to share insights from their SecTor 2021 talk on hacking behavioral biometrics. If an adversarial actor wants to simulate user behavior, that actor can use techniques similar to those that a behavioral biometrics firm would use to detect abnormal usage. The researchers predict that soon it'll be hard to tell a human user at the keyboard, or at the mouse, from a bot or AI-driven entity.
November 2, 2021
Traditional anti-malware research relies on customer systems but what if a particular malware wasn’t on the same platform as your solution software?
Marc-Etienne M.Léveillé from ESET joins The Hacker Mind podcast to talk about the challenges of building his own internet scanner to scan for elusive malware. Speaking at this year’s SecTor 2021, he shares some of his findings on Kabolos, a stealthy malware that uses SSH credentials to hide, that is perhaps exposed much easier through scanning the IPv4 space -- all 3.7 billion addresses.
October 19, 2021
Ghost #1 was a digital film server that should have stayed blacklisted but due to a unique software flaw it continued to produce pirated films.
Patrick Von Sychowski from the Celluloid Junkie joins the Hacker Mind podcast to discuss his SecTor 2021 talk on Ghost #1, explaining how the transition from 35mm to digital in theaters and how the unique third iteration of cinema in China also allowed this digital projector to evade anti-piracy safeguards for nearly three years. He credits one engineer at the Chinese propaganda department for helping solve a mystery that resulted in the largest film piracy takedown operation of all time, anywhere in the world.
October 5, 2021
In 2016, the Mirai IoT botnet shut down part of the internet, yet variations still plague us today. Maybe our current approach to IoT botnets isn’t working?
Ali Davanian and Ahmad Darki join the Hacker Mind podcast to discuss their Black Hat USA 2021 talk and their tool, CnCHunter, which looks for active CnC servers that can be discovered, so law enforcement can take them down, or at least networks can block them, effectively denying them access to the 100s of thousands of compromised devices worldwide.
September 21, 2021
What role does technology play in facilitating intimate partner abuse? What role might the security industry have in identifying or even stopping it?
Martijn Grooten and Lodrina Cherne join the The Hacker Mind podcast to discuss their Black Hat USA 2021 presentation. They talk about how software and IoT companies can avoid becoming the next Black Mirror episode and share resources that can help survivors (and those who want to help them) deal with the technology issues that can be associated with technologically facilitated abuse.
September 7, 2021
PPP wanted to give their past high school selves the infosec education they didn’t have. But if you think picoCTF is only for HS students, think again.
Megan Kearns of Carnegie-Mellon University's Cylab joins The Hacker Mind to talk about the early days and the continued evolution of this popular online infosec competition site. No matter what your age or interest level, picoCTF probably has something new for you to learn.
August 24, 2021
At Black Hat USA 2021, two researchers presented how they used their own fuzzer designed for hypervisors to find a critical vulnerability in Microsoft Azure.
Ophir Harpaz and Peleg Hadar join The Hacker Mind to discuss their journey from designing a custom hypervisor fuzzer to identifying a vulnerability within Hyper-V and how their new research tool, hAFL1, can benefit others looking to secure cloud architectures.
