Logo
    Search

    Podcast Summary

    • The Robot Arrest Incident and HD Moore's Path to Internet SecurityCuriosity can lead to unexpected career paths, as demonstrated by HD Moore's journey from exploring ways to connect to computers in the 90s to becoming an internet security expert. Stay curious and explore new ideas.

      The 1982 incident of a robot being arrested by the police was caused by two teenage boys remotely controlling it to hand out business cards. This incident caused a commotion, leading to the police disconnecting its power source and taking it into custody. Back then, the concept of a robot handing out business cards was a novel idea, but today, it would hardly be noticed. The lack of websites in the 90s caused people to search for ways to connect to computers by dialing numbers, which led to HD Moore's curiosity in finding computers available to outsiders for connection. This curiosity eventually sparked his interest in security research, which led him to become an internet security expert.

    • How Phrack Chat and Hacker Magazines Transformed the Game of Hacking and Pen Testing in the 90sIn the 90s, Phrack Chat and hacker magazines served as key resources for learning hacking skills, leading to the recruitment of talented hackers for DoD contractors and the birth of startups like Digital Defense. However, finding exploits remained a challenge, with outdated exploits from hacker websites serving as a last resort.

      Phrack chat channel and hacker magazines like Phrack served as significant resources for learning hacking skills in the 90s. HD, a high school student, got recruited through Phrack for a job with a DoD contractor building offensive tooling for red teams inside the Air Force. Later, HD co-founded the startup Digital Defense to provide security assessments. However, back in the late 90s, exploits were hard to come by, making it challenging for pen testers to demonstrate to the clients that their systems were vulnerable. The pen testers needed to exploit the system to prove what could go wrong if the clients don't update and act like an adversary would. Finding exploits was a hard part, but some hacker websites would have outdated exploits that could be downloaded.

    • What is Metasploit and How Does it Simplify Exploit Toolkits?Metasploit simplifies the process of building an exploit toolkit by providing a single application with trusted and uninfected exploits. It allows users to choose which exploit to use and input parameters to launch it on the target. With lego-like payload options, payloads can be easily assembled and injected into a system after penetration. The tool constantly updates to include new vulnerabilities.

      Metasploit, developed by HD Moore, is an exploit toolkit used for security assessments that provides a basic collection of vulnerabilities. It allows users to pick and choose which exploit to use and input parameters to launch it on the target. Prior to Metasploit, gathering exploits was not easy and building an exploit toolkit in-house was the only option. Metasploit made this process easier by providing a single application with loads of trusted and uninfected exploits. Metasploit 2 simplified the process of assembling an exploit by introducing lego-like payload options. Payloads are actions that are taken after penetrating a system and are injected into the computer via the exploit. The tool is constantly updated to include new vulnerabilities.

    • Understanding the role of Metasploit in network security and the potential liability issues.When used properly, tools like Metasploit can help companies identify vulnerabilities and improve their security, but it's important to approach their use with caution and consideration for potential liability issues.

      Metasploit is a modular tool that makes hacking easier. It allows the user to pick the exploit, pick the payload, and then choose the target. The tool's primary advantage is the ability to randomize its parts to evade antivirus software. This is because securing a network needs to be multilayered, and antivirus should only be used as a last layer of defense in case everything else fails. However, understandably, some companies are wary of exploiting tools like Metasploit due to the potential liability issues. Though these tools can be dangerous, they have an important role in penetration testing and helping companies secure their networks by identifying possible vulnerabilities.

    • The ethical and legal considerations of hacking tools: A case study of Metasploit.The creation and distribution of hacking tools such as Metasploit require careful consideration of the ethical and legal implications. While they are crucial for penetration testing, understand the potential risks and consequences before designing or sharing them.

      Creating and distributing hacking tools is a double-edged sword. Penetration testers need attack tools to assess a company's vulnerabilities, but designing and sharing these tools can come with legal and ethical risks. The decision to release Metasploit as a free, open-source tool was met with resistance and even hostility from the cybersecurity community. However, this tool revolutionized the way penetration testers worked and made their job much easier. Metasploit continues to be a valuable resource today, but its creation and distribution highlight the complex ethical and legal considerations that come with designing and using hacking tools.

    • The Importance of Vulnerability Reporting Despite the Risks and BacklashDespite the potential risks, reporting unknown vulnerabilities to the relevant teams for fixing and contributing to the community is essential for creating a safe and secure digital environment. Determination and motivation are necessary to overcome pressure to bury vulnerabilities.

      Publishing exploits can lead to personal attacks, DDoS attacks on the employer's website, identity theft, and more. Despite the backlash, it's important to report unknown vulnerabilities to the relevant teams for fixing. Having a tool like Metasploit can help in creating exploits from vulnerabilities and contributing them to the community. However, there will always be pressure from various sources, including security vendors and business partners, to bury vulnerabilities and prevent their publication. It takes determination and motivation to continue working on such projects in the face of cancel culture and pressure from various sources, but it is crucial to ensure a safe and secure digital environment for all.

    • HD Moore Hacks Back Against Black Hat HackersHD Moore countered a DDoS attack on his website by hijacking the attackers' botnet. The hacktivist community's infighting and attacks can result in years of trolling and chaos.

      HD Moore was targeted by black hat hackers who were angry over a vulnerability he published, resulting in DDoS attacks on metasploit.com. HD used his expertise to hijack their botnet by pointing the site to their command and control servers, essentially flooding their own servers. They lost their botnet and eventually contacted HD to plead for its return. He felt like an outsider in all the groups he associated with, including the Phrack channel, the DoD and his professional relationships. The hacktivist community is known for infighting and attacking each other's websites. However, HD did not see his attacks as friendly and they led to years of trolling and chaos.

    • Overcoming Resistance to Reporting VulnerabilitiesWhile it's important to report vulnerabilities, some may encounter resistance from security teams or companies. Pushing through and persisting in reporting can lead to important discoveries and successes.

      Hackers go to great lengths to find unknown vulnerabilities in software. While it's important to report these vulnerabilities to the vendor, some individuals have a history of difficult interactions with security teams. For example, reporting bugs to Microsoft as a teenager resulted in a series of strange interactions with the nascent security team. Later on, while working for a Microsoft partner, the company did not like having vulnerabilities reported and put pressure on coworkers and the CEO to get rid of the hacker. This experience caused the hacker to develop a chip on their shoulder and drove them to push even harder. The ultimate result was discovering a vulnerability in a fully-patched Windows computer during a Capture the Flag challenge.

    • The evolution of Microsoft's approach to vulnerability disclosurePublic disclosure of vulnerabilities is necessary to test and improve security measures, and companies should prioritize transparency and collaboration with researchers to ensure their products are secure.

      Microsoft used to hide vulnerabilities and pressurized the researchers to not disclose them. But with the priority of security as the business, they started the Trustworthy Computing Group in 2002. The vendors used to sit on vulnerabilities for years without disclosing them to the public. HD found a vulnerability that was causing issues with the conference and Microsoft was pressurizing him not to disclose it publicly. Later, someone found the same bug and reported it to Microsoft, after which they fixed it. HD and his friends found 600-700 vulnerabilities in Microsoft's Internet Explorer, but the vendors were not moving on it. The public disclosure of a vulnerability helps in testing your mitigations, controls, and detection to work the way they're supposed to.

    • The Importance of Independent Security Research and Corporate Responsibility for Product VulnerabilitiesMicrosoft's security issues led to the rise of Metasploit and the realization that companies can't control what people do with their product vulnerabilities. Accepting the importance of independent security research, Microsoft improved their security measures.

      Microsoft's security issues with ActiveX and Internet Explorer caused them to offer jobs to vulnerability researchers and improve their bug handling process. This led to the rise of Metasploit as a tool for pen testers and the realization that companies cannot control what people do with bugs found in their products. HD, a well-known vulnerability researcher, was offered a job by Microsoft but declined due to concerns about the company's motives. Microsoft eventually invited outside researchers to their internal conference and started to improve their security measures. The story highlights the importance of independent security research and the need for companies to take responsibility for the vulnerabilities in their products.

    • Why Responsible Disclosure is Key for CybersecurityWhen disclosing vulnerabilities, privately informing software makers and allowing time for fixing is safer than publishing publicly. A 90-day policy can be effective in ensuring quick fixes and discouraging criminal use of vulnerabilities.

      When it comes to disclosing vulnerabilities, responsible disclosure is the best approach. Though faster, publishing a vulnerability publicly on the internet can put a lot of people at risk, allowing criminals to use it before it gets fixed. It's better to privately inform the software makers and give them time to fix it. If they fail to fix it, a third party like US-CERT can be involved to reduce pressure on individual researchers and ensure the vulnerability is fixed. Some groups like Google and Trend Micro adopt a 90-day policy where the vendor gets 90 days to fix a flaw before it becomes public. By playing this hardball, vendors act quicker, and the product will be fixed.

    • The Power and Risks of Metasploit's Meterpreter PayloadMeterpreter is a powerful tool that can grant full access to a target computer, but its capabilities can also be abused, making it a highly sophisticated and dangerous malware. Vendors face challenges in detecting and protecting against Meterpreter's advanced communication channels and mechanisms.

      Metasploit's Meterpreter payload provides the user with full access to the target computer, including installing a keylogger, capturing screenshots, turning on the mic and webcam, and taking over the VNC desktop-sharing service, making it a powerful tool in the exploitation process. However, such features can easily be abused and cause immense damage. The payload side of the exploitation process has become more complicated and powerful, making it difficult for vendors to detect and protect against. The level of access Meterpreter provides allowed for the building of interesting use cases and demonstrated the full impact of an exploit. Meterpreter's capabilities have also led to its classification as its own malware due to its advanced communication channels and contact mechanisms.

    • Ethical Use of Metasploit ToolAlways prioritize ethical use of tools to avoid legal consequences. Document after-exploit scenarios and create post-cleanup modules to remove traces. Avoid persistent infections and use the tool to demonstrate security impact, not for committing crimes.

      The Metasploit team focused on the ethical use of their tool and drew a line where they would leave the customer afterwards. They always documented the after-exploit scenario and created post-cleanup modules to remove the trace of whatever their tool did. Their goal was not to persistently infect machines, but rather to demonstrate the security impact of a failed security control or a missing patch. Metasploit became a useful and professional tool, but its effectiveness also attracted cyber criminals who committed crimes with it. The tool's author was proved guilty for knowingly giving it to criminals to commit crimes. Therefore, even if a tool is useful, its ethical use should be the top priority to avoid legal consequences.

    • Legal Responsibility of Software Makers in Hacking CasesWhile open-source software makers claim no responsibility for misuse, prosecutors may target individuals regardless of intent. To avoid trouble, stay vigilant and avoid software that could be perceived as a tempting target.

      The responsibility of the software maker is a critical issue in cases where hacking tools are used for criminal activities. However, open-source software makers like HD claim that they cannot be held accountable for what someone else does with their tool. While intent matters, prosecutors are likely to go after someone they believe is a bad actor, especially in the US where Computer Fraud and Abuse Act doesn't care about intent. To stay out of trouble, it's better not to be a tempting target, especially when the law is vague. However, it's surprising that softwares and hacking tutorials come with a disclaimer, warning users not to use it for illegitimate purposes.

    • From Controversy to Career Launchpad: The Story of MetasploitMetasploit, once viewed as a controversial security tool, has become a vital part of the pen testing community. Learning how to effectively use it and contributing to open-source projects can lead to great career opportunities in the field.

      Metasploit was created as a security tool for security testing. The creators did not add a warning because they assumed that people who downloaded it knew what they were getting into. While Metasploit received a lot of criticism from the black hat community and vendors, the law was not mad at it. However, the creators had to keep the project visible and noisy to avoid any legal trouble. Upcoming pen testers should learn how to use Metasploit as it has become a de facto tool used by security professionals and is even taught in schools. Contributing to open-source projects such as Metasploit can launch a career in this field. HD Moore was able to turn Metasploit from a hated tool to a widely adopted and invaluable tool for the pen test community.

    • The benefits of commercializing open-source tools without compromising on their open-source nature.Commercializing open-source tools can be profitable while simultaneously promoting accessibility and legal vulnerability disclosure.

      Acquiring an open-source tool to commercialize it while keeping it open-source can be a great opportunity. Rapid7 acquired Metasploit and built a pro version of the tool to sell, which allowed the team to pay their own bills within twelve months. Additionally, Rapid7 became a corporate shield for all the drama related to vulnerability research and exploit sharing, hiring lawyers and lobbyists to protect legal front and educate people about the importance of vulnerability disclosure. Criminalizing exploit sharing would prevent defenders from learning and increase the possibility of vulnerabilities being exploited. Therefore, while it's important to regulate vulnerability disclosure, it's equally crucial to ensure that it's legal and accessible for legitimate reasons.

    • Protecting Vulnerability Research with Open-Source ToolsUsing open-source cybersecurity tools like Metasploit can help protect your systems from vulnerabilities. However, the Wassenaar Agreement makes it difficult, so Rapid7 worked with lobbyists to differentiate between malicious and helpful tools, ensuring Metasploit remained open-source and free.

      It is important to test your systems with cyber security tools to understand their effectiveness. The Wassenaar Agreement, an international arms treaty, classified cyber security tools as weapons, making it difficult for vulnerability research to be protected. Rapid7 worked with lobbyists to differentiate open-source tools like Metasploit from malicious and targeted cyber security tools. Metasploit continued to be open-source and free under Rapid7, with continual efforts to improve the tool and get more exploits into it. Creating exploits is a difficult and time-consuming task that requires weeks of work just to identify the bug, and even longer to make the exploit reliable.

    • Working on Fiddly Heap Exploits Requires Specialized Skills and KnowledgeWriting successful heap exploits on modern ARM platforms requires deep knowledge, months or years of specialization, and comfort working in the unknown. Facing the constant darkness of technology is essential to find vulnerabilities.

      To work on fiddly heap exploits, one needs a specialized and deep set of skills to get the heap in the right state to build an exploit. Modern exploits, especially on ARM platforms, require a lot of effort, time, and deep knowledge. Specialization and months or years of looking into the software stack is required to write good exploits. It's difficult to find vulnerabilities and zero-days even if one knows they exist. To deal with technology, one should be comfortable with working in the dark, in areas of unknowns. Though it's scary and frustrating to try things that may fail, the more comfortable one gets in unknown territories, the better they'll be to face the darkness, which is constant.

    • The Importance of Perseverance in Cybersecurity and Network DiscoveryBelieve in your vision and persevere through tough times to bring about real change, just like HD did with Metasploit, which paved the way for companies like Microsoft and Google to change their approach to handling vulnerabilities. Rumble Network Discovery can also help companies identify multi-owned systems and breaches quickly and effectively.

      Rumble Network Discovery helps companies in finding every single thing connected to their network environment or cloud with no network impact. It can identify multi-owned systems breaching different networks which is done unauthenticated and quickly. HD struggled to make Metasploit and faced constant attacks for publishing exploits, but persevered through it all due to his belief that what he was doing is right and the world was wrong. His vision turned out to be right as companies like Microsoft and Google changed the way they handle bugs and vulnerabilities. The struggle highlights the importance of putting beliefs and vision ahead of criticism and persevering through tough times to bring about real change.

    Recent Episodes from Darknet Diaries

    146: ANOM

    146: ANOM

    In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

    This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

    Darknet Diaries
    en-usJune 04, 2024

    145: Shannen

    145: Shannen
    Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    144: Rachel

    144: Rachel
    Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    143: Jim Hates Scams

    143: Jim Hates Scams
    Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    142: Axact

    142: Axact
    Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    141: The Pig Butcher

    141: The Pig Butcher
    The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    139: D3f4ult

    139: D3f4ult
    This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

    138: The Mimics of Punjab

    138: The Mimics of Punjab
    This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    137: Predator

    137: Predator
    A new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/. We also hear from Bill Marczak and John Scott-Railton from Citizen Lab. If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Related Episodes

    Bobbi Brown Cosmetics: Bobbi Brown (2018)

    Bobbi Brown Cosmetics: Bobbi Brown (2018)
    Bobbi Brown started out as a makeup artist in New York City, but hated the gaudy color palette of the 1980s. She eventually shook up the industry by introducing "nude makeup" with neutral colors and a natural tone. In 1995, Estée Lauder acquired Bobbi Brown Cosmetics and Bobbi remained there for 22 years, until she realized the brand was no longer the one she had built. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

    181: Women in Supply Chain, Deborah Kotulich

    181: Women in Supply Chain, Deborah Kotulich

    For today’s episode of Women In Supply Chain, I’m joined by Deborah Kotulich. Skilled in supply chain, operations management, Government, U.S. Department of Defense, Strategic Planning, and Business Process Improvement, Deborah is an experienced and successful military leader. From earning her degree in engineering from the United States Military Academy, she’s served her country, nurtured an impressive logistics career and is now Chief of Staff at US Transportation Command: she is one incredible woman.

    Today Deborah will be talking to us about her career in the military, how she balances it with family life, and she’ll be sharing her words of wisdom for the upcoming generations of ambitious young women following in her footsteps.

    SHOW SPONSOR:

    As a company focused on supply chain partnerships, Fastenal is proud to sponsor this piece of Women In Supply Chain. With more than 100,000 point-of-use vending machines around the world, Fastenal is dedicated to helping organizations lower their total cost of ownership.

     

    IN THIS EPISODE WE DISCUSS:

    [07.48] Deborah’s background, how she entered the military and the fascinating journey that brought her to her current role.

    “I went to school at a military academy… and I really found a place where I could thrive.”

    [12.45] Exactly what the U.S. Transportation Command is and what it does.

    [16.52] How an accident at military academy led Deborah to logistics.

    [21.23] Logistics in the military vs the civilian world.

    [24.50] How Deborah balances family life with her military and professional careers.

    “I’m overwhelmingly fortunate to have a wonderful family – I owe it all to the patience of my wife and the resilience of my daughters.”

    [27.34] Deborah’s role with USTRANSCOM’s Inclusion and Diversity Council, and their goals.

    “We believe that coming at all we do from an angle of being inclusive, will unlock the door of opportunity for everyone.”

    [30.31] Deborah’s experience as a woman in the military.

    “I stand on the shoulders of giants… but (early on) there was a pressure to make sure I wasn’t a weak link.”

    [34.57] How Deborah found her voice.

    “I’m an extrovert with a capital E – so I’m not sure that I had to find my voice, as much as I had to refine and learn to control my voice.”

    [39.58] What the future holds for Deborah.

    [42.48] Do your research and take up any and all training and education opportunities, Deborah’s advice to the next generation of women who may be thinking about joining the military, or pursuing a career in logistics.

     

    RESOURCES AND LINKS MENTIONED:

    Head over to LinkedIn to connect with Deborah and find out more.

    Check out our other podcasts HERE.

    20: Chloe Brockett Reveals TOWIE BEEF, Channing Tatum DM's & Dating Life TEA! FULL PODCAST EP.19

    20: Chloe Brockett Reveals TOWIE BEEF, Channing Tatum DM's & Dating Life TEA! FULL PODCAST EP.19
    Find your best sleep with Emma product and test the products up to 200 nights risk free. Save 5% on top on all offers at https://www.emma-mattess.co.uk/GRACE

    Skin + Me is an accessible way for millions of people to achieve their skin goals. Get your first month for just £3.50 pharmacy fee with code GRACE3. https://www.skinandme.com/

    Our very good friends at Wine52 would like to offer you a case of stunning Portuguese wines FOR FREE. All you need to do is go to www.wine52.com/GRACE 

    TOWIE star Chloe Brockett is here to dish all the behind the scenes TEA from the new season! She also doesn't hold back giving us all the dirt on her DATING life, which even includes Aitch and sliding in to Channing Tatum's DM's!

    Chloe Brockett: https://www.instagram.com/chloebrockett/?hl=en-gb

    💅 GKBarry: https://www.tiktok.com/@gkbarry?lang=en
    🎧Listen Here: https://linktr.ee/savinggracepodcast
    💖Follow on TikTok: http://www.tiktok.com/@savinggracepod
    💗Follow on Instagram: https://www.instagram.com/savinggracepod/

    EP #26: The Kids Will Be Alright

    EP #26: The Kids Will Be Alright

    As an executive recruiter, I’ve been having a lot of conversations with parents who are worried about their kids and what the job market will look like for them. So, in this episode, I'm going to share my thoughts on the prospects for careers and the job market for Gen Z, including the paths I’ve seen people taking to succeed, the common themes amongst successful students, and the opportunities that I see opening up.

    You can find show notes and more information by clicking here: https://bit.ly/3nql5pP

    Startup Security Weekly #13 - H.D. Moore, Metasploit Project

    Startup Security Weekly #13 - H.D. Moore, Metasploit Project

    In our first interview every on the show we sit down with none other than HD Moore, founder of the Metasploit project and currently Principal at Special Circumstances, LLC.

    Full show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode13

    Visit http://securityweekly.com/category/ssw/ for all the latest episodes!