The Hacker Mind

Living off the Land (LoL) is an attack where files already on your machine, ie your operating system, are used against you. They would be undetectable, right? Kyle Hanslovan, CEO of Huntress, joins The Hacker Mind to discuss recent LoL attacks, specifically the Microsoft Follina attack and the Kaseya ransomware attack, and how important it is for small and medium sized businesses to start using enterprise grade security, given the evolving nature of these attacks.

With digital convenience there’s often a price. And if that means a bad actor can create a wireless key for your new Tesla, that price is pretty steep. At CanSecWest 2022, researcher Martin Herfurt announced a new tool, TeslaKee, which he hopes prevents wireless key attacks from happening. Martin joins The Hacker Mind to discuss this and his earlier Bluetooth vulnerability research, including the Car Whisperer and the Tesla Radar.

Is hacking a crime? The US Justice Dept says it will no longer prosecute good-faith security researchers, but what constitutes good-faith security research? Bryan McAninch (Aph3x) talks about his organization, Hacking Is Not A Crime, and the ethical line it draws on various hacking activities. He also talks about the future generation of hacking, what motivates young people today to think outside the box in a world where infosec is increasingly becoming vocational and expected.

After hearing a talk, a Dallas-based hacker set out to find out what was going on inside the smart meter attached to his home, and what he found was surprising. Since then Hash started a reverse engineering wiki site called Recessim and created dozens of YouTube videos in a channel of that same name to chronicle his adventures. He joins The Hacker Mind to talk about his journey, about mesh networks, and even glitching. Like any true hacker, this isn’t his day job; this is his passion.

Can criminal hackers shut down a city’s electrical grid? Well, nothing’s impossible. But how might it actually happen? And how might we defend ourselves? Tom Van Norman, co-founder of the ICS Village, joins The Hacker Mind to share the group’s upcoming plans for RSAC and DEF CON, where they will again present present virtual scenarios and hands on physical models of industrial control systems in order to expose hackers to their inner workings and to provide them with best practices to...

Should infosec now be considered vocational training just like becoming an electrician or a plumber? How else should we address the skills gap in infosec? In this episode, Sonny Sandelius, Assistant Director of the SANS workforce programs, talks about programs that recruit people from outside computer sciences, encouraging those from diverse backgrounds who share the curiosity and the basic aptitude necessary to become hired cybersecurity professionals in as little as six months.

Hackers often make it look easy when in fact they started with no plan and were just following their curiosity, going down paths erratically just like a rabbit. Researchers Nir Ohfeld and Sagi Tzadik join The Hacker Mind to talk about their presentation at Black Hat Europe 2021 on the ChaosDB vulnerability. It’s about how they started with a deliberately misconfigured version of CosmosDB and ended up with complete unrestricted access to the accounts and the databases of thousands of...

Can you hack an airplane? A satellite in orbit? Turns out you can. And the fact that hackers are thinking about this now, that’s actually a good thing. Steve Luczynski and Matt Mayes join The Hacker Mind to talk about the importance of having hackers, vendors, and the government get together and work through problems. That’s why the Aerospace Village at DEF CON exists. Mayes said “there are a lot of companies that are skeptical of hackers. And both sides are looking at each other, you know,...

In the book The Art of Invisibility, I challenged my co author Kevin Mitnick to document the steps needed to become invisible online. There are a lot. In this episode, I'm going to discuss how hard it is to be absolutely invisible online. How there are always breadcrumbs and fingerprints left behind that could potentially identify you. That said, there are some steps that you can take to obfuscate your online presence and to eliminate those breadcrumbs in the first place. And as for staying...

How do you stop a half billion dollars in cryptocurrency from being stolen? You perform software testing and responsibly disclose it first, of course. Yannis Smaragdakis, a researcher with Dedaub, found a major vulnerability in Ethereum smart contracts, arguably within the billion-dollar range, that would have made it one of the largest hacks ever—given that it was a theoretically unbounded threat -- had it not been mostly mitigated by the time it went public. In this episode he steps us...

For some people, crypto means cryptography. For others, it means cryptocurrency. Fortunately, in this episode, we’re discussing vulnerabilities in both. Guido Vranken returns to The Hacker Mind to discuss his CryptoFuzz tool on GitHub, as well as his experience fuzzing and finding vulnerabilities in cryptographic libraries and also within cryptocurrencies such as Ethereum.

Passwords are everywhere, but they probably weren't intended to be used as much as they are today. Is there something more secure? Something better? Yes. Simon Moffatt from The Cyber Hut joins The Hacker Mind to discuss how identity and access management (IAM) is fundamental to everything we do online today, and why even multi factor access, while an improvement, needs to yield to more effortless and more secure passwordless technology that’s coming soon.

This is the story of a film star who connected the simple concept behind a player piano to complex communication technology in use in our devices today. Hedy Lamarr is perhaps best known for the dozen or so motion pictures she made -- and as the most beautiful woman in the world -- but did you know that she also co-patented the frequency hopping spread spectrum technology that is the foundation for cellular, Wi-Fi, and even Bluetooth communications?

Fuzzing makes it possible to locate vulnerabilities even in “safe” environments like Erlang, a language designed for high availability and robust services. Jonathan Knudsen from Synopsys joins The Hacker Mind to discuss his presentation at SecTor 2021 on fuzzing common message brokers such as RabbitMQ and VerneMQ, both written in Erlang, demonstrating that any type of software in any environment can still be vulnerable.

So you’ve been hit with ransomware and, for whatever reason, you paid the bitcoin but now the decryptor doesn’t work. Who are you going to call for help? Paula Januszkiewicz, from Cqure, joins The Hacker Mind to discuss her two presentations at SecTor 2021 on digital forensics. She talks about the various ways criminal hackers hide their work, what happens after ransomware hits on a system, how investigators go about looking for recovery information, and what type of skills those...

AI is almost good enough at simulating human activity to defeat the biometric systems designed to fight fraud, effectively putting us back at square one. Iain Paterson and Justin Macorin join The Hacker Mind podcast to share insights from their SecTor 2021 talk on hacking behavioral biometrics. If an adversarial actor wants to simulate user behavior, that actor can use techniques similar to those that a behavioral biometrics firm would use to detect abnormal usage. The researchers predict...

Traditional anti-malware research relies on customer systems but what if a particular malware wasn’t on the same platform as your solution software? Marc-Etienne M.Léveillé from ESET joins The Hacker Mind podcast to talk about the challenges of building his own internet scanner to scan for elusive malware. Speaking at this year’s SecTor 2021, he shares some of his findings on Kabolos, a stealthy malware that uses SSH credentials to hide, that is perhaps exposed much easier through scanning...

Ghost #1 was a digital film server that should have stayed blacklisted but due to a unique software flaw it continued to produce pirated films. Patrick Von Sychowski from the Celluloid Junkie joins the Hacker Mind podcast to discuss his SecTor 2021 talk on Ghost #1, explaining how the transition from 35mm to digital in theaters and how the unique third iteration of cinema in China also allowed this digital projector to evade anti-piracy safeguards for nearly three years. He credits one...

In 2016, the Mirai IoT botnet shut down part of the internet, yet variations still plague us today. Maybe our current approach to IoT botnets isn’t working? Ali Davanian and Ahmad Darki join the Hacker Mind podcast to discuss their Black Hat USA 2021 talk and their tool, CnCHunter, which looks for active CnC servers that can be discovered, so law enforcement can take them down, or at least networks can block them, effectively denying them access to the 100s of thousands of compromised...

What role does technology play in facilitating intimate partner abuse? What role might the security industry have in identifying or even stopping it? Martijn Grooten and Lodrina Cherne join the The Hacker Mind podcast to discuss their Black Hat USA 2021 presentation. They talk about how software and IoT companies can avoid becoming the next Black Mirror episode and share resources that can help survivors (and those who want to help them) deal with the technology issues that can be...