The Hacker Mind-logo

The Hacker Mind

Technology Podcasts

The Hacker Mind is an original podcast from ForAllSecure. It’s the stories from the individuals behind the hacks you’ve read about. It’s about meeting some of the security challenges in software through advanced techniques such as fuzz testing. It’s a view of the hackers and their world that you may not have heard before.

The Hacker Mind is an original podcast from ForAllSecure. It’s the stories from the individuals behind the hacks you’ve read about. It’s about meeting some of the security challenges in software through advanced techniques such as fuzz testing. It’s a view of the hackers and their world that you may not have heard before.

Location:

United States

Description:

The Hacker Mind is an original podcast from ForAllSecure. It’s the stories from the individuals behind the hacks you’ve read about. It’s about meeting some of the security challenges in software through advanced techniques such as fuzz testing. It’s a view of the hackers and their world that you may not have heard before.

Language:

English


Episodes

EP 29: Learn Competitive Hacking with picoCTF

9/7/2021
PPP wanted to give their past high school selves the infosec education they didn’t have. But if you think picoCTF is only for HS students, think again. Megan Kearns of Carnegie-Mellon University's Cylab joins The Hacker Mind to talk about the early days and the continued evolution of this popular online infosec competition site. No matter what your age or interest level, picoCTF probably has something new for you to learn.

Duration:00:41:17

EP 28: Fuzzing Hyper-V

8/24/2021
At Black Hat USA 2021, two researchers presented how they used their own fuzzer designed for hypervisors to find a critical vulnerability in Microsoft Azure. Ophir Harpaz and Peleg Hadar join The Hacker Mind to discuss their journey from designing a custom hypervisor fuzzer to identifying a vulnerability within Hyper-V and how their new research tool, hAFL1, can benefit others looking to secure cloud architectures.

Duration:00:35:15

EP 27: Car Hacking 0x05

8/10/2021
We haven’t seen many attacks on our smart cars. That’s perhaps because of a dedicated group of hackers who are working to improve automotive security. Robert Leale, the driving force behind the Car Hacking village at DEF CON, joins The Hacker Mind to talk about CANBus basics, and whether we’ll see cars subjected to ransomware attacks. He also shares some tools, books, and website resources that you can use to get started hacking cars yourself.

Duration:00:42:10

EP 26: Hacking Charity

7/27/2021
Hackers are charitable in ways that might surprise you. Whether it is in Africa or rural Arkansas, hackers find ways to use their skills for good reasons. Jack Daniel and Jason Kent return to The Hacker Mind to discuss the various ways hackers are helping society by contributing to charitable organizations … even starting their own. From BSides, to DerbyCon, to Shmoocon, even on the Apple App Store you can find evidence of their hard work.

Duration:00:36:49

EP 25: Hacking Communities

7/13/2021
As we head to Hacker Summer Camp, how should we rebuild our infosec communities to be more inclusive and diverse? Jack Daniel offers his unique voice. As one of the founders of BSides, and as a community advocate for Tenable, Jack provides guidance on how we can re-emerge from the pandemic and successfully amplify and support people of different ethnicities, faiths, and genders within our hacking communities without being patronizing.

Duration:00:48:11

EP 24: Hacking Biology

6/29/2021
There are a lot of parallels between computer security and biology. If you think you already understand hacking systems, then I’ve got a story for you. In this episode, Harrison Green talks about his experience creating exploits during capture the flag competitions and how it relates to his current day to day work with the Durrant Lab at the University of Pittsburgh on computational biology.

Duration:00:35:14

EP 23: Hacking APIs

6/15/2021
APIs are vital in our mobile digital world, but the consequences of API security flaws have yet to be seen. So how hard is it to hack APIs? Not very hard. In this Episode, Jason Kent from Cequence talks about his experience hacking a garage door opener API, the tools he uses such as Burp, ZAP, and APK tool, and why we need to be paying more attention to the OWASP API Security Top 10.

Duration:00:42:24

EP 22: Hacking Social Media

6/1/2021
With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. How did he get started and what’s next? In this episode, LiveOverflow talks about his six years of producing engaging YouTube content and what the rise of social media influencers might mean for traditional conferences like Black Hat. He also gives a preview of his new YouTube series on the sudo vulnerability.

Duration:00:43:58

EP 21: Hacking Ransomware

5/18/2021
What if you discovered a flaw in a ransomware payment system that unlocked the data without paying the ransom? Would you use it? Would you help others? In this episode, Jack Cable talks about hacking the Qlocker ransomware and briefly interrupting its payment system. He also talks about his infosec journey hacking cryptocurrencies, joining the Digital Defense Service and CISA, and helping secure the 2020 presidential election… all before the age of 22.

Duration:00:49:11

EP 20: MITRE ATT&CK Evaluations

5/4/2021
MITRE ATT&CK catalogs the known tactics, techniques, and procedures of past advanced persistent threats, providing a roadmap for any red or blue team. In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it.

Duration:00:43:03

EP 19: Hacking IoT

4/20/2021
It seems everything smart is hackable, with startups sometimes repeating security mistakes first made decades ago. How then does one start securing IoT? In this episode, Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things. They talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices today.

Duration:00:40:31

EP 18: Hacking Diversity

4/6/2021
You’d think that having an amazing resume, a couple of bug bounties, or a CTF win would land you that dream infosec job. For many, though, that isn’t true. That’s why Tennisha Martin founded Black Girls Hack, an organization designed to help the next generation receive the skills and experience they need to land jobs in the C-suites, and perhaps begin to address the acute shortage of infosec professionals with qualified people of color.

Duration:00:36:18

EP 17: Shellshock

3/23/2021
Shortly after OpenSSL’s Heartbleed, Shellshock was discovered lurking in Bash code two decades old. How could open source software be vulnerable for so long? This episode looks at how fuzz testing has evolved over the years, how open source projects have for the most part gone untested over time, and how new efforts to match fuzzing to software development are today helping to discover dangerous new vulnerabilities before they become the next Shellshock.

Duration:00:30:54

EP 16: The Gentle Art of Lockpicking

3/9/2021
What is the allure of lockpicking at hacker conferences? In this episode Deviant Ollam explains why these mechanical puzzles remain popular with hackers. Ollam, who was an early member of Toool, The Open Organization of Lockpickers, discusses his career as a physical pen tester and also shares some basic lockpicking hacks.

Duration:00:43:32

EP 15: So You Want To Be A Pentester

2/23/2021
To help more people become penetration testers, Kim Crawley and Phillip L. Wylie wrote The Pentester BluePrint: Starting A Career As An Ethical Hacker. In this episode of The Hacker Mind, Kim talks about the practical steps anyone can take to gain the skills and confidence necessary to become a successful pentester -- from gaining certifications, to building your own lab, to participating in bug bounties and even CTFs.

Duration:00:40:54

EP 14: The Right To Repair

2/9/2021
How do the current DMCA laws impact those who hack digital devices? And why doesn’t the basic right to repair our devices extend into the digital world? To answer these questions, Paul Roberts, Editor-in-Chief of The Security Ledger, has founded securepairs.org, a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. In this episode of The Hacker Mind, Paul talks about the consequences of not paying enough attention...

Duration:00:37:50

EP 13: Shall We Play A Game?

1/26/2021
Capture the Flag is a game, a community, and a really cool hacker culture. But will we one day stream CTFs like we do World of Warcraft or League of Legends? Whether it’s designing or just playing CTFs, John Hammond knows a lot about the gamification of infosec. He even has his own YouTube channel where he shares what he’s learned from different challenges. In this episode of The Hacker Mind John shares his experiences building and executing his own CTFs.

Duration:00:39:03

EP 12: Hacking Healthcare

1/12/2021
After breaches like SolarWinds, companies pledge to improve their digital hygiene. What if they don’t? And what parallels might infosec learn from COVID-19? In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. Mike notes how some basic rules of physical hygiene that can slow the spread of COVID-19 can also map into the digital world.

Duration:00:35:42

EP 11: Hacking OpenWRT

12/8/2020
For three years OpenWRT had a severe validation problem with its download package manager, until a fuzz tester found and reported the vulnerability. In this episode, Guido Vranken talks about his approach to hacking, about the differences between memory safe and unsafe languages, his use of fuzz testing as a preferred tool, and how he came to discover the validation error in OpenWRT, as well as a serialization error in Cereal, and other vulnerabilities.

Duration:00:25:17

EP 10: Hunting The Next Heartbleed

11/24/2020
For two years Heartbleed was a zero-day in OpenSSL until fuzz testing exposed it. How many others are in the wild now? And how will we find the next one? In this episode I talk about how Heartbleed (CVE 2014-0160) was found and also interview Rauli Kaksonen, someone who was at Codenomicon at the time of its discovery and is now a senior security specialist at the University of Oulu in Finland, about how new security tools are still needed to find the next big zero day.

Duration:00:28:58