The Cyber Riddler

In this episode of The Cyber Riddler podcast, we venture into the shadowy world of zero-day exploits, one of the most well known threats in the cybersecurity world . Zero-day exploits represent vulnerabilities that can be targeted before they are even known to exist, making them a significant concern for both organizations and individuals. We explore the lifecycle of a zero-day exploit, from discovery and weaponization to delivery and exploitation. Through notable case studies, we illustrate the profound impact these exploits can have. Additionally, we discuss the challenges faced by incident responders in dealing with unknown threats and the strategies that can be employed to defend against them.

In this episode, delve into the world of cyber security through the lens of expert threat hunters. As they navigate the complex digital landscape, these skilled professionals employ advanced techniques and tools to investigate systems meticulously. Their mission: to unearth hidden implants and payloads that lurk undetected, posing significant risks. Through a combination of expertise, intuition, and cutting-edge technology, they reveal how they stay one step ahead of cyber threats, ensuring the digital safety of organizations. Witness the high-stakes game of cyber threat hunting, where every clue uncovered could be the key to thwarting cybercriminals and safeguarding valuable data.

In this episode of The Cyber Riddler, We dive into the cunning world of phishing scams, focusing on how Normal Users are reacting to these emails and how SOC (Security Operations Center) analysts can expertly analyze suspicious emails. We outline the essential tools and steps for dissecting emails, from examining sender addresses and email headers to scrutinizing links and attachments for malicious content. The episode also stresses the importance of staying updated on phishing trends, collaborative reporting, and fostering a culture of cybersecurity awareness within organizations. It's a must-listen for a normal user and cybersecurity professionals looking to sharpen their skills and anyone curious about the inner workings of email scam detection.

Explore the world of web security in our latest episode, 'HTTPS and TLS Tales' deep into the mechanisms that differentiate HTTPS from HTTP, uncovering the layers of encryption, authentication, and data integrity that safeguard our online interactions. From the pivotal role of TLS to real-world cases of security breaches and the evolving landscape of cyber threats, this episode offers a comprehensive look at the technologies that keep the internet secure.

In this episode, we'll dive deep into the world of Threat Intelligence, exploring its critical role in cybersecurity. From the basics of data collection to the challenges of information sharing, we'll cover it all. Discover how Threat Intelligence empowers organizations to detect and respond to cyber threats, and stay ahead of evolving tactics. Join us for a comprehensive discussion that sheds light on this essential aspect of modern cybersecurity.

Dive into the shadowy world of lateral movement in cybersecurity. In this episode of The Cyber Riddler. Explore how attackers stealthily navigate networks post-breach, using techniques from credential exploitation to abusing legitimate tools. Featuring real-world scenarios, this episode unveils the strategies behind advanced persistent threats and red team tactics. Learn about essential defenses like network segmentation and vigilant monitoring. Tune in for an essential guide to understanding and countering these hidden cyber maneuvers.

In this episode of The Cyber Riddler, we dive deep into the shadowy world of insider threats. We unravel the complexities of individuals within an organization who pose a risk to its security from the inside. We'll explore real-life cases, dissect the motives behind insider attacks, and discuss the latest strategies and technologies to safeguard your company against this often underestimated danger

In this episode we've talked about The Lazarus Group, Which is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. We've discussed about their latest campaign where they targeted security researchers. and how they did the same act in the past. hope you like the episode.

In this episode we've covered the basics of malware analysis. Things that malware authors want to hide in their malware. How they want to make it hard for malware analysts to do their job. Our guest today has an extensive experience in malware analysis. He publishes many videos on malware reverse engineering on his channel and he is very knowledgeable when it comes to this field. Full Interview below: Blog Post:

In this episode we've talked about kernel drivers, We covered a variety of different topics like how to load a driver, signing process, HVCI and others, and we closed with Intel CET and Shadow stack. Yarden has a very great experience when it comes to windows internals topics, her work mainly in the defending side, she previously worked at SentinelOne and CrowdStrike and currently she is a senior security researcher at Trail of Bits, I hope you enjoy the episode. Full Interview below:

Dive into cybersecurity's captivating world with our latest episode on Vulnerability Research! Discover the secrets of ethical hackers, uncover different vulnerabilities, and explore responsible disclosure processes. Get insider tips and tricks to level up your cybersecurity knowledge. Our guest Kevin is a renowned cybersecurity specialist and ethical hacker with years of experience and a keen eye for security flaws. Full Interview below: Other Links:

This Week's episode is about Windows Internals in depth, we've talked about things from an offensive and defensive perspective. Things like Hooks, Kernel callbacks, how security companies are using them and how Red Teamers are leveraging them as well. We've talked about many other concepts such as user space mode and kernel space mode, Patch Guard and many others. This episode is part of The Cyber Riddler podcast, Check out the other episodes on any of your favorite podcast apps. Just search the name "The Cyber Riddler". Not all of the episodes are in YouTube. links below Full Interview below:

In this episode we talked about Digital forensics and Incident response aka DFIR, how to get started, and how crucial it is to deal with incidents. We also talked about various topics including memory dump and analysis, ransomeware and stories from the past about interesting incidents. This episode was starring Paula Januszkiewicz, CQURE CEO. Who's Paula? Find the full description on the blog post available in the podcast website below: This episode has a video as well, you can check it out on the link below: Contact us on:

This week's episode talks about DNS in general and DNS attacks, we barely scratched the surface. DNS is playing a major role in our network communication and hackers take advantage of DNS attacks for their own gain.

LoLBins or Living Off The Land Binaries are binaries within the operating system it doesn't matter if it's a windows or unix based system. these binaries are heavily utilized by hackers to avoid detections, in this episode we will be diving into the world of LoLBins and we will discover how hackers are using them.

In this episode we scratched the surface of browser exploitation methods and we went through different techniques used by the attackers to gain access to your device. We also went through different old CVEs that have been used in the past. We hope you enjoy the episode.

In this episode we talked about cryptography in general and then we dived into the world of ransomware starting from when ransomware approximately started and then we talked about ransomware tactic and delivery mechanisms , evasion techniques and then we talked about the zeppelin ransomware and how lance and his team were able to recover and reconstruct the keys by doing some RSA factorization and other interested techniques. the episode have a video too you can see the full episode on youtube on the link below.

Today's episode is about Pseudo Random Number Generators and how we can achieve Randomization. We also explain how applications can suffer big time when they don't have random values generated in their crypto systems

Today's episode is about Pseudo Random Number Generators and how we can achieve Randomization. We also explain how applications can suffer big time when they don't have random values generated in their crypto systems

Exploit code are amazing, But sometimes the technique behind it is what makes it shiny, In this episode I want you to look at exploit codes from different perspective. not just finding vulnerabilities for the sake of finding vulnerabilities. always change your mindset when you do R&D from finding one vulnerability to finding one technique that works for majority of vulnerabilities Reference: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks https://www.sentinelone.com/labs/case-study-why-you-shouldnt-trust-ntdll-from-kernel-image-load-callbacks/ Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com