Nov 24, 2020 / 28:58

EP 10: Hunting The Next Heartbleed

For two years Heartbleed was a zero-day in OpenSSL until fuzz testing exposed it. How many others are in the wild now? And how will we find the next one?

 

In this episode I talk about how Heartbleed (CVE 2014-0160) was found and also interview Rauli Kaksonen, someone who was at Codenomicon at the time of its discovery and is now a senior security specialist at the University of Oulu in Finland, about how new security tools are still needed to find the next big zero day.

Nov 10, 2020 / 34:40

EP 09: Bug Bounty Hunters

You’ve probably heard of bug bounties. But did you know there’s an elite group of bug bounty hunters that travel the world? Meet Stok; he’s one of them.

In this episode, Stok talks about his beginnings in enterprise security and his transition into the top tier of bug bounty hunters. Star of his own YouTube channel, Stok believes in community and in giving back what he’s learned along the way.

Oct 27, 2020 / 29:24

EP 08: Hacking Voting Systems

While digital polling booth devices are more secure today, what about the larger ecosystem, starting from the moment you register until your vote is counted? Who’s keeping those systems secure?

 

In this episode of The Hacker Mind, Dr. Jared DeMott of VDA Labs talks about his work securing voter registration tablets and also about the prospects for downloadable, safe voting applications on your preferred mobile device in the future. 

Oct 13, 2020 / 20:58

EP 07: Hacking the Chrome Sandbox

In 1994, the first commercial internet browser was released. Netscape Navigator went on to be eclipsed by Internet Explore, Safari, Firefox, and now Chrome, but it helped kick start the internet-focused world we live in today. And along with that we’ve also learned a lot about browser security.

 

No matter how strong we build our browsers, that does not prevent hackers from trying to break new things. In this episode, one researcher explains how he successfully escaped the Chrome sandbox, and how bug bounties might just be a good thing resulting in better security for us all. 

If you think hacking only involves the use of a keyboard or code, then you’re probably missing out. What about using light? What about using sound?

In this episode, The Hacker Mind looks at some of the work Dr. Kevin Fu has been doing at the University of Michigan -- in particular using laser pointers to pwn voice-activated digital assistants, and using specific frequencies of sound to corrupt or crash magnetic hard disk drives.

In the infosec world, blue team hackers are hands down the more elite--and why not? They are defending the crown jewels, 24/7. They have to think of every attack vector. And the red team? They only have to be right once.

Game Theory is an important part of the underlying strategy used by hackers when playing attack and defend Capture the Flag. It’s thinking how your opponent might respond to an event and then planning for it. Knowing when to patch and when not to was part of the winning strategy behind DARPA’s 2016 Cyber Grand Challenge, which was modeled off the DEF CON CTF. 

But what happened the day after CGC at DEF CON 24? That was the day the very best human CTF hackers were invited to play against the winner of CGC, a computer reasoning system named Mayhem. This episode of The Hacker Mind starts to answer the question, can a machine really think like a hacker?

DARPA’s Cyber Grand Challenge in 2016 showed the world what's coming -- autonomous adversaries -- and raised serious questions. How can organizations react to something that makes decisions in milliseconds? How can you still have humans in the loop when reaction time is key? And how can organizations defend or stop something that increases its own cyber capabilities autonomously?

 

In this episode we go behind the scenes for the first and only completely autonomous capture the flag competition at DEF CON 24 with Team ForAllSecure.

After winning DEF CON's annual Capture The Flag (CTF) competition five of the last seven years, the Plaid Parliament of Pwning (PPP) returns as reigning champions but under very different conditions because of COVID 19. So, how is the team preparing?  

 

In this The Hacker Mind episode, one of PPP's members, Zaratec, tells how she first joined PPP, how the team is making changes for this year's online CTF final, and what skills she’s learned from CTFs in general that apply to real-world infosec jobs.

In this inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. The answer? To help fill a critical shortage of infosec experts that is only getting worse.

 

This is the story of how DARPA created a series of capture the flag contests to train and define infosec talent at the U.S. military academies, and how one young cadet joined a team of competitive hackers at West Point.

Jul 15, 2020 / 01:55

EP 00: The Hacker Mind (Promo)

Welcome to Hacker Mind, an original podcast from ForAllSecure. It’s about solving software security problems through advanced fuzz testing technology. 

In each episode, host Robert Vamosi shares stories from the individuals who are influencing the world of software security, and the real world impact that is having in our cars, our planes, our weapons systems, and in our mobile phones and browsers.