Security Justice Episode 27 – Social Engineering with Brian Brushwood from Scam School

August 2nd, 2010 Tom

This is the 27th episode of the Security Justice podcast recorded July 21st 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, and Chris with special guests Brian Brushwood from Scam School and Dave Kennedy. Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.  Here are the show notes:

• We interview Brian Brushwood the host of “Scam School” on Revision3.  From the Revision3 website: Brian is the author of The Professional’s Guide to Fire Eating; Pack the House; and Cheats,Cons, Swindles, and Tricks. He has appeared on dozens of television and radio broadcasts, including “The Tonight Show,” and programs on ABC, NBC, FOX, the BBC, E! and more.  He eats FIRE, knows a thing or two about magic and gives us some great advice on social engineering and techniques on how to pick up girls in a bar.

Please send show feedback to feedback [aT] securityjustice.com or comment below.

 

 Security Justice Episode 27 [01:12:19m]: Play Now | Play in Popup | Download (2421)

Posted in Podcast Episodes | No Comments »

Security Justice Episode 26 – Interview with Joshua Abraham (@jabra), Dave Kennedy (@dave_re1ik) SET v0.6 and Arnold Palmer

July 2nd, 2010 Tom

This is the 26th episode of the Security Justice podcast recorded May 19th, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, Matt and Chris with special guests Joshua “Jabra” Abraham from Rapid7, Dave Kennedy and Ghostnomad.  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.  Here are the show notes:

• Interview with Joshua “Jabra” Abraham.  Jabra contributes to the BackTrack LiveCD, BeEF, Nikto, Fierce, and PBNJ.  You probably have seen his talks at BlackHat, DefCon, ShmooCon, Infosec World, CSI, OWASP Conferences, LinuxWorld, Comdex and BLUG.  He also codes in Perl! Yeah baby!
• Check out Jabra’s blog.  Great resource for scripts and pentest tools.
• Jabra gave a really good talk at the SANS Pentest Summit “Goal Oriented Pentesting”.  Information on the upcoming release of Fierce 2.
• “Unmasking You” talk with Rsnake and Jabra from Defcon 17
• Be sure to check out everything Dave Kennedy is up to at BlackHat and Defcon this year.  Dave gives an update on the Social Engineering contest at Defcon as well.  Let’s pray for no heart attacks this year Dave!

Please send show feedback to feedback [aT] securityjustice.com or comment below.

 

 Security Justice Episode 26 [59:35m]: Play Now | Play in Popup | Download (2753)

Posted in Podcast Episodes | 1 Comment »

Security Justice Episode 25 – Interview with Rafal Los, THOTCON, AppSec Security Fail, Cyber what?

June 9th, 2010 Tom

This is the 25th episode of the Security Justice podcast recorded May 19th, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, Matt and Chris with special guest Rafal Los (speaker, blogger, appsec ninja).  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.  Here are the show notes:

• We have our very first out of town guest!  Rafal Los from HP joins us for some *very* lively conversation.  You should really read his blogs.
• Rafal gives an update on THOTCON.  Yes, we want to podcast LIVE from THOTCON next year! It’s in Chicago.  We like Chicago.
• Rafal also did 30 disasters in 30 days (this is the first one). Awesome read!
• Check out Rafal’s talk from Source Boston: Into the Rabbit Hole: Execution Flow-Based Web Application Testing. We have some great discussion about this on why we are failing at web app testing.  Can QA do security?  Should developers be licensed like other industries?
• We end with a discussion on security certifications, degrees, red team vs. blue team and the word “Cyber”….oh my.
• Stay tuned after the podcast for some exclusive LIVE dualCORE and an interesting collection of bumpers.  Enjoy!

Please send show feedback to feedback [aT] securityjustice.com or comment below.

 

 Security Justice Episode 25 [85:15m]: Play Now | Play in Popup | Download (2597)

Posted in Podcast Episodes | No Comments »

Security Justice Episode 24 – Interview with Steve Ocepek from SpiderLabs, Post Notacon Updates

May 5th, 2010 Tom

This is the 24th episode (two years!) of the Security Justice podcast recorded April 21st, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, and Chris with special guest Steve Ocepek from SpiderLabs.  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.  Here are the show notes:

• We interview Steve Ocepek from SpiderLabs about his recent talk at BlackHat EU and NEOISF “Oracle, Interrupted: Stealing Sessions and Credentials“.  Steve talks about his job as head of security research for SpiderLabs, penetration testing Oracle, Layer 2 attacks and much more!
• Chris and Tom provide our Notacon 7 updates.  Notacon was awesome as usual!  We hope to release the audio from our session from Notacon Radio…it was EPIC! If anything you should listen to it just for our interview of 0ph3lia. RAGE!
• Check out our pictures from “Surviving the Zombie Apocalypse”.  We posted some video (you must see the Zombie Q&A from the video), and outtakes from the presentation.  Full video can be downloaded via Torrent (with the other Notacon 7 videos).

Please send show feedback to feedback [aT] securityjustice.com or comment below.

 

 Security Justice Episode 24 [69:56m]: Play Now | Play in Popup | Download (3163)

Posted in Podcast Episodes | No Comments »

Security Justice Episode 23 – Infosec vs. IT Audit, Froggy and Tyger, Myrcurial and Notacon

March 23rd, 2010 Tom

This is the 23rd episode of the Security Justice podcast recorded March 17, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, and Chris with special guests Ghostnomad (the “auditor”) as well as Froggy and Tyger from Notacon AND Myrcurial.  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC (that includes you Chris Nickerson..*gasp*).  Here are the show notes:

• Froggy and Tyger talk about Notacon 7.  Security Justice will be there…hopefully on Notacon radio.  Come see our talk “Surviving the Zombie Apocalypse” with our friends The Confused Greenies.  See our exclusive preview here! Also, come see Ghostnomad’s talk and all three talks with Myrcurial.
• You should really come to Notacon…April 15-18th in Cleveland Ohio! Other talks worth checking out (besides all of them) include…Int Eighty, dave_rel1k, Tiffany Rad, Rogueclown, Kaospunk, Irongeek and Mick Douglas from Pauldotcom Security Weekly.
• Interview with Ghostnomad who is a real, live, breathing IT Auditor (don’t worry…he’s actually pretty cool ).  We go one-on-one to find out what IT auditors do and how they are really not out to destroy us…or eat our children.  Myrcurial also joins the conversation…with NO Skype fail! Srsly..way to go Dave!

Please send show feedback to feedback [aT] securityjustice.com or comment below.

 

 Security Justice Episode 23 [78:21m]: Play Now | Play in Popup | Download (3311)

Posted in Podcast Episodes | 1 Comment »

Security Justice Episode 22 – Physical Security, Interview with a Locksmith

February 24th, 2010 Tom

This is the 22nd episode of the Security Justice podcast recorded February 17, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, Matt and Chris with special guest John Doe the Locksmith.  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.  Here are the show notes:

• A few Shmoocon updates! There was snow! Dave’s pictures posted soon…
• Interview with “John Doe” the Locksmith.  John Doe talks about some of the biggest physical security fails he has seen as well as some great stories of alarm bypass.  He also talks about what are good consumer grade locks, what are his favorite lock picks, the rise of fake locksmiths and more.

Please send show feedback to feedback [aT] securityjustice.com or comment below.

 

 Security Justice Episode 22 [49:39m]: Play Now | Play in Popup | Download (3464)

Posted in Podcast Episodes | No Comments »

Security Justice Episode 21 – Woot.com, Hack Challenge, @dave_rel1k and SET

January 26th, 2010 Tom

This is the 21st episode of the Security Justice podcast recorded January 20, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, Matt and Chris with special guests Dave Kennedy creator of the Social Engineer Toolkit (SET) and Shawn Miller from Woot.com.  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.  Here are the show notes:

• Chris announces this months open source project worth supporting! Chris recommends donating to pfSense, which is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router.  Each month Chris is going to highlight an awesome open source project worth giving some cash to.
• Hurricane Labs in Cleveland, Ohio is having another awesome Hack Challenge taking place on February 3, 2010.  Special guest Jordan Wiens (DEFCON CTF champion) will be in attendance (he will not be participating in the challenge so don’t worry about getting pwnd).  Hurricane Labs talks about what’s different from last year and how a CTF (Capture The Flag) works.
• Shawn Miller from Woot.com talks about bags of crap and how Woot.com is sponsoring the Shmooball Cannon Contest this year at Shmoocon!  He also talks about the history of Woot.com and how they do Woot off’s and more.
• Dave Kennedy gives us an overview of his Social Engineer Toolkit (SET) as well as a sneak peak of some new things being released for SET during his firetalk at Shmoocon. Also, listen to Dave *butcher* @myrcurial.  Remember Dave…my-cur-i-al.
• Tom is bringing the social zombie apocalypse to Shmoocon with Kevin Johnson and Robin Wood Saturday, February 6th at 11am.
• Be sure to check out the Podcaster Meetup and the Firetalks at Shmoocon.  Security Justice will be there.  More details will be posted soon!
• Remember kids: If your going to Shmoocon…do not eat at Trattoria across the street from the Wardman Park!! See this video for more information.

Please send show feedback to feedback [aT] securityjustice.com or comment below.  Thanks to Dave and Shawn for being guests on the show!

 

 Security Justice Episode 21 [70:53m]: Play Now | Play in Popup | Download (3773)

Posted in Podcast Episodes | No Comments »

Security Justice Episode 20 – Shmoocon 2010 Interview with Bruce Potter (@gdead)

December 22nd, 2009 Tom

This is the 20th episode of the Security Justice podcast recorded December 16, 2009 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave and Chris with very special guest Bruce Potter founder of the Shmoo Group.  * Photo of Bruce and Heidi from album.textfiles.com.

Bruce talks to us about Shmoocon 2010, the ticketing process, talks, events and everything else related to Shmoocon 2010.  Just a reminder that the last round of Shmoocon tickets go on sale January 1st at noon EST!  This is your last chance to get a ticket to Shmoocon.  If you don’t get one, Bruce says you can blame our very own Chris Clymer.  Thanks again to Bruce for being our guest on the show and for everyone participating in the live chat via IRC and on the live stream (very special thanks to aricon from PaulDotCom for letting use their Icecast server for the stream).

 

 Security Justice Episode 20 - Shmoocon 2010 Interview with Bruce Potter [71:26m]: Play Now | Play in Popup | Download (3727)

Posted in Podcast Episodes | 1 Comment »

Security Justice Episode 19 – Epic Interview with Jason Scott (@textfiles)

November 27th, 2009 Tom

This is the 19th episode of the Security Justice podcast recorded November 18, 2009 live at the Chris Clymer Bar & Grill (his basement actually).  This episode was hosted by Tom, Matt, Dave and Chris with very special guest Jason Scott from textfiles.com (picture of Jason in this post courtesy of roy-sac).

Jason is probably the most interesting person you will ever meet.  His long list of accomplishments include speaking at pretty much every hacker conference known to man, hosting the fantastic Blockparty for the last three years at Notacon, archiver of the Internet, proprietor of textfiles.com, computer historian, producer of BBS: The Documentary, creator of sockington (the most famous cat on Twitter with well over 1 million followers) and also known as the guy who goatse’d all of MySpace.  We talk to Jason about pretty much everything listed above.  This is truly a EPIC episode going into the two hour mark but well worth the listen!

Thanks again to Jason for being our guest on the show and for everyone participating in the live chat via IRC and on the live stream (it was our largest audience yet)!  Please send show feedback to feedback [aT] securityjustice.com or comment below.

 

 Security Justice Episode 19 - Jason Scott [134:27m]: Play Now | Play in Popup | Download (4015)

Posted in Podcast Episodes | 2 Comments »

Security Justice Episode 18 – Louisville InfoSec, Rapid7, Interview with Wesley McGrew

October 27th, 2009 Tom

This is the 18th episode of the Security Justice podcast recorded October 21st 2009 live at Mavis Winkle’s Irish Pub. This was the last episode recorded at Mavis Winkle’s.  Apparently, they can’t handle any more of the “justice”.  This episode was hosted by Tom, Matt, Dave and Chris with special guests Wesley McGrew from McGrewSecurity.com and Dave Kennedy (ReL1K).  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.

Special Announcements:
We will be podcasting live at the Ohio Information Security Summit October 29-30.  We should be streaming some of the talks and select interviews with some of the speakers.  Be sure to follow our Twitter feed for updates on when we will be live!  Tom, Matt, Dave Kennedy, Alex Hutton, Richard Bejtlich and Wikid Systems (Nick Owen) will all be speaking.

Tom Eston and Kevin Johnson will be speaking at OWASP AppSec DC November 10-13th.  Tom and Kevin will be presenting “Social Zombies: Your Friends Want to Eat Your Brains”

Website Plug(s) of the Month:

Shmoocon CFP is open! Canadian Web Techno Conference CFP is open, ConFoo!

The Social-Engineer.org Podcast.  Be sure to check out the first episode on interrogation and interview tactics.  Really good stuff.  We are hoping that these guys put out more episodes soon!

• The Louisville Metro InfoSec Capture the Flag recap by Dave Kennedy
• Ohio LinuxFest Recap.  Link to the geek wedding here.
• T-Shirt contest design winners!  Rodolfo and ghostnomad…your designs will be incorporated into the t-shirt design!  Congratz!
• Rapid7 Acquires Metasploit.  Dave Kennedy has the strangest analogy about this we have ever heard!
• Poken update
• Wi-Fi signals used to see through walls
• Internet as a Basic Right
• Interview with Wesley McGrew. We talk to Wesley about some of his notable achievements including Yousif Yalda, Script Kiddies in the Mist, Vulnerabilities in SCADA Human-Machine Interface Software, Jesse “GhostExodus” McGraw/ETA and the f0rb1dd3n book review.  Wesley has a great blog over at mcgrewsecurity.com that we highly recommend you add to your daily reading list!  You can also follow Wesley on Twitter.

Please send show feedback to feedback [aT] securityjustice.com or comment below.  Thanks to Wesley for being a guest on the show!

 

 Security Justice Episode 18 [77:08m]: Play Now | Play in Popup | Download (3060)

Posted in Podcast Episodes | 1 Comment »