Security Justice Episode 26 – Interview with Joshua Abraham (@jabra), Dave Kennedy (@dave_re1ik) SET v0.6 and Arnold Palmer

July 2nd, 2010 Tom

This is the 26th episode of the Security Justice podcast recorded May 19th, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, Matt and Chris with special guests Joshua “Jabra” Abraham from Rapid7, Dave Kennedy and Ghostnomad.  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.  Here are the show notes:

Please send show feedback to feedback [aT] securityjustice.com or comment below.

Security Justice Episode 26 [ 59:35 ] Play Now | Play in Popup | Download (5823)

Posted in Podcast Episodes | 1 Comment »

Security Justice Episode 25 – Interview with Rafal Los, THOTCON, AppSec Security Fail, Cyber what?

June 9th, 2010 Tom

This is the 25th episode of the Security Justice podcast recorded May 19th, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, Matt and Chris with special guest Rafal Los (speaker, blogger, appsec ninja).  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.  Here are the show notes:

  • We have our very first out of town guest!  Rafal Los from HP joins us for some *very* lively conversation.  You should really read his blogs.
  • Rafal gives an update on THOTCON.  Yes, we want to podcast LIVE from THOTCON next year! It’s in Chicago.  We like Chicago.
  • Rafal also did 30 disasters in 30 days (this is the first one). Awesome read!
  • Check out Rafal’s talk from Source Boston: Into the Rabbit Hole: Execution Flow-Based Web Application Testing. We have some great discussion about this on why we are failing at web app testing.  Can QA do security?  Should developers be licensed like other industries?
  • We end with a discussion on security certifications, degrees, red team vs. blue team and the word “Cyber”….oh my.
  • Stay tuned after the podcast for some exclusive LIVE dualCORE and an interesting collection of bumpers.  Enjoy!

Please send show feedback to feedback [aT] securityjustice.com or comment below.

Security Justice Episode 25 [ 1:25:15 ] Play Now | Play in Popup | Download (5330)

Posted in Podcast Episodes | No Comments »

Security Justice Episode 24 – Interview with Steve Ocepek from SpiderLabs, Post Notacon Updates

May 5th, 2010 Tom

This is the 24th episode (two years!) of the Security Justice podcast recorded April 21st, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, and Chris with special guest Steve Ocepek from SpiderLabs.  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.  Here are the show notes:

Please send show feedback to feedback [aT] securityjustice.com or comment below.

Security Justice Episode 24 [ 1:09:56 ] Play Now | Play in Popup | Download (5663)

Posted in Podcast Episodes | No Comments »

Security Justice Episode 23 – Infosec vs. IT Audit, Froggy and Tyger, Myrcurial and Notacon

March 23rd, 2010 Tom

This is the 23rd episode of the Security Justice podcast recorded March 17, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, and Chris with special guests Ghostnomad (the “auditor”) as well as Froggy and Tyger from Notacon AND Myrcurial.  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC (that includes you Chris Nickerson..*gasp*).  Here are the show notes:

Please send show feedback to feedback [aT] securityjustice.com or comment below.

Security Justice Episode 23 [ 1:18:21 ] Play Now | Play in Popup | Download (6883)

Posted in Podcast Episodes | 1 Comment »

Security Justice Episode 22 – Physical Security, Interview with a Locksmith

February 24th, 2010 Tom

This is the 22nd episode of the Security Justice podcast recorded February 17, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, Matt and Chris with special guest John Doe the Locksmith.  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.  Here are the show notes:

  • A few Shmoocon updates! There was snow! Dave’s pictures posted soon…
  • Interview with “John Doe” the Locksmith.  John Doe talks about some of the biggest physical security fails he has seen as well as some great stories of alarm bypass.  He also talks about what are good consumer grade locks, what are his favorite lock picks, the rise of fake locksmiths and more.

Please send show feedback to feedback [aT] securityjustice.com or comment below.

Security Justice Episode 22 [ 49:39 ] Play Now | Play in Popup | Download (7051)

Posted in Podcast Episodes | No Comments »

Security Justice Episode 21 – Woot.com, Hack Challenge, @dave_rel1k and SET

January 26th, 2010 Tom

This is the 21st episode of the Security Justice podcast recorded January 20, 2010 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave, Matt and Chris with special guests Dave Kennedy creator of the Social Engineer Toolkit (SET) and Shawn Miller from Woot.com.  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.  Here are the show notes:

  • Chris announces this months open source project worth supporting! Chris recommends donating to pfSense, which is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router.  Each month Chris is going to highlight an awesome open source project worth giving some cash to.
  • Hurricane Labs in Cleveland, Ohio is having another awesome Hack Challenge taking place on February 3, 2010.  Special guest Jordan Wiens (DEFCON CTF champion) will be in attendance (he will not be participating in the challenge so don’t worry about getting pwnd).  Hurricane Labs talks about what’s different from last year and how a CTF (Capture The Flag) works.
  • Shawn Miller from Woot.com talks about bags of crap and how Woot.com is sponsoring the Shmooball Cannon Contest this year at Shmoocon!  He also talks about the history of Woot.com and how they do Woot off’s and more.
  • Dave Kennedy gives us an overview of his Social Engineer Toolkit (SET) as well as a sneak peak of some new things being released for SET during his firetalk at Shmoocon. Also, listen to Dave *butcher* @myrcurial.  Remember Dave…my-cur-i-al. :-)
  • Tom is bringing the social zombie apocalypse to Shmoocon with Kevin Johnson and Robin Wood Saturday, February 6th at 11am.
  • Be sure to check out the Podcaster Meetup and the Firetalks at Shmoocon.  Security Justice will be there.  More details will be posted soon!
  • Remember kids: If you’re going to Shmoocon…do not eat at Trattoria across the street from the Wardman Park!! See this video for more information.

Please send show feedback to feedback [aT] securityjustice.com or comment below.  Thanks to Dave and Shawn for being guests on the show!

Security Justice Episode 21 [ 1:10:53 ] Play Now | Play in Popup | Download (6270)

Posted in Podcast Episodes | No Comments »

Security Justice Episode 20 – Shmoocon 2010 Interview with Bruce Potter (@gdead)

December 22nd, 2009 Tom

This is the 20th episode of the Security Justice podcast recorded December 16, 2009 live at Damon’s Grill in Independence, OH.  This episode was hosted by Tom, Dave and Chris with very special guest Bruce Potter founder of the Shmoo Group.  * Photo of Bruce and Heidi from album.textfiles.com.

Bruce talks to us about Shmoocon 2010, the ticketing process, talks, events and everything else related to Shmoocon 2010.  Just a reminder that the last round of Shmoocon tickets go on sale January 1st at noon EST!  This is your last chance to get a ticket to Shmoocon.  If you don’t get one, Bruce says you can blame our very own Chris Clymer.  :-) Thanks again to Bruce for being our guest on the show and for everyone participating in the live chat via IRC and on the live stream (very special thanks to aricon from PaulDotCom for letting use their Icecast server for the stream).

Security Justice Episode 20 - Shmoocon 2010 Interview with Bruce Potter [ 1:11:26 ] Play Now | Play in Popup | Download (5899)

Posted in Podcast Episodes | 1 Comment »

Security Justice Episode 19 – Epic Interview with Jason Scott (@textfiles)

November 27th, 2009 Tom

Jason_Scott_Text_urized_by_roy_sacThis is the 19th episode of the Security Justice podcast recorded November 18, 2009 live at the Chris Clymer Bar & Grill (his basement actually).  This episode was hosted by Tom, Matt, Dave and Chris with very special guest Jason Scott from textfiles.com (picture of Jason in this post courtesy of roy-sac).

Jason is probably the most interesting person you will ever meet.  His long list of accomplishments include speaking at pretty much every hacker conference known to man, hosting the fantastic Blockparty for the last three years at Notacon, archiver of the Internet, proprietor of textfiles.com, computer historian, producer of BBS: The Documentary, creator of sockington (the most famous cat on Twitter with well over 1 million followers) and also known as the guy who goatse’d all of MySpace.  We talk to Jason about pretty much everything listed above.  This is truly a EPIC episode going into the two hour mark but well worth the listen!

Thanks again to Jason for being our guest on the show and for everyone participating in the live chat via IRC and on the live stream (it was our largest audience yet)!  Please send show feedback to feedback [aT] securityjustice.com or comment below.

Security Justice Episode 19 - Jason Scott [ 2:14:27 ] Play Now | Play in Popup | Download (7363)

Posted in Podcast Episodes | 2 Comments »

Security Justice Episode 18 – Louisville InfoSec, Rapid7, Interview with Wesley McGrew

October 27th, 2009 Tom

mcgrewsecThis is the 18th episode of the Security Justice podcast recorded October 21st 2009 live at Mavis Winkle’s Irish Pub. This was the last episode recorded at Mavis Winkle’s.  Apparently, they can’t handle any more of the “justice”.  This episode was hosted by Tom, Matt, Dave and Chris with special guests Wesley McGrew from McGrewSecurity.com and Dave Kennedy (ReL1K).  Music as always provided by dualCORE. Thanks to everyone listening to the live stream and for participating in the chat via IRC.

Special Announcements:
We will be podcasting live at the Ohio Information Security Summit October 29-30.  We should be streaming some of the talks and select interviews with some of the speakers.  Be sure to follow our Twitter feed for updates on when we will be live!  Tom, Matt, Dave Kennedy, Alex Hutton, Richard Bejtlich and Wikid Systems (Nick Owen) will all be speaking.

Tom Eston and Kevin Johnson will be speaking at OWASP AppSec DC November 10-13th.  Tom and Kevin will be presenting “Social Zombies: Your Friends Want to Eat Your Brains”

Website Plug(s) of the Month:

Shmoocon CFP is open! Canadian Web Techno Conference CFP is open, ConFoo!

The Social-Engineer.org Podcast.  Be sure to check out the first episode on interrogation and interview tactics.  Really good stuff.  We are hoping that these guys put out more episodes soon!

Please send show feedback to feedback [aT] securityjustice.com or comment below.  Thanks to Wesley for being a guest on the show!

Security Justice Episode 18 [ 1:17:08 ] Play Now | Play in Popup | Download (5265)

Posted in Podcast Episodes | 1 Comment »

Security Justice Episode 17 – Pokens, CUDA, Physical Security Exercises, Makerbots, Hawt Chicks

September 24th, 2009 Tom

NinjaPokenThis is the 17th episode of the Security Justice podcast recorded September 16th 2009 live at Mavis Winkle’s Irish Pub. This episode was hosted by Tom, Matt, Dave and Chris with special guests Tony Macisco and much0mas. Music provided by dualCORE and Pokens provided by PokenZoo.com.  Did you know we have a Facebook Fan Page?  We promise it’s non malicious! Thanks to everyone listening to the live stream and for participating in the chat via IRC.

Special Announcements:
We will be podcasting at the Ohio Linux Fest with dualCORE! September 25-27th.  Dave and Chris will be streaming live on Saturday 9/26 and dualCORE will be performing live Saturday night.  Stay tuned to our website and Twitter feed for more information this weekend.

Cleveland Locksport is forming!  If your local to the Cleveland area, hit up Chris for information on the next meeting.

If you near the Cleveland, Ohio area check out the Information Security Summit October 29-30

MiniSoOnCon! MiniSoOnCon is a Southern Ontario Hackerspaces / Makers Mini-Conference October 2nd and 3rd, 2009 in Hamilton, Ontario.

Website Plug(s) of the Month:

Social Engineering Framework
Learn all about social engineering!  Put together by an awesome crew including Dave Kennedy who is the creator of the Social Engineer Toolkit (SET).  Check it out!  Really good stuff! http://social-engineer.org/

Malwarebytes is a site dedicated to fighting malware. Malwarebytes has developed a variety of tools that can identify and remove malicious software from your computer.

Here are the topics covered and show notes:

  • Interview with Tony Macisco who is a physical security expert.  He has a impressive resume working for the Department of Homeland Security. US Customs and a large financial institution.  If your looking for someone that knows physical security, Tony is your man.  Connect with him on LinkedIn!
  • Matt talks about cracking passwords with CUDA video cards and why cracking passwords with video cards is incredibly faster then traditional methods.  CUDA FTW!
  • Want to crack passwords with a CUDA supported card?  Check out Pyrit which allows you to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff.  Pyrit also hooks into CoWPAtty.  If you want to brute force MD4/MD5 or NTLM check out CUDA Multiforcer (noted as the worlds fastest password cracker).  If you want a setup for CUDA that works out of the box, check out Backtrack 4…CUDA support is built in!
  • Sharing files on a social network might be the end of the world
  • POKENS. What are they? Are they secure? Will they catch on?  We have some Pokens for prizes thanks to PokenZoo.com!  See Dave or Chris at Ohio Linux Fest this weekend to find out how to win one!  Congrats to Paul from PaulDotCom Security Weekly for winning a Poken during our live show!
  • Want to know how Pokens work and related security?  Check out this really awesome, detailed article created by Didier Stevens.
  • Did you know we have a t-shirt design contest?  Neither did we!  Send your ideas to feedback[aT]securityjustice.com and you could win a Poken and MORE! (we just don’t know what “more” is yet)
  • What is a Makerbot?  We have a good discussion about basic hardware hacking and hackerspaces…we also wonder why we still don’t have one in Cleveland..<sigh>
  • Go to MiniSoOnCon! It’s only a 3.5 hour drive from Cleveland.
  • Ignore the “hawt chick” on the Security Justice Twitter account (and the base64 encoded messages).  We are not part of a Twitter botnet! Srsly.

Please send show feedback to feedback [aT] securityjustice.com or comment below.  Thanks for listening!

Security Justice Episode 17 [ 1:00:24 ] Play Now | Play in Popup | Download (6293)

Posted in Podcast Episodes | No Comments »

« Previous Entries
Next Entries »