CodeQL with Alvaro Munoz

Hacker Talk 2024 New Year Special Featuring: Johnny Xmas, Zagros Bingol and Filip Kalebo. Topics: infosec's 9/11 - Target.com breach Leaking TSA master keys Starting to work in information security How the information security space has changed The hackers we lost along the way RIP Kevin Mitnick RIP hacker legend Robert “Ozzie” Osband (Richard Cheshire, The Cheshire Catalyst) 2600 Hackers on planet earth Crowd strike Trends we have seen in 2024 AI as a trend The future of AI Training models AI being used to fingerprint user activity AI in continuous integration pipelines Code Reviews Backdoor in tar Vulnerabilities in the linux kernel Risks of using opensource Exploit brokers OSS Fuzz Fuzzing Quantum computers Cray super computers Michelle Simmons creates a quantum computer at home National cryptology museum in Washington dc 40 years since Chaos Computer club, 2600 and Cult of the deadcow Chaos computer camp Bornhack toorcamp hope conference Defcon Cult of the deadcow Veilid Bluesky Decentralized technologies Hawk tuah Modern Scams Web3 and Web2 Privacy Downfall of telegram Telegram giving up on privacy SimpleX chat, signal and imessage Future External Links: https://linktr.ee/johnnyxmas https://burbsec.com/ https://en.wikipedia.org/wiki/XZ_Utils_backdoor https://www.metafilter.com/203126/Tar-Trap-Caught https://en.wikipedia.org/wiki/Hack-Tic https://en.wikipedia.org/wiki/Chaos_Communication_Camp https://cultdeadcow.com/ https://2600.com/ https://toorcamp.org/experience/ https://infocondb.org/presenter/richard-cheshire-the-cheshire-catalyst https://www.imdb.com/name/nm1937010/ https://hope.net/memoriam.html https://veilid.com/ https://blog.rust.careers/post/veilid_dildog_rust_interview/ https://bornhack.dk/bornhack-2025/ https://en.wikipedia.org/wiki/DEF_CON https://en.wikipedia.org/wiki/Pavel_Durov https://www.bbc.com/news/articles/cvglp0xny3eo https://en.wikipedia.org/wiki/Bluesky https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html https://google.github.io/oss-fuzz/research/llms/target_generation/ https://www.visitacity.com/en/washington-dc/attractions/the-national-cryptologic-museum https://www.youtube.com/watch?v=bRj4ipIEmg0 https://www.msn.com/en-us/entertainment/celebrities/hawk-tuah-girl-haliey-welch-vanishes-after-crypto-scam-accusations-has-not-been-seen-online-for-weeks/ar-AA1waGkW https://support.apple.com/en-us/102637 https://simplex.chat/ https://en.wikipedia.org/wiki/Signal_(software) https://en.wikipedia.org/wiki/Moxie_Marlinspike

The hardware hacker, creator of the wifi-nugget, cybersecurity content creator, hak5 host and our guest of honor in this episode of Hacker Talk is Alex Lynd! In this episode, we cover: Alex background, working with hak5, content creation O.MG pentesting cable Signal intelligence Wifi hacking Hardware hacking Modifying the hardware of calculators, playing games on calculators Hacking the texas instrument ti 84 calculator Alex's first computer being the raspberry pi Starting with Linux Embedded security Hardware developer perspective Making hardware devices Making low-cost hacking devices low cost, high availability and effective hacking devices GPS implants ESP8266, 3 dollar wifi microcontroller Wardriving with esp8266 wifi nugget Making cat-shaped hardware Making a friendly and portable hardware design Learning about wifi hacking and microcontrollers USB nugget USB rubber ducky Keystroke injection attacks ATtiny85 Arduino Thought process behind creating the wifi nugget How Filip cracked his neighbors wifi Aircrack-ng Airgeddon Creating a DIY beginner hardware kit The creation of wifi nugget, the first 100 devices SpaceHuhn Maker Wifi Beacon spoofing pranks esp32 vs esp8266 wifi chip Crafting custom packets with the esp8266 chip Espressif Systems trying to stop people from using it's wifi chips for offensive purposes by locking down its software development kit. Spoofing attacks esp32 native USB mode EMulating USB connected devices for data exfiltration Auto trunked packets pmkid wifi attack Cracking wpa2 handshakes Guessing autogenerated wifi passwords Hashcat Password generator based on your local area code The best password-cracking word list Filip has ever used Funny pranks with the wifi nugget Nugget defender, see if anyone is attacking your network use Canary tokens to detect if someone is breaking into your system Bugged microsoft word and pdf documents Having an intrusion detection system in your pocket wifi honeypots Getting started designing custom printed circuit boards(PCB) Design with easyeda Creating a tv-be-gone Sourcing pcb boards Circuit board art What software to use to create boards Antenna design Omni directional antennas Yagi antennas Sourcing hardware Making it more user friendly Links: https://alexlynd.com/ https://mg.lol/blog/omg-cable/ https://github.com/HakCat-Tech/WiFi-Nugget https://education.ti.com/en/products/calculators/graphing-calculators/ti-84-plus https://en.wikipedia.org/wiki/Raspberry_Pi https://hak5.org/ https://en.wikipedia.org/wiki/ESP8266 https://retia.io/ https://twitter.com/AlexLynd https://usbnugget.com/ https://shop.hak5.org/products/usb-rubber-ducky https://en.wikipedia.org/wiki/ATmega328 https://en.wikipedia.org/wiki/Arduino_Nano https://www.pcboard.ca/mini-attiny85-usb https://www.arrow.com/en/research-and-events/articles/attiny85-arduino-tutorial https://github.com/derv82/wifite2 https://en.wikipedia.org/wiki/Aircrack-ng https://www.kali.org/tools/airgeddon/ https://github.com/SpacehuhnTech/esp8266_deauther http://deauther.com/ https://spacehuhn.com/ https://ieeexplore.ieee.org/document/4529384/ https://en.wikipedia.org/wiki/ESP32 https://www.espressif.com/ https://documentation.meraki.com/MR/Other_Topics/PMKID_Vulnerability_FAQ_-_WPA%2F%2FWPA2-PSK_and_802.11r https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access https://colab.research.google.com/ https://en.wikipedia.org/wiki/Hashcat https://github.com/danielmiessler/SecLists https://github.com/HakCat-Tech/Nugget-Invader https://canarytokens.org/generate https://easyeda.com/ https://www.pcbway.com/ https://www.kicad.org/ https://en.wikipedia.org/wiki/Nordic_Semiconductor

Sam Bent, previously by his online handle as the Darknet Vendor "2happytimes2" is our Hacker of the episode! In this episode of Hacker Talk we get to hear, how Sam put toghter an Opsec plan that ended up protecting him against a 20 count indetment and 200 years in prison. Thanks to a bruteforce attack in the true hacker spirit he managed to get out of prison.  What is it like to apply strong operation security practices in your everyday life?  How does one survive and adapt to hostile environments? Join us in this thrill seeking episode of Hacker Talk, where we get to hear Sam's story.  In this episode we cover:    Darknet Vendor, Darknet Marketplaces   Darknet Forum Administrator First Introduction to Tor  Silkroad, Early Bitcoin days  Bitcoin Pizza for 20 000 Bitcoins Moderating darknet forums Money laundering charges    Privacy Journey into selling on the darknet   Residential Security    Living in Vermont, United States of America Computer support    Forming information security policies   Backtraq 2(Released March 2007)  Yagi antenna, randomizing your mac address before you use your neighbors wifi Removing DNA from packages.   Speaking at Defcon   Dealing with the Department of Homeland security Social Engineering Operation security Dread Darknet Forum Dealing with Hostile Environments on the darknet and in prison  Profiling yourself Importance of Adoptability   Managing multiple identities  Pretty good privacy(PGP) Trust on the Darknet Resumes on the Darknet    Best practices for Password Managers  Storing password's in "The Slip", secure convenience security   How to ship mail securely Interacting with the united states judicial system  Franks hearing Becoming a paralegal in Prison Writing a 200-page passion of release motion Building trust in Online Communities Links: Doingfedtime Youtube channel: https://www.youtube.com/@DoingFedTime Bitcoin talk pizza thread: https://bitcointalk.org/index.php?topic=137.0  https://en.wikipedia.org/wiki/Vermont https://en.wikipedia.org/wiki/BackTrack  Sam's defcon talk: https://www.youtube.com/watch?v=NGiUhjuB22Y https://www.16personalities.com/ https://en.wikipedia.org/wiki/Pretty_Good_Privacy   https://en.wikipedia.org/wiki/Silk_Road_(marketplace)    https://www.shouselaw.com/ca/blog/warrant/what-does-it-mean-to-traverse-a-warrant-what-is-a-franks-motion/ https://forum.defcon.org/node/241998 https://www.darknetstats.com/seasoned-dark-web-vendor-2happytimes2-sentenced-to-5-years-in-prison/

Our Hacker of the episode is "Vickie lii"! Vickie tells us about Bug Bounties, her new book and information security.  Tune in now! In this episode we cover: Background, getting into security Getting into Bug Bounty  First Bug bounty  Hackerone, Bug crowd Reporting Security Bugs Coordinating bug bounties   Life as a bug bounty hunter Interaction with engineers Bug bounty bootcamp Book Security as a hobby Writing Books How to hack web applications   Vickie's favourite types of Vulnerabilities    Template injection IDOR Writers block Nostarch   Book Publishing   Bug bounty tools Python and Bash    Make bug bounties more enjoyable  Portswinger Lab Finding low hanging fruits   legal harbor  Caring about security researchers   Links: https://twitter.com/vickieli7    https://en.wikipedia.org/wiki/Bug_bounty_program https://vickieli.dev/   https://portswigger.net/web-security/all-labs    https://portswigger.net/research/server-side-template-injection https://www.geeksforgeeks.org/insecure-direct-object-reference-idor-vulnerability/    https://nostarch.com/bug-bounty-bootcamp Grab a copy of Vickie's book: https://www.amazon.com/Bug-Bounty-Bootcamp-Reporting-Vulnerabilities-ebook/dp/B08YK368Y3

In this episode of Hacker Talk: One of the most powerful newer static analysis tool is CodeQL.   By converting your code base into a Codeql database, you can now write   queries in a read-only way, in order to find security vulnerabilities    and problems in you Code-base. We wanted to know more about this declarative language called "CodeQL". Straight from Github's Security Lab, we are joined by Alvaro Munoz!   Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.   Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more! Topics covered: Learning to thing outsite the box by playing Capture the flag CodeQL declarative languages  Static code analysis Getting a broad view of the source code Writing queries with CodeQL to find vulnerabilities    Modeling vulnerabilities with CodeQL The learning curve of CodeQL Quering github repositories for vulnerabilities Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL) Linters vs codeql CodeQL integrated with continuous integration pipelines Get started with Codeql Submit your codeql queries to Github Security Lab's Bug bounty Best practices for writing queries     Thinking of the code as a database with codeql Finding vulnerabilities in Covid-19 systems Best pratices for CodeQL  Reduce false possitives  CodeQL with nvim(neovim)     Improving vim by creating a more interactive development enviroment alternative, "neovim". LSP integration with neovim.   CodeQL with Emacs Remote code execution bugs found with CodeQL.   Bugs found in Radar Covid App Patterns leading to remote code execution    Auditing javascript frameworks CodeQL vs other static analysis tools Capture the flag codeql challanges The future of CodeQL External links: https://lgtm.com/   https://github.com/pwntester   https://neovim.io/ https://en.wikipedia.org/wiki/Language_Server_Protocol     https://en.wikipedia.org/wiki/Semgrep Covid 19 tracing app - https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss/ - https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/ Github Security Lab web site: https://securitylab.github.com/ Join Github Security Lab Slack Channel:  https://join.slack.com/t/ghsecuritylab/shared_invite/zt-120w4vby8-_O9u9k2hPfgbju1tddBPcg https://twitter.com/pwntester Bounty program: https://securitylab.github.com/bounties/ https://codeql.github.com/ https://codeql.github.com/docs/codeql-overview/   http://www.pwntester.com/ https://en.wikipedia.org/wiki/Abstract_syntax_tree   https://en.wikipedia.org/wiki/Control_flow_analysis https://github.com/github/codeql-learninglab-actions https://github.com/anticomputer/emacs-codeql/    Special thanks too: We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!

In this episode of Hacker Talk, we are joined by the Hacker and SecBSD contributor: The BSDBandit! Tune is as we deep into secbsd, the penetration distribution for the BSD community. In this episode we cover: Video games Kali linux meets bsd Started to hack in college mandraka linux FreeBSD 4.8 and beyond    BSD vs Linux    Reading the RFC's IRIX Learn from developer mailing lists   OpenBSD's mailing  The start of SECBSD - BSD based Penetration testing distribution         SecBSD, release cyckle Documentation in the BSD world   NetBSD on toasters and sega dreamcast    Comparing the BSD's    Porting ruby Beef to BSD    Web applications as houses    Webb application api's    Security     Penetration testing   Management vs Security Researchers and developers      The adventures of Hacking and learning   The state of Hacking   Tinkering with FreeBSD     ManPages Unix Powertools book   Vi Editor   Having fun with Technology   People code computers    Time allocation and having a good schedule     Rust programming    Visual code studio    Pentesting with Rust    Mental health   Taking brakes, allocating   discord and Internet Relay Chat      Libera.chat irc   Irssi irc client     Phreakers going into VoIP OpenBTS    IceCast Future of IT-Security    Moving everything to the browser    Challenge of the episode:  The BSDBandit challenges you to read one man page per day for one year       Links:     https://en.wikipedia.org/wiki/Mandriva_Linux     https://www.freebsd.org/releases/4.8R/announce/     https://secbsd.org    https://twitter.com/SecBSD    https://rfcs.io/http      https://www.rfc-editor.org/rfc/      https://en.wikipedia.org/wiki/IRIX      https://en.wikipedia.org/wiki/Sub7      https://marc.info/?l=openbsd-misc&r=1     https://www.openbsd.org/faq/ports/guide.html     https://twitter.com/CryptoBanshee_    https://beefproject.com/    https://www.oreilly.com/library/view/unix-power-tools/0596003307/     https://www.amazon.com/UNIX-PowerTools-Jerry-Peek/dp/1565922603    https://en.wikipedia.org/wiki/Vim_(text_editor)    https://en.wikipedia.org/wiki/Vi    https://twitter.com/bsdbandit     https://crates.io/    https://www.rust-lang.org/     https://github.com/bsdbandit    https://crates.io/crates/pledge    https://en.wikipedia.org/wiki/Ghostscript     https://en.wikipedia.org/wiki/Discord    https://en.wikipedia.org/wiki/Irssi    https://en.wikipedia.org/wiki/2600%3A_The_Hacker_Quarterly    https://libera.chat/    https://en.wikipedia.org/wiki/OpenBTS    https://icecast.org/   

Hacker Talk is back! Stronger than ever with a new episode, in this episode we are all about Podman! Joining us today is Dan Walsh. One of the main people behind Podman! Dan is very knowledgeable in the (oci)container security world. We are super happy to have him on Hacker Talk and hear about Podman. Topics: Podman Podman in action book Dan's journey into Unix and Linux Following Paul cormia to redhat, CEO of redhead Redhat, working on pre-vpn Working on se-linux Container technology Security for openshift Being integrated with docker Oci images and runtimes Fork and exec Security in containers Docker daemon Design behind podman Better security in podman Combining podman with kubernetics Docker Vs systemd Full integration with systemd Buildah, docker build with podman Background story of buildah Overhead in containers Get started with migrating infrastructure to podman Gitlab runners with podman Podman on non-linux systems Docker starting to charge for Windows and Mac Podman desktop gui Linux security Sec-comp Land lock security mitigation in the Linux kernel SE-linux Encrypted virtual machines Intel-sgx with KVM virtual machines Trusting proprietary CPU encrypted environments Encrypted workloads Security at the hardware level Links https://www.manning.com/books/podman-in-action Se-linux Podman Docker https://www.youtube.com/watch?v=MmUwrP791sI Replacing docker with Podman Buildah Docker starts to charge for usage Read Dan's book: https://www.manning.com/books/podman-in-action Find more episodes of Hacker Talk at: https://anchor.fm/hacker-talk Subscribe to Hacker Talk's RSS feed: https://anchor.fm/s/7984c230/podcast/rss

In this episode of Hacker Talk, we are joined by the social engineer, windows security ninja, hacker and security researcher Mattias Borg. Tune is as we get to hear about scam calls and social engineering! In this episode we cover: Social Engineering Micro-expressions How long can you get with scam calls? Windows Security Best practices Dealing with scam callers Getting more information from scam call center What happens when people fall for scam callers. Educating others  Links: The Art of Human Hacking https://en.wikipedia.org/wiki/Christopher_J._Hadnagy https://twitter.com/MattiasBorg82 https://blog.sec-labs.com/   https://www.youtube.com/watch?v=YsznWl0Wc4I https://www.youtube.com/watch?v=1zTsfs4Q6IY   For feedback and guest suggestions, email: podcast at firosolutions dot com

In this episode of Hacker Talk, we are joined by the amazing Hacker, G0t mi1k! G0t mi1k is part of the offensive security team and he also runs the database of vulnerable virtual machines, called Vulnhub. Topics: Background Getting into infosec Becoming a moderator First remote shell Backtrack Offensive security Start and background story of Vulnhub.com Encouraging people to run virtual machines Hoarding data, hosting virtual machine images The start of Exploit-db, milw0rm Curating exploits Running virtual machines with Proxmox home lab and vmwareVMware Best practices for protecting internet facing virtual machines Locking down machines The rise and fall of port knocking Single Packet Authorization Learning security by doing Understanding the entire circle of it security. Exploits in Fail2ban Writing a book as a dyslexic The importance of changing the pace of Life. Taking time away from the Keyboard. Working from home External links: https://en.wikipedia.org/wiki/Proxmox_Virtual_Environment    https://www.exploit-db.com/ Single Packet Authorization https://www.vulnhub.com/ https://en.wikipedia.org/wiki/Fail2ban https://en.wikipedia.org/wiki/Port_knocking https://blog.g0tmi1k.com/ https://twitter.com/g0tmi1k https://research.securitum.com/fail2ban-remote-code-execution/

Today we are joined by: Mike Spicer, the builder of the Wifi Cactus, someone you can see walking around various security conference    with a backpack filled with wireless monitoring goodies :) Mike wanted to see what was really happening on one of the most dangerous wifi networks in the world, this and a lot more in this episode of Hacker Talk.  In this episode we cover: Questioning the dangerous assumption How dangerous is Defcon's network really? Dialup internet, warez, Hacking, Tinkering, and programming The movie Hackers from 1995 Wardriving, driving around to find internet, Orinoco gold wireless card WiFi Starting a startup wireless internet service provider company Software-defined radio Hacking Radiofrequency LoRa Helium Lori hardware Things network Lori iot Amazon sidewalk Interconnected devices 900megahertz OpenBTS BladeRF 3g stingrays WiFi Cactus, wifi kraken Wardriving with wireless antennas Pitfalls with airodump Wireless captures Wireless standards, going to WiFi 6 From one box to twelve 25 hak5 pineapples from Darren kitchen Kismet, Andrew dragon(creator of kismet) Intel nuc Live streaming data from the WiFi Cactus WiFi Cactus at Defcamp in Romania Analyzing wardriving from security conferences Pcapinator GitHub Wireshark Mdns, clear text, DNS queries to slack Building your own wardriving device Wireless penetration tests Intel ax220 PCI express WiFi adapter, 30-40 USD, native Linux support Monitoring for wireless de-authentication attacks Deploying kismet for detection with raspberry pi 4 with a 30usd Wireless adapter for starting to monitor their WiFi security Best practices for cracking wpa2 handshakes with hashcat Best security practices for setting up wireless networks Links: https://www.imagine41.com/product/orinoco-gold-wireless-networks-pc-card/ https://en.wikipedia.org/wiki/Software-defined_radio https://en.wikipedia.org/wiki/Wardriving https://twitter.com/d4rkm4tter https://github.com/mspicer/pcapinator https://www.wigle.net/   https://en.wikipedia.org/wiki/LoRa https://www.helium.com https://www.kismetwireless.net/   https://www.intel.com/content/www/us/en/products/sku/189347/intel-wifi-6-ax200-gig/specifications.html    We would like to give a special thanks to Feedspot for featuring us, we recommend that you check them out: https://blog.feedspot.com/hacker_podcasts/