EP 61: Never Mess With A Hacker

We’ve seen drug marketplaces and extremists use the Dark Web. Will generative AI tools like ChatGPT make things crazier by lowering the barrier to entry? Delilah Schwartz, from Cybersixgill, brings her extensive background with online extremism to The Hacker Mind to talk about how she’s seeing a lot of chatter in the dark web.about AI online. She discusses what is and what is not likely to happen next. 

Booth babes and rampant sexism were more of a problem in infosec in the past. That is, until Chenxi Wang spoke up. And she’s not done changing the industry. She’s an amazing person who has done an incredible number of things in a short amount of time -- a PhD in Computer Engineering, inventor of a process still used by the DoD today, a successful teaching career at CMU, a role as security analyst at Forrester, and then a role at Intel McAfee.  Today she runs a 100% woman owned VC. 

What if DEF CON CTFs were televised? What if you could see their screens and have interviews with the players in the moment? Turns out, you can. Jordan Wiens, from Vector 35, maker of Binary Ninja, is no stranger to CTFs. He’s played in ten final DEF CON CTFs, was a part of DARPA’s Cyber Grand Challenge, and recently he’s moderated the live broadcast of the annual Hack-A-Sat competition. So if anyone can pull off turning CTFs into an eSport, it’s probably Jordan.

When we hear about bad actors on a compromised system for 200+ days, we wonder how they survived for so long. Often they hide in common misconfigurations. From her talk at SecTor 2022, Paula Januszkiewicz, CEO of Cqure, returns to The Hacker Mind and explains how a lot of little configuration errors in common Windows tools and services can open the door to persistence on a system for bad actors and what sysadmins can do to mitigate these. She’ll also be presenting again at RSAC 2023 in April.

Having a common framework around vulnerabilities, around threats, helps us understand the infosec landscape better. STRIDE provides an easy mnemonic. Adam Shostack has a new book, Threats: What Every Engineer Should Learn From Star Wars. that uses both Star Wars and STRIDE to help engineers under vulnerabilities and threats in software development. Adam has more than 20 years in the infosec world, and he even helped create the CVE system that we all use today.

Hacking websites is perhaps often underestimated yet is super interesting with all its potential for command injections and cross site scripting attacks. Tib3rius from White Oak Security discusses his experience as a web application security pen tester, his OSCP certification, and how he’s giving back to the community with his Twitch, Youtube, and tools he's made available on GitHub. 

Holiday air travel tips from The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin Mitnick and Robert Vamosi. This is a short episode until The Hacker Mind returns in the new year.

If you call someone on the other side of the world, perhaps you notice the delay in their response. For voice that’s okay, but for live music that’s disastrous.  Mark Goldstein thinks he’s solved the latency problem associated with the production of live musical performances online. Having one musician in Bangalore, another in California, and yet another in New York? No problem. Except, perhaps, for finding a mutually agreeable time for them to be awake and play together. 

Sometimes complex technology doesn't necessarily raise the barrier for entry for cyber criminals. Sometimes, as with our cars, it does the exact opposite. 

The LockBit ransomware gang no longer offers just one service, like ransomware, but multiple services, like anti-analysis tools and bug bounty programs. Mick Baccio from Splunk’s SURGe explains how ransomware gangs are evolving into crimeware-as-a-service platforms, as a one stop shop for all your online criminal needs.