Interview linksJeremi on Password NihilismThe Rails bug Jeremi referencedRapid Rundown linksRisky Business Newsletter on fake PoCs: "GitHub aflood with fake and malicious PoCs"The cited paper: "How security professionals are being attacked: A s

James Kettle of PortSwigger on Advancing Web-Attack Research

Oct 12th, 2022 36m

Interview LinksPrior Security Nation episode in which loads of PortSwigger references were dropped:https://www.rapid7.com/blog/post/2021/08/18/security-nation-daniel-crowley/New research from James about browser-powered desync attacks:https://p

Taki Uchiyama of Panasonic on Product Security and Incident Response

Sep 28th, 2022 30m 5s

Interview LinksCheck out Panasonic's delightful PSIRT page – especially if you have a vulnerability in one of Panasonic's many, many products to report.Rapid Rundown LinksCheck out Inti's research on "oops, we made a surveillance system" at not

Chris Levendis and Lisa Olson on Cloud CVEs

Sep 14th, 2022 36m 20s

Interview LinksCheck out the CVE blog post on handling cloud vulnerabilities.Read up on the rules for assigning CVEs.See an example cloud CVE affecting Microsoft Azure.Read the Microsoft Security Response Center’s blog post on cloud vulnerabili

Gordon “Fyodor” Lyon on Nmap, the Open-Source Security Scanner

Aug 31st, 2022 37m

Interview LinksCheck out Nmap if, for some reason, you haven’t already.Learn about Npcap, the packet capture library tool that Gordon and his company also offer.Watch Gordon and HD Moore, the creator of Metasploit, chat about the evolution of n

Jen and Tod on Hacker Summer Camp 2022

Aug 18th, 2022 33m 56s

Learn more about some of our favorite presentations from the Vegas conferences, including: Susan Paskey on threat hunting in MFA logsJeremi Gosney on "passwords, but nihilism" (an apparently unscheduled, live threat modeling exercise on passwor

Curt Barnard on Defaultinator (Black Hat Arsenal Preview)

Aug 3rd, 2022 32m 24s

Interview linksLearn all about Defaultinator.Read up on the Raspberry Pi default password vulnerability.Check out the GitHub repositories for Defaultinator.Rapid Rundown linksRead Derek Abdine's disclosures on Arris and Arris-like routers.Check

Jacques Chester of Shopify Talks CVSS Scores

Jul 20th, 2022 39m 36s

Interview LinksA Closer Look at CVSS ScoresRapid Rundown LinksBleeping Computer story: PyPI mandates 2FA for critical projects, developer pushes backTwitter thread on deleting atomicwrites, and undeleting itPyPi issues mentionedhttps://github.c

Pete Cooper and Irene Pontisso on the Results of the UK Government’s Security Culture Challenge

Jul 6th, 2022 36m 2s

Interview LinksRevisit our first episode with Peter and Irene from Season 4.Read the paper on the UK government’s cybersecurity strategy through 2030.Rapid Rundown LinksCheck out the article on so-called pig-butchering scams.Like the show? Want

Steve Micallef of SpiderFoot on Open-Source Intelligence

Jun 22nd, 2022 30m 2s

Interview LinksFollow Steve on Twitter, and give the SpiderFoot official account a follow while you’re at it.Check out the SpiderFoot website and GitHub page, and learn more about the SaaS version, SpiderFoot HX.Learn about the latest SpiderFoo

Phillip Maddux on HoneyDB, the Open-Source Honeypot Data Project

Jun 8th, 2022 20m 48s

Interview LinksCheck out the latest on HoneyDB.Interested in participating in the project? Head to the HoneyDB Agent Docs.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcas

Omer Akgul and Richard Roberts on YouTube VPN Ads

May 25th, 2022 38m 46s

Interview LinksCheck out Omer and Richard’s paper.Learn more about Omer’s work and Richard’s work.Rapid Rundown LinksRead the news about the change in DOJ policy toward ethical hackers.Visit the Rapid7 blog on the same topic.Dive into Harley’s

Jim O’Gorman and g0tmi1k on Kali Linux

May 11th, 2022 33m 15s

Interview LinksLearn more about Kali Linux.Check out what they’re up to over at Offensive Security.Follow g0tmi1k on Twitter, and check out his blog.Rapid Rundown LinksRead the Krebs on Security article on the upcoming password changes.Like the

Whitney Merrill on the Crypto & Privacy Village (and the Latest in Data Privacy)

Apr 27th, 2022 38m 50s

Interview LinksFollow Whitney on Twitter, and check out her website.Submit a CFP for this year’s Crypto & Privacy Village at DEF CON.Rapid Rundown LinksRead Neil Madden’s blog post on psychic signatures.Follow Neil Madden on Twitter.Check out P

Kate Stewart on Open-Source Projects at the Linux Foundation

Apr 13th, 2022 38m 29s

Interview LinksRead Project Zephyr’s blog post on Amnesia33.Get Linux’s perspective on SBOM.Listen to our previous episode on SBOM with Josh Corman and Audra Hatch.Check out Zephyr’s Renode dashboard.Learn about the Software Package Data Exchan

David Rogers on IoT Security Legislation

Mar 30th, 2022 32m 40s

Interview LinksListen to David’s previous Security Nation episodeGive him a follow on Twitter.Read up on the PTSI bill.Learn who the heck Mystic Meg is.Check out ETSI (not the home crafts marketplace).Rapid Rundown LinksDownload Rapid7’s Vulner

Bob Lord on Securing the DNC

Mar 16th, 2022 36m 42s

Interview LinksFollow Bob on Twitter.Check out the DNC Security Checklist.Rapid Rundown LinksRead the paper on VPN influencer ads on YouTube.Give the lead author, Omer, a follow on Twitter.Like the show? Want to keep Jen and Tod in the podcasti

Matthew Kienow on Open-Source Security and the Recog Framework

Mar 3rd, 2022 29m 51s

Interview LinksLearn more about Metasploit, AttackerKB, and Recog.Read Matthew’s blog post on open-source security.Remind yourself about Log4Shell (if you dare).Read up on Linus’s Law.Rapid Rundown LinksRead the Bleeping Computer article about

Amit Serper on Finding Leaks in Autodiscover

Feb 16th, 2022 37m 8s

Interview LinksFollow Amit on Twitter at @0xAmit.Read Amit’s blog post on the Autodiscover leak.Rapid Rundown LinksRead up on the vulnerability disclosure metrics from Google’s Project Zero.Like the show? Want to keep Jen and Tod in the podcast

John Rouffas on Building a Security Function

Feb 2nd, 2022 29m 34s

Interview LinksTake up John on the offer to spam him on LinkedIn.Learn more about what intelliflo is up to.Rapid Rundown LinksCheck out CISA’s KEV list.Read up on the 8 vulnerabilities recently added to KEV.Like the show? Want to keep Jen and T

Mike Hanley of GitHub on the Log4j Vulnerability

Jan 19th, 2022 45m 9s

Interview LinksRead GitHub’s blog on the Log4j vulnerability, and the follow-up.Check out GitHub’s Dependabot.Find out Why Johnny Can’t Encrypt.Learn about GitHub’s Sponsor Program.Read about the work going on at OpenSSF.Delve into Mike’s blog

Chris John Riley on Minimum Viable Secure Product (MVSP)

Nov 24th, 2021 48m 47s

Interview LinksListen to Chris’s podcast, First Impressions.Check out the other, Jane Austen-themed First Impressions podcast.Learn more about MVSP at the official site and in this blog post from Google.Read up on the ETSI standard Jen mentione

Michael Powell on Being a Cyber Envoy

Nov 10th, 2021 36m 49s

Interview linksLearn more about the UK’s Department for International Trade.Rapid Rundown linksCheck out inTheWild, and follow them on Twitter.Grab our 2022 planning resource. (Note! This is a direct PPTX link — don't be alarmed by the sudden d

Pete Cooper and Irene Pontisso of the UK Cabinet Office on Their Cybersecurity Culture Competition

Nov 4th, 2021 21m 35s

Apply to phase one of the UK Cabinet Office's Small Business Research Initiative (SBRI): Reducing Public Sector Risk through Culture Change. Want to tell a friend? Feel free to use this friendlier, human-readable and -speakable link:https://r-7