Podd: Hacker Talk

New Year special 2024

29 december 2024 | 125 min

Cat shaped hardware hacking with Alex Lynd

14 april 2023 | 60 min

Darknet Operation Security with Sam Bent Part 1

27 december 2022 | 72 min

Sam Bent, previously by his online handle as the Darknet Vendor "2happytimes2" is our Hacker of the episode!

In this episode of Hacker Talk we get to hear, how Sam put toghter an Opsec plan that ended up protecting him against a 20 count indetment and 200 years in prison. Thanks to a bruteforce attack in the true hacker spirit he managed to get out of prison.

What is it like to apply strong operation security practices in your everyday life? How does one survive and adapt to hostile environments?

Join us in this thrill seeking episode of Hacker Talk, where we get to hear Sam's story.

In this episode we cover:

Darknet Vendor, Darknet Marketplaces

Darknet Forum Administrator

First Introduction to Tor

Silkroad,

Early Bitcoin days

Bitcoin Pizza for 20 000 Bitcoins

Moderating darknet forums

Money laundering charges

Privacy

Journey into selling on the darknet

Residential Security

Living in Vermont, United States of America

Computer support

Forming information security policies

Backtraq 2(Released March 2007)

Yagi antenna, randomizing your mac address before you use your neighbors wifi

Removing DNA from packages.

Speaking at Defcon

Dealing with the Department of Homeland security

Social Engineering

Operation security

Dread Darknet Forum

Dealing with Hostile Environments on the darknet and in prison

Profiling yourself

Importance of Adoptability

Managing multiple identities

Pretty good privacy(PGP)

Trust on the Darknet

Resumes on the Darknet

Best practices for Password Managers

Storing password's in "The Slip", secure convenience security

How to ship mail securely

Interacting with the united states judicial system

Franks hearing

Becoming a paralegal in Prison

Writing a 200-page passion of release motion

Building trust in Online Communities

Links:

Doingfedtime Youtube channel: https://www.youtube.com/@DoingFedTime

Bitcoin talk pizza thread: https://bitcointalk.org/index.php?topic=137.0

https://en.wikipedia.org/wiki/Vermont

https://en.wikipedia.org/wiki/BackTrack

Sam's defcon talk: https://www.youtube.com/watch?v=NGiUhjuB22Y

https://www.16personalities.com/

https://en.wikipedia.org/wiki/Pretty_Good_Privacy

https://en.wikipedia.org/wiki/Silk_Road_(marketplace)

https://www.shouselaw.com/ca/blog/warrant/what-does-it-mean-to-traverse-a-warrant-what-is-a-franks-motion/

https://forum.defcon.org/node/241998

https://www.darknetstats.com/seasoned-dark-web-vendor-2happytimes2-sentenced-to-5-years-in-prison/

Bug Bounty Bootcamp with Vickie lii

24 november 2022 | 38 min

CodeQL with Alvaro Munoz

24 oktober 2022 | 54 min

In this episode of Hacker Talk:

One of the most powerful newer static analysis tool is CodeQL.

By converting your code base into a Codeql database, you can now write

queries in a read-only way, in order to find security vulnerabilities

and problems in you Code-base.

We wanted to know more about this declarative language called "CodeQL".

Straight from Github's Security Lab, we are joined by Alvaro Munoz!

Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.

Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more!

Topics covered:

Learning to thing outsite the box by playing Capture the flag

CodeQL declarative languages

Static code analysis

Getting a broad view of the source code

Writing queries with CodeQL to find vulnerabilities

Modeling vulnerabilities with CodeQL

The learning curve of CodeQL

Quering github repositories for vulnerabilities

Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL)

Linters vs codeql

CodeQL integrated with continuous integration pipelines

Get started with Codeql

Submit your codeql queries to Github Security Lab's Bug bounty

Best practices for writing queries

Thinking of the code as a database with codeql

Finding vulnerabilities in Covid-19 systems

Best pratices for CodeQL

Reduce false possitives

CodeQL with nvim(neovim)

Improving vim by creating a more interactive development enviroment alternative, "neovim".

LSP integration with neovim.

CodeQL with Emacs

Remote code execution bugs found with CodeQL.

Bugs found in Radar Covid App

Patterns leading to remote code execution

Auditing javascript frameworks

CodeQL vs other static analysis tools

Capture the flag codeql challanges

The future of CodeQL

External links:

https://lgtm.com/

https://github.com/pwntester

https://neovim.io/

https://en.wikipedia.org/wiki/Language_Server_Protocol

https://en.wikipedia.org/wiki/Semgrep

Covid 19 tracing app

- https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss/

- https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/

Github Security Lab web site: https://securitylab.github.com/

Join Github Security Lab Slack Channel:

https://join.slack.com/t/ghsecuritylab/shared_invite/zt-120w4vby8-_O9u9k2hPfgbju1tddBPcg

https://twitter.com/pwntester

Bounty program: https://securitylab.github.com/bounties/

https://codeql.github.com/

https://codeql.github.com/docs/codeql-overview/

http://www.pwntester.com/

https://en.wikipedia.org/wiki/Abstract_syntax_tree

https://en.wikipedia.org/wiki/Control_flow_analysis

https://github.com/github/codeql-learninglab-actions

https://github.com/anticomputer/emacs-codeql/

Special thanks too:

We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!

SecBSD - The penetration testing distribution for the BSD community | BSDBandit on Hacker Talk

26 september 2022 | 62 min

In this episode of Hacker Talk, we are joined by the Hacker and SecBSD contributor: The BSDBandit!

Tune is as we deep into secbsd, the penetration distribution for the BSD community.

In this episode we cover:

Video games

Kali linux meets bsd

Started to hack in college

mandraka linux

FreeBSD 4.8 and beyond

BSD vs Linux

Reading the RFC's

IRIX

Learn from developer mailing lists

OpenBSD's mailing

The start of SECBSD - BSD based Penetration testing distribution

SecBSD, release cyckle

Documentation in the BSD world

NetBSD on toasters and sega dreamcast

Comparing the BSD's

Porting ruby Beef to BSD

Web applications as houses

Webb application api's

Security

Penetration testing

Management vs Security Researchers and developers

The adventures of Hacking and learning

The state of Hacking

Tinkering with FreeBSD

ManPages

Unix Powertools book

Vi Editor

Having fun with Technology

People code computers

Time allocation and having a good schedule

Rust programming

Visual code studio

Pentesting with Rust

Mental health

Taking brakes, allocating

discord and Internet Relay Chat

Libera.chat irc

Irssi irc client

Phreakers going into VoIP

OpenBTS

IceCast

Future of IT-Security

Moving everything to the browser

Challenge of the episode:

The BSDBandit challenges you to read one man page per day for one year

Links:

https://en.wikipedia.org/wiki/Mandriva_Linux

https://www.freebsd.org/releases/4.8R/announce/

https://secbsd.org

https://twitter.com/SecBSD

https://rfcs.io/http

https://www.rfc-editor.org/rfc/

https://en.wikipedia.org/wiki/IRIX

https://en.wikipedia.org/wiki/Sub7

https://marc.info/?l=openbsd-misc&r=1

https://www.openbsd.org/faq/ports/guide.html

https://twitter.com/CryptoBanshee_

https://beefproject.com/

https://www.oreilly.com/library/view/unix-power-tools/0596003307/

https://www.amazon.com/UNIX-PowerTools-Jerry-Peek/dp/1565922603

https://en.wikipedia.org/wiki/Vim_(text_editor)

https://en.wikipedia.org/wiki/Vi

https://twitter.com/bsdbandit

https://crates.io/

https://www.rust-lang.org/

https://github.com/bsdbandit

https://crates.io/crates/pledge

https://en.wikipedia.org/wiki/Ghostscript

https://en.wikipedia.org/wiki/Discord

https://en.wikipedia.org/wiki/Irssi

https://en.wikipedia.org/wiki/2600%3A_The_Hacker_Quarterly

https://libera.chat/

https://en.wikipedia.org/wiki/OpenBTS

https://icecast.org/

Podman with Daniel Walsh

19 september 2022 | 58 min

Social engineering | Scam calls with Mattias Borg

6 september 2022 | 51 min

Vulnhub | G0t mi1k on Hacker Talk

23 augusti 2022 | 36 min

Wifi Wardriving with Mike Spicer | d4rkm4tter

8 augusti 2022 | 48 min

Today we are joined by: Mike Spicer, the builder of the Wifi Cactus, someone you can see walking around various security conference

with a backpack filled with wireless monitoring goodies :)

Mike wanted to see what was really happening on one of the most dangerous wifi networks in the world, this and a lot more in this episode of Hacker Talk.

In this episode we cover:

Questioning the dangerous assumption

How dangerous is Defcon's network really?

Dialup internet, warez, Hacking, Tinkering, and programming

The movie Hackers from 1995

Wardriving, driving around to find internet, Orinoco gold wireless card

WiFi

Starting a startup wireless internet service provider company

Software-defined radio

Hacking Radiofrequency

LoRa

Helium Lori hardware

Things network Lori iot

Amazon sidewalk

Interconnected devices

900megahertz

OpenBTS BladeRF

3g stingrays

WiFi Cactus, wifi kraken

Wardriving with wireless antennas

Pitfalls with airodump

Wireless captures

Wireless standards, going to WiFi 6

From one box to twelve

25 hak5 pineapples from Darren kitchen

Kismet, Andrew dragon(creator of kismet)

Intel nuc

Live streaming data from the WiFi Cactus

WiFi Cactus at Defcamp in Romania

Analyzing wardriving from security conferences

Pcapinator GitHub

Wireshark

Mdns, clear text,

DNS queries to slack

Building your own wardriving device

Wireless penetration tests

Intel ax220 PCI express WiFi adapter, 30-40 USD, native Linux support

Monitoring for wireless de-authentication attacks

Deploying kismet for detection with raspberry pi 4 with a 30usd Wireless adapter for starting to monitor their WiFi security

Best practices for cracking wpa2 handshakes with hashcat

Best security practices for setting up wireless networks

Links:

https://www.imagine41.com/product/orinoco-gold-wireless-networks-pc-card/

https://en.wikipedia.org/wiki/Software-defined_radio

https://en.wikipedia.org/wiki/Wardriving

https://twitter.com/d4rkm4tter

https://github.com/mspicer/pcapinator

https://www.wigle.net/

https://en.wikipedia.org/wiki/LoRa

https://www.helium.com

https://www.kismetwireless.net/

https://www.intel.com/content/www/us/en/products/sku/189347/intel-wifi-6-ax200-gig/specifications.html

We would like to give a special thanks to Feedspot for featuring us, we recommend that you check them out:

https://blog.feedspot.com/hacker_podcasts/

AI-Powered Super Hackers | Steve Phillips Part 2

11 juli 2022 | 69 min

Scanning the internet with Lucas Lundgren

5 juli 2022 | 59 min

In this episode of Hacker Talk, we are joined by

Lucas Lundgren, is an impressive penetration tester, security researcher, and our Hacker of honor today.

Lucas is known for going out on the internet and finding interesting internet-facing protocols, he has found several internet-facing critical infrastructures, prison door systems, medical x-ray file storage servers(Pacs), earthquake systems, and a lot more!

In this episode we cover the following topics:

Journey into hacking, radio, commodore64, Amiga 500, cracking games

Time bomb viruses for Amiga 500 games

Finding vulnerabilities, getting invited to conferences to speak at 13

War dialing Amiga 500, phone phreaking with modern

Learning lock picking

building your own port scanner

Scanning the entire internet with Masscan from home with a 10gigabit connection

Parsing scan results with elastic search, grep, kibana

Mqtt - embedded protocol, finding and opening prison doors with MQTT,

Malware with MQTT brokers

Opening and closing doors in prisons in the UK

Atm's with MQTT

Changing oil pipelines pressure with

Finding protocols to scan the internet for

iscsi

Hacking x-ray machines

Finding hospitals x-ray records in Pax servers dating back to 1985

Problems with hospitals' x-ray storage servers

Reporting security vulnerabilities

Editing x-ray pictures,

Malware that adds black spots on the pictures and reuploads it.

Malware in metadata of the x-ray pictures

X-ray malware in the wild

Image recognition

Making fictional earthquakes

Remote code execution on doorbells

Hack-rf, software-defined radio

Wardriving

Hacking radio

Iridium

Weather satellites

Hacking satellites

Breaking into a gas pump with wooden straws

Physical penetration testing

Links:

https://github.com/robertdavidgraham/masscan

https://en.wikipedia.org/wiki/MQTT

https://www.elastic.co/kibana

https://en.wikipedia.org/wiki/Picture_archiving_and_communication_system

https://www.youtube.com/watch?v=o7qDVZr0t2c

https://en.wikipedia.org/wiki/Barnaby_Jack

https://www.iridium.com/

https://hack.cysat.eu/

Skullkeysecurity.com

https://twitter.com/Acidgen

Hackers on Planet Earth with Greg Newby and Mitch Altman

20 juni 2022 | 65 min

Programmable Philosophy with Steve Phillips - Part 1

14 juni 2022 | 63 min

Steve Phillips, is an interesting developer, privacy advocate, hacker and thinker.

Tune into this episode of Hacker Talk as we are joined by Steve Phillips in this Programmable Philosophy special.

In this episode we cover:

Steve's journey into technology

Being able to build and utilize tools

Cypherpunk

Privacy, Encryption

Philosophy with programming

Proving philosophical theories with programming

Python, Django

Paul gram

Putting the technologist first in companies

Combining programming with entrepreneurship

Going from utilizing one computer core to multithreading

Clojure lisp, using all the libraries from lisp and java.

Static typing

Golang in 2010, From the one-year anniversary to hacker news. Golang's history.

go fix - Automatically rewriting code for new API calls and dependencies.

Creating software that lasts forever, making it easy for developers to upgrade old versions. Make standards that the code will use to

automatically upgrade the old code, and avoid breaking core functionality.

Dependency management

Long build times

V programming language

Fast compile times in V and Go.

Green threads, go routines. Efficient concurrency with low overhead.

Small runtime languages.

Designing encrypted protocols, threat models.

Use libsodium

LeapChat secure chat

Securing a large number of people

End-to-end encryption with web applications, not trusting the middleman

Trusted service workers in modern browsers, preinstall javascript. Detecting malicious new versions of javascript code.

Web assembly, practical use-cases for web assembly. Allowing users to run precompiled binaries on any platform in a browser.

How Web assembly run's in a very low overhead sandbox.

Docker will be replaced by podman

How docker is not the silver bullet for security, alternatives to it.

Trusted microservices environments.

Privilege separation

web assembly nano process model

No need to trust the libraries that you use.

Sandboxing, Electrum apps.

Running C++ 20% slower with web assembly.

Shopify's and Cloudflare's use of web assembly

Nomad, Kubernetes is too complex

Docker daemon

Links:

https://tryingtobeawesome.com

https://www.goodreads.com/book/show/16153182-cypherpunks

http://www.executablephilosophy.org/

https://en.wikipedia.org/wiki/Paul_Graham_(programmer)

https://www.djangoproject.com/

https://clojure.org/guides/learn/sequential_colls

https://www.educative.io/answers/what-is-a-goroutine

https://vlang.io/

https://www.leapchat.org/

https://doc.libsodium.org/

https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API

https://webassembly.org/docs/security/

https://www.nomadproject.io/

https://podman.io/

Black Hat Python with Tim Arnold and Justin Seitz

31 maj 2022 | 64 min

Compromising Covid-19 systems with Pavol Luptak

16 maj 2022 | 54 min

Buckle in for a great episode of Hacker Talk! Pavol Luptak, CEO of Nethemba joins us, and

walks us through the vulnerabilities that were found in Slovakia's covid-19 PCR and anti-gen authority.

Tune into the most technical and detailed covid-19 hacking episode, right here on Hacker Talk.

In this episode we cover:

Pavol's journey into it-security

old-school Unix

privilege escalation attacks

Traditional C and Assembly, shellcodes

Becoming a penetration tester

Rfid

Finding vulnerabilities in parking system, parking in Bratislava for free

Hacking Slovakia's covid-19 systems

extracting PCR and anti-gen covid-19 tests for all Slovakian citizens.

Finding vulnerabilities in PCR test authorities.

enumeration attacks.

Slovakian eHranica forms.

Generating birthdate number.

Finding birthdates on Facebook and Wikipedia

Leveraging different parts of the systems to make them work together

Impersonation attacks

OWASP Web Security Testing Guide

Cracking Captcha's

Rate limiting requests

Security mitigations that you can user

Central European Bug Bounty programs

Hacktrophy

Best practices for bug bounties for enterprises

How to get started with penetration testing

The new smart contract security field

Personal number generation script:

#!/bin/bash

for (( year=54; year < 100; year++)));

to

for (( month=1; month < 13; month++)));

to

for (( day=1; day < 32; day++)));

to

for (( suffix=0; suffix < 10000; suffix++))

to

final=$(( $year*100000000+$month*1000000+$day*10000+$suffix ));

if (( final % 11 == 0 )); then printf "%010d\n" $final;

fi

done

External Links:

https://nethemba.com/possibility-of-widespread-leak-and-misuse-of-eu-vaccination-certificates/

https://nethemba.com/kriticka-zranitelnost-v-aplikacii-moje-ezdravie-unik-databazy-pacientov-testovanych-na-covid-19/

https://slides.com/nethemba/how-trivial-critical-vulnerabilities-can-lead-to-a-complete-leak-of-sensitive-covid-19-data-on-all-citizens-of-the-country

https://spectator.sme.sk/c/22722505/serious-flaw-in-ehranica-form-attackers-able-to-send-people-into-self-isolation.html

https://wilderko.medium.com/

https://owasp.org/www-project-web-security-testing-guide/

https://nginx.org/

https://docs.nginx.com/nginx-waf/

https://en.wikipedia.org/wiki/Cloudflare

https://hacktrophy.com/en/

https://nethemba.com/resources/ehranice-critical-vulnerabilities.pdf

David Jacoby

2 maj 2022 | 73 min

David Jacoby, is a Swedish Hacker, Professional Penetration tester, Security Researcher, featured in the Swedish it-security show called "Hackad" and our guest of honor today!

In this episode of Hacker Talk, we are joined by the Swedish hacker David Jacoby!

Have you ever watched a video on your phone in your spare time? what if the site had a malicious javascript that will scan your internal

network for smart devices and then trigger a remote code execution?

Join us as we deep dive into IT-Security, get to hear how David got into hacking, and a lot more!

Topics we covered:

Phone Phreaking in Sweden

Software security

David's journey into hacking

Privilege escalations on older systems

Linux system administration

Bulletin board system

Running bbs systems at home through a raspberry pi

Making security stronger and helping people

Password reuse

Säkerhet och sekretess Magazine

Red team penetration testing

How to motivate your organization to implement a security program

Attacking consumer devices, hacking smart devices at home

Scanning internal networks without a shell using a javascript scanner in the client's browser

Hacking internal devices such as Network Attached Storage devices.

enumerating networks and scanning with javascript

Consumer devices lifespan, testing certifications, best practices for vendors

Submitting security vulnerabilities

Hack.se, the Swedish hacking scene, and background

Favorite Pentesting tools, netcat openbsd version

Network segmentation

Bad common patterns for enterprise networks

Stealing paste buffers

Securing society at a large scale

The future of information technology security

External Links:

https://www.imdb.com/title/tt15746988/

https://en.wikipedia.org/wiki/Bulletin_board_system

https://www.youtube.com/watch?v=GQpQHqIKE5E

https://www.youtube.com/watch?v=_0hXeNRGetg

https://se.linkedin.com/in/djacoby

https://www.davidjacoby.se/

https://nmap.org/ncat/

https://man.openbsd.org/nc

https://www.trustedsec.com/tools/crackmapexec/

https://www.hypr.com/password-reuse/

https://en.wikipedia.org/wiki/Internet_Relay_Chat

Ben Kurtz - Golang Malware part 2

19 april 2022 | 67 min

Ben Kurtz - Golang Malware part 2

Topics covered:

Golang

Hells gate, direct system calls on windows

How system calls are normally done in windows, Windows Kernel

Evading anti malware detection on Windows with Banana Phone

How to get started writing c2's in golang.

Sliver, Opensource golang command and control.

Red team mindset

Evolution of programmers, bad patterns

CVE's, common vulnerability enumeration number

Auditing source code

Javascript frameworks

Cross site scripting, SQL injection and XXE(Xml External Entity) for scanning internal networks and exfiltrating data.

Building secure code bases

Security Engineers

Supervisory control and data acquisition (SCADA)

log4j

Remote of execution and directory traversal in Java, Java's file constructor, LDAP and DirContext

Golang for micro services

Python

Common bad patterns

LDAP injection

Modern security nightmares

Remote debug protocols

String concatenation

Resistance to current modern implementation and safer framework.

Finding bugs in games that can be used to attack power-plants.

Dependency management

Backdoor factory

Bettercap

Man in the middle

Spoofing BGP

BGP hijacks

Links:

https://github.com/Binject

https://github.com/C-Sto/BananaPhone

https://github.com/BishopFox/sliver

https://cve.mitre.org/

https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing

https://www.youtube.com/watch?v=FkuUpg5FO2g

https://en.wikipedia.org/wiki/SCADA

https://en.wikipedia.org/wiki/Log4j

https://www.coding-bootcamps.com/blog/build-containerized-applications-with-golang-on-kubernetes.html

https://docs.oracle.com/javase/8/docs/api/index.html?javax/naming/directory/DirContext.html

https://apache.org/foundation/foundation-projects.html

https://docs.oracle.com/javase/8/docs/api/index.html?javax/management/JMX.html

https://en.wikipedia.org/wiki/Java_Debug_Wire_Protocol

https://www.freecodecamp.org/news/big-o-notation-why-it-matters-and-why-it-doesnt-1674cfa8a23c/

https://github.com/bettercap/bettercap

https://www.bettercap.org/

https://bgpmon.net/

https://en.wikipedia.org/wiki/BGP_hijacking

https://labs.ripe.net/author/vastur/bgplay-integrated-in-ripestat/

https://www.symbolcrash.com/podcast/

https://www.youtube.com/symbolcrash

Golang Malware with Ben Kurtz Part 1

16 mars 2022 | 66 min

Ben Kurtz, is an interesting hacker that has been involved in the infosec space for over 20 years. He has done a large chunk of research into writing malware and post-exploitation tools in the Golang programming language.

Tune into this episode of Hacker Talk as we are joined by Ben Kurtz and deep dive into Golang Malware.

In this episode of Hacker Talk, we cover the following topics:

Getting into programming, apple 2, hacking, bulletin board systems,

pirating apple 2 software

unix security, shadow and files in the /etc/ folder

evolution of network security since 1994

first talk at DEFCON,

life as a developer

LISP

Dan Kaminsky, recruited as a professional hacker

Learning different programming languages

Learning pascal in a basement

Functional programming, constraint solver

Getting into the Golang flow.

Plan-9 redoing C++

Getting into Golang malware

encrypted mesh network

Ratnet

Iran shutting down tls connections

Internet Censorship

Code audits

Writing malware in different languages

V programming language

Nym programming language

dild, dynamic loading library in OSX

parsing memory in golang

process execution block

loading windows syscall's

evading anti-malware systems

hells gate, direct windows system calls

Network traffic obfuscation

online communities that have been running for a long time, Second Life

Offline mesh network

Red team penetration

Write your own malware implant as a penetration tester.

Obfuscating malware traffic

writing malware

Sliver, opensource version of cobalt strike, Command and Control Server

testing malware

setting up a test environment

Penetration testing as a Red Team.

Golang Antivirus/EDR evasion

Enterprise network monitoring

Shellcode loaders in pure golang

Rewriting the backdoor factory in golang.

Obfuscating binaries with the custom golang debug library

Parsing executables from memory(RAM)

universal system binary loader without touching disk

Links:

https://www.hack-the-planet.net/

https://github.com/awgh

https://github.com/Binject

https://github.com/Binject/go-donut

https://github.com/C-Sto/BananaPhone/

https://www.symbolcrash.com/wp-content/uploads/2019/02/Authenticode_PE-1.pdf

https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/

https://github.com/boku7/HellsGatePPID

https://teamhydra.blog/2020/09/18/implementing-direct-syscalls-using-hells-gate/

https://vxug.fakedoma.in/papers/VXUG/Exclusive/HellsGate.pdf

https://2600.com/

https://en.wikipedia.org/wiki/Bulletin_board_system

https://en.wikipedia.org/wiki/Plan_9_from_Bell_Labs

https://go.dev/

https://go.dev/doc/effective_go

https://github.com/awgh/ratnet

https://github.com/BishopFox/sliver

https://www.youtube.com/watch?v=3RQb05ITSyk | Golang Malware defcon talk

https://vlang.io/

https://vlang.io/compare

https://en.wikipedia.org/wiki/Nim_(programming_language)

https://github.com/vyrus001/go-mimikatz

https://github.com/vyrus001/go-mimikatz/blob/master/packer/packer.go

Threat intelligence with Dan Demeter

3 mars 2022 | 95 min

Dan Demeter, well-known security researcher in the Romanian information-security space.

In 2014, Dan joined Kaspersky as a malware Security researcher, since then he has worked with various advanced anti-malware solutions and

is currently working with Threat Intelligence in Kaspersky's Global Research and Analysis Team.

In this episode of Hacker talk, we deep dive into malware, threat intelligence, advanced persistent threats, security and defensive security with Dan.

Topics covered in this episode:

Getting into infosec

Romania in the early personal internet space, connecting rj45 network cables to potatoes

milw0rm, Bugtraq mailing list, backtrack, hell bond hackers

Capture the flag(CTF) competitions

Internet café

Threat intelligence

Security research

Kaspersky

Advanced persistence threats, what is an advanced persistence threat?

Finding advanced malware in the wild.

Threat levels for individuals

Threat modeling

Enterprise and consumer malware

Antivirus programs

targeted malware

malware for crypto-currency projects

finding advanced malware as a threat intelligence researcher

bypassing advanced malware checks

Reverse engineering malware

ollydbg, NSA decompiler

Malware obfuscation techniques

yara rules

wrapping malware with VM protect

Post exploitation

malware stages

Lazarus Malware, Bangladesh Cyber Bank Heist

Malware on sim-cards

Using satalite ip addresses

reporting malicious command and control servers

malware campaigns spreading in Romania

phishing and identity theft

Bring your own device policy

Stay safe working from home

Best ways to protect yourself online

Writing malware signatures and writing yara rules

malware similarity engines

Links:

https://hackthissite.org/

https://hbh.sh/home

https://en.wikipedia.org/wiki/Bugtraq

https://en.wikipedia.org/wiki/BackTrack

https://cnc-central.fandom.com/wiki/Command_%26_Conquer:_Red_Alert_-_Remastered

https://securelist.com/

https://securityespresso.org/

https://www.kaspersky.com/

https://twitter.com/kaspersky

https://twitter.com/_xdanx

https://en.wikipedia.org/wiki/OllyDbg

https://hex-rays.com/IDA-pro/

https://ghidra-sre.org/

https://vmpsoft.com/

https://github.com/ParrotSec/mimikatz

https://en.wikipedia.org/wiki/Lazarus_Group

https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery

https://www.kaspersky.com/cyber-crime-lazarus-swift

https://www.kaspersky.com/about/press-releases/2021_security-analyst-summit-back-online-on-september-28-29

https://securelist.com/equation-group-from-houston-with-love/68877/

https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/

https://www.nbcnews.com/tech/security/facebook-sues-israel-s-nso-group-over-alleged-whatsapp-hack-n1073511

https://en.wikipedia.org/wiki/Regular_expression

https://github.com/VirusTotal/yara

https://github.com/neo23x0

https://www.tripwire.com/state-of-security/featured/operation-shadowhammer-hackers-planted-malware-code-video-games/

https://en.wikipedia.org/wiki/Red_October_%28malware%29

Hacker Talk

Hacker Talk brings you interesting conversation between some of the world best hackers, cyber security professionals and information security people.

Om podden

Avsnitt

New Year special 2024

Cat shaped hardware hacking with Alex Lynd

Darknet Operation Security with Sam Bent Part 1

Bug Bounty Bootcamp with Vickie lii

CodeQL with Alvaro Munoz

SecBSD - The penetration testing distribution for the BSD community | BSDBandit on Hacker Talk

Podman with Daniel Walsh

Social engineering | Scam calls with Mattias Borg

Vulnhub | G0t mi1k on Hacker Talk

Wifi Wardriving with Mike Spicer | d4rkm4tter

AI-Powered Super Hackers | Steve Phillips Part 2

Scanning the internet with Lucas Lundgren

Hackers on Planet Earth with Greg Newby and Mitch Altman

Programmable Philosophy with Steve Phillips - Part 1

Black Hat Python with Tim Arnold and Justin Seitz

Compromising Covid-19 systems with Pavol Luptak

David Jacoby

Ben Kurtz - Golang Malware part 2

Golang Malware with Ben Kurtz Part 1

Threat intelligence with Dan Demeter