Naked Security
Naked Security
Nov 25, 2020
S3 Ep8: A conversation with Katie Moussouris
Play • 45 min

How do you go from pentester to creator of Microsoft’s bug bounty program? Find out from hacker and vulnerability disclosure pioneer, Katie Moussouris. Join us for a fascinating interview with Katie about her journey, the bugs in bug bounty programs, and the people who inspired her along the way.

With Kimberly Truong and special guest Katie Moussouris (@k8em0 on Twitter), Founder and CEO of Luta Security.

Original music by Edith Mudge

Got questions/suggestions/stories to share?

Email tips@sophos.com

Twitter @NakedSecurity

Instagram @NakedSecurity

Hacker Valley Studio
Hacker Valley Studio
Hacker Valley Media
Episode 115 - Podcast Takeover with Carole Theriault
The tables have turned on Ron and Chris this episode and they are interviewed by guest host, Carole Theriault! Besides being a two-time guest on the Hacker Valley Studio Podcast, Carole is producer and host of the Smashing Security Podcast and Sticky Pickles podcast. Carole put together 7 serious questions and 7 funny questions to interview Ron and Chris. Question #1 - How did you get into podcasting? Ron - describes his entry into podcasting as a surprise. Ron had set up a studio at his home in San Jose, California with the intention to create YouTube videos. When Chris relocated to the area, he suggested that the two get on the microphones and have a conversation to see where it goes - Where the two began speaking about Cybersecurity Alchemy. Chris - Before moving to Silicon Valley, Chris experimented with content creation on Instagram and worked with professionals to document his weight loss journey. This experiment went well but left Chris hoping to make a greater impact through content creation. Question #2 - What are the most surprising lessons you learned from podcasting Carole begins by describing her most surprising lesson is the sheer amount of work. Chris was surprised about all of the aspects that go into a quality production. For example, mastering the sound of the podcast. Ron describes the most surprising lesson being the work that goes into show notes and the conversion of full-length topics into bite sized nuggets. Question #3 - What trait do you like most in your podcast partner Ron - Chris’ accountability and availability. We meet together daily during the week to discuss goals, challenges, and collaboration opportunities. When help is needed, Chris is consistently there to help. Chris - Ron’s calm, understated competitiveness nature. The competitive nature pushes both of us to get better everyday. Question #4 - What do you worry most about when creating an episode of Hacker Valley Studio? Chris - Capturing great quality audio. During post-production, we can fix nearly everything like “ahs”, “ums”, awkward pauses but not poor quality audio. Carole can relate to this technical difficulty as she has experienced difficulties with hearing feedback from internal microphones on her podcasts Ron - HVS has had over a hundred episodes and around 10% of the guests have never been on a podcast. When recording with the 10% that have not been on a podcast before Ron’s main goal and concern is to ensure that the guest is comfortable. Creating an environment where guests can share their story and as.king great questions creates raving fans of our content through our listeners and guests Question #5 - Who does more of the work on the podcast? Ron - Chris is the GOAT for the HVS podcast. In the very beginning, Ron said that he did most of the work. In the beginning Ron was editing the video and audio for the podcast but at some point, Chris became curious about the audio editing process and fell in love with the process and built a strong foundation for rapidly increasing the quality of Hacker Valley Studio content. Follow up to Question #5 - Chris do you appreciate about Ron’s contribution to the podcast? Chris - Our chemistry. Episode one shows our chemistry because even though we did not have any experience podcasting, we still had a great conversational flow. It didn’t take anytime for us to build this chemistry up because Ron is able to read expressions and see where I’m going with questions and answers. Ron has always been able to pick up where I left off and bring up topics that I may forget. Question #6 - Which episode of HVS sticks out most in your mind and why? Chris - Episode 40 with Daniel Meade. This episode started out with us speaking with Daniel about AppSec but had many turns where we got to experience Daniel’s authentic humor and moments of growth throughout his life. This episode helped shape the future of Hacker Valley Studio. Ron - Episode 104 with Robin Black. This episode has very little connection with technology and cybersecurity but focuses on the auxiliary skills that make practitioners at any craft great. Robin is fascinated with his work and crossing the chasm to gain expertise from similar or related fields. Question #7 - What does success mean for Hacker Valley Studio? Ron - Having fun during the process. Chris and I are extremely successful at this point because we’ve been enjoying creating the process everyday. We are lucky enough to speak to experts, work with vocal coaches, and learn how to make quality productions each week. Chris - The impact on the listener. We’ve received emails and messages on social media from listeners that have thanked us for helping them get into cybersecurity and promoted within their field. We’ve been able to create our own journey and be part of others journeys. Moments During the Podcast 0:00 - Intro 1:22 - Carole Theriault takes over Hacker Valley Studio! 2:50 - How Chris and Ron got into podcasting 5:06 - Would you rather be 8 foot tall or have eight feet? 5:55 - What are the most surprising lessons you learned from podcasting? 8:13 - If you were on a desert island, what luxury item would you bring? 9:10 - What trait do you like most in your podcast partner? 11:17 - What's your favorite thing to do outside of work and family responsibilities? 14:07 - What do you worry most about when creating an episode of Hacker Valley Studio? 18:55 - What is one thing any friend or family member could do to make you laugh or smile? 20:28 - Who does more of the work on Hacker Valley Studio podcast? 24:50 - Who would play you in a movie? 27:30 - Which episode of HVS sticks out most in your mind and why? 37:16 - How would you define success for Hacker Valley Studio? Links: Our guest host Carole Theriault Carole’s podcast - Smashing Security and Sticky Pickles Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about our sponsor ByteChek.
41 min
Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
2020-002-Elastic Search license changes, Secure RPC patching for windows, ironkey traps man's $270 million in Bitcoin
Secure RPC issue - Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 – Microsoft Security Response Center How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (microsoft.com) Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 – Microsoft Security Response Center Elastic Search https://anonymoushash.vmbrasseur.com/2021/01/14/elasticsearch-and-kibana-are-now-business-risks “There are those who will point to the FAQ for the SSPL and claim that the license isn’t interpreted in that way because the FAQ says so. Unfortunately, when you agree to a license you are agreeing to the text of that license document and not to a FAQ. If the text of that license document is ambiguous, then so are your rights and responsibilities under that license. Should your compliance to that license come before a judge, it’s their interpretation of those rights and responsibilities that will hold sway. This ambiguity puts your organisation at risk.” Doubling down on open, Part II | Elastic Blog - license change affecting Elastic Search and Kibana MongoDB did something similar in 2018: mjg59 | Initial thoughts on MongoDB's new Server Side Public License (dreamwidth.org) Hacker News Discussion: MongoDB switches up its open source license | Hacker News (ycombinator.com) @vmbrasseur: (1) VM (Vicky) Brasseur on Twitter: "With today's relicensing to #SSPL, Elasticsearch & Kibana are no longer #OpenSource but are instead business risks: https://t.co/XNx2EMLNfH" / Twitter (1) Adam Jacob on Twitter: "Yeah, come on - how can this be "doubling down on open"? Some true duplicity here. https://t.co/rlJVnLxYwP - we're taking two widely used, widely distributed, widely incorporated open source projects and making them no longer open source. But we're doubling down on open!" / Twitter [License-review] Approval: Server Side Public License, Version 2 (SSPL v2) (opensource.org) “We continue to believe that the SSPL complies with the Open Source Definition and the four essential software freedoms. However, based on its reception by the members of this list and the greater open source community, the community consensus required to support OSI approval does not currently appear to exist regarding the copyleft provision of SSPL. Thus, in order to be respectful of the time and efforts of the OSI board and this list’s members, we are hereby withdrawing the SSPL from OSI consideration.” (could be ‘open-source’, but negative feedback on mailing lists and elsewhere made the remove it from consideration from OSI) Open Source license requirements: The Open Source Definition | Open Source Initiative What does this mean? If you have products that utilize ElasticSearch/MongoDB/Kibana in some way, talk to your legal teams to find out if you need to divest your org from them. These are not ‘opensource’ licenses… they are ‘source available’ It might not affect your organization and moving to SSPL might be feasible. If your product makes any changes internally to ElasticSearch, Notable links JTNYDV - specifically the CIS docker hardening Twitter: @jtnydv Bug Detected in Linux Mint Virtual Keyboard by Two Kids - E Hacking News - Latest Hacker News and IT Security News https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-now-detects-malware-process-tampering-attempts/ https://www.coindesk.com/anchorage-becomes-first-occ-approved-national-crypto-bank https://www.cnn.com/2021/01/15/uk/bitcoin-trash-landfill-gbr-scli-intl/index.html https://www.techradar.com/news/man-has-two-attempts-left-to-unlock-bitcoin-wallet-worth-dollar270-million https://www.linkedin.com/posts/amandaberlin_podcast-mentalhealth-neurodiversity-activity-6755910847148691456-Lms5 https://www.linkedin.com/posts/amandaberlin_swag-securitybreach-infosecurity-activity-6755884694501498880-yAck Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Brakesec Store!: https://brakesec.com/teepub #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
47 min
The Social-Engineer Podcast
The Social-Engineer Podcast
Social-Engineer, LLC
Ep. 138 – Security With Marcus Sailler of Capital Group
In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional, Marcus Sailler to discuss his experience as the red team information security manager at Capital Group. Marcus shares some great tips on creating a successful security team and how you can prevent it from becoming the "No Police". They also go over the recent changes in the industry, including how big hacks have increased security awareness in the general public. 00:09 – Introduction to the new Security Awareness Series 01:28 – Introduction to Ryan MacDougall Phishing as a Service (PHaaS) Vishing as a Service (VaaS) Social-Engineer.com 02:32 – Introduction to Marcus Sailler 04:20 – How Marcus got into information security 06:08 – Recent changes in the infosec industry- How a big hack increases security awareness 12:09 – How a red team and security awareness team can collaborate to enhance security 14:25 – Introduction to Capital Group 16:17 – Coming up with relevant attacks for a global company 18:08 – How a security team can avoid becoming the “No Police” 21:39 – Why it’s better to build a blue team first 22:24 – The importance of attitude and ego for a red teamer 25:04 – How a red team benefits from partnership 26:53 – Emulate the bad guy, but remember to be good 29:18 – Steps corporations should implement now 30:58 – Some of Marcus’ most respected industry professionals Chris Hadnagy David McGuire Jason Frank Jeff Dimmock David Kennedy Amanda Berlin Ian Coldwater Rachel Tobac 34:47 – Marcus' book recommendations Sizing People Up: A Veteran FBI Agent's User Manual for Behavior Prediction The 5 Love Languages: The Secret to Love that Lasts 39:18 – Marcus' contact info LinkedIn Twitter 14:38 – Outro Social-Engineer.org Social-Engineer.com The Innocent Lives Foundation SEVillage: The Human Hacking Conference Human Hacking Book Website Human Hacking Book Amazon Clutch Chris on Twitter Social-Engineer on Twitter
44 min
More episodes
Search
Clear search
Close search
Google apps
Main menu