This week, Zac dials in with Len Noe, the world's first "augmented ethical hacker" (of course by that... we mean CYBORG!). Len has implanted 10 microchips between his elbows and fingers, which he can leverage to execute a variety of offensive security attacks. Len walks us through his journey of developing new techniques using implantable technologies, as well as how he fortifies his own personal security using these implants. Easily one of the most interesting humans in our generation.
Len is also an author with a new book "Human Hacked: My Life and Lessons as the World's First Augmented Ethical Hacker" coming out October 29th!
Pre-order for Len's book: https://www.amazon.com/Human-Hacked-Lessons-Augmented-Ethical/dp/1394269161
Len's implant manufacturer: https://dangerousthings.com/
Len's body mechanic: https://www.shamanmods.com/
This week, Zac sits down with Mike Piekarski. Mike is a bug bounty specialist, penetration tester, and solutions architect. He is also the founder of Breach Craft (breachcraft.io), a boutique cybersecurity firm based in Pennsylvania.
Zac and Mike discuss Mike's most successful bug bounty targeting one of the biggest companies in the world via an insecure Cisco configuration. They also touch on the power of the Project Discovery toolkit (projectdiscovery.io), and Mike tells the story of trying to use a Santa suit on a social engineering engagement.
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
This week, Zac sits down with Faisal Tameesh. Faisal is a senior red team operator at NVIDIA and a "hacker of all trades" with experience in software development, pentesting, red teaming, social engineering, exploit development, and reverse engineering.
Zac and Faisal discuss the technical details of the CrowdStrike incident, take a deep dive on the art of human deception and how the cybersecurity landscape evolves over time. Finally, they share several stories involving social engineering and other common issues we encounter on penetration tests.
Faisal's Website - https://primalcerebral.com/
Duality Github - https://github.com/AonCyberLabs/DUALITY
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
This week Zac sits down with Jullian Gerhart. Jullian is a Managing Consultant at NCC Group, which specializes in application security and application security pentesting. Jullian is also a contributor to the Application Defense Alliance (https://appdefensealliance.dev/) working to create a standardized framework for securing applications in the Google Play and Apple App Stores. Zac and Jullian discuss the current state of application security, their favorite web application security vulnerability (LOVE LIVE IDOR), and we get a great story from Jullian about compromising extremely sensitive information from an unsecured API.
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
This week, Zac sits down with his longtime friend Brett DeWall. Brett is a Staff Specialist at White Oak Security (CyberAdvisors). He is a pentester, red teamer, bug bounty hunter, and security researcher. Zac and Brett do a deep dive on the RFID hacking research Brett has conducted, as well as go over his RFID skimming solution (SkimJob). They also tell the story of starting their careers together as interns, and reminisce about physical security engagements together the did together.
Brett's GitHub - https://github.com/badbiddy
SkimJob on White Oak Security Github - https://github.com/WhiteOakSecurity/SkimJob
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
This week, Zac sits down with Hoang Bui. Hoang specializes in reverse engineering, while dabbling in penetration testing and red teaming. Zac and Hoang discuss the levels of abstraction and different approaches for writing and breaking programs. Hoang tells a unique story of bypassing EDR, blogging about it, and getting himself into hot water in the process!
Are you hiring a researcher or reverse engineering specialist? Hire Hoang! - Hoangprod@gmail.com
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
This week, Zac sits down with Shelby Spencer. Shelby is a developer turned red teamer who has worked on some of the most elite teams in the offensive security world. Zac and Shelby discuss the breakdown between pentesting and red teaming, tools development (Shelby created the Jenkins Attack Framework), and different security perspective across industries. We also get two technical deep dives from Shelby, which include hacking into controlled farming equipment remotely and stealing half a million dollars from a bank!
Shelby's Github - https://github.com/shellster
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
In this special episode of War Stories, Zac sits down with one of his heroes, Matt Graeber! Matt is the Director of Threat Research at Red Canary. Matt is known for his expertise in threat research and offensive security. He has made significant contributions to the offensive security field through his work on a variety of topics including PowerShell security, Windows endpoint security, detection engineering strategies and much more. His research has been influential in advancing the understanding of modern cyber threats and improving defensive strategies against them.
Zac and Matt cover a variety of technical topics including the origins of Invoke-Shellcode, Matt's favorite LOLBINS, his research in code signing and other esoteric Windows security topics. Matt shares his more powerful tool, the research methodology inspired by the work of James Forshaw, and they end the show with a story of Matt falling through a ceiling! Don’t miss this one!
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
This week Zac chats with Nick Delewski. Nick is a Principle Security Consultant at MedSec specializing in medical device testing. Zac and Nick talk about the current state of medical device testing and cybersecurity regulation, Nick's favorite tools including a microwave oven (see below), and a story from Nick about the most physical danger he has ever been in on a penetration test!
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
This week, Zac sits down with Matt Shirley. Matt is the VP of Technical Services at Fortalice Solutions. Fortalice Solutions is a boutique cyber security services firm based in Charlotte NC, founded by Theresa Payton, former CIO to the White House. Zac and Matt discuss the importance of turning technical pentest findings into actionable strategy, RFID badge cloning and the hilarious situations that come from physical assessments.
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
This week Zac sits down with John Baek. John is the OG mentor to many of the folks already on this podcast as well as the leadership at SEVN-X. Zac and John discuss a few fun stories about our upbringing and then we launch straight into the "waterworks".
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
In a dramatic change of pace, this week, host Zac takes the hot seat and tells all about his journey into infosec, his favorite techniques, and a story you won't want to miss.
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
This week Zac sits down with Eric Buck. Eric is the Director of Offensive Security at SEVN-X. Zac and Eric discuss physical security and his favorite tried and true technique.
Produced www.sevnx.com
CyberCoffee
Use promo code WAR10 to save 10%
This week Zac sits down with Michael Sviben. Michael is a co-founder and COO of Domain Guard. Domain Guard is a full service domain management platform offering services including Domain Monitoring, Brand Monitoring, Attack Surface Monitoring, Phishing Site Takedowns, Phishing Simulation, and Dark Web Monitoring.
Zac and Michael discuss the importance of tool development, use of non-standards command and control protcols, and finish with a story covering ICMP command and control shells to bypass Next Gen firewalls.
Produced by www.sevnx.com
Sponsored by CyberCoffee
drinkcybercoffee.com
Use promo code WAR10 to save 10%
#PING #ICMP #Commandandcontrol #C2 #DomainGuard #GuardYourDomain
This week, Zac sits down with Andrew Allen. Andrew is a former pentester, red teamer, and security manager who has worked with some of the largest companies in the world. Zac and Andrew discuss the power of PowerShell, unique attack scenarios for PCI compliance, international pentesting, and finish it up with a story of physical pentesting.
Produced by www.sevnx.com
Sponsored by CyberCoffee
drinkcybercoffee.com
Use promo code WAR10 to save 10%
#PowerShell #PowerView #PasswordSpraying #SharedPasswords #WeakPasswords #CitrixBreakout #CyberArk #VmwareSnapshot #CredentialTheft #PCIPentesting #NamePoisoning #LanTurtle
This week, Zac sits down with Jude Keenan. Jude is a Director of Red Teaming for Aon. Zac and Jude discuss Bloodhound for Active Directory enumeration, use of nested Microsoft Scheduled Tasks for EDR evasion during an internal penetration test, and finally cover some unique challenges that can arise on physical pentests!
Sponsored by Cyber Coffee. Real hackers need real caffeine. Use promo code WAR10 to save 10%
In this episode, Zac interviews Dave Catling, Founder and Principal Operator at PheonixOps.
Sponsored by Cyber Coffee. Real hackers need real caffeine. Use promo code WAR10 to save 10%
In this episode, Zac interviews Vitaliy Kovalchuk, Director, Adversary Operations at SEVN-X.
Sponsored by Cyber Coffee. Real hackers need real caffeine. Use promo code WAR10 to save 10%
In this episode, Zac interviews Matt Freilich, Director at Protiviti.
Sponsored by Cyber Coffee. Real hackers need real caffeine. Use promo code WAR10 to save 10%
In this episode, Zac interviews Sarah Hume, Senior Cyber Security Consultant at Security Risk Advisors.
Sponsored by Cyber Coffee. Real hackers need real caffeine. Use promo code WAR10 to save 10%