The Exploring Information Security podcast interviews a different professional each week exploring topics, ideas, and disciplines within information security. Prepare to learn, explore, and grow your security mindset.
What cybersecurity tools every organization should have
Rob Fuller AKA Mubix joins me to talk about security tooling every organization should have. This was a result of a discussion Rob and I were having about Thinkst Canary and RunZero. Two fantastic tools that are low cost, easy implementation, and provide a ton of value to a security team.
Bypassing MFA with Brandon Potter
Brandon Potter joins me to discuss the different ways he’s seeing MFA bypassed as part of his companies work. Attackers are using old and new techniques to discover creative ways to bypass MFA. This is a result of more companies getting onboard with MFA. Unfortunately, that means attackers are going to start to find more ways to bypass MFA. A lot of what Brandon is seeing is coming down to misconfiguration with how MFA is implemented and attackers are starting to use browser in the middle to hijack sessions. Finally, we go over how AI is going to impact MFA.
What is a Canary?
Tyron Kemp Presales Engineer at Thinkst Canary joined me to discuss what is a canary. More specifically Thinkst Canaries which is one of the most useful and simple to use tools in the security space. I’m surprised I haven’t heard of more companies using the tool. You drop it in an environment and if you get people scanning or touching it alerts the people that can respond. It’s as simple as that.
ShowMeCon: Kevin Johnson and whatever he wants to talk about
Kevin Johnson the Chief Executive Officer of Secure Ideas joined me to discuss ShowMeCon and his keynote presentation on the infosec community rising from the ashes like a phoenix. It’s been a while since I’ve had the opportunity to catch up with Kevin but we got right into it and had a lot of great laughs. It’s a little all over the place with talk about ShowMeCon, reincarnation, and John Wick as a romantic comedy. Also, there is an EXPLICIT tag on this podcast.
How to Implement DAST
Frank Catucci CTO & Head of Security Research at Invicti is someone who I go back with many years. We both meet while working for the state of South Carolina. I was happy to see him end up at Invicti because I think they have a great podcast focused primarily on Dynamic Application Security Testing (DAST). We get into a variety of topics in this episode around MoveIT, implementing DAST, APIs, and AI.
What is Mimikatz?
Rob Fuller aka Mubix joins me to discuss what is Mimikatz? This came from some research I was doing online about hacker tools. I went to the Mimikatz GitHub repo and was immediately hit with a warning that it was a malicious site. Then I looked at the GitHub page and noticed it hadn’t been updated in years.
This lead me to reach out to Hacker Historian Mubix to get the skinny on Mimikatz. He provided some interesting not well known insights that you’ll have to listen to the episode to hear.
Excellent Cybersecurity Security Podcast
I’ve stumbled upon Tim’s podcast after listening to his presentation at my local Bsides. Just like I feel that his talk was the best of the presentations that day his podcast stands out as one of my favorite security podcasts for staying up to date in the industry.
It was really great to hear you guys again. I am glad that you have decided to start producing content again. I am looking forward to the next release. The diverse inputs were really wonderful.
Since you are meeting in person for December for the Christmas party maybe you could let everyone record their favorite IT security jokes and post them.
I just found this and it’s great!
I am saddened and yet thrilled to finish listening to the other podcasts. I just founds this and it’s great!!!! It says FIN but you never know I can always hope! Ms Laulei De La ROsa on FB