Sun, 31 July 2022
This month we are joined by Cybersecurity Strategist Heather Linn and Information Security Pro Giovanni Cofre to discuss current security news. From police being allowed to view private Ring camera footage to the distribution of an abortion-laced business card at a hacker conference, we covered a lot in one hour. Join us the last Friday of every month to discuss current events with a rotating list of security pros. Got suggestions, complaints, or feedback?
|
Mon, 18 July 2022
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!
Links: dhs-announces-new-cybersecurity-requirements-critical-pipeline-owners-and-operators |
Sun, 26 June 2022
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: Our June guest @HackerHurricane Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!
Links: iOS 16 and macOS Ventura will let users bypass CAPTCHAs on supported apps and websites Cops Will Be Able to Scan Your Fingerprints With a Phone Hot Tub Crime Machine: Jacuzzi Smart Tubs Left Personal Info Exposed After hacking millions of devices, DoJ operation shuts down RSocks botnet This Hacker Group Forces People to Do Good to Get Their Data Back Canadian internet outage attributed to beaver Keeping PowerShell: Security Measures to Use and Embrace
|
Sun, 19 June 2022
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!
Links: is-lamda-sentient-an-interview stop-calling-everything-ai-machinelearning-pioneer-says microsoft-shuts-down-ai-chatbot-after-it-turned-into-racist-nazi |
Mon, 6 June 2022
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!
Links: us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command |
Mon, 30 May 2022
Got suggestions, complaints, or feedback?
Tell us at podcast@secureideas.com or reach out on Twitter: https://twitter.com/secureideas Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you! This months guests: Episode Links: Clearview AI's Facial Recognition Tool Coming To Apps, Schools 2022 Data Breach Investigation Report (DBIR) Twitter will pay a $150 million fine over accusations it improperly sold user data |
Sun, 22 May 2022
US Prosecutors Won't Charge White Hat Hackers Under New Policy Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com Or reach out on Twitter: Join our Professionally Evil Slack Team: Professionally Evil Slack Team
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!
|
Mon, 2 May 2022
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: https://twitter.com/secureideas Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!
Episode Links: https://www.darkreading.com/careers-and-people/-isc-launches-entry-level-cybersecurity-course https://www.vice.com/en/article/k7w9mv/tmobile-hacked-bought-data-mandiant https://krebsonsecurity.com/2022/04/raidforums-get-raided-alleged-admin-arrested/ |
Mon, 25 April 2022
A group claims to be fighting Russia in the name of Ukraine using a botnet. And wants you to join them. Kevin and Nathan discuss what could possibly go wrong. |
Mon, 4 April 2022
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: Episode Links: FBI Warns Of Preliminary Russian Cyber Activity Against American Companies White House Says Reports of an American Cyberwar With Russia Are Greatly Exaggerated DIY Volunteers Are Repairing Ukraine’s Destroyed Internet Infrastructure War Is Calling Crypto’s ‘Neutrality’ Into Question Ransomware Payments, Demands Rose Dramatically in 2021 This is how much the average Conti hacking group member earns a month Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22 Pandemic Leaves Firms Scrambling for Cybersecurity Specialists Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you! |
Mon, 28 March 2022
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you! |
Mon, 14 March 2022
Got suggestions, complaints, or feedback?
Tell us at podcast@secureideas.com or reach out on Twitter: Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you! |
Mon, 7 March 2022
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: Join our Professionally Evil Slack Team at www.professionallyevil.com Where can I find Carrie Randolph? Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!
Episode Links: wordle-ad-trackers-privacy-new-york-times ukrainian-government-and-banks-hit-by-new-wave-of-cyberattacks /ukraine-defense-ministry-ddos-russia-conflict-de-escalation the-fog-of-information-war-looms-large-over-the-ukraine threat-intelligence/new-york-opens-joint-security-operations-center-in-nyc dhs-creates-cyber-safety-review-board-log4j-fbi-nsa google-account-hacks-dropped-half-two-step-authentication Vishing Makes Phishing Campaigns Three-Times More Successful |
Mon, 14 February 2022
The IRS Drops Facial Recognition Verification After Uproar ODIN - Homeless Management Information System Amazon Recognition moratorium to law enforcement Good outline of privacy concerns with facial recognition technology (FRT) Atlanta - Operation Shield – Public and Private cameras accessible to police Cities with the most cameras
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you! |
Mon, 7 February 2022
Links to today's topics: microsoft-warns-disk-wiping-malware-targeting-ukraine white-house-instructs-agencies-cybersecurity-strategy-memo-cisa Moving the U.S. Government Toward Zero Trust Cybersecurity Principles mexican-cartels-recruit-drug-mules-on-grand-theft-auto-online senate-weighs-bill-to-protect-satellites-from-getting-hacked florida-considers-deepfake-ban sweden-launches-psychological-defense-agency-to-counter-disinformation apple-scrubs-support-pages-all-mentions-controversial-csam image scanning feature Bored Ape Yacht Club Artist Says Compensation 'Definitely Not Ideal' Where can you find Tim Medin? Where can you find Jason Wood? Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: Join our Professionally Evil Slack Team at www.professionallyevil.com
Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you! |
Mon, 31 January 2022
Episode notes and links:
FTC Log4j Warning Federal Trade Commission Act https://www.ftc.gov/enforcement/statutes/federal-trade-commission-act FTC Equifax Fines https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement Principle of Subsidiarity https://en.wikipedia.org/wiki/Subsidiarity Got suggestions, complaints or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: https://twitter.com/darth_kevin https://twitter.com/secureideas our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you! |
Mon, 17 January 2022
|
Mon, 10 January 2022
Jump back into a discussion of current events with Kevin and Nathan after a long break. Packed with professional perspectives and opinions. This week we dive a little deeper into Log4j. |
Thu, 15 March 2018
In this episode, we discuss ethics, TLS 1.3, autonomous cars and replacements for multifactor authentication. We also interview Amanda Berlin and her experience writing the book Defensive Security Handbook: Best Practices for Securing Infrastructure. |
Wed, 12 July 2017
In this Professionally Evil Podcast PEPisode, we re-launch the podcast. 12 of us hang out and talk about what we are doing and whats coming up.
|
Tue, 23 December 2014
James and Kevin discuss a few of the events this year (breaches and otherwise), the release of Samuari 3.0 and some up-coming events. |
Mon, 18 August 2014
Is the idea of penetration testing evolving or is it staying the same? What is the goal of a penetration test? Does it differ by client? James and Kevin discuss penetration testing and how it is changing. When it comes to reporting, what data do you include, how do you represent it, and who is your audience? These questions and more are discussed. |
Fri, 11 July 2014
We are not lawyers but want to make you aware of some of the laws that exist around data breaches. Sometimes these laws pop up with very little media coverage and you have no idea. |
Mon, 31 March 2014
James and Kevin talk about the new office in Jacksonville, FL. Some rambling about setting it up and how we like it. Not so technical.. but exciting for us. |
Tue, 11 February 2014
James and Kevin discuss the idea of Exploitation and its importance in the testing methodology. Join them for a witty conversation about one of the favorite phases of the process. |
Fri, 17 January 2014
Kevin and James discuss not only the issues for Healthcare.gov regarding vulnerabilities, but the real issue of the lack of security being part of the process. This podcast covers a few different ways to build security in and reduce the risk exposure of your applications. |
Tue, 22 October 2013
James and Kevin discus the discovery aspect of the pentesting methodology as well as ramble about some other topics. They announce the Samurai Helmet winner and talk about some upcomming events. |
Sat, 28 September 2013
In this episode, James, Jason Gillam, Thom and Kevin talk about their experience at DerbyCon 2013 and the experience received at most cons that you attend. A few talks are discussed and thoughts about the events and cons in general. |
Thu, 15 August 2013
James and Kevin discuss all the naming issues seen with vulnerabilities, the release of SamuraiWTF 2.1 and a few other topics. |
Tue, 9 July 2013
In this episode, James, Kevin and Thom discuss the topic of the mapping phase of penetration testing. The tool of the episode is Dirbuster, with a mention of Yokoso!. |
Thu, 23 May 2013
Kevin Johnson and James Jardine kick off the topic of attacking the web by looking at what web penetration testing is and what both sides of the test need to think about. They discuss the need for the client to understand why they are testing, and what they are testing. It then moves into discussing scoping techniques and some common gotchas. A quick discussion on testing methodology, and then a quick segment on SQLMap and how it works. |
Tue, 14 May 2013
In this episode, James, Kevin and Nathan discuss the topic of Mobile testing. They start of discussing the need for a lab environment and some of the hardware recommended. They then discuss capturing network traffic with wireshark, http traffic with Burp, and the many benefits of the OWASP MobiSec project. |
Mon, 15 April 2013
In this Episode, Kevin, James and Jason discuss implications of using default or weak credentials on systems and applications. In addition, they discuss some other mis-configurations regarding HTTP Methods and Web Server file accessibility (web.xml). |
Wed, 6 March 2013
In this podcast, James Jardine and Kevin Johnson discuss topics ranging from passwords to RSA to breaches. We also release the new jingle as requested by @ChrisJohnRiley! |
Fri, 22 February 2013
In this episode, Kevin Johnson and James Jardine talk about a number of different flaws that many penetration testers and application developers miss. They talk about how username harvesting and password resets can cause issues. They also discuss the exposure that APIs and web services bring to applications. |