As we head to Hacker Summer Camp, how should we rebuild our infosec communities to be more inclusive and diverse? Jack Daniel offers his unique voice.  

As one of the founders of BSides, and as a community advocate for Tenable, Jack provides guidance on how we can re-emerge from the pandemic and successfully amplify and support people of different ethnicities, faiths, and genders within our hacking communities without being patronizing.

There are a lot of parallels between computer security and biology. If you think you already understand hacking systems, then I’ve got a story for you.

In this episode, Harrison Green talks about his experience creating exploits during capture the flag competitions and how it relates to his current day to day work with the Durrant Lab at the University of Pittsburgh on computational biology.

APIs are vital in our mobile digital world, but the consequences of API security flaws have yet to be seen. So how hard is it to hack APIs? Not very hard.

In this Episode, Jason Kent from Cequence talks about his experience hacking a garage door opener API, the tools he uses such as Burp, ZAP, and APK tool, and why we need to be paying more attention to the OWASP API Security Top 10.

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. How did he get started and what’s next? 

In this episode, LiveOverflow talks about his six years of producing engaging YouTube content and what the rise of social media influencers might mean for traditional conferences like Black Hat. He also gives a preview of his new YouTube series on the sudo vulnerability.

What if you discovered a flaw in a ransomware payment system that unlocked the data without paying the ransom? Would you use it? Would you help others?

In this episode, Jack Cable talks about hacking the Qlocker ransomware and briefly interrupting its payment system. He also talks about his infosec journey hacking cryptocurrencies, joining the Digital Defense Service and CISA, and helping secure the 2020 presidential election… all before the age of 22. 

MITRE ATT&CK catalogs the known tactics, techniques, and procedures of past advanced persistent threats, providing a roadmap for any red or blue team.

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it.

It seems everything smart is hackable, with startups sometimes repeating security mistakes first made decades ago. How then does one start securing IoT?

In this episode, Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things. They talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices today.

You’d think that having an amazing resume, a couple of bug bounties, or a CTF win would land you that dream infosec job. For many, though, that isn’t true.

That’s why Tennisha Martin founded Black Girls Hack, an organization designed to help the next generation receive the skills and experience they need to land jobs in the C-suites, and perhaps begin to address the acute shortage of infosec professionals with qualified people of color.

Shortly after OpenSSL’s Heartbleed, Shellshock was discovered lurking in Bash code two decades old. How could open source software be vulnerable for so long?

This episode looks at how fuzz testing has evolved over the years, how open source projects have for the most part gone untested over time, and how new efforts to match fuzzing to software development are today helping to discover dangerous new vulnerabilities before they become the next Shellshock.

What is the allure of lockpicking at hacker conferences? In this episode Deviant Ollam explains why these mechanical puzzles remain popular with hackers.

Ollam, who was an early member of Toool, The Open Organization of Lockpickers, discusses his career as a physical pen tester and also shares some basic lockpicking hacks.