In today's episode listen to Chris, Drew, and Logan struggle with the potential ramifications of companies retaliating against hackers by hacking them back!How do you handle attribution? What about collateral damage?Who in the world would actually notify the FBI prior to doing this??Let's (potentially) find out in today's episode!

Join us as we walk through new and exciting developments in social engineering!FTX/SBF deepfake link below - don't go to ftxcompensation.comhttps://twitter.com/jason_koebler/status/1594720003923722240 Bonus content: Twilio is put on blast and we lament our AI laden futureHappy Holidays everybody!

As 2022 comes to an end, lets look at the best hacks, breaches, and just weirdness in the world of security. 

Twitter, its been in the news lately, but what does it have to do with Security? In this episode we discuss the most notable items that have been happening along this new Twitter journey and how it is affecting your privacy and security on the platform and if it is going to get better. 

Telling the difference between a user that's a program and a user that's a real human is a hard problem. It's also a problem that is growing in importance as more and more of our lives are subject to what happens online. We've seen incredibly successful PSYOPS campaigns, service outages, anti-competitive litigation, and myriad other harmful events occur as a direct result of automated abuse.So what is a bot and how can you successfully deal with them? We share some of our best secrets for effectively dealing with these bad internet denizens in today's episode.

Uber's ex-CISO has been charged with obstruction of justice and is facing up to 8 years in prison. The LinkedIn and Twitter security worlds are going crazy with the question of "What does this mean for CISOs today?"Well if you're not engaged in obstructing federal investigations it probably won't change your risk profile at all. If you are a CISO that's obstructing federal investigations well... maybe CISO isn't the best role for you?? Join us as we dig into the "implications" (or lack thereof) of the recent conviction of ex-Uber CISO Joe Sullivan.- https://www.justice.gov/usao-ndca/press-release/file/1306781/download

In recent days we've heard whistleblower testimony from Peiter Zatko (aka Mudge) alleging some pretty serious security problems at Twitter. This comes at a fairly opportune time given Elon Musk's interest in buying the company and subsequent cold feet due to Twitter's "bot problem."For the uninitiated, Mudge is a long-time hacker (an "OG" you could say) that has a reputation of being someone that can "speak truth to power." While we're skeptical of the timing too, the material content of Mudge's report should raise some serious eyebrows. Join us as we dig into the ins and outs of the report and talk a bit more about Mudge and why this report should be taken seriously.- https://s3.documentcloud.org/documents/22186683/twitter-whistleblower-disclosure.pdf- https://www.npr.org/2022/09/13/1122671582/twitter-whistleblower-mudge-senate-hearing

Welcome back for our FIFTH season :)So it turns out that Uber got hacked... and it looks to be bad. Hats off to their PR team for the job they've done keeping things quiet since. We go over the ins and outs of what we know so far and touch on the status of our DEF CON recordings too!Here's to our best season yet!- https://twitter.com/BillDemirkapi/status/1570602097640607744- https://twitter.com/MalwareTechBlog/status/1570600059909345280- https://techcrunch.com/2022/09/26/london-police-arrest-uber-rockstar/- https://blog.avast.com/uber-hack#

It's the last episode of our fourth season! The security gods were kind to us and gave us a softball with some exploits that are in the news recently; code execution in Confluence and a new ms-msdt code execution exploit in Windows. Lastly, we talk about preparations for DEF CON (we hope to see you there)!We've loved his journey so far and are so thankful to have you all as listeners. Come say hi at DEF CON and grab a beer with us.- Windows ms-msdt PoC - https://gist.github.com/tothi/66290a42896a97920055e50128c9f040- Confluence OGNL Injection PoC - https://github.com/Nwqda/CVE-2022-26134

We directly address the question of how hacking actually works by going through some of the underlying issues that contribute to a hack, tell hacking stories, then wrap up with a very brief explanation of the differences with state sponsored hacking!https://xkcd.com/327/ - Little Bobby Tableshttps://www.saleae.com/ - Example Logic Analyzer