Subscribe to Hacker Talk and listen to the latest episodes at: https://anchor.fm/hacker-talk

In this episode of Security Headlines we deep dive into fuzzing with Patrick Ventuzelo. topics that we cover: being niched in cyber security patricks background, doing pentests on telecom networks, doing security research on the android kernel for the french DoD, reverse engineering, development Zero days in the android kernel choicing a target when fuzzing  blackbox and whitebox fuzzing fuzzing golang projects fuzzing rust projects setting up fuzzing enviroments webassembly security  fuzzing webassembly invalid web assembly opcodes the next generation of browser exploits javascript runtimes exploiting webassembly in the browser fuzzing blockchain applications how to write a fuzzer what to look for while fuzzing fuzzing javascript writing fuzzers in python ataris fuzzer for python code libfuzzer llvm analysing code repositories and finding bad patterns golang built in fuzzing(go-fuzz, fuzzing draft) fuzzing ethereum solidity smart contracts fuzz bench by google fuzzing the android kernel beacon fuzz reporting security bugs github security advisory favorite security conferences External links: https://fuzzinglabs.com/ http://stackoverflow.com/questions/43153964/ddg#43154559 https://www.youtube.com/channel/UCGD1Qt2jgnFRjrfAITGdNfQ telegram fuzzlab lab https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html

In this episode of Security Headlines, we are joined by Jay Townsend who is  maintaining several infosec tools such as the harvester and discover. The harvester is a very popular tool for doing Osint analysis. Tune into this episode  as we deep dive into Osint, the opensource information gathering realms. In this episode we cover:   what is osint and how can we use it? discover, lee baird the harvester dnsrecon bash python backtrack wifi security, wep wifi pineapple, bash bunny, hack5 hack the box, try hack me, hack this site.org sysadmin, ansible finding passwords in log files how to apply security hardenings, systemctl hardenings  running weekly security scans bug bounties penetration tests finding old applications in production burpsuit using the harvester  harvester in kali linux, parrotsec, blackarch and debian porting the harvester to python 3 screen-shooting websites with the harvester hidden features in the harvester fierce dns hacking dnsrecon how to perform osint analysis on yourself and others how to protect yourself against osint attacks using throw away email addresses how to use osint during penetration tests python development docker linux firmware, wifi drivers visual code  the latest windows exploits Links: https://en.wikipedia.org/wiki/PyCharm https://www.parrotsec.org/ https://github.com/leebaird https://www.youtube.com/watch?v=F9UZdPokkhw https://github.com/laramies/theHarvester https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-windows-10-serioussam-vulnerability/ https://en.wikipedia.org/wiki/Open-source_intelligence https://twitter.com/jay_townsend1 https://bloodhound.readthedocs.io/en/latest/  https://www.ansible.com/

In this episode of Security Headlines, Kolja Weber the creator of flokinet.is joins us.  In this episode we talk about: flokinet internet privacy german pirate party internet privacy laws Iceland starting an internet service provider running an internet service provider ipv4 addresses adoption of privacy friendly tools handling abuse requests  starting an internet service provider RIPE denial of service attacks mitigating denial of service attacks starting a privacy focused internet service provider DNS amplification attacks security free speech adoption of https, starttls and dkim external links: https://flokinet.is https://twitter.com/frelsisbaratta https://www.afrinic.net/ https://ripe.net https://en.wikipedia.org/wiki/RIPE_NCC https://en.wikipedia.org/wiki/AFRINIC https://letsencrypt.org/ https://www.qubes-os.org/

In this episode of Security Headlines, we are joined by Michael Dubell who co-founded Sweden's first student security   capture the flag team. What is capture the flag and how do you play it? How can you into hacking through the doors of playing   ctf's?  Michael started playing around with security as a teenager and the journey led him the capture the flag team, known   as "ChalmersCTF". Today, Michael is working with security during the day, and during the night he is developing the soon to    be released "bountrystrike"(which you can find on bountystrike.io) tool. Tune in as we talk about CTF, and a lot more! In this episode we cover:   halo one online wallhack war games hacking on forums hack this site over the wire https://www.hellboundhackers.org/ chalmers   chalmers CTF how to start a "capture the flag" team   organizing capture the flag meetups beginner ctfs over the wire   the capture the flag scene in Sweden   over the wire   whitebox pentesting    bug bounties automating scanning and automating bug bounties vulnerability management    finding bugs in bug bounty programs      ## External links:    https://github.com/search?q=capture%20the%20flag%20writeups&type=Everything&repo=&langOverride=&start_value=1    https://github.com/zardus/ctf-tools        https://ctftime.org      https://chalmersctf.se/      https://overthewire.org    https://twitter.com/StevenVanAcker     https://bountystrike.io/     https://dubell.io/   

In this episode of Security Headlines, we are joined by one of the minds behind the OpenBSD project, Antoine Jacoutot.  He is responsible   for porting over 300 packages into OpenBSD. He is also involved in syspatch which handles security binary upgrades for OpenBSD.   Tune in, as we talk about development, security, programming, OpenBSD and a lot more! ##  Topics that we cover:    OpenBSD's community opensource    rcctl   init systems   classic BSD background daemons in OpenBSD    OpenBSD desktops in the wild    companies running OpenBSD writing shellcode openup binary patches in OpenBSD How OpenBSD handle security issues how security binary patches are carried out.    syspatch  porting software to OpenBSD   Gnome on OpenBSD    OpenBSDs future with Amazon AWS sysmerge   submitting feature requests to OpenBSD   tmux  advice for first-time OpenBSD users      ## External links:    https://www.OpenBSD.org/errata.html  https://bsdfrog.org/    https://twitter.com/ajacoutot https://OpenBSD.org    https://gnome.org https://www.OpenBSD.org/faq/ports/ports.html    https://man.OpenBSD.org/syspatch https://man.OpenBSD.org/sysmerge     https://github.com/ajacoutot     https://man.OpenBSD.org/rcctl    

In this episode of Security Headlines, we are joined by a great mind in the   memory security space. A spark was created when Theofilos peaked    into the realms of security. So he packed his bag and got to the next plane to the US in order to deep-dive more into the security field during   his studies. He became fascinated by the world of writing exploits   and "smashing the stack" as we say in the hacking field.  He is a    brilliant guy when it comes to memory attack and he has co-written a    solution that solves the stack canary problem.    We had the chance to sit down with Theofilos Petsios and     get to hear his view on security, development and a lot more.   That you can tune into right here:   Stack canaries is a security mitigation technique that has been widely   adopted and you will find it in most systems today. But does it really work?   Topics that we touch upon in this episode:     Stack canaries    Address layer space randomization    Blind Return Oriented Programming (BROP)    Return Oriented Programming     Static code analysis     Rest in peace Andrea Bittau     security mitigations    Write Xor Execute(W^X)    Dynaguard    Where stack canaries fail and the operating systems approach to it.   hardening systems   where the future of security is going   CVE's over time    Memory corruption bugs    builtin security in the compilers     Security vs Overhead    Using memory in the Thread-local storage adoption of security mitigations    stack clash    Pin, Intel's dynamic binary instrumentation framework      Defense Advanced Research Projects Agency    whitepapers and Proof of concepts     Fuzzing     building better security tools     Cost vs benefit in the security field      Switching from userspace to kernel space mitigations    linters     secure codebases     formal verifications    "Stack canaries is just one little stone, one a the beach that keeps getting hit by big waves" External links https://twitter.com/theofilospe    https://www.cs.columbia.edu/~theofilos/files/slides/dynaguard.pdf https://www.cs.columbia.edu/~theofilos/files/papers/2015/dynaguard.pdf http://www.scs.stanford.edu/brop/    http://www.scs.stanford.edu/brop/bittau-brop.pdf    https://github.com/nettrino/DynaGuard     https://software.intel.com/content/www/us/en/develop/articles/pin-a-dynamic-binary-instrumentation-tool.html    https://github.com/nezha-dt/nezha     https://llvm.org/docs/LibFuzzer.html      https://github.com/nettrino/vimconf   https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/ https://youtu.be/Er44ur7wkXQ?t=44

Jonas Lejon is an amazing mind in the Swedish security world. A    great entrepreneur, hacker, and security-expert!    We had the pleasure of talking with him in this episode of Security Headlines. he wanted to specialize in security so he packed his bag and headed over   to the capital city to work more in-dept with security.  He wanted to    go deeper and deeper, so spent his extra hours learning the assembly programming  and getting into the low-level brain of the computer system.  He managed   to land a job working for the Swedish version of NSA.   Jonas now runs his own company called "Triop" and has a lot of fun side   projects that we dig into. In this episode we also cover:     Micro blogging   building search engines  bloggz dot se Getting over 20K users within a few weeks Twitter in the early days   Building Sweden's biggest micro-blogging platform testing in production    WordPress Security    bug bounties Finding security holes in Zoom writing about encryption and security fuzzing Hacking Bluetooth     ISOC-SE the swedish top level domains .se and .nu  the internet in Sweden      beatboxing  pentesting    enumerating existing users based on validation time  updated, security by default systems    network logging    Programming    leaving python 2 Customizing Kali linux   Time-of-check to time-of-use attacks  writing exploits  ## External links:    https://triop.se    https://kryptera.se     https://web.archive.org/web/20081102073248/http://bloggz.se/      https://web.archive.org/web/20110630210858/http://bloggy.se/    https://en.wikipedia.org/wiki/Memcached      https://wpsec.com/     https://utvbloggen.se/     https://se.linkedin.com/in/jonaslejon     https://www.youtube.com/channel/UCI49rLPi_Lbbux5eo8ewLKA      https://en.wikipedia.org/wiki/Dave_Aitel      https://github.com/SofianeHamlaoui/Spike-Fuzzer      https://isoc.se/      https://internetstiftelsen.se/en/      https://www.netnod.se/      https://en.wikipedia.org/wiki/Kali_Linux      https://en.wikipedia.org/wiki/Arcade_Fire      https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use      https://github.com/juliocesarfort/public-pentesting-reports      https://www.hackerone.com/      https://www.bugcrowd.com/      https://twitter.com/jonasl     

In this episode of Security Headlines, we are joined by one of Gothenburg's security evangelist, Mr Johan Rydberg Moller. Johan is the cofounder of Gothenburg's own security conference *Security Fest*, sakerhetspodcasten - the first swedish security    podcast, hacker, explorer, and musician.  We get to hear the tale of how Johan got sucked into the world of hacking, that    has been his home for a lot of years now, as well as adventures with publicly disclosing security holes in some of    sweden's biggest websites.  This and a lot more in this episode of Security Headlines:    ## In this episode we cover:      learning web security when web security was a new thing Reporting security vulnerabilities.   life as a web developer.  finding security holes in the top 100 websites in Sweden.    PHP security cofounding assured starting the "security fest" conference    tattooing the conference logo starting the first Swedish security podcast pentesting gothenburg owasp web caching attacks ## External links           https://twitter.com/JohanRMoller    https://securityfest.com    https://sec-t.org    https://www.assured.se/      https://securitywithoutborders.org/blog.html       https://portswigger.net/burp      https://portswigger.net/research      https://www.youtube.com/watch?v=zP4b3pw94s0     https://www.theverge.com/2020/3/24/21192830/apple-safari-intelligent-tracking-privacy-full-third-party-cookie-blocking    https://soundcloud.com/johanrm    https://www.dagensmedia.se/medier/digitalt/soderhavet-kritiseras-for-sakerhetshal-6176181    https://sakerhetspodcasten.se/lyssna/    https://owasp.org/www-chapter-gothenburg/   

In this episode we are Joined by the developer, hacker and Code Siren founder Eijah. We walk down a road of 2 hours of honest conversation about Development, Morals,     working with McAfee, Hacking, Motivation, Mental Health, Security and a lot more!  Eija, an advocate for privacy and individual rights, quit a well paid job at rockstar games to start on a     journey pursuing what he loved. He went on a journey with the goal of creating technology that    enhance personal liberty and freedom.  The journey has had its bumps in the road but he as continued   marching forward, despite various problems.  Today, Eijah runs a software company called CodeSiren. Working on revolutionary technology In this episode we cover:   hacker spirit, engineer, tinkerer C++, Java Max payne 3, Red Dead Redemption, grand theft auto 5 programming for the love of it game developer, Working at rockstar, life at rockstar life as a developer hacking blueray and finding the blueray device keys Large code bases, code maintenance, clean modular code your code is your documentation Xbox360 vs Playstation 3 The failures of VPN companies, selling people's private companies.   Drinking pints, in Edinburgh Starting and developing demonsaw file sharing privacy traffic obfuscation and traffic subterfuge, bypassing deep packet inspection great firewall of china Surveillance Privacy Cryptography Censorship John Mcafee Being a senior programmer "My greatness stems from not having achieved what I am here to achieve" - Eijah ## External links:     https://twitter.com/demon_saw      https://codesiren.com      https://demonsaw.com      https://en.wikipedia.org/wiki/Commodore_VIC-20     https://darknetdiaries.com/episode/16/     https://en.wikipedia.org/wiki/Advanced_Encryption_Standard     https://en.wikipedia.org/wiki/CPU_time     https://forum.doom9.org/      https://www.reddit.com/domain/forum.doom9.org/         https://en.wikipedia.org/wiki/Hackers_(film)       https://en.wikipedia.org/wiki/Dunning-Kruger_effect        https://en.wikipedia.org/wiki/Impostor_syndrome      https://en.wikipedia.org/wiki/Allocator_(C%2B%2B)      https://en.wikipedia.org/wiki/PlayStation_technical_specifications     https://www.nextplatform.com/2019/01/24/unified-memory-the-final-piece-of-the-gpu-programming-puzzle/      https://www.youtube.com/watch?v=lTngMxmymX4      https://www.youtube.com/watch?v=fMfQQoHHLBA     https://steelpantherrocks.com/      https://www.youtube.com/watch?v=WjElZ-O9EpM