Sam Bent, previously by his online handle as the Darknet Vendor "2happytimes2" is our Hacker of the episode!

In this episode of Hacker Talk we get to hear, how Sam put toghter an Opsec plan that ended up protecting him against a 20 count indetment and 200 years in prison. Thanks to a bruteforce attack in the true hacker spirit he managed to get out of prison. 

What is it like to apply strong operation security practices in your everyday life?  How does one survive and adapt to hostile environments?

Join us in this thrill seeking episode of Hacker Talk, where we get to hear Sam's story. 

In this episode we cover:   

Darknet Vendor, Darknet Marketplaces  

Darknet Forum Administrator

First Introduction to Tor 

Silkroad,

Early Bitcoin days 

Bitcoin Pizza for 20 000 Bitcoins

Moderating darknet forums

Money laundering charges   

Privacy

Journey into selling on the darknet  

Residential Security   

Living in Vermont, United States of America

Computer support   

Forming information security policies  

Backtraq 2(Released March 2007) 

Yagi antenna, randomizing your mac address before you use your neighbors wifi

Removing DNA from packages.  

Speaking at Defcon  

Dealing with the Department of Homeland security

Social Engineering

Operation security

Dread Darknet Forum

Dealing with Hostile Environments on the darknet and in prison 

Profiling yourself

Importance of Adoptability  

Managing multiple identities 

Pretty good privacy(PGP)

Trust on the Darknet

Resumes on the Darknet   

Best practices for Password Managers 

Storing password's in "The Slip", secure convenience security  

How to ship mail securely

Interacting with the united states judicial system 

Franks hearing

Becoming a paralegal in Prison

Writing a 200-page passion of release motion

Building trust in Online Communities

Links:

Doingfedtime Youtube channel: https://www.youtube.com/@DoingFedTime

Bitcoin talk pizza thread: https://bitcointalk.org/index.php?topic=137.0 

https://en.wikipedia.org/wiki/Vermont

https://en.wikipedia.org/wiki/BackTrack 

Sam's defcon talk: https://www.youtube.com/watch?v=NGiUhjuB22Y

https://www.16personalities.com/

https://en.wikipedia.org/wiki/Pretty_Good_Privacy  

https://en.wikipedia.org/wiki/Silk_Road_(marketplace)   

https://www.shouselaw.com/ca/blog/warrant/what-does-it-mean-to-traverse-a-warrant-what-is-a-franks-motion/

https://forum.defcon.org/node/241998

https://www.darknetstats.com/seasoned-dark-web-vendor-2happytimes2-sentenced-to-5-years-in-prison/

Our Hacker of the episode is "Vickie lii"! Vickie tells us about Bug Bounties, her new book and information security. 

Tune in now!

In this episode we cover:

Background, getting into security

Getting into Bug Bounty 

First Bug bounty 

Hackerone, Bug crowd

Reporting Security Bugs

Coordinating bug bounties  

Life as a bug bounty hunter

Interaction with engineers

Bug bounty bootcamp Book

Security as a hobby

Writing Books

How to hack web applications  

Vickie's favourite types of Vulnerabilities   

Template injection

IDOR

Writers block

Nostarch  

Book Publishing  

Bug bounty tools

Python and Bash   

Make bug bounties more enjoyable 

Portswinger Lab

Finding low hanging fruits  

legal harbor 

Caring about security researchers  

Links:

https://twitter.com/vickieli7   

https://en.wikipedia.org/wiki/Bug_bounty_program

https://vickieli.dev/  

https://portswigger.net/web-security/all-labs   

https://portswigger.net/research/server-side-template-injection

https://www.geeksforgeeks.org/insecure-direct-object-reference-idor-vulnerability/   

https://nostarch.com/bug-bounty-bootcamp

Grab a copy of Vickie's book:

https://www.amazon.com/Bug-Bounty-Bootcamp-Reporting-Vulnerabilities-ebook/dp/B08YK368Y3

In this episode of Hacker Talk:

One of the most powerful newer static analysis tool is CodeQL.  

By converting your code base into a Codeql database, you can now write  

queries in a read-only way, in order to find security vulnerabilities   

and problems in you Code-base.

We wanted to know more about this declarative language called "CodeQL".

Straight from Github's Security Lab, we are joined by Alvaro Munoz!  

Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.  

Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more!

Topics covered:

Learning to thing outsite the box by playing Capture the flag

CodeQL declarative languages 

Static code analysis

Getting a broad view of the source code

Writing queries with CodeQL to find vulnerabilities   

Modeling vulnerabilities with CodeQL

The learning curve of CodeQL

Quering github repositories for vulnerabilities

Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL)

Linters vs codeql

CodeQL integrated with continuous integration pipelines

Get started with Codeql

Submit your codeql queries to Github Security Lab's Bug bounty

Best practices for writing queries    

Thinking of the code as a database with codeql

Finding vulnerabilities in Covid-19 systems

Best pratices for CodeQL 

Reduce false possitives 

CodeQL with nvim(neovim)    

Improving vim by creating a more interactive development enviroment alternative, "neovim".

LSP integration with neovim.  

CodeQL with Emacs

Remote code execution bugs found with CodeQL.  

Bugs found in Radar Covid App

Patterns leading to remote code execution   

Auditing javascript frameworks

CodeQL vs other static analysis tools

Capture the flag codeql challanges

The future of CodeQL

External links:

https://lgtm.com/  

https://github.com/pwntester  

https://neovim.io/

https://en.wikipedia.org/wiki/Language_Server_Protocol    

https://en.wikipedia.org/wiki/Semgrep

Covid 19 tracing app

- https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss/

- https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/

Github Security Lab web site: https://securitylab.github.com/

Join Github Security Lab Slack Channel: 

https://join.slack.com/t/ghsecuritylab/shared_invite/zt-120w4vby8-_O9u9k2hPfgbju1tddBPcg

https://twitter.com/pwntester

Bounty program: https://securitylab.github.com/bounties/

https://codeql.github.com/

https://codeql.github.com/docs/codeql-overview/  

http://www.pwntester.com/

https://en.wikipedia.org/wiki/Abstract_syntax_tree  

https://en.wikipedia.org/wiki/Control_flow_analysis

https://github.com/github/codeql-learninglab-actions

https://github.com/anticomputer/emacs-codeql/   

Special thanks too:

We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!

In this episode of Hacker Talk, we are joined by the Hacker and SecBSD contributor: The BSDBandit!

Tune is as we deep into secbsd, the penetration distribution for the BSD community.

In this episode we cover:

Video games

Kali linux meets bsd

Started to hack in college

mandraka linux

FreeBSD 4.8 and beyond   

BSD vs Linux   

Reading the RFC's

IRIX

Learn from developer mailing lists  

OpenBSD's mailing 

The start of SECBSD - BSD based Penetration testing distribution        

SecBSD, release cyckle

Documentation in the BSD world  

NetBSD on toasters and sega dreamcast   

Comparing the BSD's   

Porting ruby Beef to BSD   

Web applications as houses   

Webb application api's   

Security    

Penetration testing  

Management vs Security Researchers and developers     

The adventures of Hacking and learning  

The state of Hacking  

Tinkering with FreeBSD    

ManPages

Unix Powertools book  

Vi Editor  

Having fun with Technology  

People code computers   

Time allocation and having a good schedule    

Rust programming   

Visual code studio   

Pentesting with Rust   

Mental health  

Taking brakes, allocating  

discord and Internet Relay Chat     

Libera.chat irc  

Irssi irc client    

Phreakers going into VoIP

OpenBTS   

IceCast

Future of IT-Security   

Moving everything to the browser   

Challenge of the episode: 

The BSDBandit challenges you to read one man page per day for one year      

Links:    

https://en.wikipedia.org/wiki/Mandriva_Linux    

https://www.freebsd.org/releases/4.8R/announce/    

https://secbsd.org   

https://twitter.com/SecBSD   

https://rfcs.io/http     

https://www.rfc-editor.org/rfc/     

https://en.wikipedia.org/wiki/IRIX     

https://en.wikipedia.org/wiki/Sub7     

https://marc.info/?l=openbsd-misc&r=1    

https://www.openbsd.org/faq/ports/guide.html    

https://twitter.com/CryptoBanshee_   

https://beefproject.com/   

https://www.oreilly.com/library/view/unix-power-tools/0596003307/    

https://www.amazon.com/UNIX-PowerTools-Jerry-Peek/dp/1565922603   

https://en.wikipedia.org/wiki/Vim_(text_editor)   

https://en.wikipedia.org/wiki/Vi   

https://twitter.com/bsdbandit    

https://crates.io/   

https://www.rust-lang.org/    

https://github.com/bsdbandit   

https://crates.io/crates/pledge   

https://en.wikipedia.org/wiki/Ghostscript    

https://en.wikipedia.org/wiki/Discord   

https://en.wikipedia.org/wiki/Irssi   

https://en.wikipedia.org/wiki/2600%3A_The_Hacker_Quarterly   

https://libera.chat/   

https://en.wikipedia.org/wiki/OpenBTS   

https://icecast.org/   

Hacker Talk is back! Stronger than ever with a new episode, in this episode we are all about Podman!

Joining us today is Dan Walsh. One of the main people behind Podman! Dan is very knowledgeable in the (oci)container security world. We are super happy to have him on Hacker Talk and hear about Podman.

Topics:
Podman
Podman in action book
Dan's journey into Unix and Linux
Following Paul cormia to redhat, CEO of redhead
Redhat, working on pre-vpn
Working on se-linux
Container technology
Security for openshift
Being integrated with docker
Oci images and runtimes
Fork and exec
Security in containers
Docker daemon
Design behind podman
Better security in podman
Combining podman with kubernetics
Docker Vs systemd

Full integration with systemd
Buildah, docker build with podman
Background story of buildah
Overhead in containers
Get started with migrating infrastructure to podman
Gitlab runners with podman
Podman on non-linux systems
Docker starting to charge for Windows and Mac
Podman desktop gui
Linux security
Sec-comp
Land lock security mitigation in the Linux kernel
SE-linux
Encrypted virtual machines
Intel-sgx with KVM virtual machines
Trusting proprietary CPU encrypted environments
Encrypted workloads
Security at the hardware level




Links
https://www.manning.com/books/podman-in-action
Se-linux
Podman
Docker
https://www.youtube.com/watch?v=MmUwrP791sI

Replacing docker with Podman
Buildah
Docker starts to charge for usage

Read Dan's book:
https://www.manning.com/books/podman-in-action

Find more episodes of Hacker Talk at:
https://anchor.fm/hacker-talk

Subscribe to Hacker Talk's RSS feed:

https://anchor.fm/s/7984c230/podcast/rss

In this episode of Hacker Talk, we are joined by the social engineer, windows security ninja, hacker and security researcher Mattias Borg.

Tune is as we get to hear about scam calls and social engineering!

In this episode we cover:

Social Engineering

Micro-expressions

How long can you get with scam calls?

Windows Security Best practices

Dealing with scam callers

Getting more information from scam call center

What happens when people fall for scam callers.

Educating others 

Links:

The Art of Human Hacking

https://en.wikipedia.org/wiki/Christopher_J._Hadnagy

https://twitter.com/MattiasBorg82

https://blog.sec-labs.com/  

https://www.youtube.com/watch?v=YsznWl0Wc4I

https://www.youtube.com/watch?v=1zTsfs4Q6IY  

For feedback and guest suggestions, email:

podcast at firosolutions dot com