Skip to main content
Spotify for Podcasters
Hacker Talk

Hacker Talk

By Firo Solutions LTD

Every second week, Hacker Talk brings you interesting conversation between some of the world best hackers, cyber security professionals and information security people.
Available on
Castbox Logo
Google Podcasts Logo
Pocket Casts Logo
RadioPublic Logo
Spotify Logo
Currently playing episode

Cat shaped hardware hacking with Alex Lynd

Hacker TalkApr 14, 2023

Cat shaped hardware hacking with Alex Lynd

Cat shaped hardware hacking with Alex Lynd

The hardware hacker, creator of the wifi-nugget, cybersecurity content creator, hak5 host and our guest of honor in this episode of Hacker Talk is Alex Lynd!

In this episode, we cover:

Alex background, working with hak5, content creation

O.MG pentesting cable

Signal intelligence

Wifi hacking

Hardware hacking

Modifying the hardware of calculators, playing games on calculators

Hacking the texas instrument ti 84 calculator

Alex's first computer being the raspberry pi

Starting with Linux

Embedded security

Hardware developer perspective

Making hardware devices

Making low-cost hacking devices

low cost, high availability and effective hacking devices

GPS implants

ESP8266, 3 dollar wifi microcontroller

Wardriving with esp8266

wifi nugget

Making cat-shaped hardware

Making a friendly and portable hardware design

Learning about wifi hacking and microcontrollers

USB nugget

USB rubber ducky

Keystroke injection attacks

ATtiny85 Arduino

Thought process behind creating the wifi nugget

How Filip cracked his neighbors wifi



Creating a DIY beginner hardware kit

The creation of wifi nugget, the first 100 devices

SpaceHuhn Maker

Wifi Beacon spoofing pranks

esp32 vs esp8266 wifi chip

Crafting custom packets with the esp8266 chip

Espressif Systems trying to stop people from using it's wifi chips for offensive purposes by locking down its software development kit.

Spoofing attacks

esp32 native USB mode

EMulating USB connected devices for data exfiltration

Auto trunked packets

pmkid wifi attack

Cracking wpa2 handshakes

Guessing autogenerated wifi passwords


Password generator based on your local area code

The best password-cracking word list Filip has ever used

Funny pranks with the wifi nugget

Nugget defender, see if anyone is attacking your network

use Canary tokens to detect if someone is breaking into your system

Bugged microsoft word and pdf documents

Having an intrusion detection system in your pocket

wifi honeypots

Getting started designing custom printed circuit boards(PCB)

Design with easyeda

Creating a tv-be-gone

Sourcing pcb boards

Circuit board art

What software to use to create boards

Antenna design

Omni directional antennas

Yagi antennas

Sourcing hardware

Making it more user friendly


Apr 14, 202359:56
Darknet Operation Security with Sam Bent Part 1

Darknet Operation Security with Sam Bent Part 1

Sam Bent, previously by his online handle as the Darknet Vendor "2happytimes2" is our Hacker of the episode!

In this episode of Hacker Talk we get to hear, how Sam put toghter an Opsec plan that ended up protecting him against a 20 count indetment and 200 years in prison. Thanks to a bruteforce attack in the true hacker spirit he managed to get out of prison. 

What is it like to apply strong operation security practices in your everyday life?  How does one survive and adapt to hostile environments?

Join us in this thrill seeking episode of Hacker Talk, where we get to hear Sam's story. 

In this episode we cover:   

Darknet Vendor, Darknet Marketplaces  

Darknet Forum Administrator

First Introduction to Tor 


Early Bitcoin days 

Bitcoin Pizza for 20 000 Bitcoins

Moderating darknet forums

Money laundering charges   


Journey into selling on the darknet  

Residential Security   

Living in Vermont, United States of America

Computer support   

Forming information security policies  

Backtraq 2(Released March 2007) 

Yagi antenna, randomizing your mac address before you use your neighbors wifi

Removing DNA from packages.  

Speaking at Defcon  

Dealing with the Department of Homeland security

Social Engineering

Operation security

Dread Darknet Forum

Dealing with Hostile Environments on the darknet and in prison 

Profiling yourself

Importance of Adoptability  

Managing multiple identities 

Pretty good privacy(PGP)

Trust on the Darknet

Resumes on the Darknet   

Best practices for Password Managers 

Storing password's in "The Slip", secure convenience security  

How to ship mail securely

Interacting with the united states judicial system 

Franks hearing

Becoming a paralegal in Prison

Writing a 200-page passion of release motion

Building trust in Online Communities


Doingfedtime Youtube channel:

Bitcoin talk pizza thread: 

Sam's defcon talk:

Dec 27, 202201:12:08
Bug Bounty Bootcamp with Vickie lii

Bug Bounty Bootcamp with Vickie lii

Our Hacker of the episode is "Vickie lii"! Vickie tells us about Bug Bounties, her new book and information security. 

Tune in now!

In this episode we cover:

Background, getting into security

Getting into Bug Bounty 

First Bug bounty 

Hackerone, Bug crowd

Reporting Security Bugs

Coordinating bug bounties  

Life as a bug bounty hunter

Interaction with engineers

Bug bounty bootcamp Book

Security as a hobby

Writing Books

How to hack web applications  

Vickie's favourite types of Vulnerabilities   

Template injection


Writers block


Book Publishing  

Bug bounty tools

Python and Bash   

Make bug bounties more enjoyable 

Portswinger Lab

Finding low hanging fruits  

legal harbor 

Caring about security researchers  


Grab a copy of Vickie's book:

Nov 24, 202238:02
CodeQL with Alvaro Munoz

CodeQL with Alvaro Munoz

In this episode of Hacker Talk:

One of the most powerful newer static analysis tool is CodeQL.  

By converting your code base into a Codeql database, you can now write  

queries in a read-only way, in order to find security vulnerabilities   

and problems in you Code-base.

We wanted to know more about this declarative language called "CodeQL".

Straight from Github's Security Lab, we are joined by Alvaro Munoz!  

Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.  

Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more!

Topics covered:

Learning to thing outsite the box by playing Capture the flag

CodeQL declarative languages 

Static code analysis

Getting a broad view of the source code

Writing queries with CodeQL to find vulnerabilities   

Modeling vulnerabilities with CodeQL

The learning curve of CodeQL

Quering github repositories for vulnerabilities

Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL)

Linters vs codeql

CodeQL integrated with continuous integration pipelines

Get started with Codeql

Submit your codeql queries to Github Security Lab's Bug bounty

Best practices for writing queries    

Thinking of the code as a database with codeql

Finding vulnerabilities in Covid-19 systems

Best pratices for CodeQL 

Reduce false possitives 

CodeQL with nvim(neovim)    

Improving vim by creating a more interactive development enviroment alternative, "neovim".

LSP integration with neovim.  

CodeQL with Emacs

Remote code execution bugs found with CodeQL.  

Bugs found in Radar Covid App

Patterns leading to remote code execution   

Auditing javascript frameworks

CodeQL vs other static analysis tools

Capture the flag codeql challanges

The future of CodeQL

External links:

Covid 19 tracing app



Github Security Lab web site:

Join Github Security Lab Slack Channel:

Bounty program:   

Special thanks too:

We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!

Oct 24, 202253:38
SecBSD - The penetration testing distribution for the BSD community | BSDBandit on Hacker Talk

SecBSD - The penetration testing distribution for the BSD community | BSDBandit on Hacker Talk

In this episode of Hacker Talk, we are joined by the Hacker and SecBSD contributor: The BSDBandit!

Tune is as we deep into secbsd, the penetration distribution for the BSD community.

In this episode we cover:

Video games

Kali linux meets bsd

Started to hack in college

mandraka linux

FreeBSD 4.8 and beyond   

BSD vs Linux   

Reading the RFC's


Learn from developer mailing lists  

OpenBSD's mailing 

The start of SECBSD - BSD based Penetration testing distribution        

SecBSD, release cyckle

Documentation in the BSD world  

NetBSD on toasters and sega dreamcast   

Comparing the BSD's   

Porting ruby Beef to BSD   

Web applications as houses   

Webb application api's   


Penetration testing  

Management vs Security Researchers and developers     

The adventures of Hacking and learning  

The state of Hacking  

Tinkering with FreeBSD    


Unix Powertools book  

Vi Editor  

Having fun with Technology  

People code computers   

Time allocation and having a good schedule    

Rust programming   

Visual code studio   

Pentesting with Rust   

Mental health  

Taking brakes, allocating  

discord and Internet Relay Chat irc  

Irssi irc client    

Phreakers going into VoIP



Future of IT-Security   

Moving everything to the browser   

Challenge of the episode: 

The BSDBandit challenges you to read one man page per day for one year      


Sep 26, 202201:02:15
Podman with Daniel Walsh

Podman with Daniel Walsh

Hacker Talk is back! Stronger than ever with a new episode, in this episode we are all about Podman!

Joining us today is Dan Walsh. One of the main people behind Podman! Dan is very knowledgeable in the (oci)container security world. We are super happy to have him on Hacker Talk and hear about Podman.

Podman in action book
Dan's journey into Unix and Linux
Following Paul cormia to redhat, CEO of redhead
Redhat, working on pre-vpn
Working on se-linux
Container technology
Security for openshift
Being integrated with docker
Oci images and runtimes
Fork and exec
Security in containers
Docker daemon
Design behind podman
Better security in podman
Combining podman with kubernetics
Docker Vs systemd

Full integration with systemd
Buildah, docker build with podman
Background story of buildah
Overhead in containers
Get started with migrating infrastructure to podman
Gitlab runners with podman
Podman on non-linux systems
Docker starting to charge for Windows and Mac
Podman desktop gui
Linux security
Land lock security mitigation in the Linux kernel
Encrypted virtual machines
Intel-sgx with KVM virtual machines
Trusting proprietary CPU encrypted environments
Encrypted workloads
Security at the hardware level


Replacing docker with Podman
Docker starts to charge for usage

Read Dan's book:

Find more episodes of Hacker Talk at:

Subscribe to Hacker Talk's RSS feed:

Sep 19, 202258:26
Social engineering | Scam calls with Mattias Borg

Social engineering | Scam calls with Mattias Borg

In this episode of Hacker Talk, we are joined by the social engineer, windows security ninja, hacker and security researcher Mattias Borg.

Tune is as we get to hear about scam calls and social engineering!

In this episode we cover:

Social Engineering


How long can you get with scam calls?

Windows Security Best practices

Dealing with scam callers

Getting more information from scam call center

What happens when people fall for scam callers.

Educating others 


The Art of Human Hacking  

For feedback and guest suggestions, email:

podcast at firosolutions dot com

Sep 06, 202251:24
Vulnhub | G0t mi1k on Hacker Talk
Aug 23, 202235:41
Wifi Wardriving with Mike Spicer | d4rkm4tter

Wifi Wardriving with Mike Spicer | d4rkm4tter

Today we are joined by: Mike Spicer, the builder of the Wifi Cactus, someone you can see walking around various security conference   

with a backpack filled with wireless monitoring goodies :)

Mike wanted to see what was really happening on one of the most dangerous wifi networks in the world, this and a lot more in this episode of Hacker Talk. 

In this episode we cover:

Questioning the dangerous assumption

How dangerous is Defcon's network really?

Dialup internet, warez, Hacking, Tinkering, and programming

The movie Hackers from 1995

Wardriving, driving around to find internet, Orinoco gold wireless card


Starting a startup wireless internet service provider company

Software-defined radio

Hacking Radiofrequency


Helium Lori hardware

Things network Lori iot

Amazon sidewalk

Interconnected devices


OpenBTS BladeRF

3g stingrays

WiFi Cactus, wifi kraken

Wardriving with wireless antennas

Pitfalls with airodump

Wireless captures

Wireless standards, going to WiFi 6

From one box to twelve

25 hak5 pineapples from Darren kitchen

Kismet, Andrew dragon(creator of kismet)

Intel nuc

Live streaming data from the WiFi Cactus

WiFi Cactus at Defcamp in Romania

Analyzing wardriving from security conferences

Pcapinator GitHub


Mdns, clear text,

DNS queries to slack

Building your own wardriving device

Wireless penetration tests

Intel ax220 PCI express WiFi adapter, 30-40 USD, native Linux support

Monitoring for wireless de-authentication attacks

Deploying kismet for detection with raspberry pi 4 with a 30usd Wireless adapter for starting to monitor their WiFi security

Best practices for cracking wpa2 handshakes with hashcat

Best security practices for setting up wireless networks


We would like to give a special thanks to Feedspot for featuring us, we recommend that you check them out:

Aug 08, 202248:28
AI-Powered Super Hackers | Steve Phillips Part 2

AI-Powered Super Hackers | Steve Phillips Part 2

Welcome back to Hacker Talk!

This is part two of our conversation with Steven Phillips 

Steven is a really interesting developer, hacker and thinker. I  

personally enjoy reading his blog where he covers various parts of 

programming, philosophy and software.


"Machine Learning" being good or bad   

Security with machine learning

Turning a stop light to a truck  


What type of Artificial intelligence do we need for software   

James Mickens

Generative Pre-trained Transformer 3  

Solving bad human code datasets   

Global code quality  

How do we write good code?  

The progress of software 

how good Structured Query Language is  

Secure codebase's 







The ethical source movement 

Code Licenses

Internet Privacy

End-to-end encryption


Browser Extensions

Reaching the largest userbase for software  

Web assembly  

The onion router | Tor user adoption 

AI-Powered Super Hackers are a real threat  


and a lot more on Hacker Talk!


View part one here:

Jul 11, 202201:08:46
Scanning the internet with Lucas Lundgren

Scanning the internet with Lucas Lundgren

In this episode of Hacker Talk, we are joined by

Lucas Lundgren, is an impressive penetration tester, security researcher, and our Hacker of honor today.

Lucas is known for going out on the internet and finding interesting internet-facing protocols, he has found several internet-facing critical infrastructures, prison door systems, medical x-ray file storage servers(Pacs), earthquake systems, and a lot more! 

In this episode we cover the following topics: 

Journey into hacking, radio, commodore64, Amiga 500, cracking games

Time bomb viruses for Amiga 500 games

Finding vulnerabilities, getting invited to conferences to speak at 13

War dialing Amiga 500, phone phreaking with modern

Learning lock picking 

building your own port scanner

Scanning the entire internet with Masscan from home with a 10gigabit connection 

Parsing scan results with elastic search, grep, kibana

Mqtt - embedded protocol, finding and opening prison doors with MQTT, 

Malware with MQTT brokers

Opening and closing doors in prisons in the UK

Atm's with MQTT

Changing oil pipelines pressure with

Finding protocols to scan the internet for 


Hacking x-ray machines

Finding hospitals x-ray records in Pax servers  dating back to 1985

Problems with hospitals' x-ray storage servers 

Reporting security vulnerabilities

Editing x-ray pictures, 

Malware that adds black spots on the pictures and reuploads it.

Malware in metadata of the x-ray pictures 

X-ray malware in the wild

Image recognition 

Making fictional earthquakes

Remote code execution on doorbells

Hack-rf, software-defined radio


Hacking radio


Weather satellites 

Hacking satellites 

Breaking into a gas pump with wooden straws

Physical penetration testing


Jul 05, 202258:44
Hackers on Planet Earth with Greg Newby and Mitch Altman

Hackers on Planet Earth with Greg Newby and Mitch Altman

Hackers on Plant Earth - Hope with Mitch Altman and Greg Newby

Hackers on Planet Earth(HOPE), is a biannual volunteer-driven hacker conference that got started in 1994. On the hacking and phone phreaking's magazine 2600 10th anniversary. In this episode of Hacker Talk, we are joined by two hackers that are behind the curtain at the HOPE conference.  

Greg Newby and Mitch Altman are both two impressive Hackers, helping the  

HOPE conference be the amazing hacking conference it is today.   

In this episode we cover:  

How Hope has evolved during the years  

Greg and Mitch's journey's into the hacking mindset   

Problems with big pharma and the importance of biohacking  

HOPE moving location from Hotel Pennsylvania to Saint John's University     


exploring technology   

Phone phreaking   

Life-changing events at HOPE   

Demoscene with original hardware from the 1980'ies at HOPE    

Making 8-bit generated art and music      

Running a physical hacker conference      

Hidden gems at HOPE   

How can you can run your own conference   

Logistics behind the HOPE conference   


The Hacker Talk team will be at May Contain Hackers which will take place   

in the Netherlands at the same time as the HOPE conference. Find us   

for some stickers and Hacker Talk swag!


Jun 20, 202201:05:26
Programmable Philosophy with Steve Phillips - Part 1

Programmable Philosophy with Steve Phillips - Part 1

Steve Phillips, is an interesting developer, privacy advocate, hacker and thinker.

Tune into this episode of Hacker Talk as we are joined by Steve Phillips in this Programmable Philosophy special.

In this episode we cover:  

Steve's journey into technology  

Being able to build and utilize tools


Privacy, Encryption

Philosophy with programming

Proving philosophical theories with programming

Python, Django

Paul gram

Putting the technologist first in companies

Combining programming with entrepreneurship

Going from utilizing one computer core to multithreading 

Clojure lisp, using all the libraries from lisp and java.  

Static typing 

Golang in 2010, From the one-year anniversary to hacker news. Golang's history.  

go fix - Automatically rewriting code for new API calls and dependencies.  

Creating software that lasts forever, making it easy for developers to upgrade old versions. Make standards that the code will use to   

automatically upgrade the old code, and avoid breaking core functionality. 

Dependency management

Long build times

V programming language 

Fast compile times in V and Go.  

Green threads, go routines. Efficient concurrency with low overhead.    

Small runtime languages.  

Designing encrypted protocols, threat models.  

Use libsodium

LeapChat secure chat   

Securing a large number of people  

End-to-end encryption with web applications, not trusting the middleman

Trusted service workers in modern browsers, preinstall javascript.  Detecting malicious new versions of javascript code.   

Web assembly, practical use-cases for web assembly. Allowing users to run precompiled binaries on any platform in a browser.   

How Web assembly run's in a very low overhead sandbox.  

Docker will be replaced by podman 

How docker is not the silver bullet for security, alternatives to it.  

Trusted microservices environments.  

Privilege separation  

web assembly nano process model

No need to trust the libraries that you use.  

Sandboxing, Electrum apps. 

Running C++ 20% slower with web assembly.  

Shopify's and Cloudflare's use of web assembly

Nomad, Kubernetes is too complex

Docker daemon


Jun 14, 202201:02:49
Black Hat Python with Tim Arnold and Justin Seitz

Black Hat Python with Tim Arnold and Justin Seitz

This episode is the first time the authors of the book: Black Hat Python. In today's episode of Hacker Talk Justin Seitz and Tim Arnold joins us on the show and we get to hear Tim and Justin stories about Python, Hacking and a lot more!

In this episode we cover:

Journey into hacking and technology

Finding like-minded people, dopamine kicks

Infosec community





Creating IT-security python courses 

From Twitter to Nostarch

Exploits for Windows 10 and 64bit machines

Favorite python libraries, Lxml, requests

Syscalls with PyPledge, visualizing packet analysis with scapy

Programming, Microsoft basic, PHP, vb6, 

the future with golang

Virtual environments in python

Workflow for programming

Visual code studio, Microsoft turning good


Wingide with immunity debugger

Hunchly's daily dark web report to archive .onion sites


Fresh onions

Modern exploit and zeroday writing

Ms08067 exploit

How to write books

Best practices for writing

May 31, 202201:04:05
Compromising Covid-19 systems with Pavol Luptak

Compromising Covid-19 systems with Pavol Luptak

Buckle in for a great episode of Hacker Talk! Pavol Luptak, CEO of Nethemba joins us, and

walks us through the vulnerabilities that were found in Slovakia's covid-19  PCR and anti-gen authority.

Tune into the most technical and detailed covid-19 hacking episode, right here on Hacker Talk.

In this episode we cover:

Pavol's journey into it-security

old-school Unix

privilege escalation attacks

Traditional C and Assembly, shellcodes

Becoming a penetration tester


Finding vulnerabilities in parking system, parking in Bratislava for free

Hacking Slovakia's covid-19 systems

extracting PCR and anti-gen covid-19 tests for all Slovakian citizens.

Finding vulnerabilities in PCR test authorities.

enumeration attacks.

Slovakian eHranica forms.

Generating birthdate number.

Finding birthdates on Facebook and Wikipedia

Leveraging different parts of the systems to make them work together

Impersonation attacks

OWASP Web Security Testing Guide

Cracking Captcha's

Rate limiting requests

Security mitigations that you can user

Central European Bug Bounty programs


Best practices for bug bounties for enterprises

How to get started with penetration testing

The new smart contract security field

Personal number generation script:


for (( year=54; year < 100; year++)));


for (( month=1; month < 13; month++)));


for (( day=1; day < 32; day++)));


for (( suffix=0; suffix < 10000; suffix++))


final=$(( $year*100000000+$month*1000000+$day*10000+$suffix ));

if (( final % 11 == 0 )); then printf "%010d\n" $final;






External Links:

May 16, 202253:56
David Jacoby

David Jacoby

David Jacoby, is a Swedish Hacker, Professional Penetration tester, Security Researcher, featured in the Swedish it-security show called "Hackad" and our guest of honor today!

In this episode of Hacker Talk, we are joined by the Swedish hacker David Jacoby!

Have you ever watched a video on your phone in your spare time? what if the site had a malicious javascript that will scan your internal   

network for smart devices and then trigger a remote code execution? 

Join us as we deep dive into IT-Security, get to hear how David got into hacking, and a lot more!

Topics we covered:

Phone Phreaking in Sweden

Software security

David's journey into hacking  

Privilege escalations on older systems

Linux system administration

Bulletin board system

Running bbs systems at home through a raspberry pi

Making security stronger and helping people  

Password reuse

Säkerhet och sekretess Magazine

Red team penetration testing

How to motivate your organization to implement a security program   

Attacking consumer devices, hacking smart devices at home

Scanning internal networks without a shell using a javascript scanner in the client's browser    

Hacking internal devices such as Network Attached Storage devices.   

enumerating networks and scanning with javascript

Consumer devices lifespan, testing certifications, best practices for vendors   

Submitting security vulnerabilities, the Swedish hacking scene, and background   

Favorite Pentesting tools, netcat openbsd version  

Network segmentation

Bad common patterns for enterprise networks  

Stealing paste buffers   

Securing society at a large scale    

The future of information technology security  

External Links:  

May 02, 202201:13:18
Ben Kurtz - Golang Malware part 2

Ben Kurtz - Golang Malware part 2

Ben Kurtz - Golang Malware part 2 

Topics covered:


Hells gate, direct system calls on windows

How system calls are normally done in windows, Windows Kernel

Evading anti malware detection on Windows with Banana Phone

How to get started writing c2's in golang.  

Sliver, Opensource golang command and control. 

Red team mindset   

Evolution of programmers, bad patterns   

CVE's, common vulnerability enumeration number  

Auditing source code   

Javascript frameworks  

Cross site scripting, SQL injection and XXE(Xml External Entity) for scanning internal networks and exfiltrating data.   

Building secure code bases   

Security Engineers    

Supervisory control and data acquisition (SCADA)   


Remote of execution and directory traversal in Java, Java's file constructor, LDAP and DirContext     

Golang for micro services   


Common bad patterns 

LDAP injection  

Modern security nightmares    

Remote debug protocols    

String concatenation   

Resistance to current modern implementation and safer framework.  

Finding bugs in games that can be used to attack power-plants.     

Dependency management     

Backdoor factory  


Man in the middle  

Spoofing BGP  

BGP hijacks



Apr 19, 202201:06:49
Golang Malware with Ben Kurtz Part 1

Golang Malware with Ben Kurtz Part 1

Ben Kurtz, is an interesting hacker that has been involved in the infosec space for over 20 years.  He has done a large chunk of research into writing malware and post-exploitation tools in the Golang programming language. 

Tune into this episode of Hacker Talk as we are joined by Ben Kurtz and deep dive into Golang Malware.

In this episode of Hacker Talk, we cover the following topics:

Getting into programming, apple 2, hacking, bulletin board systems, 

pirating apple 2 software

unix security, shadow and files in the /etc/ folder    

evolution of network security since 1994

first talk at DEFCON,

life as a developer


Dan Kaminsky, recruited as a professional hacker 

Learning different programming languages

Learning pascal in a basement  

Functional programming, constraint solver  

Getting into the Golang flow.  

Plan-9 redoing C++

Getting into Golang malware

encrypted mesh network


Iran shutting down tls connections

Internet Censorship 

Code audits

Writing malware in different languages

V programming language

Nym programming language

dild, dynamic loading library in OSX

parsing memory in golang

process execution block

loading windows syscall's

evading anti-malware systems

hells gate, direct windows system calls

Network traffic obfuscation

online communities that have been running for a long time, Second Life  

Offline mesh network  

Red team penetration

Write your own malware implant as a penetration tester.     

Obfuscating malware traffic   

writing malware  

Sliver, opensource version of cobalt strike, Command and Control Server   

testing malware 

setting up a test environment     

Penetration testing as a Red Team.   

Golang Antivirus/EDR evasion   

Enterprise network monitoring    

Shellcode loaders in pure golang    

Rewriting the backdoor factory in golang.

Obfuscating binaries with the custom golang debug library 

Parsing executables from memory(RAM)

universal system binary loader without touching disk

Links:  | Golang Malware defcon talk   

Mar 16, 202201:06:08
Threat intelligence with Dan Demeter

Threat intelligence with Dan Demeter

Dan Demeter, well-known security researcher in the Romanian information-security space. 

In 2014, Dan joined Kaspersky as a malware Security researcher, since then he has worked with various advanced anti-malware solutions and  

is currently working with Threat Intelligence in Kaspersky's Global Research and Analysis Team.

In this episode of Hacker talk, we deep dive into malware, threat intelligence, advanced persistent threats, security and defensive security with Dan. 

Topics covered in this episode:

Getting into infosec

Romania in the early personal internet space, connecting rj45 network cables to potatoes 

milw0rm, Bugtraq mailing list, backtrack, hell bond hackers 

Capture the flag(CTF) competitions

Internet café

Threat intelligence

Security research


Advanced persistence threats, what is an advanced persistence threat? 

Finding advanced malware in the wild.

Threat levels for individuals

Threat modeling

Enterprise and consumer malware

Antivirus programs

targeted malware

malware for crypto-currency projects

finding advanced malware as a threat intelligence researcher

bypassing advanced malware checks

Reverse engineering malware

ollydbg, NSA decompiler

Malware obfuscation techniques

yara rules 

wrapping malware with VM protect

Post exploitation

malware stages

Lazarus Malware, Bangladesh Cyber Bank Heist

Malware on sim-cards

Using satalite ip addresses

reporting malicious command and control servers 

malware campaigns spreading in Romania  

phishing and identity theft

Bring your own device policy

Stay safe working from home  

Best ways to protect yourself online  

Writing malware signatures and writing yara rules

malware similarity engines


Mar 03, 202201:35:02