Hurricane Labs Infosec Podcast

In today's podcast, we talk about the Cyber Safety Review Board and their report on Log4j.  Also, make sure to check out some of the articles and resources mentioned during this episode: DHS Launches First-Ever Cyber Safety Review Board via Homeland Security Pentest Stories: Responsible vulnerability disclosure via Heather Terry & Dennis Goodlett How to Write a Vulnerability Management Policy by Roxy, Hurricane Labs Director of Compliance Keep an eye out for our upcoming blog posts about vulnerability management too!  Click here for our podcast episode transcript.

Heather meets with Tom Kopchak to discuss strategies for organizations should utilize when creating cybersecurity training programs. In case you missed it, check out the first part of our Teaching and Learning Cybersecurity podcast series. Also, tune in to our related podcast: Addressing the Cybersecurity Skills Gap featuring Heather Terry, Tom Kopchak, Roxy, and Dusty Miller! Click here for our podcast episode transcript. 

Heather meets with Tom Kopchak to reflect on his recent experiences teaching cybersecurity and on what skills are needed to help bridge the cybersecurity skills gap. Also, make sure to check out some of our related posts and podcasts: Addressing the Cybersecurity Skills Gap podcast featuring Heather Terry, Tom Kopchak, Roxy, and Dusty Miller Tom's Tips for Infosec Professionals blog post via Tom Kopchak A Guide to Success: 9 Career Tips for Infosec Newbies blog post via Kelsey Clark 5 Student Networking Strategies for Security Conferences blog post via Kelsey Clark Click here for our podcast episode transcript. 

The Hurricane Labs team shares a few stories about their experiences with social engineering–and ways we can become more resilient to this type of attack. Also, make sure to check out some of the articles and resources mentioned during this episode: Verizon 2021 Data Breach Investigations Report Influence: The Psychology of Persuasion RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis (Coming May 2!) Blog: How to reduce your organization’s vulnerability to social engineering Click here for our podcast episode transcript.

Two of Hurricane Labs' team members red teamed for the NECCDC in March. They share insight to some of the strategies they used in their role as attackers. Also, make sure to check out some of the articles and resources mentioned during this episode: Northeast Regional of the Collegiate Cyber Defense Competition (NECCDC) NECCDC Red Team Review NECCDL / NECCDC Twitter Click here for our podcast episode transcript.

In this follow-up podcast, Heather chats with Hurricane Labs’ Director of Security Operations about further security implications of the Russia-Ukraine conflict.  Also, make sure to check out some of the articles and resources mentioned during this episode: SOC Talk: The Russia-Ukraine Crisis, Part 1 Statement by President Biden on our Nation's Cybersecurity (Full) Act Now to Protect Against Potential Cyberattacks – Security hardening recommendations via the Biden-Harris Administration President Signs New Executive Order Chartering Course New Course to Improve the Nation's Cybersecurity and Protect Federal Government Networks Backdoors & Breaches via Black Hills Information Security Russia Cyber Threat Overview and Advisories via CISA How to Run a Security Tabletop Scenario via Hurricane Labs Need help with your security? Contact us!  Click here for our podcast episode transcript. 

In today's podcast, our team discusses the value of VPNs–and a home firewall VPN project one of our analysts has set up. Click here for our podcast episode transcript. 

In this podcast, Heather chats with two members of the Hurricane Labs SOC team about distributed denial of service (DDoS) attacks as well as how to identify, prevent, and mitigate these attacks.  Also, make sure to check out some of the articles and resources mentioned during this episode: IT-ISAC GreyNoise Hurricane Labs Security Services Have questions for us? Get in touch with our team here! Click here for our podcast episode transcript.

In this special release podcast, Hurricane Labs' Director of Security Operations and our Director of Splunk Operations discuss the security implications of the Russia-Ukraine conflict. Also, make sure to check out some of the articles and resources mentioned during this episode: CISA Alert (AA22-047A) Second Wiper Attack Strikes Systems in Ukraine and Two Neighboring Countries via Kim Zetter, Substack Ukraine: Disk-wiping Attacks Precede Russian Invasion via Symantec Enterprise Blogs Click here for our podcast episode transcript.

In this podcast, Heather chats with the Hurricane Labs' SOC team about their favorite OSINT tools.  Also, make sure to check out some of the articles and resources mentioned during this episode: Atomic Red Team Bitwarden CyberChef CyberChef for Splunk DNSdumpster Emailrep.io Machinae Ninoseki Privacy Tools Spiderfoot Splunk Attack Range Click here for our podcast episode transcript. 

In this podcast, Heather and Roxy talk about the malware-laced USB devices being mailed to companies recently–and how you can stay safe.  Also, make sure to check out some of the articles and resources mentioned during this episode: CISA: Using Caution with USB Drives FBI warns cybercriminals have tried to hack US firms by mailing malicious USB drives Ransomware warning: Cyber criminals are mailing out USB drives that install malware Click here for our podcast episode transcript.

In part two of this series, Heather chats with some of Hurricane Labs' security analysts about the Log4Shell vulnerability. Also, make sure to check out some of the articles and resources mentioned during this episode: Log4j: Letting the JNDI out of the bottle blog post by Tony Robinson 6 Practical Fraud Prevention Tips blog post by Roxy FTC warns companies to remediate Log4j security vulnerability blog post via the FTC FTC Warns Companies: Patch Log4j ASAP or Suffer Our Wrath blog post via Gizmodo Click here for our podcast episode transcript.

In part one of this two-part series, Heather chats with two of Hurricane Labs' pentesters about the Log4Shell vulnerability. Also, make sure to check out some of the articles and resources mentioned during this episode: Log4Shell Everywhere Log4Shell Detection with ZAP Two Nmap NSE scripts: NSE Log4Shell Other NSE Hurricane Labs'  SOC Talk: IoT and Security Podcast OWASP ZAP – The Eval Villain Add-on Blog Post  Making Easy DOM XSS Actually Easy with Eval Villain  Hurricane Labs Penetration Testing Services Click here for our podcast episode transcript.

In this podcast, Heather chats with Tom, Meredith, and Roxy about ways to harden your wireless security. Also, make sure to check out our related blog post: 6 Tips for Wireless Security.  Click here for our podcast episode transcript! 

In this podcast, Heather chats with Tony, Kurt, and Josh about the Log4Shell vulnerability. Also, make sure to check out some of the articles and resources mentioned during this episode: Actual CVE-2021-44228 payloads captured in the wild Log4j – Apache Log4j Security Vulnerabilities Log4Shell Hell: anatomy of an exploit outbreak Splunk Security Advisory for Apache Log4j (CVE-2021-44228) Trending Internet Scanning on Apache Log4j Vulnerability Click here for our podcast episode transcript.

In today's podcast, Heather chats with Tom and Meredith about CISA's bad practices list and single-factor authentication. Click here for our podcast episode transcript.

In this podcast, Heather chats with Dennis, one of Hurricane Labs' pentesters, about how to avoid vulnerabilities ads inject into websites. Click here for our podcast episode transcript.

In today's podcast, Heather chats with Tom and Meredith about mitigating risks to your physical security. Click here for our podcast episode transcript.

In today's podcast, Heather chats with Hurricane Labs pentester Meredith about what the infosec community thinks of Apple's recent 0day disclosure troubles. Also, make sure to check out some of the articles mentioned during this episode: About the security content of iOS 12.5.5 Apple Releases Security Updates Pentest Stories: Responsible vulnerability disclosure Click here for our podcast episode transcript.

In the third and final part this series, the Hurricane Labs team talks about diversity in infosec–and how companies can support inclusivity within their organization.  Click here for our podcast episode transcript.