Swarm Intelligence with Pongolyn

In this episode of the Hack the Planet Podcast:

We have a chat with Pongolyn, a community organizer and strategist for the Pacific Northwest Englightend, one of the largest teams in the augemented reality game Ingress. We discuss the key elements needed to develop swarm intelligence and how they were applied to continent-spanning efforts.

Pongo has spent years deconstructing her experience into a valuable set of strategies for anyone organzing large numbers of volunteers, and expertly up-levelling them into easily digestible lessons on swarm-based strategies, gamification, and game theory for people that never played Ingress.

If you’ve ever had to organize a protest or a podcast, this episode is for you!

Pongolyn’s talks:
BSides Portland 2019 – https://www.youtube.com/watch?v=Eq33S_Rz4qo
Toorcamp 2018 – https://www.youtube.com/watch?v=UfYg3EVn_Jg
Defcon 26 – https://www.youtube.com/watch?v=bPTymsk1I_E

SwarmWise – The Tactical Manual to Changing the World by Rick Falkvinge
https://docs.google.com/file/d/0Bz8cVS8LoO7OOHhJUUF5akJ4RHc

Hannah Fry Ted Talk – Is life really that complex?
https://www.ted.com/talks/hannah_fry_is_life_really_that_complex

Screeps – https://screeps.com/

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.

Threat Modeling: None of Your Security Tools Help me Get More Money for my Security Program

In this episode of the Hack the Planet Podcast:

For too long, the confusion caused by the Adam Shostack/MS threat modeling “methodology” has prevented security teams from doing any productive risk analysis. That ends now. We clear up the confusion around what a threat model is, what it’s for, how best to go about developing one, what is so very very wrong with the Adam Shostack/MS method of threat modeling, and how to achieve better results with less effort and arguing.

Check out the links for useful templates and examples. And remember: a dataflow diagram is an important piece of design documentation, but it is not and can never be an effective threat model.

Threat Modeling Template Examples from SymbolCrash, adjust these to suit!

Simple Threat Model Example:
https://www.symbolcrash.com/wp-content/uploads/2020/10/Threat-Model-Template-Simple.xlsx

CVSS 3.1 Auto-calculating Model with Automatic Coloring by Severity:
https://www.symbolcrash.com/wp-content/uploads/2020/10/Threat-Model-Template-CVSS-3.1.xlsx

“How to measure anything in cybersecurity risk”
https://www.howtomeasureanything.com/cybersecurity/

CVSS 3.1 Calculator at first.org
https://www.first.org/cvss/calculator/3.1

Automated Secrets Detection:
https://github.com/Yelp/detect-secrets
https://github.com/anshumanbh/git-all-secrets
https://github.com/dxa4481/truffleHog

Old-School SANS Threat Modeling Template Example:
https://www.sans.org/blog/practical-risk-analysis-and-threat-modeling-spreadsheet/

Mentioned Tools:
https://github.com/lyft/cartography
https://github.com/nccgroup/ScoutSuite

C4 model:
https://c4model.com/

What is the Actual Financial Impact of a Breach?
https://www.nber.org/digest/jun18/economic-and-financial-consequences-corporate-cyberattacks
https://www.nber.org/papers/w24409

Threat Modeling Tools that uselessly force everything into a DFD (not recommended):
ThreatModeler – https://threatmodeler.com/
Irius Risk – https://iriusrisk.com/
OWASP ThreatDragon – https://owasp.org/www-project-threat-dragon/
MS Threat Modeling Tool – https://www.microsoft.com/en-us/download/details.aspx?id=49168

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.

Golang Offensive Tools with C-Sto and capnspacehook

In this episode of the Hack the Planet Podcast:

We talk with some of the most prolific developers of Golang offensive tools, from opposite points on the globe, about why they use Go, what they’ve been working on, how to work around some of Go’s challenges for red teams, and where things are going in the near future with Go malware. Featuring C-Sto (bananaphone/goWMIexec) and capnspacehook (pandorasbox/garble).

List of Golang Security Tools:
https://github.com/Binject/awesome-go-security

C-Sto:
https://github.com/c-sto/goWMIExec
https://github.com/C-Sto/BananaPhone
https://github.com/C-Sto/gosecretsdump

capnspacehook:
https://github.com/capnspacehook/pandorasbox
https://github.com/capnspacehook/taskmaster

Misc:
https://github.com/moonD4rk/HackBrowserData
https://github.com/emperorcow/go-netscan
https://github.com/CUCyber/ja3transport
https://github.com/EgeBalci/sgn
https://github.com/sassoftware/relic
https://github.com/swarley7/padoracle
https://github.com/gen0cide/gscript

Command and Control:
https://github.com/BishopFox/sliver
https://github.com/DeimosC2/DeimosC2
https://github.com/t94j0/satellite

Obfuscation/RE:
https://github.com/goretk/redress
https://github.com/unixpickle/gobfuscate
https://github.com/mvdan/garble

Of interest, but breaks Docker & Terraform:
https://github.com/unsecureio/gokiller

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.

Interview with Josh Pitts

In this episode of the Hack the Planet Podcast:

We talk with Josh Pitts, creator of The Backdoor Factory, ebowla, and SigThief, about the backstory of some of these tools and the offensive open-source tools debate. Featuring Vyrus and fast Dan.

Pitts Links:
https://github.com/sponsors/secretsquirrel
https://github.com/secretsquirrel/the-backdoor-factory
https://github.com/Genetic-Malware/Ebowla
https://github.com/secretsquirrel/SigThief
https://sec.okta.com/articles/2018/06/issues-around-third-party-apple-code-signing-checks
https://github.com/golang/go/issues/16292

Golang rewrite:
https://binject.github.io/backdoorfactory
https://github.com/Binject/debug

BananaPhone / Hell’s Gate:
https://github.com/C-Sto/BananaPhone

More Code Signature Bypasses:
https://www.securityinbits.com/malware-analysis/interesting-tactic-by-ratty-adwind-distribution-of-jar-appended-to-signed-msi/
dylib TOCTOU: http://powerofcommunity.net/poc2015/pangu.pdf
linux by design: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883949

Copy-Paste Compromises: https://www.cyber.gov.au/sites/default/files/2020-06/ACSC-Advisory-2020-008-Copy-Paste-Compromises.pdf

Other:
https://github.com/vyrus001/go-mimikatz

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.

Protesters and Technology feat. Will Scott and Vyrus

In this episode of the Hack the Planet Podcast:

We are joined in the studio by Vyrus and privacy researcher Will Scott to talk about the dual-edged sword of technology in the context of protests. We dive deep on technical innovations from the Black Lives Matter protests, especially in the areas of software defined radio and crowd-sourcing. Then things slide off the rails in the usual manner.

Radio Links:
https://openmhz.com/
https://github.com/robotastic/trunk-recorder/wiki
https://github.com/szpajder/rtlsdr-airband/wiki
https://www.rtl-sdr.com/using-a-kerberossdr-to-monitor-air-traffic-control-voice-ads-b-acars-vdl2-simultaneously-on-a-raspberry-pi-3b/
https://github.com/unsynchronized/gr-mixalot
https://www.usenix.org/blog/security-analysis-apco-project-25-two-way-radio-system
https://tar1090.adsbexchange.com/

EFF Protest Guide https://ssd.eff.org/en/module/attending-protest
A Good American https://youtu.be/666wsDcoNrU

NFS server https://github.com/willscott/go-nfs
Will at CCC https://media.ccc.de/v/36c3-10565-what_s_left_for_private_messaging

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.

Interview with mubix

In this episode of the Hack the Planet Podcast:

We chat with mubix about the infamous QuickCreds script, writing games in your boot sector, Hak5, and the joys of teaching … and cheating at video games.

https://www.amazon.com/Programming-Sector-Games-Toledo-Gutierrez/dp/0359816312

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.

I Can Do This Real Quick: A DMA Special

In this episode of the Hack the Planet Podcast:

Our panel reacts to the hype around recent Thunderbolt attacks and dives deep into bypassing disk encryption with Direct Memory Access. We also show off our side projects: a newly invented musical instrument, a rewrite of The Backdoor Factory, and how to maximize your Folding@Home performance beyond all psychological acceptance.

https://github.com/mitchellharper12/folding-scripts
https://github.com/Binject/backdoorfactory

https://github.com/ufrisk/pcileech
https://safeboot.dev/

https://www.youtube.com/watch?v=7uvSZA1F9os
https://thunderspy.io/

https://christian.kellner.me/2017/12/14/introducing-bolt-thunderbolt-3-security-levels-for-gnulinux/
http://thunderclap.io/thunderclap-paper-ndss2019.pdf

https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures
https://www.platformsecuritysummit.com/2019/speaker/weston/

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.

Interview with Craig Smith, author of The Car Hacker’s Handbook

In this episode of the Hack the Planet Podcast:

We talk to Craig Smith, author of The Car Hacker’s Handbook, about DRM, car hacking, and the future of virtual conferences.

https://github.com/zombieCraig/ICSim

http://opengarages.org

https://www.carhackingvillage.com

https://www.cybertruckchallenge.org

https://www.grimm-co.com/grimmcon

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.

Fold, Baby, Fold

In this episode of the Hack the Planet Podcast:

In the first installment of the Hack the Planet quarantine series, our panel discusses a vital question of our time: to pants or not to pants?

We discuss our collective contribution to the world’s largest supercomputer and how you can get involved.

Port Knocking Code: https://github.com/mitchellharper12/web-port-knock

Folding@home: https://foldingathome.org/

Folding rankings: https://folding.extremeoverclocking.com/team_list.php

Rosetta@home: https://boinc.bakerlab.org/

Protofy.xyz Ventilator: https://www.oxygen.protofy.xyz/

OS Covid Medical Supplies Group: https://www.facebook.com/groups/670932227050506/

Makers vs Virus: https://www.makervsvirus.org/en/

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.

Weaponizing Side Effects Of Consciousness

Our panel returns with more rants on Citrix, how nobody really understands ECC, Moxie Marlinspike’s talk at 36c3, and the debate about sharing open source attack tools.  Try to guess who was drunk.  

Talks we mention in this episode:

Surveillance of Assange: https://media.ccc.de/v/36c3-11247-technical_aspects_of_the_surveillance_in_and_around_the_ecuadorian_embassy_in_london

Unpublished Moxie Marlinspike talk: https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-674b1cb6b270 

Boeing 737 Max crashes talk: https://media.ccc.de/v/36c3-10961-boeing_737max_automated_crashes

Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.

Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.