Skip to main content
HackableYou Podcast

HackableYou Podcast

By HackableYou
Welcome to the HackableYou Podcast!
Join us as we sit down, crack open a beer and delve into the topic of cyber security.
With insights into Cyber News, Threat Intelligence, Incident Response and general SOC shenanigans. We aim to inform, educate and entertain all of our listeners whether you are a CISO, Security Engineer/Analyst or are just curious on the topic.

All that is left for you to do now is sit back, follow or subscribe and enjoy the HackableYou Podcast!
Listen on
Where to listen
Apple Podcasts Logo

Apple Podcasts

Breaker Logo

Breaker

Google Podcasts Logo

Google Podcasts

RadioPublic Logo

RadioPublic

Spotify Logo

Spotify

Currently playing episode

EncroChat, Organised Crime and SOC IR vs. Vulnerability Management

HackableYou Podcast

1x
T-Mobile Breach, Docker Containers, Make a House a SOC
T-Mobile Breach, Docker Containers, Make a House a SOC In this episode, we dive into the recent T-Mobile breach exposing millions of customers' data. We look at recent arrests for hacker-for-hire actors who made money hacking your iCloud to steal sensitive images and lastly new ShinyGoblin APT using tactics we may have seen used by the Winti group before. The topic of the week we touch on the topic of containerization and Docker, the uses and security threats against the modern DevOps tech. In our exclusive segment, Secrets from The SOC, Alex and I explain how we have made our house a SOC during the pandemic and allow us to be productive as we move into a remote working model.
41:36
September 5, 2021
Accenture Ransomware, ALPHABAY is Back, Attack Simulation
This episode brings you some great conversation on the week's cyber news. We report on the cyberattack against Accenture, holding them for ransom. New Phishing tactics are seen using morse-code to bypass security controls and the infamous ALPHABAY is back baby. With a new look and new rules which raise an eyebrow.... The topic of the week looks into Attack Simulation and how you can use tools like Atomic RedTeam, CALDERA, and the Attack Range tool to test and verify your security control configuration against the modern attacks of today. As we mentioned in the Podcast, what do you think the 5th stage of ransomware might be? Let us know on info@hackableyou.com and we will read some out next time round!  Thanks for listening and supporting us so far! Share with a friend or colleague.  Ed, Alex and Will. HackableYou Atomic Red Team: https://github.com/redcanaryco/atomic-red-team MITRE Caldera: https://github.com/mitre/caldera Attack Rage (Splunk): https://github.com/splunk/attack_range
38:08
August 15, 2021
No More Ransom, USB Cyber Attacks, Old School vs. New School SOCs
Hello and welcome back, it's great to have you here.  In this episode's Cyber News we cover Imperial Kitten/Tortoiseshell using fake Facebook profiles to masquerade as Aerobics instructors in order to exploit defence aerospace contractors, some positive news on the money saved via the No More Ransom movement and we also discuss how an infamous ransomware gang have been hit by ransomware themselves... In the topic of the week, we delve into the world of USB attacks and go over the 4 types of USB attacks with examples and discuss USB attack defences.  Lastly in Secrets from the SOC we go over what an Old School SOC would do and compare that to how a New School SOC operates. Which one are you working in? As always we would love to hear from you, please get in touch: info@hackableyou.com == TIMESTAMPS == Cyber News: 02:24 Topic of the Week: 14:34 SFTS: 22:48
35:17
August 1, 2021
Kaseya Ransomware, Password Attacks, SOC and IR APIs
In this episode we look into cyber news including; Kaseya supply chain ransomware attacks, Chinese hackers exploiting another 0day in a Solarwinds solution, and the critical Microsoft patch dubbed "PrintNightmare". In our topic of the week, we dive into the realm of Password Attacks looking at both active and passive attacks as well as the defences. As always in our exclusive segment Secrets from the SOC, we provide you with some practical insight into some great APIs you can hook into to help your SOC investigations.  We would love to hear your feedback, please get in contact at info@hackableyou.com Enjoy this episode!!
40:44
July 17, 2021
NOBELIUM Microsoft Compromise, Code Signing Attacks, File Hashing
NOBELIUM Microsoft Compromise, Code Signing Attacks, File Hashing You’re listening to the HackableYou Podcast. In this episode we report on Microsoft’s ongoing research into the Nobelium hacking group's activities, a data beach impacting Mercedes-Benz and more Web scraped LinkedIn data up for sale. The topic of the week touches on the subject of Code Signing, attacks, and countermeasures. Lastly, in Secrets from the SOC we discuss the use of file hashing and how you can use it in your role as a security analyst. Thanks for tuning in and we hope you enjoy! Timestamps: Cyber News: 2:50 Topic: 17:21 SFTS: 26:35 Alert Logic Cloud Migration Webinar - https://tinyurl.com/WebinarCloudMigration
35:33
July 4, 2021
ANOM Arrests, Capture The Flag, Law Enforcement
In this episode of the HackableYou Podcast, we highlight top cyber news including JBS Foods' ransom payment, TrickBot coder's 10-year jail sentence, and the FBI purpose-built encrypted device network deliberately created to catch criminals leading to tonnes of seized drugs and arrests. In Topic of The Week, we provide our top tips for a Capture The Flag exercise and how you can sharpen your approach to the mystery vulnerable boxes.  Lastly, in Secrets from The SOC, we give you sound advice on what to expect and how to work with Law Enforcement.  As always, we LOVE hearing from you, please get in touch and ask us questions or tell us stories at info@hackableyou.com
35:10
June 27, 2021
Cheesy Fingers, Initial Access Brokers, Starting Security Expectations
Welcome back to another episode of the HackableYou Podcast. In this episode you’ll learn about the EncroChat drug dealer who’s fingerprints were detected via an image he posted of a block of cheese. We discuss the Ransomware attack against audio giant Bose and an NSA agent who is facing prison time for holding secret information related to terrorist organisations in their home. The Topic of the Week explains the concept of Initial Access Brokers and what you need to be aware of. Lastly, in Secrets from the SOC we discuss what you can expect in the first few weeks of your new security job/role.
38:31
June 1, 2021
Washington Police Ransom, Living off the Land, Hacking Labs
Washington Police Ransom, Living off the Land, Hacking Labs Welcome back to another episode of the HackableYou Podcast. In this episode we mention the Washington Police Dept Babuk Ransomware attack, Passwordstate password manager breached and stolen passwords and the Emotet stolen emails that have been uploaded to HIBP. Our topic of the week is one of Ed's favorites as we discuss "Living off the Land" and provide a great Red .vs Blue insight. In our exclusive segment, Secrets from The SOC we show and tell our 1st and current hacking labs all stuff that you can do at home for FREE! We hope you enjoy it! === TIMESTAMPS === Cyber News: 01:22 Topic of the Week: 14:33 SFTS: 27:06
39:04
May 8, 2021
You’ve been Zucked, Web Data Scraping, Problem Solving 101
Our 1st Birthday giveaway is now live!  http://bit.ly/HBYgiveaway In this episode, we tuck into cyber news relating to a DNS vulnerability hosted on a vast amount of IoT devices around the world, the results of a recent study on cybersecurity awareness, and the infamous Facebook breach exposing 533million users' data via web scraping.  The Topic of the Week takes the Facebook Breach into more detail looking into Web Data Scraping at a deeper level.  Lastly, in our exclusive segment #SFTS we tackle how to solve complex problems that come your way during a SOC investigation and we discuss a couple of models you could use!  As always, thank you for listening!  HackableYou Team === Timestamps === Cyber News: 01:30 Topic of the Week: 14:14 STFS: 25:31
36:36
April 18, 2021
Ubiquiti Whistle-blower, Deep Fakes, Detection and Prevention
HAPPY 1ST BIRTHDAY HACKABLEYOU!  Join us as we celebrate our 1st Podcast since starting the podcast. In the cyber news, we discuss the Ubiquiti Whistle-blower, malicious crypto-mining docker containers, and another Apple iOS 0day vulnerability that is actively being exploited in the wild. In Topic of the Week Alex leads us through the complex technology behind Deep Fake with a cyber threat focus. Last, but not least in Secrets from the SOC we discuss the difference between detection and prevention systems and why there is a use-case for both.  GIVEAWAY! Make sure you follow our socials and our website for details on the BIRTHDAY GIVEAWAY for your chance to win some amazing prizes including HackableYou swag.  Time Stamps: Cyber News: 06:44 Topic of the Week: 15:33 SFTS: 22:44 We would love to hear from you. Get in touch at info@hackableyou.com
31:12
April 3, 2021
Twitter Hacker Jailed, New Routines, SOC Spring Clean
Guess whos back? Back again... HackableYou is back with another awesome episode full of cybersecurity news, a topic of the week, and our Secrets from the SOC. We report on the Teen responsible for the Twitter hacks prison sentence, the MoD incident report leaks, and the new variant of Mirai Botnet targeting unpatched routers and IoT.  Topic of the week dives into a more human element of all of us and talks about what COVID remote working means for your work routine and what you have learnt over the last year. Last but not least, in #SFTS we give you our view on a Springtime SOC cleanup of your processes, feeds and strategy. Please enjoy!  ---- TIMESTAMPS ---- Cyber News: 01:33 Topic of the Week: 17:08 SFTS: 28:04 We'd love to hear from you! Get in touch at info@hackableyou.com
36:07
March 19, 2021
Exchange Vulns, A Passwordless Future, SOC Stand-ups
In this episode of the HackableYou Podcast: We look at the ex-CEO of SolarWinds blame for the hack on an intern with a weak password, the Malaysia Airlines 9 year-long data breach, and the new critical Microsoft Exchange vulnerability actively being exploited by Chinese hackers. In Topicpic of The Week, we debate the idea that passwords are not here to stay and what the concept of Passwordless authentication means for the future. Lastly in our exclusive segment, Secrets from the SOC we discuss the importance of daily and routine standups or huddles when working in high-performing security teams and operations centers.  Timestamps: Cyber News: 02:34 Topic of The Week: 13:52 SFTS: 22:54 CVE Details: CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability in Exchange that allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server. CVE-2021-26857 is an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program. Exploiting this vulnerability gave HAFNIUM the ability to run code as SYSTEM on the Exchange server. This requires administrator permission or another vulnerability to exploit. CVE-2021-26858 is a post-authentication arbitrary file write vulnerability in Exchange. If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin’s credentials. CVE-2021-27065 is a post-authentication arbitrary file write vulnerability in Exchange. If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server. They could authenticate by exploiting the CVE-2021-26855 SSRF vulnerability or by compromising a legitimate admin’s credentials.
29:22
March 5, 2021
Water Supply Hacked, Social Engineering, Reputation Blacklists
Back again with another great episode of the HackableYou Podcast.  This week in the Cyber News we shed light on how some of the Top tech firms like Microsoft, Tesla, Apple have all been compromised through open source code repositorys, we discuss the Yandex insdier who had unauthorised access to 5000 user email accounts and give you our view on the recent Florida based water supply companies remote access hack that could have poisoned thousands of people.  Our Topic of the week dives into "The Art of Social Engineering" and we talk about how Social Engineering is far more than just phishing.  Lastly, in Secrets from The SOC we give you practical advise on how to use Reputation Blacklists for IP Addresses and other IOCs. We hope you enjoy and feel free to contact us at info@hackableyou.com Timestamps: Cyber News: 01:37 Topic of The Week: 13:18 SFTS: 23:59
32:50
February 19, 2021
Emotet Takedown, HoneyPots, Typosquatting
Back again with another episode of the HackableYou Podcast. This time it's just Ed and Alex while Will is away. In our Cyber News we talk about the recent Law Enforcement involvement in taking down the Emotet Botnet, the Washington State Audit Office data breach leaking 1.6million records of employment claims and a recent update to Agent Tesla RAT including new evasion techiques. Topic of The Weeks looks at HoneyPots, HoneyNets and Deception Technology and the role they play acorss a security fuction. Go and have a look at Canary Tokens and the Honeynet Project. In our exclusive segment Secrets from The SOC we dive into the topic of Typosquatting and associated threats behind a simple milseplt domain name. We really hope you enjoy the Podcast and we would love to hear from you! Get in touch at info@hackableyou.com ---- Timestamps ---- CyberNews: 01:29 Topic of The Week: 15:46 SFTS: 24:49
33:14
February 5, 2021
Dating App Hacks, Detecting the Anomaly, Mentor or Coach?
Season 2 Episode 2 of the HackableYou Podcast! This time round we discuss the recent Malwarebytes hack related to the SolarWinds supply chain breach.  UK Department of Education shipping out laptops to children riddled with Russian malware and the Dating App MeetMindful's hack potentially exposing 2.28 Million users data. Alex leads us through Anomaly Detection and some simple use cases in Topic of The Week. Lastly in Secrets from the SOC we talk about Mentoring and Coaching, what the difference is and why it is a useful tool to engage with in your career!  We hope you enjoy! Cyber News: 01:44 Topic of The Week: 15:24 Secrets from the SOC: 21:29
29:17
January 26, 2021
Ticketmaster Espionage, Solarwinds Orion Hack, 2021 Challenge
We are BACK! Hello 2021 and Season 2 of the HackableYou Podcast! Check out our first episode of the new year. With Cyber News related to Babuk Ransomware, Ticketmaster Cyber Espionage and JusPay Amazon merchant PCI Breach. Topic of the week focuses on the SolarWinds Orion Hack with a deeper dive into the details.. We also challenge YOU to learn something NEW and develop a skill in Secrets from the SOC. Share with a firend or colleage and lets get this season started! Cyber News: 01:44 Topic of the Week: 10:23 Secrets from the SOC: 19:10
29:31
January 11, 2021
FireEye Hacked, 2020 Review vs. 2021 Predictions, SOCs at Christmas
Join us as we cap off Season 1 of the HackableYou Podcast for this year!  We discuss in depth the recent FireEye state sponsord hack, as well as recent EMA COVID Vaccine data breaches. In our topic of the week we take a look back at the whirlwind year of 2020 from a cyber persepctive and touch on what we think will shape the ether in 2021. Lastly in our Secrets from the SOC, we look at the challenges around working in a SOC over Christmas and what you can expect.  Thank you to EVERYONE who has supported, listened and share the Podcast we are truely grateful for the support and we have loved watching this platform grow.  We are taking a well earned break now and we will be back in January 2021 for Season 2 of the HackableYou Podcast. See you then!! The HackableYou Team info@hackableyou.com https://hackableyou.com
34:47
December 14, 2020
cit0day Breach, Black Hat Hackers, Critical Vulnerability Response
This is Episode 18 of the HackableYou Podcast!  In this week's episode we cover the cit0day data breach collection, INTERPOL arrests against a Nigerian BEC cyber group and the Manchester United FC security incident.  We discuss the types of Black Hat Hackers in the last of a 3 part series on types of hackers. We range from script kiddies to APTs. Lastly, our exclusive segemnt - Secrets From The SOC, we talk about how a security operation should respond to a critical vulnerability disclosure and what you could be doing to prepare for the next one. As always, thank you for listening, be sure to share with a friend and we will catch you in the next one! info@hackableyou.com Cyber News: 2:24 Topic of the Week: 14:33 SFTS: 32:36
41:42
November 26, 2020
Goodbye Maze, Grey Hat Hackers, Malicious Web Traffic
Join us on this episode as we discuss news items on Maze quitting the ransomware game, Microsoft Teams fake updates delivering CobaltStike, and Russian disinformation against the UK's COVID-19 vaccine. Topic of The Week extends our series looking to the different hats in Security, this week focusing on Grey Hat Hackers.  Lastly, in our exclusive segment Secrets from the SOC, we give you practical guidance on how to investigate malicious web traffic.  As always we want to hear from you! Any stories or Feedback please email us at info@hackableyou.com Cyber News: 01:42 Topic of The Week:  12:15 SFTS: 23:56 Thank you for listening! 
33:21
November 17, 2020
Halloween Special: USA Election, White Hat Hackers, The Dark Web
HackableYou HALLOWEEN Special!  In this week's spooky edition of the Podcast, we bring new a great set of topics including Dr. Reddy's COVID19 Vaccine Hacks, The defacement of President Trump's election campaign website, and a cheeky credential stuffing attack against Nandos. Our topic of the week introduces a 3 part series looking into the 3 types of hackers, with a focus on White Hat Hackers.  Lastly, in Secrets from the SOC we dive into the darkness that is the Dark Web and Dark Net and explains what it is and why you should care about it. Cyber News: 01:50 Topic of the Week: 15:41 Secrets from the SOC: 27:26 Enjoy and Happy Halloween! We would love your feedback - please get in touch via info@hackableyou.com
37:15
October 30, 2020
Hacked Sex Toys, Cyber Awareness Month, Security Certification Paths
This week we bring you a lightly extended episode of the podcast covering topics such as Maze Ransomware Virtual Machine delivery, TrickBot disruption campaign and hilarious news regarding a IoT chastity belt that can be hacked to lock you in" Out topic of the week covers Cyber Security Awareness Month and the importance on educating staff on cyber threats. Last but not least, in Secrets from the SOC we answer a repeat question from listeners about Cyber Security Certifications and what out opinion on a great learning path you could take.  Thanks for listening, we hope you enjoy!
45:09
October 16, 2020
Malicious QR Codes, NHS COVID App, SOAR and Automation
Malicious QR Codes, NHS COVID App, SOAR and Automation This week we bring you a slightly longer episode! With great conversation surrounding the risk posed by malicious QR codes, the Russian LinkedIn hacker sentenced to 7 years in prison and the sad news of a death related to hospital ransomware.  Our topic of the week talks about the NHS COVID 19 App and the role of Data Privacy and Information Security. As always, in Secrets from the SOC we gove you out thoughts on the role of SOAR and Automation, and what you could be doing to adopt this in your role!  Cyber News - 1:36 Topic of the Week - 21:46 Secrets from the SOC - 33:27 Thank you for listening! info@hackableyou.com
42:10
October 4, 2020
ZeroLogon, Network vs Application Attacks, IR Top Tips
Hello!  We are back with Episode 13 of the HackableYou Podcast. This week we mention Government plans to give energy providers remote access to your smart meter,  KnowB4 Awareness Training Phishing, and the critical Zero Logon Vulnerability. The topic of the weeks gives a high-level touch on Network and Application attacks. Lastly in Secrets from the SOC, we gove you our ultimate top 3 tips for cybersecurity major incident response you should start doing.  Thank you to all our listeners so far!  email: info@hackableyou.com Podcast Sections: Cyber News: 1:36 Topic of the Week: 10:28 Secrets from the SOC: 18:32
28:52
September 21, 2020
DDoS and AlphaBay, Kill Chain & ATT&CK, Security Conferences
Join us on episode 12 of the HackableYou Podcast as we discuss the Apple Mac Malware Shlayer, DDoS attacks on the New Zealand Stock Exchange and the 11-year prison sentence given to a moderator of the Dark Web market place AlphaBay.  In our topic of the week, we break down the Cyber Threat Kill Chain and touch upon the MITRE ATT&CK framework. Lastly, in Secrets from the SOC we guide through how to make the most of a cybersecurity conference, whether it's in-person or virtual. We would love to hear from you,if you have feedback or some stories to share. Please get in contact at info@hackableyou.com We hope you enjoy it!
32:15
September 4, 2020
SANS Data Breach, Live Response, CSIRTs
Join us in Episode 11 as we look at the Phishing attack that caused the SANS Data Breach, a credential stuffing attack against the Canadian Government, and whether paid for threat intelligence is really worth it. We introduce the concept of life response and help you understand how to do it. Last but not least Secrets from the SOC exposes how a CISRT is built up and why they are important.
32:32
August 21, 2020
Garmin Ransomware, Hacker Infrastructure, Malware Analysis
Listen in this week as we report on updated Twitter hack arrests, Garmin Ransomware, and the Blackbaud hacks. Our topic of the week exposes how hackers' infrastructure is set up and the concept of Command and Control. In our exclusive segment, Secrets from the SOC we give you a Malware Analysis 101 and how to understand the difference between static and dynamic reverse engineering.  We would love to hear from you! If you have thoughts, feedback, or would like to be on the Podcast please get in touch at info@hackableyou.com.
32:49
August 7, 2020
Russian Threat, Mental Health, Using Threat Intelligence
Join us with our SPECIAL GUEST Oli Lacey-Reed as we discuss the cyber news, including Twitter VIPs Bitcoin scams, Trickbot Emotet double trouble malware, and the recent report from the NCSC on the Russian Cyber Threat. We openly talk about burn out and mental health in our Guests topic of the week. As always, Secrest from The SOC brings our insight into the basics of Cyber Threat Intelligence and how to use it!
38:21
July 24, 2020
EncroChat, Organised Crime and SOC IR vs. Vulnerability Management
Join us in episode 8 of the HackableYou Podcast.  This week we report on the EncroChat criminal communications network, Kaspersky's stats on virus submission, and Office 365 Phishing campaigns stopped.  The Topic of the Week follows on from EncroChat and dives into the topic of Organised Crime Groups As always, Secrets from the SOC discusses the role of SOC IR and Vulnerability management when critical vulnerabilities are publicly disclosed.   Enjoy!
32:47
July 10, 2020
Twitter Breach and BLM Trickbot, BEC and Communication Skills
Join us this week as we discuss the recent Twitter Breach, Black Lives Matter Trickbot, and the World Record DDoS attack.  Our topic of the week looks at a growing trend in Business Email Compromise (BEC) and what you can do about it As always, Secrets from the SOC we provide you advice on the importance of communication and articulation needed as a Security Analyst.  We have grown our social media platform to allow you guys and girls to connect with us. Just search for HackableYou on Twitter, Instagram, LinkedIn, and Facebook! 
32:39
June 26, 2020
Honda Ransomware, Sub-domain Takeover and Table Top Exercises
Today we discuss the most recent Snake Ransomware attack on Honda and other news. Our topic of the week looks at Sub-domain takeover and the importance of monitoring your DNS and in our exclusive segment, Secrets from the SOC we look at Incident Response and the importance of Table Top Exercises. 
32:59
June 14, 2020
EasyJet and Celebrity Breaches, Defence in Depth and Entering the Security Industry
Episode 5 - EasyJet and Celebrity Breaches, Defence in Depth and Entering the Security Industry Today we discuss the EasyJet breach impacting 9 million customers, we assess the ransomware attack against a law firm representing A-List Celebrities Our topic of the week is the concept of Defence in Depth and as always in Secrets from the SOC we discuss how you can prepare to enter the cybersecurity field.
41:00
May 29, 2020
Magecart Favicon, Biometric Security and Open Source Security Tools
Episode 4 - Magecart Favicon, Biometric Security, and Open Source Security Tools. Today we discuss the most recent Magecart attack using a website Favicon and other news. Our topic of the week dives into the world of biometric security and we give you our top, free, and open-source security tools you can use in an investigation. == List of Tools == https://urlscan.io/ https://www.hybrid-analysis.com/ https://any.run/ https://sitecheck.sucuri.net/ https://www.ipvoid.com/ https://otx.alienvault.com/
43:22
May 15, 2020
Cognizant Ransomware, Exposed Docker, Traditional vs. Cyber Crime and SOC Roles
Hello and welcome to Episode 3 of the HackableYou Podcast. Join us on the Podcast as discuss topics around; The Cognizant Maze ransomware attack, exposed docker, Traditional vs. Cyber Crime, and the roles needed with a Security Operations Centre. Please follow the podcast and all our social links to stay up-to-date! Thank you for listening, we hope you enjoy!
45:57
May 1, 2020
Google Contact Tracking, Dark Nexus and Self Learning
Hello and welcome to Episode 2 of the HackableYou Podcast. Join us on the Podcast as discuss topics around; Apple and Google Contact Tracking, Meghan Markle, The Dark Nexus Botnet and our exclusive segment Secrets from The SOC. Please follow the podcast and all our social links to stay up-to-date! Thank you for listening, we hope you enjoy!
44:15
April 17, 2020
Intro, COVID19, HouseParty and An Attackers Mindset
Hello and welcome to Episode 1 of the HackableYou Podcast. Join us as we introduce ourselves and the Podcast as well as discuss topics around; COVID-19, HouseParty and An Attackers Mindset. Please follow the podcast and all our social links to stay up-to-date! Thank you for listening, we hope you enjoy!
40:36
April 4, 2020
HackableYou Podcast - Introduction
Hello and Welcome to the HackableYou Podcast.
01:21
March 21, 2020