Skip to main content
Hacker Talk

Hacker Talk

By Hacker Talk
Every second week, Hacker Talk brings you interesting conversation between some of the world best hackers, cyber security professionals and information security people.
Hackers on Planet Earth with Greg Newby and Mitch Altman
Hackers on Plant Earth - Hope with Mitch Altman and Greg Newby Hackers on Planet Earth(HOPE), is a biannual volunteer-driven hacker conference that got started in 1994. On the hacking and phone phreaking's magazine 2600 10th anniversary. In this episode of Hacker Talk, we are joined by two hackers that are behind the curtain at the HOPE conference.   Greg Newby and Mitch Altman are both two impressive Hackers, helping the   HOPE conference be the amazing hacking conference it is today.    In this episode we cover:   How Hope has evolved during the years   Greg and Mitch's journey's into the hacking mindset    Problems with big pharma and the importance of biohacking   HOPE moving location from Hotel Pennsylvania to Saint John's University      Hackerspaces    exploring technology    Phone phreaking    Life-changing events at HOPE    Demoscene with original hardware from the 1980'ies at HOPE     Making 8-bit generated art and music       Running a physical hacker conference       Hidden gems at HOPE    How can you can run your own conference    Logistics behind the HOPE conference    Links:   https://hope.net/       https://petascale.org/    https://en.wikipedia.org/wiki/Mitch_Altman     https://2600.com    https://archive.org/details/HOPE-3-The_Hacker_s_Code    https://en.wikipedia.org/wiki/Demoscene     https://en.wikipedia.org/wiki/Hackers_on_Planet_Earth   The Hacker Talk team will be at May Contain Hackers which will take place    in the Netherlands at the same time as the HOPE conference. Find us    for some stickers and Hacker Talk swag!  
01:05:26
June 20, 2022
Programmable Philosophy with Steve Phillips - Part 1
Steve Phillips, is an interesting developer, privacy advocate, hacker and thinker. Tune into this episode of Hacker Talk as we are joined by Steve Phillips in this Programmable Philosophy special. In this episode we cover:   Steve's journey into technology   Being able to build and utilize tools Cypherpunk Privacy, Encryption Philosophy with programming Proving philosophical theories with programming Python, Django Paul gram Putting the technologist first in companies Combining programming with entrepreneurship Going from utilizing one computer core to multithreading  Clojure lisp, using all the libraries from lisp and java.   Static typing  Golang in 2010, From the one-year anniversary to hacker news. Golang's history.   go fix - Automatically rewriting code for new API calls and dependencies.   Creating software that lasts forever, making it easy for developers to upgrade old versions. Make standards that the code will use to    automatically upgrade the old code, and avoid breaking core functionality.  Dependency management Long build times V programming language  Fast compile times in V and Go.   Green threads, go routines. Efficient concurrency with low overhead.     Small runtime languages.   Designing encrypted protocols, threat models.   Use libsodium LeapChat secure chat    Securing a large number of people   End-to-end encryption with web applications, not trusting the middleman Trusted service workers in modern browsers, preinstall javascript.  Detecting malicious new versions of javascript code.    Web assembly, practical use-cases for web assembly. Allowing users to run precompiled binaries on any platform in a browser.    How Web assembly run's in a very low overhead sandbox.   Docker will be replaced by podman  How docker is not the silver bullet for security, alternatives to it.   Trusted microservices environments.   Privilege separation   web assembly nano process model No need to trust the libraries that you use.   Sandboxing, Electrum apps.  Running C++ 20% slower with web assembly.   Shopify's and Cloudflare's use of web assembly Nomad, Kubernetes is too complex Docker daemon Links: https://tryingtobeawesome.com https://www.goodreads.com/book/show/16153182-cypherpunks    http://www.executablephilosophy.org/ https://en.wikipedia.org/wiki/Paul_Graham_(programmer)   https://www.djangoproject.com/ https://clojure.org/guides/learn/sequential_colls https://www.educative.io/answers/what-is-a-goroutine https://vlang.io/    https://www.leapchat.org/     https://doc.libsodium.org/      https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API    https://webassembly.org/docs/security/   https://www.nomadproject.io/   https://podman.io/   
01:02:49
June 14, 2022
Black Hat Python with Tim Arnold and Justin Seitz
This episode is the first time the authors of the book: Black Hat Python. In today's episode of Hacker Talk Justin Seitz and Tim Arnold joins us on the show and we get to hear Tim and Justin stories about Python, Hacking and a lot more! In this episode we cover: Journey into hacking and technology Finding like-minded people, dopamine kicks Infosec community CackalackyCon Issa  https://en.wikipedia.org/wiki/Information_Systems_Security_Association Tinkering  Python Creating IT-security python courses  From Twitter to Nostarch Exploits for Windows 10 and 64bit machines Favorite python libraries, Lxml, requests Syscalls with PyPledge, visualizing packet analysis with scapy Programming, Microsoft basic, PHP, vb6,  the future with golang Virtual environments in python Workflow for programming Visual code studio, Microsoft turning good Wingware Wingide with immunity debugger Hunchly's daily dark web report Archive.is to archive .onion sites Onionscan Fresh onions Modern exploit and zeroday writing Ms08067 exploit How to write books Best practices for writing
01:04:05
May 31, 2022
Compromising Covid-19 systems with Pavol Luptak
Buckle in for a great episode of Hacker Talk! Pavol Luptak, CEO of Nethemba joins us, and walks us through the vulnerabilities that were found in Slovakia's covid-19  PCR and anti-gen authority. Tune into the most technical and detailed covid-19 hacking episode, right here on Hacker Talk. In this episode we cover: Pavol's journey into it-security old-school Unix privilege escalation attacks Traditional C and Assembly, shellcodes Becoming a penetration tester Rfid Finding vulnerabilities in parking system, parking in Bratislava for free Hacking Slovakia's covid-19 systems extracting PCR and anti-gen covid-19 tests for all Slovakian citizens. Finding vulnerabilities in PCR test authorities. enumeration attacks. Slovakian eHranica forms. Generating birthdate number. Finding birthdates on Facebook and Wikipedia Leveraging different parts of the systems to make them work together Impersonation attacks OWASP Web Security Testing Guide Cracking Captcha's Rate limiting requests Security mitigations that you can user Central European Bug Bounty programs Hacktrophy Best practices for bug bounties for enterprises How to get started with penetration testing The new smart contract security field Personal number generation script: #!/bin/bash for (( year=54; year < 100; year++))); to for (( month=1; month < 13; month++))); to for (( day=1; day < 32; day++))); to for (( suffix=0; suffix < 10000; suffix++)) to final=$(( $year*100000000+$month*1000000+$day*10000+$suffix )); if (( final % 11 == 0 )); then printf "%010d\n" $final; fi done done done done External Links: https://nethemba.com/possibility-of-widespread-leak-and-misuse-of-eu-vaccination-certificates/ https://nethemba.com/kriticka-zranitelnost-v-aplikacii-moje-ezdravie-unik-databazy-pacientov-testovanych-na-covid-19/ https://slides.com/nethemba/how-trivial-critical-vulnerabilities-can-lead-to-a-complete-leak-of-sensitive-covid-19-data-on-all-citizens-of-the-country https://spectator.sme.sk/c/22722505/serious-flaw-in-ehranica-form-attackers-able-to-send-people-into-self-isolation.html https://wilderko.medium.com/ https://owasp.org/www-project-web-security-testing-guide/ https://nginx.org/ https://docs.nginx.com/nginx-waf/ https://en.wikipedia.org/wiki/Cloudflare https://hacktrophy.com/en/ https://nethemba.com/resources/ehranice-critical-vulnerabilities.pdf
53:56
May 16, 2022
David Jacoby
David Jacoby, is a Swedish Hacker, Professional Penetration tester, Security Researcher, featured in the Swedish it-security show called "Hackad" and our guest of honor today! In this episode of Hacker Talk, we are joined by the Swedish hacker David Jacoby! Have you ever watched a video on your phone in your spare time? what if the site had a malicious javascript that will scan your internal    network for smart devices and then trigger a remote code execution?  Join us as we deep dive into IT-Security, get to hear how David got into hacking, and a lot more! Topics we covered: Phone Phreaking in Sweden Software security David's journey into hacking   Privilege escalations on older systems Linux system administration Bulletin board system Running bbs systems at home through a raspberry pi Making security stronger and helping people   Password reuse Säkerhet och sekretess Magazine Red team penetration testing How to motivate your organization to implement a security program    Attacking consumer devices, hacking smart devices at home Scanning internal networks without a shell using a javascript scanner in the client's browser     Hacking internal devices such as Network Attached Storage devices.    enumerating networks and scanning with javascript Consumer devices lifespan, testing certifications, best practices for vendors    Submitting security vulnerabilities Hack.se, the Swedish hacking scene, and background    Favorite Pentesting tools, netcat openbsd version   Network segmentation Bad common patterns for enterprise networks   Stealing paste buffers    Securing society at a large scale     The future of information technology security   External Links:    https://www.imdb.com/title/tt15746988/     https://en.wikipedia.org/wiki/Bulletin_board_system    https://www.youtube.com/watch?v=GQpQHqIKE5E   https://www.youtube.com/watch?v=_0hXeNRGetg    https://se.linkedin.com/in/djacoby    https://www.davidjacoby.se/    https://nmap.org/ncat/     https://man.openbsd.org/nc   https://www.trustedsec.com/tools/crackmapexec/    https://www.hypr.com/password-reuse/    https://en.wikipedia.org/wiki/Internet_Relay_Chat  
01:13:18
May 02, 2022
Ben Kurtz - Golang Malware part 2
Ben Kurtz - Golang Malware part 2  Topics covered: Golang Hells gate, direct system calls on windows How system calls are normally done in windows, Windows Kernel Evading anti malware detection on Windows with Banana Phone How to get started writing c2's in golang.   Sliver, Opensource golang command and control.  Red team mindset    Evolution of programmers, bad patterns    CVE's, common vulnerability enumeration number   Auditing source code    Javascript frameworks   Cross site scripting, SQL injection and XXE(Xml External Entity) for scanning internal networks and exfiltrating data.    Building secure code bases    Security Engineers     Supervisory control and data acquisition (SCADA)    log4j   Remote of execution and directory traversal in Java, Java's file constructor, LDAP and DirContext      Golang for micro services    Python  Common bad patterns  LDAP injection   Modern security nightmares     Remote debug protocols     String concatenation    Resistance to current modern implementation and safer framework.   Finding bugs in games that can be used to attack power-plants.      Dependency management      Backdoor factory   Bettercap   Man in the middle   Spoofing BGP   BGP hijacks Links:   https://github.com/Binject   https://github.com/C-Sto/BananaPhone   https://github.com/BishopFox/sliver     https://cve.mitre.org/ https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing    https://www.youtube.com/watch?v=FkuUpg5FO2g     https://en.wikipedia.org/wiki/SCADA   https://en.wikipedia.org/wiki/Log4j    https://www.coding-bootcamps.com/blog/build-containerized-applications-with-golang-on-kubernetes.html    https://docs.oracle.com/javase/8/docs/api/index.html?javax/naming/directory/DirContext.html    https://apache.org/foundation/foundation-projects.html   https://docs.oracle.com/javase/8/docs/api/index.html?javax/management/JMX.html    https://en.wikipedia.org/wiki/Java_Debug_Wire_Protocol    https://www.freecodecamp.org/news/big-o-notation-why-it-matters-and-why-it-doesnt-1674cfa8a23c/   https://github.com/bettercap/bettercap    https://www.bettercap.org/   https://bgpmon.net/    https://en.wikipedia.org/wiki/BGP_hijacking   https://labs.ripe.net/author/vastur/bgplay-integrated-in-ripestat/     https://www.symbolcrash.com/podcast/    https://www.youtube.com/symbolcrash     
01:06:49
April 19, 2022
Golang Malware with Ben Kurtz Part 1
Ben Kurtz, is an interesting hacker that has been involved in the infosec space for over 20 years.  He has done a large chunk of research into writing malware and post-exploitation tools in the Golang programming language.  Tune into this episode of Hacker Talk as we are joined by Ben Kurtz and deep dive into Golang Malware. In this episode of Hacker Talk, we cover the following topics: Getting into programming, apple 2, hacking, bulletin board systems,  pirating apple 2 software unix security, shadow and files in the /etc/ folder     evolution of network security since 1994 first talk at DEFCON, life as a developer LISP Dan Kaminsky, recruited as a professional hacker  Learning different programming languages Learning pascal in a basement   Functional programming, constraint solver   Getting into the Golang flow.   Plan-9 redoing C++ Getting into Golang malware encrypted mesh network Ratnet Iran shutting down tls connections Internet Censorship  Code audits Writing malware in different languages V programming language Nym programming language dild, dynamic loading library in OSX parsing memory in golang process execution block loading windows syscall's evading anti-malware systems hells gate, direct windows system calls Network traffic obfuscation online communities that have been running for a long time, Second Life   Offline mesh network   Red team penetration Write your own malware implant as a penetration tester.      Obfuscating malware traffic    writing malware   Sliver, opensource version of cobalt strike, Command and Control Server    testing malware  setting up a test environment      Penetration testing as a Red Team.    Golang Antivirus/EDR evasion    Enterprise network monitoring     Shellcode loaders in pure golang     Rewriting the backdoor factory in golang. Obfuscating binaries with the custom golang debug library  Parsing executables from memory(RAM) universal system binary loader without touching disk Links:     https://www.hack-the-planet.net/    https://github.com/awgh     https://github.com/Binject    https://github.com/Binject/go-donut        https://github.com/C-Sto/BananaPhone/ https://www.symbolcrash.com/wp-content/uploads/2019/02/Authenticode_PE-1.pdf https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/ https://github.com/boku7/HellsGatePPID https://teamhydra.blog/2020/09/18/implementing-direct-syscalls-using-hells-gate/   https://vxug.fakedoma.in/papers/VXUG/Exclusive/HellsGate.pdf    https://2600.com/ https://en.wikipedia.org/wiki/Bulletin_board_system   https://en.wikipedia.org/wiki/Plan_9_from_Bell_Labs    https://go.dev/ https://go.dev/doc/effective_go    https://github.com/awgh/ratnet    https://github.com/BishopFox/sliver   https://www.youtube.com/watch?v=3RQb05ITSyk  | Golang Malware defcon talk  https://vlang.io/     https://vlang.io/compare    https://en.wikipedia.org/wiki/Nim_(programming_language)   https://github.com/vyrus001/go-mimikatz    https://github.com/vyrus001/go-mimikatz/blob/master/packer/packer.go   
01:06:08
March 16, 2022
Threat intelligence with Dan Demeter
Dan Demeter, well-known security researcher in the Romanian information-security space.  In 2014, Dan joined Kaspersky as a malware Security researcher, since then he has worked with various advanced anti-malware solutions and   is currently working with Threat Intelligence in Kaspersky's Global Research and Analysis Team. In this episode of Hacker talk, we deep dive into malware, threat intelligence, advanced persistent threats, security and defensive security with Dan.  Topics covered in this episode: Getting into infosec Romania in the early personal internet space, connecting rj45 network cables to potatoes  milw0rm, Bugtraq mailing list, backtrack, hell bond hackers  Capture the flag(CTF) competitions Internet café Threat intelligence Security research Kaspersky Advanced persistence threats, what is an advanced persistence threat?  Finding advanced malware in the wild. Threat levels for individuals Threat modeling Enterprise and consumer malware Antivirus programs targeted malware malware for crypto-currency projects finding advanced malware as a threat intelligence researcher bypassing advanced malware checks Reverse engineering malware ollydbg, NSA decompiler Malware obfuscation techniques yara rules  wrapping malware with VM protect Post exploitation malware stages Lazarus Malware, Bangladesh Cyber Bank Heist Malware on sim-cards Using satalite ip addresses reporting malicious command and control servers  malware campaigns spreading in Romania   phishing and identity theft Bring your own device policy Stay safe working from home   Best ways to protect yourself online   Writing malware signatures and writing yara rules malware similarity engines Links: https://hackthissite.org/ https://hbh.sh/home    https://en.wikipedia.org/wiki/Bugtraq    https://en.wikipedia.org/wiki/BackTrack    https://cnc-central.fandom.com/wiki/Command_%26_Conquer:_Red_Alert_-_Remastered    https://securelist.com/ https://securityespresso.org/    https://www.kaspersky.com/    https://twitter.com/kaspersky   https://twitter.com/_xdanx https://en.wikipedia.org/wiki/OllyDbg   https://hex-rays.com/IDA-pro/    https://ghidra-sre.org/   https://vmpsoft.com/    https://github.com/ParrotSec/mimikatz    https://en.wikipedia.org/wiki/Lazarus_Group   https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery    https://www.kaspersky.com/cyber-crime-lazarus-swift    https://www.kaspersky.com/about/press-releases/2021_security-analyst-summit-back-online-on-september-28-29    https://securelist.com/equation-group-from-houston-with-love/68877/   https://securelist.com/satellite-turla-apt-command-and-control-in-the-sky/72081/   https://www.nbcnews.com/tech/security/facebook-sues-israel-s-nso-group-over-alleged-whatsapp-hack-n1073511   https://en.wikipedia.org/wiki/Regular_expression https://github.com/VirusTotal/yara https://github.com/neo23x0   https://www.tripwire.com/state-of-security/featured/operation-shadowhammer-hackers-planted-malware-code-video-games/    https://en.wikipedia.org/wiki/Red_October_%28malware%29
01:35:02
March 03, 2022