Undetected - a web security podcast by Detectify

05 Cecilia Wik - A Lawyer's Take on Hacking

Computer Fraud and Abuse Act: https://www.justice.gov/jm/jm-9-48000-computer-fraud [https://www.justice.gov/jm/jm-9-48000-computer-fraud] Kevin Mitnick https://en.wikipedia.org/wiki/Kevin_Mitnick [https://en.wikipedia.org/wiki/Kevin_Mitnick] https://www.mitnicksecurity.com/about-kevin-mitnick-mitnick-security [https://www.mitnicksecurity.com/about-kevin-mitnick-mitnick-security] Aaron Swartz https://en.wikipedia.org/wiki/Aaron_Swartz [https://en.wikipedia.org/wiki/Aaron_Swartz]

04 Tom Hudson (@TomNomNom) - Hacking Things Back Together

DEFCON: https://www.defcon.org/ Impostor Syndrome https://en.wikipedia.org/wiki/Impostor_syndrome Tom’s Youtube channel https://www.youtube.com/channel/UCyBZ1F8ZCJVKSIJPrLINFyA Tom’s Github https://github.com/tomnomnom Nahamsec: https://twitter.com/NahamSec

03 Laura Kankaala - Attackers and Defenders against COVID-19

E-mail scams advisory by WHO [https://www.who.int/about/cyber-security] Ransoms (pay x bitcoin so we don’t infect you with corona) [https://nakedsecurity.sophos.com/2020/03/19/dirty-little-secret-extortion-email-threatens-to-give-your-family-coronavirus/] Zoom bulbs - Not a new thing, 2019 security researcher Jonathan Leitschuh found a vulnerability where any website can open up a video-enabled call on a Mac with Zoom app installed or uninstalled app and turn on the camera among other things. [https://www.theverge.com/2019/7/9/20688113/zoom-apple-mac-patch-vulnerability-emergency-fix-web-server-remove] Zoom bombing (shared public meetings), zWarDial [https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/] Shodan - search engine for Internet-connected devices [http://www.shodan.io] Pirated Wordpress plugins https://securityaffairs.co/wordpress/100479/malware/wp-vcd-plugin-coronavirus.html [https://securityaffairs.co/wordpress/100479/malware/wp-vcd-plugin-coronavirus.html]

02 Fredrik N. Almroth - Bug Bounties

1. 5:15 Tesla DOOM XSS How we invented the Tesla dom doom xss [https://labs.detectify.com/2017/07/27/how-we-invented-the-tesla-dom-doom-xss/ ] 2. 10:26 Google XXE How we got read access on googles production servers [https://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/] 3. 24:40 Bug Bounties Continue to Rise, but Market Has Its Own 1% Problem [https://www.darkreading.com/vulnerabilities---threats/vulnerability-management/bug-bounties-continue-to-rise-but-market-has-its-own-1--problem/d/d-id/1335689] Fredrik's recommendations for bug bounty hunters: Tomnomnom's YouTube channel [https://www.youtube.com/channel/UCyBZ1F8ZCJVKSIJPrLINFyA] Stök's YouTube channel [https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg]

01 Johan Edholm - Evolution of hacking; Web Security to companies of all sizes

What is phreaking - https://en.wikipedia.org/wiki/Phreaking [https://en.wikipedia.org/wiki/Phreaking] What is Responsible Disclosure: https://blog.detectify.com/2018/02/27/guide-responsible-disclosure/ [https://blog.detectify.com/2018/02/27/guide-responsible-disclosure/] Hackers for Charity: https://www.hackersforcharity.org/ [https://www.hackersforcharity.org/] Books mentioned: Art of Deception by Kevin Mitnick Ghost in the Wires by Kevin Mitnick Speakers: Host: Laura Kankaala - Security Researcher at Detectify Guest: Johan Edholm - Co-founder and SysOps at Detectify www.detectify.com [www.detectify.com] www.twitter.com/detectify [www.detectify.com]