The Abhisek Cast

EP10 - Conversation with Creator of Metasploit | ft. HD Moore (CEO, runZero & Creator of Metasploit)

In this episode of The Abhisek Cast, I’m joined by HD Moore, creator of Metasploit and founder of runZero, for a deep and honest conversation about cybersecurity’s past, present, and future. We explore how security evolved from an underground, legally risky activity into a massive commercial industry—and what was lost along the way. HD shares the real design philosophy behind Metasploit, why it intentionally bypassed security products, and how open source shaped an entire generation of pentesters. The discussion also breaks down why asset inventory and discovery remain foundational yet unsolved problems, how runZero approaches attack surface mapping, and why many security tools only see half the environment they’re supposed to protect. We also talk about bug bounties, internal security testing, AI hype, and why relying on LLMs without understanding programming fundamentals is dangerous. A thoughtful episode for anyone building tools, breaking systems, or trying to understand what real security work looks like beyond buzzwords. Key Topics Covered: * Early hacker culture vs modern cybersecurity * Why Metasploit was controversial—and why it worked * Open source vs commercial security models * Asset discovery and attack surface management * Bug bounties vs traditional penetration testing * AI in security: overhyped or inevitable? * Advice for people entering cybersecurity today Timestamps:00:00 - Introduction00:40 - Early life & first exposure to computers02:00 - Burnout, scale, and community in cybersecurity03:40 - How security changed from the 90s to today06:10 - Why Metasploit was designed to break defenses10:40 - Open source vs commercializing security tools13:45 - runZero and the asset discovery problem19:45 - Underground stories from Metasploit days22:10 - Bug bounties: value, limits, and trade-offs27:25 - Internal security testing & risk28:20 - AI, GPUs, and why HD is cautious30:40 - Advice for newcomers to cybersecurity Thanks for watching!

EP09 - How to Build Security That Actually Works | ft. Jeff Man (Consultant, Advisor & Podcaster)

In this episode, I speak with Jeff Man, a cybersecurity veteran with over 40 years of experience across NSA, red teaming, PCI, consulting, and industry leadership. Jeff shares a rare, ground-level view of what “security” actually means and why most organizations continue to get it wrong. We discuss his journey from solving puzzles to joining NSA, building the agency’s first red team, working on early cryptographic systems, and spending two decades teaching companies how to think about risk, data, and process. Jeff explains the critical difference between securing (technology, patching, fixing) and security (monitoring, process, diligence) and why the industry consistently overinvests in tools while underinvesting in thinking. This episode is a deep, practical, honest conversation about how security really works, and why mindset matters more than any product. Ideal for professionals across offensive, defensive, governance, and leadership roles who want to build long-lasting security programs. What You Will Learn (Key Takeaways): * Why most companies fix technology but ignore process * How the cybersecurity mindset has shifted (and where it’s stuck) * Stories from NSA, early crypto systems, and building the first red team * Why PCI is misunderstood but extremely useful * The difference between "securing" and "security" * Why availability (not confidentiality) is today’s biggest problem * The importance of curiosity and the “hacker mindset” * Why marketing shapes cybersecurity more than we admit * How to think, not just follow tools or trends * What keeps Jeff going after decades in the field Timestamps: * 00:00 – Intro * 00:59 – Welcoming Jeff Man * 01:30 – Jeff’s journey from puzzles to NSA * 06:30 – Early cryptographic work & first software crypto system * 10:50 – Building NSA's first red team * 15:30 – Why companies don’t fix security even after pen tests * 17:30 – What organizations are getting wrong today * 20:10 – Why focusing only on technology never works * 22:30 – CIA triad misconceptions * 25:30 – Vulnerability overload & why “fix everything” is impossible * 28:30 – Securing vs. Security (monitoring, process, diligence) * 31:50 – Why process, not people, is the real failure point * 34:30 – Rethinking patching, compliance, and risk * 38:20 – How Jeff keeps himself informed today * 41:20 – Lessons from 900+ podcast episodes * 43:00 – The hacker mindset: curiosity, questioning, thinking * 49:20 – Why he continues speaking, podcasting, and mentoring * 51:21 – Closing thoughts

EP08 - Red Teaming in Practice: Recon, Evasion & Pentesting | ft. Guillaume Daumas (Red Team Lead, Advens)

In this episode of The Abhisek Cast, Abhisek speaks with Guillaume Daumas, Red Team Lead at Advens, about the practical side of red teaming and internal penetration testing. After a three-month break, the show returns with a deep conversation that moves beyond theory and focuses on how real operators think, plan, and execute their assessments. Guillaume walks through his journey from a SOC analyst to becoming a red teamer, how platforms like Hack The Box shaped his mindset, and why offensive security offers a unique sense of challenge and motivation. He explains how to approach reconnaissance without getting distracted, how to handle large scopes with limited time, and why understanding Active Directory remains essential for any red teamer. The episode also covers malware development, EDR evasion, custom exploit considerations, and learning frameworks from Maldev Academy. Guillaume shares honest insights, recommended resources, cheat sheets, and blogs that have shaped his methodology. This episode is a valuable guide for beginners and intermediate professionals looking to develop real operational skills in red teaming or internal network security.

EP07 - SquareX's Browser Security Field Manual Explained | ft. Audrey Adeline (Security Researcher, SquareX)

Your browser is your new endpoint—and it’s vulnerable. In this episode, I speak with Audrey Adeline, Security Researcher at SquareX and co-author of the Browser Security Field Manual. Audrey walks us through why browser security is a rising concern, how current architectures fall short, and what her research team is doing to uncover novel browser-based threats. We talk about her unconventional journey from VC to cyber researcher, the process of writing the field manual, and how SquareX tackles browser threats with tools far beyond Chrome’s own protections. We also dive into: * Real-world attacks like polymorphic extensions and malicious OAuth apps * How even trusted extensions can be weaponized * What “MV3 compliant” really means (and doesn’t) * Why architectural flaws are harder to fix than software bugs * How SquareX uses AI for extension behavior analysis * Her take on impactful research and communication in the security field This is a rare deep-dive into browser-native risks from someone at the frontier of browser security.

EP06 - Inside the World of Physical Penetration Testing | ft. FC aka Freakyclown (Cofounder, Cygenta Security)

In this thrilling episode of The Abhisek Cast, we explore the real-life world of physical penetration testing with one of the best in the field—FC aka Freakyclown, Cofounder of Cygenta Security. From breaking into banks and data centers to sneaking past guards and security systems, FC shares what it takes to hack the physical world. He walks us through his early days in cybersecurity—before the internet as we know it—and explains why physical security is often the weakest link in an organization’s defense. What makes this episode stand out is FC's ability to share deep insight through wild real-life stories—from bluffing his way into secure sites to planting covert devices inside phones. We also talk about the founding of Cygenta, a company focused on holistic security: blending technical defenses, human behavior, and physical infrastructure into a single strategy. If you’re in cybersecurity, red teaming, or just fascinated by the intersection of psychology and hacking, this one is for you.