In this episode of the Hack the Planet Podcast:
We meet with Vi Grey who answers all the questions we’ve had about the Nintendo Entertainment System since we were kids but were too afraid to ask. A prolific developer of homebrew NES ROMs, Vi Grey helps us understand the present and future of innovation on the NES platform. We also discuss his work with polyglot files featured in PoC||GTFO. This episode itself is in fact a polyglot, check the mp3 metadata of the file on the RSS feed for more information.
Vi Grey’s links:
I Dream of Game Genies (HOPE 2018 talk): https://www.youtube.com/watch?v=0rcKWQVMQ5w
Twitch Stream: https://www.twitch.tv/ViGreyTech
More at https://vigrey.com/
NESmaker: https://www.thenew8bitheroes.com/
Brad Smith on Light Guns on modern TV’s: https://www.youtube.com/watch?v=qCZ-Z-OZFUs
Damien Yerrick (more homebrew tools): https://pineight.com/
Tom7 (more NES hacks): http://tom7.org/
CypherCon: https://cyphercon.com/
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
We have a chat with Pongolyn, a community organizer and strategist for the Pacific Northwest Englightend, one of the largest teams in the augemented reality game Ingress. We discuss the key elements needed to develop swarm intelligence and how they were applied to continent-spanning efforts.
Pongo has spent years deconstructing her experience into a valuable set of strategies for anyone organzing large numbers of volunteers, and expertly up-levelling them into easily digestible lessons on swarm-based strategies, gamification, and game theory for people that never played Ingress.
If you’ve ever had to organize a protest or a podcast, this episode is for you!
Pongolyn’s talks:
BSides Portland 2019 – https://www.youtube.com/watch?v=Eq33S_Rz4qo
Toorcamp 2018 – https://www.youtube.com/watch?v=UfYg3EVn_Jg
Defcon 26 – https://www.youtube.com/watch?v=bPTymsk1I_E
SwarmWise – The Tactical Manual to Changing the World by Rick Falkvinge
https://docs.google.com/file/d/0Bz8cVS8LoO7OOHhJUUF5akJ4RHc
Hannah Fry Ted Talk – Is life really that complex?
https://www.ted.com/talks/hannah_fry_is_life_really_that_complex
Screeps – https://screeps.com/
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
For too long, the confusion caused by the Adam Shostack/MS threat modeling “methodology” has prevented security teams from doing any productive risk analysis. That ends now. We clear up the confusion around what a threat model is, what it’s for, how best to go about developing one, what is so very very wrong with the Adam Shostack/MS method of threat modeling, and how to achieve better results with less effort and arguing.
Check out the links for useful templates and examples. And remember: a dataflow diagram is an important piece of design documentation, but it is not and can never be an effective threat model.
Threat Modeling Template Examples from SymbolCrash, adjust these to suit!
Simple Threat Model Example:
https://www.symbolcrash.com/wp-content/uploads/2020/10/Threat-Model-Template-Simple.xlsx
CVSS 3.1 Auto-calculating Model with Automatic Coloring by Severity:
https://www.symbolcrash.com/wp-content/uploads/2020/10/Threat-Model-Template-CVSS-3.1.xlsx
“How to measure anything in cybersecurity risk”
https://www.howtomeasureanything.com/cybersecurity/
CVSS 3.1 Calculator at first.org
https://www.first.org/cvss/calculator/3.1
Automated Secrets Detection:
https://github.com/Yelp/detect-secrets
https://github.com/anshumanbh/git-all-secrets
https://github.com/dxa4481/truffleHog
Old-School SANS Threat Modeling Template Example:
https://www.sans.org/blog/practical-risk-analysis-and-threat-modeling-spreadsheet/
Mentioned Tools:
https://github.com/lyft/cartography
https://github.com/nccgroup/ScoutSuite
C4 model:
https://c4model.com/
What is the Actual Financial Impact of a Breach?
https://www.nber.org/digest/jun18/economic-and-financial-consequences-corporate-cyberattacks
https://www.nber.org/papers/w24409
Threat Modeling Tools that uselessly force everything into a DFD (not recommended):
ThreatModeler – https://threatmodeler.com/
Irius Risk – https://iriusrisk.com/
OWASP ThreatDragon – https://owasp.org/www-project-threat-dragon/
MS Threat Modeling Tool – https://www.microsoft.com/en-us/download/details.aspx?id=49168
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
We talk with some of the most prolific developers of Golang offensive tools, from opposite points on the globe, about why they use Go, what they’ve been working on, how to work around some of Go’s challenges for red teams, and where things are going in the near future with Go malware. Featuring C-Sto (bananaphone/goWMIexec) and capnspacehook (pandorasbox/garble).
List of Golang Security Tools:
https://github.com/Binject/awesome-go-security
C-Sto:
https://github.com/c-sto/goWMIExec
https://github.com/C-Sto/BananaPhone
https://github.com/C-Sto/gosecretsdump
capnspacehook:
https://github.com/capnspacehook/pandorasbox
https://github.com/capnspacehook/taskmaster
Misc:
https://github.com/moonD4rk/HackBrowserData
https://github.com/emperorcow/go-netscan
https://github.com/CUCyber/ja3transport
https://github.com/EgeBalci/sgn
https://github.com/sassoftware/relic
https://github.com/swarley7/padoracle
https://github.com/gen0cide/gscript
Command and Control:
https://github.com/BishopFox/sliver
https://github.com/DeimosC2/DeimosC2
https://github.com/t94j0/satellite
Obfuscation/RE:
https://github.com/goretk/redress
https://github.com/unixpickle/gobfuscate
https://github.com/mvdan/garble
Of interest, but breaks Docker & Terraform:
https://github.com/unsecureio/gokiller
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
We are joined in the studio by Vyrus and privacy researcher Will Scott to talk about the dual-edged sword of technology in the context of protests. We dive deep on technical innovations from the Black Lives Matter protests, especially in the areas of software defined radio and crowd-sourcing. Then things slide off the rails in the usual manner.
Radio Links:
https://openmhz.com/
https://github.com/robotastic/trunk-recorder/wiki
https://github.com/szpajder/rtlsdr-airband/wiki
https://www.rtl-sdr.com/using-a-kerberossdr-to-monitor-air-traffic-control-voice-ads-b-acars-vdl2-simultaneously-on-a-raspberry-pi-3b/
https://github.com/unsynchronized/gr-mixalot
https://www.usenix.org/blog/security-analysis-apco-project-25-two-way-radio-system
https://tar1090.adsbexchange.com/
EFF Protest Guide https://ssd.eff.org/en/module/attending-protest
A Good American https://youtu.be/666wsDcoNrU
NFS server https://github.com/willscott/go-nfs
Will at CCC https://media.ccc.de/v/36c3-10565-what_s_left_for_private_messaging
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
We chat with mubix about the infamous QuickCreds script, writing games in your boot sector, Hak5, and the joys of teaching … and cheating at video games.
https://www.amazon.com/Programming-Sector-Games-Toledo-Gutierrez/dp/0359816312
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
Our panel reacts to the hype around recent Thunderbolt attacks and dives deep into bypassing disk encryption with Direct Memory Access. We also show off our side projects: a newly invented musical instrument, a rewrite of The Backdoor Factory, and how to maximize your Folding@Home performance beyond all psychological acceptance.
https://github.com/mitchellharper12/folding-scripts
https://github.com/Binject/backdoorfactory
https://github.com/ufrisk/pcileech
https://safeboot.dev/
https://www.youtube.com/watch?v=7uvSZA1F9os
https://thunderspy.io/
https://christian.kellner.me/2017/12/14/introducing-bolt-thunderbolt-3-security-levels-for-gnulinux/
http://thunderclap.io/thunderclap-paper-ndss2019.pdf
https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures
https://www.platformsecuritysummit.com/2019/speaker/weston/
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
We talk to Craig Smith, author of The Car Hacker’s Handbook, about DRM, car hacking, and the future of virtual conferences.
https://github.com/zombieCraig/ICSim
http://opengarages.org
https://www.carhackingvillage.com
https://www.cybertruckchallenge.org
https://www.grimm-co.com/grimmcon
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
In the first installment of the Hack the Planet quarantine series, our panel discusses a vital question of our time: to pants or not to pants?
We discuss our collective contribution to the world’s largest supercomputer and how you can get involved.
Port Knocking Code: https://github.com/mitchellharper12/web-port-knock
Folding@home: https://foldingathome.org/
Folding rankings: https://folding.extremeoverclocking.com/team_list.php
Rosetta@home: https://boinc.bakerlab.org/
Protofy.xyz Ventilator: https://www.oxygen.protofy.xyz/
OS Covid Medical Supplies Group: https://www.facebook.com/groups/670932227050506/
Makers vs Virus: https://www.makervsvirus.org/en/
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.