In this episode of the Hack the Planet Podcast:
We meet with Vi Grey who answers all the questions we’ve had about the Nintendo Entertainment System since we were kids but were too afraid to ask. A prolific developer of homebrew NES ROMs, Vi Grey helps us understand the present and future of innovation on the NES platform. We also discuss his work with polyglot files featured in PoC||GTFO. This episode itself is in fact a polyglot, check the mp3 metadata of the file on the RSS feed for more information.
Vi Grey’s links:
I Dream of Game Genies (HOPE 2018 talk): https://www.youtube.com/watch?v=0rcKWQVMQ5w
Twitch Stream: https://www.twitch.tv/ViGreyTech
More at https://vigrey.com/
NESmaker: https://www.thenew8bitheroes.com/
Brad Smith on Light Guns on modern TV’s: https://www.youtube.com/watch?v=qCZ-Z-OZFUs
Damien Yerrick (more homebrew tools): https://pineight.com/
Tom7 (more NES hacks): http://tom7.org/
CypherCon: https://cyphercon.com/
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
We have a chat with Pongolyn, a community organizer and strategist for the Pacific Northwest Englightend, one of the largest teams in the augemented reality game Ingress. We discuss the key elements needed to develop swarm intelligence and how they were applied to continent-spanning efforts.
Pongo has spent years deconstructing her experience into a valuable set of strategies for anyone organzing large numbers of volunteers, and expertly up-levelling them into easily digestible lessons on swarm-based strategies, gamification, and game theory for people that never played Ingress.
If you’ve ever had to organize a protest or a podcast, this episode is for you!
Pongolyn’s talks:
BSides Portland 2019 – https://www.youtube.com/watch?v=Eq33S_Rz4qo
Toorcamp 2018 – https://www.youtube.com/watch?v=UfYg3EVn_Jg
Defcon 26 – https://www.youtube.com/watch?v=bPTymsk1I_E
SwarmWise – The Tactical Manual to Changing the World by Rick Falkvinge
https://docs.google.com/file/d/0Bz8cVS8LoO7OOHhJUUF5akJ4RHc
Hannah Fry Ted Talk – Is life really that complex?
https://www.ted.com/talks/hannah_fry_is_life_really_that_complex
Screeps – https://screeps.com/
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
For too long, the confusion caused by the Adam Shostack/MS threat modeling “methodology” has prevented security teams from doing any productive risk analysis. That ends now. We clear up the confusion around what a threat model is, what it’s for, how best to go about developing one, what is so very very wrong with the Adam Shostack/MS method of threat modeling, and how to achieve better results with less effort and arguing.
Check out the links for useful templates and examples. And remember: a dataflow diagram is an important piece of design documentation, but it is not and can never be an effective threat model.
Threat Modeling Template Examples from SymbolCrash, adjust these to suit!
Simple Threat Model Example:
https://www.symbolcrash.com/wp-content/uploads/2020/10/Threat-Model-Template-Simple.xlsx
CVSS 3.1 Auto-calculating Model with Automatic Coloring by Severity:
https://www.symbolcrash.com/wp-content/uploads/2020/10/Threat-Model-Template-CVSS-3.1.xlsx
“How to measure anything in cybersecurity risk”
https://www.howtomeasureanything.com/cybersecurity/
CVSS 3.1 Calculator at first.org
https://www.first.org/cvss/calculator/3.1
Automated Secrets Detection:
https://github.com/Yelp/detect-secrets
https://github.com/anshumanbh/git-all-secrets
https://github.com/dxa4481/truffleHog
Old-School SANS Threat Modeling Template Example:
https://www.sans.org/blog/practical-risk-analysis-and-threat-modeling-spreadsheet/
Mentioned Tools:
https://github.com/lyft/cartography
https://github.com/nccgroup/ScoutSuite
C4 model:
https://c4model.com/
What is the Actual Financial Impact of a Breach?
https://www.nber.org/digest/jun18/economic-and-financial-consequences-corporate-cyberattacks
https://www.nber.org/papers/w24409
Threat Modeling Tools that uselessly force everything into a DFD (not recommended):
ThreatModeler – https://threatmodeler.com/
Irius Risk – https://iriusrisk.com/
OWASP ThreatDragon – https://owasp.org/www-project-threat-dragon/
MS Threat Modeling Tool – https://www.microsoft.com/en-us/download/details.aspx?id=49168
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
We talk with some of the most prolific developers of Golang offensive tools, from opposite points on the globe, about why they use Go, what they’ve been working on, how to work around some of Go’s challenges for red teams, and where things are going in the near future with Go malware. Featuring C-Sto (bananaphone/goWMIexec) and capnspacehook (pandorasbox/garble).
List of Golang Security Tools:
https://github.com/Binject/awesome-go-security
C-Sto:
https://github.com/c-sto/goWMIExec
https://github.com/C-Sto/BananaPhone
https://github.com/C-Sto/gosecretsdump
capnspacehook:
https://github.com/capnspacehook/pandorasbox
https://github.com/capnspacehook/taskmaster
Misc:
https://github.com/moonD4rk/HackBrowserData
https://github.com/emperorcow/go-netscan
https://github.com/CUCyber/ja3transport
https://github.com/EgeBalci/sgn
https://github.com/sassoftware/relic
https://github.com/swarley7/padoracle
https://github.com/gen0cide/gscript
Command and Control:
https://github.com/BishopFox/sliver
https://github.com/DeimosC2/DeimosC2
https://github.com/t94j0/satellite
Obfuscation/RE:
https://github.com/goretk/redress
https://github.com/unixpickle/gobfuscate
https://github.com/mvdan/garble
Of interest, but breaks Docker & Terraform:
https://github.com/unsecureio/gokiller
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
We talk to Craig Smith, author of The Car Hacker’s Handbook, about DRM, car hacking, and the future of virtual conferences.
https://github.com/zombieCraig/ICSim
http://opengarages.org
https://www.carhackingvillage.com
https://www.cybertruckchallenge.org
https://www.grimm-co.com/grimmcon
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
In this episode of the Hack the Planet Podcast:
In the first installment of the Hack the Planet quarantine series, our panel discusses a vital question of our time: to pants or not to pants?
We discuss our collective contribution to the world’s largest supercomputer and how you can get involved.
Port Knocking Code: https://github.com/mitchellharper12/web-port-knock
Folding@home: https://foldingathome.org/
Folding rankings: https://folding.extremeoverclocking.com/team_list.php
Rosetta@home: https://boinc.bakerlab.org/
Protofy.xyz Ventilator: https://www.oxygen.protofy.xyz/
OS Covid Medical Supplies Group: https://www.facebook.com/groups/670932227050506/
Makers vs Virus: https://www.makervsvirus.org/en/
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
Our panel returns with more rants on Citrix, how nobody really understands ECC, Moxie Marlinspike’s talk at 36c3, and the debate about sharing open source attack tools. Try to guess who was drunk.
Talks we mention in this episode:
Surveillance of Assange: https://media.ccc.de/v/36c3-11247-technical_aspects_of_the_surveillance_in_and_around_the_ecuadorian_embassy_in_london
Unpublished Moxie Marlinspike talk: https://peertube.co.uk/videos/watch/12be5396-2a25-4ec8-a92a-674b1cb6b270
Boeing 737 Max crashes talk: https://media.ccc.de/v/36c3-10961-boeing_737max_automated_crashes
Be a guest on the show! We want your hacker rants! Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272) and leave a message, or send an audio email to podcast@symbolcrash.com.
Original music produced by Symbol Crash. Warning: Some explicit language and adult themes.
A series of fascinating interviews on the differences and similarities in hacker culture around the globe, on location at 36c3, the Chaos Computer Club’s 36th annual congress in Leipzig, Germany.
mc.fly and b9punk’s seminal talk from Notacon 3 on the differences between American and German hacker culture’s can be found here:
https://www.youtube.com/watch?v=edu8nTWzu08
Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272), or send an audio email to podcast@symbolcrash.com.
Original music used with permission from Abstract C#. Warning: Some explicit language and adult themes.
In this episode, we interview Bill Pollock, publisher of No Starch Press, at 36c3, the Chaos Computer Club’s 36th annual congress in Leipzig, Germany. We talk about the new No Starch Press Foundation, micro-grants for hackers, bourbon, and much more.
Get involved at https://nostarchfoundation.org/
Give us a call on the Hacker Helpline: PSTN 206-486-NARC (6272), or send an audio email to podcast@symbolcrash.com.
All music is original. Warning: Some explicit language and adult themes.
