How to create a phishing email - Part 2

August 12, 2018

In this expedition edition of the Exploring Information Security podcast, Chris Maddalena a senior security consultant joins me to discuss how to create a phishing email.

Chris (@cmaddalena) joins me to discuss crafting a phishing email. This is something I've recently explored at work. Having little to no experience actually crafting a phish, I decided I'd go to someone who does this on a regular basis. Check out Chris' ODIN tool for automating intelligence gathering, asset discovery, and reporting.

In this episode we discuss:

What are the technical steps to creating a phish
What needs to be consider from a technical standpoint
What is GoPhish and GoReporter
How important is timing

Other resources:

[RSS Feed] [iTunes]

How to create a phishing email - Part 1

August 5, 2018

In this expedition edition of the Exploring Information Security podcast, Chris Maddalena a senior security consultant joins me to discuss how to create a phishing email.

In this episode we discuss:

What you need to consider before creating a phish.
Where to get phishing ideas.
Where to get phishing templates.
What happened when accounting sent out an email.

[RSS Feed] [iTunes]

What's happening at Converge and Detroit BSides?

May 20, 2018

In this pile of an episode for the Exploring Information Security podcast, Johnny Xmas (@J0hnnyXm4s), Kate Vajda (@vajkat), Rachel Andrus, Kyle Andrus (@chaoticflaws), Daniel (not going to try spelling last name), Amanda Ebbutt, Daniel Ebbutt (@notdanielebbutt), Chris Maddalena (@cmaddalena), and myself get together to record a podcast during Converge and BSides Detroit.

It's another podcast special! This one was at Converge and BSides Detroit. This one took a little bit to get going. When we did we got into a little bit of everything. Topics both in infosec and topics outside of infosec.

In this episode we discuss:

Everyone tries Malort
The "breach" at Twitter
One size doesn't fit all for the populace
Real world issues (net neutrality, income, and public service)

[RSS Feed] [iTunes]

How to build your own tools - Part 2

December 17, 2017

In this bird feeding episode of the Exploring Information Security podcast, Chris Maddalena joins me to discuss how to build your own tools.

Chris (@cmaddalena) gave a talk at DerbyCon this past year on writing Win32 Shellcode. We've talked before on a previous podcast around why building your own tools is important. Chris has also written several tools for his day job and for public consumption. His most recent tool is ODIN, a passive recon tool for penetration testers.

In this episode we discuss:

Why should someone build their own tool
What tool should people build?
How to get started building tools
What resources are available for building tools

[RSS Feed] [iTunes]

How to build your own tools - Part 1

December 10, 2017

In this bird feeding episode of the Exploring Information Security podcast, Chris Maddalena joins me to discuss how to build your own tools.

In this episode we discuss:

Why should someone build their own tool
What tool should people build?
How to get started building tools
What resources are available for building tools

[RSS Feed] [iTunes]

What does Chris Maddalena, Kyle Andrus, and Daniel Ebbutt think about security at DEFCON?

August 27, 2017

In this crazy edition of the Exploring Information Security podcast, I am joined by Chris Maddalena, Kyle Andrus, and Daniel Ebbutt for another conference podcast special. This time it's DEFCON 25.

Chris (@cmaddalena), Kyle (@chaoticflaws), and Daniel (@notdanielebbutt) join me at DEFCON to discuss various topics ranging from conferences like DEFCON, Blackhat, and BSides Las Vegas to bird feeders. We read a couple passages from the POC||GTFO bible available from no start press.

In this episode we discuss:

The death of LineCon
Blackhat swag
BSides Las Vegas
Converge and BSides Detroit
Saying yes and knowing when to say no
Report writing
Macros
Bird feeders

[RSS Feed] [iTunes]

How to prepare for the OSCP - Part 2

August 13, 2017

In this studious edition of the Exploring Information Security podcast, Offensive Security Certified Professional (OSCP) Chris Maddalena joins me to discuss how to prepare for the OSCP certification.

Chris (@cmaddalena) returns to talk about how he got his OSCP. He didn't get it on his first attempt. He did learn from his first attempt, though, and passed the exam on his second attempt. He was willing to come on the podcast to describe his experience and provide tips for others looking to acquire the certification. The exam is not easy. It's a 24-hour exam that includes writing a report as well as performing a penetration test. Preparation for the exam is very important.

In this episode we discuss:

How Chris' second attempt went
How to study for the OSCP
What the hardest part of the exam was for Chris
How the pointing system works

More resources (h/t @KrvRob):

[RSS Feed] [iTunes]

How to prepare for the OSCP - Part 1

August 6, 2017

In this studious edition of the Exploring Information Security podcast, Offensive Security Certified Professional (OSCP) Chris Maddalena joins me to discuss how to prepare for the OSCP certification.

In this episode we discuss:

What is the OSCP and OSCE
Why someone should pursue the OSCP
What is the test like
How Chris' first attempt went

More resources (h/t @KrvRob):

[RSS Feed] [iTunes]