A network switch configuration setting that forwards a copy of each incoming and outgoing packet to a third switch port. Also known as SPAN or Switched Port Analyzer, RAP or Roving Analysis Port, and TAP or Test Access Point. When network managers and security investigators want to capture packets for analysis, they need some sort of generic TAP or Test Access Point. You can buy specialized equipment for this operation but most modern switches have this capability built in.
Nov 24, 2020•5 min•Season 1Ep. 17
Dave has a story about the security risks of your outbound email, Joe's story is about a fake company, Ecapitalloans, using fake BBB affiliation, The Catch of the Day comes from a listener named Max with a new work phone with curious activity from previous number owner, and later in the show, Dave's conversation with Bill Coletti, crisis communications and reputation management expert at Kith, and author of the book Critical Moments: A New Mindset for Reputation Management. Links to stories: The...
Nov 19, 2020•41 min•Season 3Ep. 125
NDR tools provide anomaly detection and potential attack prevention by collecting telemetry across the entire intrusion kill chain on transactions across the network, between servers, hosts, and cloud-workloads, and running machine learning algorithms against this compiled and very large data set. NDR is an extension of the EDR, or endpoint detection and response idea that emerged in 2013.
Nov 17, 2020•6 min•Season 1Ep. 16
Technology, software and hardware deployed without explicit organizational approval. In the early days of the computer era from the 1980s through the 2000s security and information system practitioners considered shadow IT as completely negative. Those unauthorized systems were nothing more than a hindrance that created more technical debt in organizations that were already swimming in it with the known and authorized systems.
Nov 17, 2020•5 min•Season 1Ep. 15
Joe has a story about how Emotet is being used in phishing emails through thread hijacking, Dave's story is a two-fer: one is about bad guys using image manipulation and the other has Elon Musk giving away Bitcoin again taking advantage of the US election, The Catch of the Day is from a listener named John about an email-based vishing attack, and later in the show, we welcome back Kurtis Minder of GroupSense on the burgeoning ransomware negotiation industry. Links to stories: Spike in Emotet act...
Nov 12, 2020•36 min•Season 3Ep. 124
From the intrusion kill chain model, a program that provides command and control services for an attack campaign. While the first ever deployed RAT is unknown, one early example is Back Orifice made famous by the notorious hacktivist group called “The Cult of the Dead Cow,” or cDc, Back Orifice was written by the hacker, Sir Dystic AKA Josh Bookbinder and released to the public at DEFCON in 1998.
Nov 10, 2020•5 min•Season 1Ep. 14
Dave has a story about a fake Facebook copyright violation scam trying to trick you out of your TFA to get into your account, Joe story about the largest elder fraud scam in US history, The Catch of the Day is about a scam using a Google code for verification and includes Hacking Humans in the response, and later in the show, Dave's conversation with Mallory Sofastaii from WMAR Baltimore returns with her reporting on a fake website luring victims through social media ads. . Links to stories and ...
Nov 05, 2020•36 min•Season 3Ep. 123
A social engineering scam where fraudsters spoof an email message from a trusted company officer that directs a staff member to transfer funds to an account controlled by the criminal.
Nov 03, 2020•4 min•Season 1Ep. 13
On this Special Edition, our extended conversation with author and New York Times national security correspondent David E. Sanger. The Perfect Weapon explores the rise of cyber conflict as the primary way nations now compete with and sabotage one another.
Nov 01, 2020•27 min•Season 3Ep. 122
Oct 30, 2020•3 min
Joe has a story about a woman who called a fake customer service number and got scammed, Dave's story talks about how phishing kits are not that. hard to find, just check YouTube, The Catch of the Day is an opportunity for a listener remove their name from the BLACKLIST, and later in the show, Dave's conversation with John Pescatore from SANS on Thinking Through the Unthinkable: Should You Pay Off a Ransomware Demand. Links to stories and Catch of the Day: Local Doctor Scammed After Calling Fake...
Oct 29, 2020•40 min•Season 3Ep. 122
A word, phrase, or sentence formed from another by rearranging its letters. For example, cracking a columnar transposition cipher by hand involves looking for anagrams.
Oct 27, 2020•4 min•Season 1Ep. 11
Dave's story is about some cybercriminal gangs that have stolen $22 million from users of the Electrum wallet app, Joe's story talks about a business email compromise scam cost a US company $15 million, The Catch of the Day is a gift card scam that includes references to National Treasure movie, and later in the show, Dave's conversation with Bill Harrod, Federal CTO of MobileIron on election disinformation campaigns. Links to stories and Catch of the Day: Bitcoin wallet update trick has netted ...
Oct 22, 2020•36 min•Season 3Ep. 121
1. A wireless access point installed by employees in an office or data center environment as a convenience to connectivity without the consent or the knowledge of the network manager. 2. A wireless access point, sometimes called an Evil Twin, installed by a cyber adversary in or near an office or data center environment designed to bypass security controls, gain access, and/or surveil the network traffic of the victim’s network. Both kinds, the employee installed and the adversary installed rogu...
Oct 20, 2020•4 min•Season 1Ep. 10
Starting with some listener follow-up on password managers, Joe's story has an angel investor bilking people out of due diligence fees, Dave's story comes from Graham Cluley on a malware campaign talking about details on Donald Trump's COVID-19 status, The Catch of the Day is an animal vaccine phishing scam, and later in the show, we’ve got a special treat for you: David Spark from the The CISO/Security Vendor Relationship Series podcast joins us to play the Best Worst Idea game. Links to storie...
Oct 15, 2020•36 min•Season 3Ep. 120
A subset of the internet where communications between two parties or client-server transactions are obscured from search engines and surveillance systems by layers of encryption. The U.S. Navy designed the original Darknet by developing The Onion Router network, or TOR, back in the 1990s. Roger Dingledine and Nick Mathewson deployed the first alpha implementation in 2002 with some initial funding by the Electronic Frontier Foundation (EFF.) The TOR Project became a non-profit in 2006 and is fund...
Oct 13, 2020•5 min•Season 1Ep. 9
Dave's story is about how some adware took a turn for the worse (and how his dad has fallen adware in the past), Joe's story talks about how someone is trying to phish AT&T employees and others, The Catch of the Day is an OfferUp scam on an rtx 3080 (you gamers know what that is), and later in the show, Dave's conversation with Caleb Barlow from Cynergistek reacting to the recent story of the tragic death of a woman due to hospital ransomware. Links to stories: Linkury adware caught distribu...
Oct 08, 2020•42 min•Season 3Ep. 119
From the intrusion kill chain model, the delivery of a “lure” to a potential victim by pretending to be some trustworthy person or organization in order to trick the victim into revealing sensitive information. According to Knowbe4, the word “phishing” first appeared in a Usenet newsgroup called AOHell in 1996 and some of the very first phishing attacks used AOL Instant Messenger to deliver fake messages purportedly from AOL employees in the early 2000s. The word is part of l33tspeak that starte...
Oct 06, 2020•4 min•Season 1Ep. 8
In addition to his regular story Dave shares a situation where his mom almost took the bait, Dave's story is about an SMS phishing (smishing) Apple scam in UK (ps, there's never a free iPhone & Joe is still not an Apple fan), Joe's story talks about why you don't trust anything political on a social network, The Catch of the Day is from a Reddit user invited to join the Illuminati game, and later in the show, Dave's conversation with Alex Mosher from MobileIron on MobileIron's Phishing with ...
Oct 01, 2020•36 min•Season 3Ep. 118
From the intrusion kill chain model, the first part of an exploitation technique where the hacker tricks their victims into revealing their login credentials. In the second part of the technique, hackers legitimately log into the targeted system and gain access to the underlying network with the same permissions as the victim. Hackers use this method 80% of the time compared to other ways to gain access to a system like developing zero day exploits for known software packages. The most common wa...
Sep 29, 2020•4 min•Season 1Ep. 7
Dave and Joe have some follow-up from a listener on OG accounts, Joe's story talks about a new phishing campaign inspired by Twitter from earlier this summer, Dave shares a story about using security awareness training as phishing lures, The Catch of the Day is a SunTrust phishing scam, and later in the show, Dave's conversation with Tim Sadler from Tessian on the Psychology of Human Error report. Links to stories and Catch of the Day: New Twitter phishing scam inspired from Twitter’s latest sec...
Sep 24, 2020•34 min•Season 3Ep. 117
An electro-mechanical device used to break Enigma-enciphered messages about enemy military operations during the Second World War. The first bombe–named Victory and designed by Alan Turning and Gordon Welchman– started code-breaking at Bletchley Park on 14 March 1940, a year after WWII began. By the end of the war, five years later, almost 2000, mostly women, sailors and airmen operated 211 bombe machines in the effort. The allies essentially knew what the German forces were going to do before t...
Sep 22, 2020•4 min•Season 1Ep. 5
Dave and Joe have some follow-up on mobile banking apps, Dave talks about the website bitcoinabuse.com, Joe's story Brian Krebs did on old Gmail emails and people using them either errantly or maliciously to create accounts, The Catch of the Day is about a Netflix-themed campaign that's currently running, and later in the show, Dave's conversation with Shai Cohen from TransUnion on identity fraud at center of many digital COVID-19 scams. Links to stories: Bitcoin Abuse Database The Joys of Ownin...
Sep 17, 2020•36 min•Season 3Ep. 116
From the intrusion kill chain model, a malicious code delivery technique that allows hackers to send code of their choosing to their victim’s browser. XSS takes advantage of the fact that roughly 90% of web developers use the JavaScript scripting language to create dynamic content on their websites. Through various methods, hackers store their own malicious javascript code on unprotected websites. When the victim browses the site, the web server delivers that malicious code to the victim’s compu...
Sep 15, 2020•4 min•Season 1Ep. 6
Joe shares a story on the ability to make a scam work through storytelling skills, Dave's story is about a guy duping a convenience store clerk into taking over her shift and later robbing the place, The Catch of the Day is about an email from a fake landlord, and later in the show, Dave's conversation with Mallory Sofastaii a reporter and anchor at WMAR2 on Impostor uses Maryland man's identity to steal unemployment insurance benefits. Links to stories and Catch of the Day: The Age-Old Secrets ...
Sep 10, 2020•34 min•Season 3Ep. 115
The process of evaluating the security of a system or network by simulating an attack on it. Sometimes called "ethical hacking" or white hat hacking. The phrase started to appear in U.S. military circles in the mid 1960s as time sharing computers became more necessary for daily operations. Computer security experts from Rand Corporation began describing computer compromises as “penetrations.” By the early 1970s, government leaders formed tiger teams of penetration testers to probe for weaknesses...
Sep 08, 2020•4 min•Season 1Ep. 4
Dave & Joe have a tip as some follow-up on cloning social media accounts, Dave's story is about turning the tables on hackers in the UK, Joe talks about Kaspersky's Spam and phishing report, The Catch of the Day is is from a listener, Bob, who received an email from Eddy looking for the love of a woman (but, Bob is not a woman), and later in the show, Dave's conversation with Max Heinemeyer from Darktrace on threats that he and his team have tracked throughout the onset and spread of COVID. ...
Sep 03, 2020•37 min•Season 3Ep. 114
The art of convincing a person or persons to take an action that may or may not be in their best interests. Social engineering in some form or the other has been around since the beginning of time. The biblical story of Esau and Jacob might be considered one of the earliest written social engineering stories. As applied to cybersecurity, it usually involves hackers obtaining information illegitimately by deceiving or manipulating people who have legitimate access to that information. Common tact...
Sep 01, 2020•4 min•Season 1Ep. 3
Joe's story is about the effectiveness of social media account cloning, Dave talks about toll fraud, The Catch of the Day is a Bitcoin scam with some scam baiting on the side, and later in the show, Dave's conversation with Ben Rothke from Tapad on Medium piece: A conversation with an iTunes card scammer. Links to stories: Attack of the Instagram clones A Game of Phones: Fighting Phone Phreaks in the 21st Century Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyb...
Aug 27, 2020•36 min•Season 3Ep. 113
A physical security access control device consisting of an enclosed hallway with interlocking doors on each end where both doors can’t be open at the same time. A person presents credentials to the entry doorway. If authorized, the entry door opens and the person walks into the mantrap. The man trap exit door will not open until the entry door closes. The person presents credentials to the exit door. If authorized, the exit door will open. If not, the person is captured in the man trap until sec...
Aug 25, 2020•5 min•Season 1Ep. 12
