Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: https://twitter.com/sweaney Cory Sabol Twitter https://twitter.com/kneppjon Aaron Moss Twitter https://twitter.com/secureideas Join our Professionally Evil Slack Team at www.professionallyevil.com Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you! Episode Links: https://www.zdnet.com/articl...
May 02, 2022•57 min•Season 2Ep. 4
A group claims to be fighting Russia in the name of Ukraine using a botnet. And wants you to join them. Kevin and Nathan discuss what could possibly go wrong.
Apr 25, 2022•24 min•Season 2Ep. 8
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: twitter.com/sweaney twitter.com/RonJonArod twitter.com/hotdogggitty twitter.com/secureideas Episode Links: FBI Warns Of Preliminary Russian Cyber Activity Against American Companies White House Says Reports of an American Cyberwar With Russia Are Greatly Exaggerated DIY Volunteers Are Repairing Ukraine’s Destroyed Internet Infrastructure War Is Calling Crypto’s ‘Neutrality’ Into Question Ransomw...
Apr 04, 2022•57 min•Season 2Ep. 3
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: twitter.com/sweaney twitter.com/darth_kevin twitter.com/secureideas Join our Professionally Evil Slack Team at www.professionallyevil.com Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!...
Mar 28, 2022•28 min•Season 2Ep. 7
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: twitter.com/sweaney twitter.com/darth_kevin twitter.com/secureideas Join our Professionally Evil Slack Team at www.professionallyevil.com Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you!...
Mar 14, 2022•21 min•Season 2Ep. 6
Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: twitter.com/sweaney twitter.com/darth_kevin twitter.com/secureideas Join our Professionally Evil Slack Team at www.professionallyevil.com Where can I find Carrie Randolph? twitter.com/karn3ia Our real jobs pay for our time to do this, so if you have opportunities around penetration testing or risk management, we'd love the chance to work with you! Episode Links: wordle-ad-trackers-privacy-new-yo...
Mar 07, 2022•58 min
Modders are selling "Silent AirTags" on Etsy and eBay Carjackers are using Apple AirTags to track high-end vehicles to steal them later BBC: Apple AirTags - 'A perfect tool for stalking' Most asked questions about AirTags Got suggestions, complaints, or feedback? Tell us at podcast@secureideas.com or reach out on Twitter: https://twitter.com/sweaney https://twitter.com/darth_kevin https://twitter.com/secureideas Join our Professionally Evil Slack Team at www.professionallyevil.com Our real jobs ...
Feb 28, 2022•26 min
The IRS Drops Facial Recognition Verification After Uproar https://www.wired.com/story/irs-drops-facial-recognition-verification/ https://www.bloomberg.com/news/articles/2022-01-28/treasury-weighing-id-me-alternatives-over-privacy-concerns ODIN - Homeless Management Information System https://www.vice.com/en/article/wxdp7x/tech-firm-facial-recognition-homeless-people-odin (This is vice, so take that into consideration...) Amazon Recognition moratorium to law enforcement https://www.reuters.com/t...
Feb 14, 2022•21 min•Season 2Ep. 4
Links to today's topics: Liquor stores stuck with limited stock since Christmas cyber attack against Sask. liquor authority | CBC News microsoft-warns-disk-wiping-malware-targeting-ukraine white-house-instructs-agencies-cybersecurity-strategy-memo-cisa Moving the U.S. Government Toward Zero Trust Cybersecurity Principles mexican-cartels-recruit-drug-mules-on-grand-theft-auto-online senate-weighs-bill-to-protect-satellites-from-getting-hacked florida-considers-deepfake-ban sweden-launches-psychol...
Feb 07, 2022•54 min
Episode notes and links: FTC Log4j Warning https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability Federal Trade Commission Act https://www.ftc.gov/enforcement/statutes/federal-trade-commission-act FTC Equifax Fines https://www.ftc.gov/enforcement/cases-proceedings/refunds/equifax-data-breach-settlement Principle of Subsidiarity https://en.wikipedia.org/wiki/Subsidiarity Got suggestions, complaints or feedback? Tell us at podcast@secureide...
Jan 31, 2022•24 min•Season 2Ep. 3
Open source developer corrupts widely-used libraries, affecting tons of projects https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected NPM libraries in question: https://github.com/Marak/colors.js https://github.com/marak/Faker.js/ Marek's post about no more free work: http://web.archive.org/web/20210704022108/https://github.com/Marak/faker.js/issues/1046 Leftpad issue from 2016 https://qz.com/646467/how-one-programmer-broke-the-internet-by-deletin...
Jan 17, 2022•23 min•Season 2Ep. 2
Jump back into a discussion of current events with Kevin and Nathan after a long break. Packed with professional perspectives and opinions. This week we dive a little deeper into Log4j.
Jan 10, 2022•19 min•Season 2Ep. 1
In this episode, we discuss ethics, TLS 1.3, autonomous cars and replacements for multifactor authentication. We also interview Amanda Berlin and her experience writing the book Defensive Security Handbook: Best Practices for Securing Infrastructure.
Mar 15, 2018•1 hr 21 min•Ep. 19
This episode of the Professionally Evil Perspective podcast is an interview-style discussing the project RTLAMR. We discuss the purpose of the code, how SDR is used and the information you can expect to find from your ERT devices floating in the airwaves.
Oct 16, 2017•38 min
In this Professionally Evil Podcast PEPisode, we re-launch the podcast. 12 of us hang out and talk about what we are doing and whats coming up.
Jul 12, 2017•40 min
James and Kevin discuss a few of the events this year (breaches and otherwise), the release of Samuari 3.0 and some up-coming events.
Dec 23, 2014•21 min
Is the idea of penetration testing evolving or is it staying the same? What is the goal of a penetration test? Does it differ by client? James and Kevin discuss penetration testing and how it is changing. When it comes to reporting, what data do you include, how do you represent it, and who is your audience? These questions and more are discussed.
Aug 18, 2014•27 min
We are not lawyers but want to make you aware of some of the laws that exist around data breaches. Sometimes these laws pop up with very little media coverage and you have no idea.
Jul 11, 2014•31 min
James and Kevin talk about the new office in Jacksonville, FL. Some rambling about setting it up and how we like it. Not so technical.. but exciting for us.
Mar 31, 2014•19 min
James and Kevin discuss the idea of Exploitation and its importance in the testing methodology. Join them for a witty conversation about one of the favorite phases of the process.
Feb 11, 2014•29 min
Kevin and James discuss not only the issues for Healthcare.gov regarding vulnerabilities, but the real issue of the lack of security being part of the process. This podcast covers a few different ways to build security in and reduce the risk exposure of your applications.
Jan 17, 2014•30 min
James and Kevin discus the discovery aspect of the pentesting methodology as well as ramble about some other topics. They announce the Samurai Helmet winner and talk about some upcomming events.
Oct 22, 2013•28 min
In this episode, James, Jason Gillam, Thom and Kevin talk about their experience at DerbyCon 2013 and the experience received at most cons that you attend. A few talks are discussed and thoughts about the events and cons in general.
Sep 28, 2013•23 min
James and Kevin discuss all the naming issues seen with vulnerabilities, the release of SamuraiWTF 2.1 and a few other topics.
Aug 15, 2013•32 min
In this episode, James, Kevin and Thom discuss the topic of the mapping phase of penetration testing. The tool of the episode is Dirbuster, with a mention of Yokoso!.
Jul 10, 2013•26 min
In this episode James, Kevin and Jason discuss the hows and whys of recon during a pen test. This is a very important first step in the process because it leads to a lot of information about a target very quickly.
Jun 21, 2013•30 min
Kevin Johnson and James Jardine kick off the topic of attacking the web by looking at what web penetration testing is and what both sides of the test need to think about. They discuss the need for the client to understand why they are testing, and what they are testing. It then moves into discussing scoping techniques and some common gotchas. A quick discussion on testing methodology, and then a quick segment on SQLMap and how it works.
May 23, 2013•43 min
In this episode, James, Kevin and Nathan discuss the topic of Mobile testing. They start of discussing the need for a lab environment and some of the hardware recommended. They then discuss capturing network traffic with wireshark, http traffic with Burp, and the many benefits of the OWASP MobiSec project.
May 14, 2013•28 min
In this Episode, Kevin, James and Jason discuss implications of using default or weak credentials on systems and applications. In addition, they discuss some other mis-configurations regarding HTTP Methods and Web Server file accessibility (web.xml).
Apr 15, 2013•24 min
In this podcast, James Jardine and Kevin Johnson discuss topics ranging from passwords to RSA to breaches. We also release the new jingle as requested by @ChrisJohnRiley!
Mar 06, 2013•32 min
