What is ShowMeCon 2024?

Summary:

Dave Chronister the organizer of ShowMeCon joined me to discuss the revival of the conference. ShowMeCon is one of my favorite conferences. I had the pleasure of going to it from 2016-2018. I had plans to return in 2020 but the world event that we shall not speak of happened. I’m happy to see it return in 2024 and I will be there!

We get into a variety of topics around the conference including sponsorship, who attends, the venue, and the theme for 2024. The conference is still looking for sponsors and they’re about to do a second round of call for papers for speakers. If you’re looking to attendee the early bird price ends January 14th, 2024. Looking forward to seeing you there!

Episode Highlights:

  • ShowMeCon is still looking for sponsors

  • Who comes to the conference

  • The origins and venue of ShowMeCon

  • The theme for ShowMeCon 2024

Guest Information:

Dave Chronister organizer of ShowMeCon and CEO of Parameter Security

Resources and Mentions:

  • ShowMeCon

  • For questions reach out to info@showmecon.com

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


The Exploring Information Security Relaunch

Summary:

In this return episode of the Exploring Information Security podcast, I talk about the relaunch of the podcast. What I’m looking to accomplish and how people can help out. You check out the blog post I did on the relaunch.

Key Topics:

  • Happy to be back

  • Career transition

  • Service offerings

  • How people can help out.

Guest Information:

Timothy De Block, Founder of Exploring Information Security

Resources and Mentions:

Contact Information:

Reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


ColaSec News November 2023

Reboot….initiated

This is an experiment and the first step to a potential return of the Exploring Information Security podcast. The past several months I’ve been working on adding content to the website. Now I’m looking to start podcasting again in 2023. As part of that I was looking at making the news section of the ColaSec user group apart of the podcasting rotation.

ColaSec is a local user meeting based out of Columbia, SC. When the pandemic hit the group moved to online which meant I got to be apart of the group again. Post pandemic we’re still meeting in person but we’ve now expanded to having an online presence along with the in-person meetup. One of the things we do as part of the intro to the meetup is talk about the news. If you’re a fan of Top Gear it’s a bit like that. We even do a Cool Wall sometimes.

In this segment we talk about the below security news topics:

Send feedback to timothy[.]deblock[@]gmail[.]com or fill out the contact form below. You can also connect with me on LinkedIn, just make sure to include that you’re a listener of the podcast.


What is Emotet?

In this inagural stream of the Exploring Information Security podcast, Daniel Ebbutt and Kyle Andrus join me to talk about Emotet.

Daniel (@notdanielebbutt) and Kyle (@chaoticflaws) are the two guys I go to for clicking on suspicious links. Recently, I’ve been seeing more Emotet. So, I wanted to have the guys on to talk about the malware that is making a comeback.

The CFP is open for Converge Conference. The conference is May 16 and 17. They’ll have one day for blue team topics and one day for red team topics. Make sure to submit your malware related talk topics. Also make sure to check out MiSec if you’re in Michigan.

In this episode we discuss:

  • How is Emotet being constructed

  • What are some of the indicators of Emotet?

  • How Emotet is being mitigated

  • What does Emotet do?

State of the podcast for 2018

In this end of the year podcast, I discuss the state of the podcast for 2018 and what’s ahead for 2019.

2018 was a good year. I made some format changes that I’m really happy with. I picked up some new audio equipment. I resolved my recording process (I think). I’m not a big statistics guy. I don’t really care if two people or 200 people listen. I’m just happy to have some really great conversations with people and contribute back to the community.

2018 Statistics

Here’s a really interesting graph of my RSS Subscribers.

2019-01-03 20_26_15-Window.png

No, I don’t have 40,000 listeners. Some of that is inflated by other podcast directories ripping my feed. What I look for is a steady increase in subscribers, which did happen by the end of the year. Albeit with a weird dip in November (broken feed, maybe).

This is from iTunes Connect (Beta).

2019-01-03 20_28_11-Window.png

I can’t do a yearly review of podcast stats. Instead here’s the peek month of October for my iTunes listening habits. Looking through all the months, I can make some inferences about my audience. The hacking/red team content is the most popular. With a 25-28% consumption rate, the conference podcasts are turned off by most people before the end.

What’s ahead for 2019

I’ve got a new recording setup that will hopefully make producing a podcast much easier. I’ve setup a Twitch channel for gaming and potentially recording EIS episodes on. Follow for notifications on when I go live. I’ll be trying my first EIS episode Monday, January 7, 2019, at 8:30 p.m. CT. I’ve also turned what was my attempt at a GamerSec Discord channel into the Exploring Information Security channel. Here you can interact with us while record (or on Twitch). Join other people interesting in the podcast. Game with other infosec professionals.

Thank you for being a listener of the podcast. I am refreshed from my month off and energized for what’s ahead in 2019.

What's happening at DerbyCon 2018 - Part 2

In this Hyatt recorded edition of the Exploring Information Security podcast, Micah Hoffman, Josh Huff, and Justin Nordine.

Micah (@WebBreacher), Josh (@baywolf88), and Justin (@jnordine) join me to go over a variety of topics at DerbyCon 2018. The Hyatt was kind enough to provide space near the bar (shout to the amazing Lauren).

In this episode we discuss:

  • Why other industries don’t use OSINT

  • Where to find your niche

  • What are some frustrations of mentorship

  • How apps are impacting our lives

What's happening at DerbyCon 2018 - Part 1

In this Hyatt recorded edition of the Exploring Information Security podcast, Micah Hoffman, Josh Huff, and Justin Nordine join me at DerbyCon 2018.

Micah (@WebBreacher), Josh (@baywolf88), and Justin (@jnordine) join me to go over a variety of topics at DerbyCon 2018. The Hyatt was kind enough to provide space near the bar (shout to the amazing Lauren).

In this episode we discuss:

  • What OSINT classes and projects everyone is working on

  • Why contributing is important

  • What value conferences like DerbyCon provide

  • Why hotels hate accountant conferences

What is advanced OSINT?

In this whiskey fueled edition of the Exploring Information Security podcast, Ryan MacDougall and Colin Hadnagy of Social Engineer join me to discuss advanced OSINT.

This past DerbyCon, I had the opportunity to take the Advanced OSINT with Ryan (@joemontmania) and Colin (@UnmaskedSE). The course was great! It was different from some of the other OSINT courses I’ve taken. They covered very specific techniques and tools. After presenting on those techniques and tools we were given the opportunity to dive in from a free-form standpoint.

If you’d like to take the training, signup for their April 23-24, 2019, training in Denver Colorado.

Also, you can catch Ryan at the First Pacific Hackers Conference, November 9-11, 2018.

In this episode we discuss:

  • What is advanced OSINT

  • What is the mindset needed for OSINT

  • What are some of the tools used for OSINT

  • How to phish an organizationa

When will passwords go away?

In this authenticated edition of the Exploring Information Security podcast, I talk about when passwords will finally die!

This is a solo episode. I had the idea after sitting in a vendor pitch today (and because I’m slacking on my editing) where one of the sales guy mentioned that passwords WILL die. I disagree. I think passwords have been around for a long time and will continue to be around. They’re easily replaceable and is stored in the most secure location. Unless there are mind readers, then we’re all just screwed anyway.

I would love some thoughts and feedback on this one.

What we can learn from unusual journeys into infosec - Part 2

In this expeditious edition of the Exploring Information Security podcast, Stuart Peck Director of Cyber Security Strategy at ZeroDayLab (@ZeroDayLab) joins me to discuss unusual journeys into infosec.

Stu (@cybersecstu) is a Co-Founder of The Many Hats Club, which is a massive Discord community and podcast. Earlier this year, Stu started sharing Unusual Journeys. I love this series because it highlights that there is no true path into infosec. He’s had 18 series so far and each story is fascinating.

In this episode we discuss:

  • Why failure is good

  • What sticks out from theses stories

  • What are some of the backgrounds people come from

What we can learn from unusual journeys into infosec - Part 1

In this expeditious edition of the Exploring Information Security podcast, Stuart Peck Director of Cyber Security Strategy at ZeroDayLab (@ZeroDayLab) joins me to discuss unusual journeys into infosec.

Stu (@cybersecstu) is a Co-Founder of The Many Hats Club, which is a massive Discord community and podcast. Earlier this year, Stu started sharing Unusual Journeys. I love this series because it highlights that there is no true path into infosec. He’s had 18 series so far and each story is fascinating.

In this episode we discuss:

  • What started Unusual Journeys

  • How Stu got into infosec

  • What we can learn from these stories

Why communication in infosec is important - Part 2

In this communicative episode of the Exploring Information Security podcast, Claire Tills joins me to discuss information security communication.

Claire (@ClaireTills) doesn’t have your typical roll in infosec. She sits between the security teams and marketing team. It’s a fascinating roll and something that gives her a lot of insight into multiple parts of the business. What works and what doesn’t work in communicating security to the different areas. Check her blog out.

In this episode we discuss:

  • How important is it for the company to take security seriously

  • How would someone get started improving communication?

  • Why we have a communication problem in infosec

  • Where should people start

More resources:

Why communication in infosec is important - Part 1

In this communicative episode of the Exploring Information Security podcast, Claire Tills joins me to discuss information security communication.

Claire (@ClaireTills) doesn’t have your typical roll in infosec. She sits between the security teams and marketing team at Tenable. It’s a fascinating roll and something that gives her a lot of insight into multiple parts of the business. What works and what doesn’t work in communicating security to the different areas. Check her blog out.

In this episode we discuss:

  • What Claire’s experience is with communication and infosec

  • What’s ahead for communication in infosec

  • Why do people do what they do?

  • What questions to ask

More resources:

A conversation with Justin Seitz

In this brand new edition of the Exploring Information Security podcast, I have a conversation with Justin Seitz (@jms_dot_py).

When I have guests hop on the podcast, I usually try to break the ice a little and get them warmed up for the episode. Often times these can turn into some really good conversation about the infosec field. I'd like to start capturing those conversation and release them (with the person's permission), because there are some really great insights.

I've released this episode early to the people on my newsletter (check below to get in on the fun). I wanted to get feedback and also give people who sign-up some bonus content, which is something I hope to do more.

In this episode we discuss:

  • My unique role working with other departments
  • Report writing and dealing with awful reports
  • Similarities between the developer boom and the security boom

Why container security is important - Part 2

In this shipped edition of the Exploring Information Security podcast, Wes Widner joins me to discuss container security.

Wes (@kai5263499) is not a security person. He is a developer. A developer that understands security and why it's important. He deals a lot with automation and working with container technology.

In this episode we discuss:

  • What are some of the other security considerations?7
  • Who should secure containers?

More Resources:

Why container security is important - Part 1

In this shipped edition of the Exploring Information Security podcast, Wes Widner joins me to discuss container security.

Wes (@kai5263499) is not a security person. He is a developer. A developer that understands security and why it's important. He deals a lot with automation and working with container technology.

In this episode we discuss:

  • What are containers?
  • What are the different kind of containers?
  • What is Wes' experience with containers?
  • What are the big security concerns?

More Resources:

What is Hunchly?

In this screenshot edition of the Exploring Information Security podcast, Justin Seitz joins me to discuss Hunchly.

Justin (@jms_dot_py) is the creator of Hunchly. I got to know Hunchly at SANS SEC487 OSINT training earlier this year. It's a fantastic tool that takes screenshot as the web is browsed. This is very useful for investigations involving OSINT. I'm also finding it useful for incident response, particularly for clicking on phishing pages. I sometimes forget to take screenshots as I'm investigating a phishing page. Having Hunchly means, I don't have to worry about taking screenshots. I then use the screenshots for reports and training. It's a really useful tool.

In this episode we discuss:

  • What is Hunchly?
  • How did Hunchly come about?
  • Who should use Hunchly?
  • What is the cost of Hunchly?

More resources:

How to make a Burp extension

In this crafting episode of the Exploring Information Security podcast, Paul Johnston Customer Champion at Portswigger joins me to discuss how to make a Burp extension.

Paul (@paulpaj) wrote a blog post on how to make a successful burp extension and get it published in the Burp Store. A lot of the recommendations in the article are from Paul's experience handling extension submissions for the Burp Store.

In this episode we discuss:

  • What is the process for extension approval?
  • What is Burp Suite?
  • How does someone make an extension?

How to handle CFP rejection(s)

In this refused episode of the Exploring Information Security podcast, Michael Kavka joins me to discuss how to handle call for presentation rejections.

Michael (@SiliconShecky) wrote a blog post on his site at the beginning of the year titled, It is CFP season... So what. In the article he hit on rejections and I thought it'd make for a great podcast topic. More recently, he wrote a blog post on the, Anatomy of a Rejected CFP. The article walks through his rejected CFP for DerbyCon.

In this episode we discuss:

  • What is Michael's experience in submitting CFPs
  • Why a CFP is rejected
  • What are the different types of cons?
  • How to handle a CFP rejection letter

More resources:

How to create a phishing email - Part 2

In this expedition edition of the Exploring Information Security podcast, Chris Maddalena a senior security consultant joins me to discuss how to create a phishing email.

Chris (@cmaddalena) joins me to discuss crafting a phishing email. This is something I've recently explored at work. Having little to no experience actually crafting a phish, I decided I'd go to someone who does this on a regular basis. Check out Chris' ODIN tool for automating intelligence gathering, asset discovery, and reporting.

In this episode we discuss:

  • What are the technical steps to creating a phish

  • What needs to be consider from a technical standpoint

  • What is GoPhish and GoReporter

  • How important is timing

Other resources: