From Black Hat to Bug Bounties [Pt. 2] with Thomas DeVoss
Hacker Valley Studio8 Syys 2022

From Black Hat to Bug Bounties [Pt. 2] with Thomas DeVoss

We’re joined again by the hacker’s hacker, Tommy DeVoss, aka dawgyg. Bug bounty hunter and reformed black hat, Tommy dives back into a great conversation with us about his journey in hacking and his advice to future red team offensive hackers. We cover everything we couldn’t get to from part 1 of our interview, including his struggles with burnout, his past hacking foreign countries on a bold quest to stop terrorism, and his future in Twitch streaming to teach you how to be a better bug bounty hunter.

Timecoded Guide:

[02:57] Fixating on hacking because of the endless possibilities and iterations to learn

[09:54] Giving advice to the next generation of hackers

[17:17] Contacting Tommy and keeping up with him on Twitter

[21:43] Planning a Twitch course to teach hackers about bug bounties using real bugs and real-world examples

[24:57] Hacking in the early 2000s and understanding the freedom Tommy has to talk about any and all illegal hacking he’s done now that he’s gone to prison

Sponsor Links:

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!

Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

PlexTrac is pleased to offer an exclusivecRed Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!

Do you ever struggle with burnout when it comes to hacking?

Hacking has maintained Tommy’s interest longer than anything else because of the constant changes in technology and the ever-evolving issues in the online world. However, just because hacking is his passion, doesn’t mean that burnout or frustration never happens. Currently, Tommy is taking more of a break with hacking, letting his current day job and his passion for gaming have a front seat. However, he’s still firmly in the industry, passionately developing learning opportunities for future hackers and answering questions from cyber professionals of all backgrounds.

“I do get burned out sometimes…When it comes to bug bounty hunting, I try and make it so it averages out to where I make at least $1,000 an hour for my effort. It doesn't always work. Sometimes I'm more, sometimes I'm less, but I try and get it so it averages out to about that.”

What hacking advice would you give the younger version of yourself?

Although his black hat ways resulted in prison time for Tommy, he doesn’t regret his past and instead seeks to teach others the lessons he’s learned. When we asked Tommy for advice for new hackers, he was clear that success is a longer journey than people assume it is. Tommy’s success was not a fluke, it took years of hands-on learning and patience with failures in order to develop his bug bounty skills. Nothing is actually automatic or easy with hacking, especially as the technology continues to change and evolve. Tommy wants hackers to take every opportunity to try out their skills, even if it's a complete failure.

“Don't expect success overnight. Also, don't let failure discourage you. When it comes to hacking, you're going to fail significantly more than you're going to succeed. And the people that are successful in bug bounties are the ones that don't let those failures discourage them.”

What do you think about the “media obsessed” stereotype many people have about black hat hackers?

Wrapping up today, Tommy tells us that he’d be happy to be back in the Hacker Valley Studio again some time. Although the stereotype of a black hat hacker wanting attention from the media is disproven, Tommy believes that he definitely has craved that media attention for a large majority of his hacking career. Starting in the early 2000s, after 9/11, Tommy had one of his first brushes with fame in an interview with CNN about hacking Middle Eastern companies. Although his hacking and his politics have changed since then, Tommy enjoys having in-depth conversations about hacking and explaining the intricacies of what he does.

“We loved the attention back then, and I still love the attention now, it's nice. The good thing about now is, because I already got in trouble for everything that I've done, I've done my prison time, I don't have anything that I did illegally on the computer anymore that I can't talk about, because I've already paid my debt to society.”

What are the best ways for people to keep up with what you’re doing?

Considering Tommy’s success, it’s understandable that a lot of cyber professionals and amateurs have tons of questions for him. When it comes to getting in contact with Tommy, he recommends tweeting him on Twitter publicly so that he can not only answer your question, but help others with the exact same questions. Education is key, and Tommy is so dedicated to teaching other hackers that he’s currently developing a recurring Twitch stream centered around helping others learn about bug bounty hunting.

“I don't know how successful we're going to be in finding the bugs, but I think it'll be fun to teach people [on Twitch] and do it that way, so that they can actually spend some time learning it. The best way to actually learn this stuff is to actually try and do the hacking.”

-----------

Links:

Stay in touch with Thomas DeVoss on LinkedIn and Twitter.

Check out the Bug Bounty Hunter website.

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn

Catch up with Chris Cochran on Twitter and LinkedIn

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Jaksot(406)

Cyber Defense Reinvented: The New Era of Attack Surface Management with Isaac Clayton

Cyber Defense Reinvented: The New Era of Attack Surface Management with Isaac Clayton

In this episode, Host Ron Eddings talks with guest Isaac Clayton, Senior Research Engineer at NetSPI. Ron and Isaac discuss the importance of ASM for organizations of all sizes, the challenges of asset identification, and framing a practical strategy to handle ASM.   Impactful Moments: 00:00 - Welcome 03:00 - Introducing guest, Isaac Clayton 04:25 - Understanding ASM 07:57 - Factoring in Attackers 10:47 - “Admit it’s a hard problem” 12:35 - Challenges & Surprises 15:03 - From our Sponsor, NetSPI 15:41 - The Right Medicine, The Right Dosage 19:04 - Zero Trust is Not Enough 20:37 - Prioritization— Baked In! 21:33 - The ASM Learning Curve 26:12 - “Not all ASM is Created Equal”   Links: Connect with our guest, Isaac Clayton : https://www.linkedin.com/in/isaac-clayton-24088696/ Check out NetSPI: asm.netspi.com Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

16 Tammi 202432min

Cyber Resilience Unpacked: Securing Tomorrow Today with Bill Bernard

Cyber Resilience Unpacked: Securing Tomorrow Today with Bill Bernard

In this episode, Host Ron Eddings dives deep into crafting a resilient cybersecurity approach with guest speaker Bill Bernard, VP of Security Strategy at Deepwatch. Bill discusses the necessity of understanding business objectives to protect valuable assets but emphasizes focusing on risk-based strategies in addition to stronger detection and response mechanisms to help you play the long game.   Impactful Moments 00:00 - Welcome 01:43 - Introducing guest, Bill Bernard 04:22 - Understanding Emerging Threats 06:19 - What’s Old is New Again 08:48 - Buy a Helmet, Not a Bodysuit 11:57 - Defining Cyber Resilience 15:30 - Deepwatch’s Strategy for Resilience 18:31 - From our Sponsor 20:03 - MDR and Effective MDR Engagements 27:18 - Where Does AI Fit In With MDR? 32:57 - Staying One Step More Resilient 35:05 - Deepwatch- The Right Fit for You   Links: Connect with our guest, Bill Bernard : https://www.linkedin.com/in/billbernardchicago/ Take a Tour of the Deepwatch Managed Security Platform https://www.deepwatch.com/deepwatch-platform/#platform-tour Read the Move Beyond Detection and Response to Accelerate Cyber Resilience white paper, here: https://www.deepwatch.com/resource/go-beyond-cybersecurity-become-cyber-resilient/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

9 Tammi 202437min

Looking Backward to GROW Forward in Cybersecurity in 2024

Looking Backward to GROW Forward in Cybersecurity in 2024

In this episode, we’ll take a walk down memory lane. Hacker Valley looks back to 2023 to bring you some of the best clips with great advice and insight into being more creative, reflective, and resourceful with the hopes of inspiring you in 2024 to grow beyond where you are today. Impactful Moments 00:00 - Welcome 00:54 - A New Year is on the Way! 01:54 - ChatGPT and Cybersecurity 04:40 - Becoming an Industry Creative 07:47 - Leveraging AI in the Future with Storytelling - with Scott Sunderland 09:12 - Advice for your Content Creation Journey - with Jason Rebholz 11:15 - How to Start your Cybersecurity Book - with Kim Crawley 14:13 - Join our Mastermind 14:50 - The Right Platform for You - with Phillip Wylie 17:08 - Finding your Focus - with Simone Biles & Amy Bream 20:41 - Leveraging Human Resources in Cyber   Links: Check out the episodes highlighted: ChatGPT & Industry Creative-https://www.youtube.com/watch?v=-u6m0SXFTmA Scott Sunderland-https://www.youtube.com/watch?v=5pwTruINFiM Jason Rebholz-https://www.youtube.com/watch?v=Ao81IRnffc8 Kim Crawley-https://www.youtube.com/watch?v=rKny7kVeRM0 Phillip Wylie-https://www.youtube.com/watch?v=z5B1E2vp0DY Simone Biles & Amy Bream-https://www.youtube.com/watch?v=DiebZS9s7sg Cyber Resources-https://www.youtube.com/watch?v=UoTk3w_78co Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

2 Tammi 202423min

What’s Lurking In Your Containers? AMBERSQUID Operations, Freejacking, and Microservice Exploitation

What’s Lurking In Your Containers? AMBERSQUID Operations, Freejacking, and Microservice Exploitation

In this episode, Host Ron Eddings, discusses new tactics of adversaries with Director of Threat Research at Sysdig, Michael Clark. Michael digs into the cloud and shares trends about the AMBERSQUID operation and how to protect yourself from potential container-based threats.   Impactful Moments 00:00 - Welcome 01:20 - Introducing guest Michael Clark 03:09 - Finding AMBERSQUID 06:46 - Mining and Monitoring AWS Services 10:47 - Defending Against AMBERSQUID 14:03 - The Speed of Container-Based Threats 18:13 - The Costs of Freejacking 23:08 - Attribution & The Future Threat 26:30 - CIEMs Like You Have Secrets   Links: Connect with Michael Clark: https://www.linkedin.com/in/michaelclarkinpa/ Check out Sysdig’s Threat Research: https://sysdig.com/threat-research/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

19 Joulu 202323min

Pivotal Policy in the Age of AI with AJ Grotto

Pivotal Policy in the Age of AI with AJ Grotto

In this episode, Host Chris Cochran chats it up with former White House Senior Director for Cyber Policy, AJ Grotto. AJ shares his viewpoints about the current state of AI policies, the potential risks and benefits of AI technology, and the challenges in crafting effective policies in the field of cybersecurity. Impactful Moments 00:00 - Welcome 00:45 - Introducing guest, AJ Grotto 01:14 - Are Cyber and AI Separate? 03:37 - US Cyber Policy 08:06 - The Reality of AI Risk 11:20 - From Law to Cyber Policy 14:47 - Join our Mastermind! 15:36 - Policy Implementations 18:55 - Cyber Warfare and AI 22:13 - Advice for Getting into Cyber Policy   Links: Connect with AJ: https://www.linkedin.com/in/andrew-grotto-2534b510a/ More about AJ and his current work: https://fsi.stanford.edu/people/andrew-j-grotto Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

12 Joulu 202324min

Ransomware: How to Use AI to Create a Readiness Kit with Scott Sutherland

Ransomware: How to Use AI to Create a Readiness Kit with Scott Sutherland

The adversary is using Artificial Intelligence. Why aren’t you? In this episode, Host Chris Cochran talks with Scott Sutherland, VP of Research at NetSPI, about everyone’s favorite hot topics; ransomware and AI. Scott will detail his experience with simulating ransomware attack scenarios, as well as discussing the difficulties businesses face when dealing with ransomware threats and prevention mechanisms and how AI can be leveraged to help. Impactful Moments 00:00 - Welcome 01:10 - Introducing guest, Scott Sunderland 03:24 - Interactions with Generative AI Chatbots 04:14 - Use of AI and Readiness 15:16 - A word from our Sponsor, NetSPI 15:55 - Using AI to develop Exercises 20:46 - Collaboration beats Adversaries 25:08 - Ransomware Bots 26:15 - Role of AI in Storytelling Continuously keep pace with your expanding attack surface with the most comprehensive suite of offensive security solutions: https://www.netspi.com/hackervalley Links: Connect with Scott Sutherland: https://www.linkedin.com/in/scottpsutherland/ Learn more about our sponsor, NetSPI: https://www.netspi.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

5 Joulu 202328min

Cover Your SaaS: Navigating OAuth and SaaS Security Challenges

Cover Your SaaS: Navigating OAuth and SaaS Security Challenges

SaaS misconfigurations may be responsible for up to 63% of security incidents. Do your SaaS applications have risky OAuth grants and misconfigurations? Let’s not find out. We will unravel the complexities of OAuth and how attackers are using OAuth to move from one app to another. Our special guest Jaime Blasco, co-founder and CTO at Nudge Security, shares techniques to protect your SaaS apps and identify risky and malicious OAuth grants. Are you ready to cover your SaaS and avoid finding yourself in the hot seat?    Show some love to our sponsor Nudge Security and win a Steam Deck: https://www.nudgesecurity.com/steamdeck   Links: Connect with Jamie Blasco: https://www.linkedin.com/in/jaimeblasco/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

28 Marras 202345min

Standing Out On LinkedIn as a Cybersecurity Professional with Chris Hughes

Standing Out On LinkedIn as a Cybersecurity Professional with Chris Hughes

In this episode, host Ron Eddings speaks with Chris Hughes, President at Aquia, Cyber Innovation Fellow at CISA, and cybersecurity legend. Special guest, Chris Hughes, was initially inspired to build a personal brand through a desire to mend his weaknesses and highlight his strengths. However, LinkedIn offered a platform to display his growth and learning, leading to him amassing over 50,000 followers! In addition to sharing his story, Chris will emphasize tips on how to start your own personal brand.   Key Moments: 00:00 -Welcome 00:56 - Introducing Guest, Chris Hughes 01:59 - Finding His Way to Cyber 03:20 - Brand Building on LinkedIn 05:19 - Power of Networking and Personal Branding 11:32 - Be a Part of Cyber Creator Con! 14:31 - The Impact of LinkedIn on Career Opportunities 16:48 - The Art of Content Creation on LinkedIn 20:16 - Cashing in on Career Capital 22:05 - Advice for Building a Personal Brand   Links: Follow Chris on LinkedIn: https://www.linkedin.com/in/resilientcyber/ Check out Chris’ Podcast: https://resilientcyber.substack.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

21 Marras 202323min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
jari-sarasvuo-podcast
aloita-meditaatio
rss-duodecim-lehti
rss-psykalab
psykologia
rss-vapaudu-voimaasi
rss-niinku-asia-on
ihminen-tavattavissa-tommy-hellsten-instituutti
rss-narsisti
adhd-podi
rss-liian-kuuma-peruna
uskonnon-pitka-oppimaara
aamukahvilla
kesken
rss-valo-minussa-2
rss-monarch-talk-with-alexandra-alexis
rss-anteeks-etukateen