From Black Hat to Bug Bounties [Pt. 2] with Thomas DeVoss
Hacker Valley Studio8 Syys 2022

From Black Hat to Bug Bounties [Pt. 2] with Thomas DeVoss

We’re joined again by the hacker’s hacker, Tommy DeVoss, aka dawgyg. Bug bounty hunter and reformed black hat, Tommy dives back into a great conversation with us about his journey in hacking and his advice to future red team offensive hackers. We cover everything we couldn’t get to from part 1 of our interview, including his struggles with burnout, his past hacking foreign countries on a bold quest to stop terrorism, and his future in Twitch streaming to teach you how to be a better bug bounty hunter.

Timecoded Guide:

[02:57] Fixating on hacking because of the endless possibilities and iterations to learn

[09:54] Giving advice to the next generation of hackers

[17:17] Contacting Tommy and keeping up with him on Twitter

[21:43] Planning a Twitch course to teach hackers about bug bounties using real bugs and real-world examples

[24:57] Hacking in the early 2000s and understanding the freedom Tommy has to talk about any and all illegal hacking he’s done now that he’s gone to prison

Sponsor Links:

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!

Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

PlexTrac is pleased to offer an exclusivecRed Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!

Do you ever struggle with burnout when it comes to hacking?

Hacking has maintained Tommy’s interest longer than anything else because of the constant changes in technology and the ever-evolving issues in the online world. However, just because hacking is his passion, doesn’t mean that burnout or frustration never happens. Currently, Tommy is taking more of a break with hacking, letting his current day job and his passion for gaming have a front seat. However, he’s still firmly in the industry, passionately developing learning opportunities for future hackers and answering questions from cyber professionals of all backgrounds.

“I do get burned out sometimes…When it comes to bug bounty hunting, I try and make it so it averages out to where I make at least $1,000 an hour for my effort. It doesn't always work. Sometimes I'm more, sometimes I'm less, but I try and get it so it averages out to about that.”

What hacking advice would you give the younger version of yourself?

Although his black hat ways resulted in prison time for Tommy, he doesn’t regret his past and instead seeks to teach others the lessons he’s learned. When we asked Tommy for advice for new hackers, he was clear that success is a longer journey than people assume it is. Tommy’s success was not a fluke, it took years of hands-on learning and patience with failures in order to develop his bug bounty skills. Nothing is actually automatic or easy with hacking, especially as the technology continues to change and evolve. Tommy wants hackers to take every opportunity to try out their skills, even if it's a complete failure.

“Don't expect success overnight. Also, don't let failure discourage you. When it comes to hacking, you're going to fail significantly more than you're going to succeed. And the people that are successful in bug bounties are the ones that don't let those failures discourage them.”

What do you think about the “media obsessed” stereotype many people have about black hat hackers?

Wrapping up today, Tommy tells us that he’d be happy to be back in the Hacker Valley Studio again some time. Although the stereotype of a black hat hacker wanting attention from the media is disproven, Tommy believes that he definitely has craved that media attention for a large majority of his hacking career. Starting in the early 2000s, after 9/11, Tommy had one of his first brushes with fame in an interview with CNN about hacking Middle Eastern companies. Although his hacking and his politics have changed since then, Tommy enjoys having in-depth conversations about hacking and explaining the intricacies of what he does.

“We loved the attention back then, and I still love the attention now, it's nice. The good thing about now is, because I already got in trouble for everything that I've done, I've done my prison time, I don't have anything that I did illegally on the computer anymore that I can't talk about, because I've already paid my debt to society.”

What are the best ways for people to keep up with what you’re doing?

Considering Tommy’s success, it’s understandable that a lot of cyber professionals and amateurs have tons of questions for him. When it comes to getting in contact with Tommy, he recommends tweeting him on Twitter publicly so that he can not only answer your question, but help others with the exact same questions. Education is key, and Tommy is so dedicated to teaching other hackers that he’s currently developing a recurring Twitch stream centered around helping others learn about bug bounty hunting.

“I don't know how successful we're going to be in finding the bugs, but I think it'll be fun to teach people [on Twitch] and do it that way, so that they can actually spend some time learning it. The best way to actually learn this stuff is to actually try and do the hacking.”

-----------

Links:

Stay in touch with Thomas DeVoss on LinkedIn and Twitter.

Check out the Bug Bounty Hunter website.

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn

Catch up with Chris Cochran on Twitter and LinkedIn

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Jaksot(404)

Think Like a Hacker, Solve Like a Leader featuring Ted Harrington

Think Like a Hacker, Solve Like a Leader featuring Ted Harrington

What if the key to innovation is breaking the rules? Ted Harrington, Executive Partner at Independent Security Evaluators and a pioneering ethical hacker, explores the power of commitment, curiosity, creativity, and nonconformity to rethink cybersecurity and life itself. From hacking the first iPhone to disrupting misconceptions about security testing, Ted shows why the hacker mindset matters more now than ever. Join Ron and Ted as they discuss strategies for using the hacker mindset to solve problems, address risks like AI-driven deepfakes, and uncover unconventional opportunities in both business and personal growth.   Impactful Moments: 00:00 - Intro 03:15 - The four traits of a hacker mindset 07:40 - Hacking the first iPhone and Tesla 11:50 - Why penetration testing is misunderstood 16:30 - Risks and realities of AI deepfakes 21:20 - Applying hacker traits to entrepreneurship 28:45 - Ted’s upcoming book: Inner Hacker 33:00 - Why mindset matters most   Links: Connect with our guest, Ted Harrington: https://www.linkedin.com/in/securityted/ Order Ted Harrington’s book “Hackable” here: https://www.amazon.com/Hackable-How-Application-Security-Right-ebook/dp/B08MFTQ7Q4 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

17 Joulu 202441min

Hacking Trust with AI and Deepfakes featuring Iain Jackson

Hacking Trust with AI and Deepfakes featuring Iain Jackson

What happens when cutting-edge AI meets the art of deception? In this episode, Iain Jackson, Academy Hive Leader at CovertSwarm, takes us through the uncanny potential and risks of synthetic voices and AI in cybersecurity.  Together, Ron and Iain discuss how adversaries are using AI to bypass human intuition. From synthetic voice calls to automating phishing attacks at scale, this episode explores how hackers leverage technology using these tactics and what you can do to stay one step ahead.    Impactful Moments: 00:00 - Introduction 01:56 - Iain shares his journey with AI 03:29 - Demonstrating voice cloning in real-time 06:31 - Risks of automated synthetic voice attacks 09:46 - Impact of AI on social engineering tactics 11:00 - Importance of "vibe checks" in cybersecurity 15:17 - Real-world phishing and HR scam example 20:00 - Uncanny Valley: Defense against AI deception 23:37 - The future of AI in adversary emulation   Links: Connect with our guest, Iain Jackson: https://www.linkedin.com/in/iain-j-98578a238/ Learn more about CovertSwarm here: https://covertswarm.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

12 Joulu 202425min

Championing the Human in Cybersecurity with Julie Haney

Championing the Human in Cybersecurity with Julie Haney

What happens when cybersecurity puts people first? Julie Haney, Human-Centered Cybersecurity Program Lead at NIST, shares how designing security with humans at the center leads to greater adoption, reduced frustration, and stronger protection. In this episode, Julie discusses how to improve user adoption by simplifying complex security processes, why empathy is a game-changer for effective security, and strategies for empowering people to feel confident and secure online. This conversation will inspire you to rethink how we protect people in the digital age and shares a fresh perspective on making cybersecurity work for all. Impactful Moments: 00:00 - Introduction 07:15 - Breaking down barriers in user design 15:40 - Why empathy matters in cybersecurity solutions 21:05 - Challenges in bridging tech and humanity 28:30 - Designing systems with people, not just for them 35:10 - Practical steps to empower users in security 42:45 - Final reflections on human-centered innovation   Links: Connect with our guest, Julie Haney here: https://www.linkedin.com/in/julie-haney-037449119 Check out NIST’s Online Community of Interest here: https://csrc.nist.gov/Projects/human-centered-cybersecurity/hcc-coi Learn more about Human-Centered Cybersecurity on NIST’s website here: https://csrc.nist.gov/projects/human-centered-cybersecurity   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

3 Joulu 20242min

Do You Deserve To Be Hacked? Featuring Ilan Fehler and Dahvid Schloss

Do You Deserve To Be Hacked? Featuring Ilan Fehler and Dahvid Schloss

Do you deserve to be hacked? With that bold tagline, CovertSwarm is pushing leaders to rethink how they test and defend their systems, and in this episode, they’re sharing firsthand how organizations can prepare for adversaries in the wild. Recorded at Black Hat 2024, Ron is joined by Ilan Fehler, US Sales Lead at CovertSwarm, and Dahvid Schloss, Hive Leader at CovertSwarm to explore the world of adversary emulation. From physical breaches to API exploits, this conversation covers the human, digital, and physical elements of cybersecurity. Impactful Moments: 00:00 - Introduction 01:25 - You Deserve To Be Hacked 03:05 - Emulating criminal behavior: The hive structure 07:55 - Social engineering tactics that really work 20:16 - Physical breaches: Pentesting in action 24:09 - Past the firewall: Second- and third-layer testing 29:14 - Digital exploits and real-world vulnerabilities 35:24 - Why organizations hesitate to invest in red teams 37:33 - Building muscle memory for security   Links: Connect with our guests, Ilan Fehler https://www.linkedin.com/in/fehler/ and Dahvid Schloss https://www.linkedin.com/in/dahvidschloss/ Learn more about CovertSwarm here: https://covertswarm.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

26 Marras 202440min

Transforming SOC Operations with AI featuring Roy Halevi

Transforming SOC Operations with AI featuring Roy Halevi

Cybersecurity is evolving fast, and AI is at the center. Roy Halevi, Co-Founder and CTO of Intezer, explains how AI automates SOC operations, improving speed and accuracy while freeing up teams to focus on critical threats. In this conversation with host Ron Eddings, Roy explains how AI automates critical tasks like alert investigation and response, reducing noise and improving accuracy. Roy shares insights on overcoming challenges in adopting AI, the future of SOC roles, and how organizations can optimize their defenses using AI driven tools.   Impactful Moments 00:00 – Intro and the AI revolution in cybersecurity 01:16 – Meet Roy Halevi, Co-Founder and CTO of Intezer 03:00 – The story behind the name ‘Intezer’ 06:14 – Key challenges facing today’s SOC teams 15:04 – Top use cases for AI in the SOC 21:27 – How Intezer automates alert triage and response 37:32 – Future predictions for SOC and cybersecurity roles 48:23 – Closing thoughts and call to action   Links: Connect with our guest, Roy Halevi: https://www.linkedin.com/in/royhalevi Learn more about Intezer here: https://intezer.com   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

20 Marras 202449min

From Shadow IT to Full Asset Visibility with Wes Wright

From Shadow IT to Full Asset Visibility with Wes Wright

Can you truly protect what you can't see? Wes Wright, Chief Healthcare Officer at Ordr, joins Ron to share how organizations can shine a light on their network and asset blind spots and take control of their digital assets. In this episode, Ron and Wes discuss the importance of asset visibility in cybersecurity, outlining the potential of CAASM (Cyber Asset and Attack Surface Management) and how it empowers teams to expose hidden vulnerabilities, streamline operations, and stay ahead of security threats, vulnerabilities, and exposures.   Impactful Moments: 00:00 - Introduction 01:35 - Asset visibility and blind spots 03:47 - What keeps CTOs and CISOs up at night 08:45 - Bridging IT and OT: CAASM explained 12:10 - Real-world use cases for CAASM 18:37 - The power of automated asset management 25:00 - Why continuous inventory is a game-changer 35:59 - Wes’s advice for getting started with Ordr Links: Connect with our guest, Wes Wright: https://www.linkedin.com/in/4kidwes/ Learn more about Ordr here: https://ordr.net/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

12 Marras 202437min

Building Opportunities for Women and Minorities in Cybersecurity with Connie Matthews

Building Opportunities for Women and Minorities in Cybersecurity with Connie Matthews

How do you create waves of change in an industry? Connie Matthews, Founder and CEO of ReynCon, speaks with Ron about the power of resilience, mentorship, and taking that first bold step in cybersecurity. In this powerful episode, Connie shares her path as a pioneering woman in cybersecurity. Discussing diversity, mentorship, and her nonprofit EmpoW-ER, Connie’s shared lessons and insights on resilience and community give listeners a blueprint for making a meaningful impact in their careers.   Impactful Moments: 00:00 – Introduction 04:27 – Mentorship impact: Building future leaders 10:14 – Embracing diversity and servant leadership 18:03 – Founding EmpoW-ER: Supporting women in cyber 24:13 – Navigating stereotypes and staying resilient 30:00 – Recognizing and celebrating young talent 36:45 – Building an inclusive cybersecurity community   Links: Connect with our guest, Connie Matthews: https://www.linkedin.com/in/conniematthews/ Learn more about EmpoW-ER: https://www.empower-infosec.org/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

6 Marras 202441min

Rethinking Cybersecurity Hiring with Naomi Buckwalter

Rethinking Cybersecurity Hiring with Naomi Buckwalter

Is cybersecurity gatekeeping holding back the industry? Naomi Buckwalter, Senior Director of Product Security at Contrast Security and Founder of the Cybersecurity Gatebreakers Foundation, argues that fresh talent and open doors are crucial for industry growth. In this episode, Naomi challenges why industry hiring norms fall short, shares candid stories of her own missteps, and explains why humility and learning are just as important as technical skills in cybersecurity.   Impactful Moments: 00:00 – Introduction 03:15 – Building a genuine presence on LinkedIn 07:40 – Founding the Cybersecurity Gatebreakers Foundation 12:00 – Why hiring juniors is a win for cybersecurity 17:58 – Relationship building in cybersecurity 25:27 – Lessons from layoffs and overcoming failure 35:45 – Setting goals and attracting opportunities Links: Connect with our guest, Naomi Buckwalter: https://www.linkedin.com/in/naomi-buckwalter/ Learn more about the Cybersecurity Gatebreakers Foundation: https://www.cybersecuritygatebreakers.org/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

29 Loka 202443min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
rss-liian-kuuma-peruna
aamukahvilla
jari-sarasvuo-podcast
rss-finnish-with-eemeli-podcast
adhd-podi
rss-uskonto-on-tylsaa
rss-tule-tule-hyva-ero
rss-niinku-asia-on
psykologia
ihminen-tavattavissa-tommy-hellsten-instituutti
rss-laadukasta-ensihoitoa
rss-luonnollinen-synnytys-podcast
rss-narsisti
rss-vapaudu-voimaasi
rss-keskeneraiset-aidit
rss-valo-minussa-2
rss-koira-haudattuna