Keeping It Open Source with Metasploit’s HD Moore
Hacker Valley Studio15 Syys 2022

Keeping It Open Source with Metasploit’s HD Moore

This season of Hacker Valley Red wraps up with another interview of an incredible offensive cybersecurity legend. Known first and foremost for his work founding Metasploit and his recent work co-founding Rumble, HD Moore joins the show this week to hear about his journey from spiteful hacker to successful founder. HD walks through the history of Metasploit, the motivation behind their coding decisions, his opinions on open source software, and the excitement of exploration and discovery.

Timecoded Guide:

[04:57] Catching up with HD’s career from his hacking exploits in the ‘90s through his founding of Metasploit to his recent activities with Rumble

[11:41] Getting personal with the feelings and takeaways from a project as successful and impactful on the cyber industry as Metasploit

[18:52] Explaining HD’s personal philosophies around accessible education and the risk of sharing vulnerable information publicly

[25:39] Diving deep into the technical stories of HD’s path of discovery and exploration during his time at Metasploit

[31:14] Giving advice for future founders and hackers looking to make a legendary impact on the cybersecurity community

Sponsor Links:

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!

Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!

What were some of the trials, tribulations, and successes of Metasploit?

Although Metasploit has had a lasting impact on the cyber world, HD Moore is not afraid to admit that part of Metasploit existed out of spite for critics, employers, and gatekeepers in the cybersecurity industry. In terms of trials and tribulations, HD saw a great deal of criticism come from his peers and from professionals ahead of him in the industry, often displaying rudeness towards the quality of the exploits and Metasploit’s audience of young hackers. Later, HD says that a surprising and amusing side effect of his success with the project was watching employers and peers go from criticizing to lifting up his work with Metasploit and attributing success of many hacking professionals to its creation.

“When we started the Metasploit project, we really wanted to open up to everybody. We wanted to make sure that, even if you barely knew how to program, you can still contribute something to Metasploit. So, we did our best to make it really easy for folks to get in touch with us, to submit code.”

Where does your philosophy land today on giving information freely?

HD has heard the same opinions many professionals that teach and give information freely have heard: “You’re making it easier for people to use this information the wrong way.” Instead of considering the worst possible outcomes of making hacking accessible, HD chooses to acknowledge the importance of accessible education and publicly provided information. According to HD, if someone is creating and teaching content to the next generation of red teamers, that content is theirs to use. Whether they’re a physical pen tester teaching lock picking or a hacker disclosing a vulnerability, what they choose to share with others has to be based on personal moral code and what others do with that information is up to them.

“It comes down to: You do the work, you own the result. If you're teaching people how to do stuff, great, they can do what they want. You can decide to do that, you can decide not to do that, but it's your decision to spend your time training people or not training them.”

Is it possible to be a CEO, or a co-founder, and stay technical?

The downside of success in the cybersecurity industry is often stereotyped as losing the opportunity to be a hands-on hacker. However, for HD, his success has allowed him to do the exact opposite and instead prioritize his time to be technical. HD believes strongly in the ability to make this happen through proper delegation of duties, incorporating new leaders and managers in your company or project, and acknowledging when you may need the help to bring what you’re working on to the next level. HD is proud of his success with Metasploit and Rumble, and is happy that he was able to hand off certain duties to other professionals that he knew would do better if they had a chance in the founder’s shoes.

“Don't let the growth of your company change what you enjoy about your work. That's really the big thing there, and there's lots of ways you can get there. You can hire folks to help out, you can promote your co-founder to CEO. You can bring on program managers or project managers to help with all the day to day stuff."

What advice do you have for people looking to follow a similar cyber career path?

Content is the name of the game, especially when you’re looking to get more eyes on what you do. HD is the first to admit that putting himself out there in a blog post, on a podcast, or at a stage show is not always a walk in the park, taking him out of his comfort zone and often away from the tech that he spends his time on. However, publicly displaying himself and his work has brought attention to Rumble and Metasploit, and HD knows he would not have achieved this level of success without putting his content out into the world, hearing feedback from his peers, and even receiving his fair share of criticism from industry professionals.

“Not all of it is the most fun thing to do all the time, but it is crucially important, not just for growing yourself and getting out there and getting feedback from your peers, but for learning because you learn so much from the feedback you get from that effort.”

-----------

Links:

Stay in touch with HD Moore on LinkedIn, Twitter, and his website.

Learn more about Rumble, Inc on LinkedIn and the Rumble website.

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn

Catch up with Chris Cochran on Twitter and LinkedIn

Continue the conversation by joining our Discord

Jaksot(405)

Building Fast and Not Breaking Things with Shlomi Matichin

Building Fast and Not Breaking Things with Shlomi Matichin

In this episode, Ron Eddings and guest Shlomi Matichin, Co-Founder & CTO at Valence Security, discuss how the hurdles and triumphs in the journey of establishing Valence Security resulted in a reduction in SaaS misconfigurations and vulnerabilities. Impactful Moments: 0:00 - Welcome 01:50 - Introducing guest, Shlomi Matichin 02:46 - Founder’s Journey 04:30 - Building Fast 07:37 - Building Fast vs Building Intentionally 08:13 - From Our Sponsor, Valence Security 09:18 - How SaaS Breaches Occur 13:38 - Google Workspace Security 19:55 - The Uninstall Journey 25:00 - What Worries You? 27:48 - Building SaaS Fast 31:08 - One Step Better   Links: Connect with our guest, Shlomi Matichin: https://www.linkedin.com/in/shlomi-matichin/ Check out Valence Security: valencesecurity.com Check out our upcoming events: hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

7 Touko 202432min

Leaping Over the ‘BAR’ to Leading Cyber in Africa with Confidence Staveley

Leaping Over the ‘BAR’ to Leading Cyber in Africa with Confidence Staveley

In this episode, Host Ron Eddings gets to know guest Confidence Staveley, founder of Merkel Fence and CyberSafe Foundation. He uncovers Confidence’s inspiring story, not only about how she transforms her community and the people around her through her non-profit, but the grit she needed to overcome the obstacles to get to a career in cyber and build her own company. In addition to learning about the potential of Africa as a booming tech talent hub, you’ll better understand what it takes to foster that growth in the tech industry. Impactful Moments: 00:00 - Welcome 00:44 - Introducing guest, Confidence Staveley 04:03 - Learning About Computers 06:46 - Women in Cyber & Access to Tech Careers 12:30 - Pushing Forward & Inspiring Others 15:05 - Solving the Cyber Problem 19:11 - Time Commitment to Get a Job in Cyber 24:45 - How CyberSafe Works 29:29 - Building a SOC in Africa 32:29 - One Step Better…   Links: Connect with our guest, Confidence Staveley: https://www.linkedin.com/in/confidencestaveley/ Check out the CyberSafe Foundation: https://cybersafefoundation.org/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

30 Huhti 202435min

How to Hack your Career: Building a vCISO Business with Ayman Elsawah

How to Hack your Career: Building a vCISO Business with Ayman Elsawah

In this episode, Ron Eddings gets a chance to speak with Ayman Elsawah, Founder of Cloud Security Labs, and have him share his experience with becoming a vCISO. Ayman will break down the vast business of security consulting and help you determine the best approach and next steps to catalyze you on your way to owning your time and your own business. Impactful Moments: 00:00 - Welcome 01:14 - Introducing guest, Ayman Elsawah 07:08 - Types of vCISOs 09:55 - How to Become a vCISO 13:40 - Join Our Mastermind! 14:24 - Is vCISO Right for You? 17:22 - Marketing as A vCISO 22:33 - Anticipated vCISO Salary 26:15 - vCISO Time Commitment   Links: Connect with Ayman: https://www.linkedin.com/in/infosecleader/ Twitter & YouTube: @coffeewithayman Check out Ayman’s vCISO Course: coffeewithayman.com/hackervalley —------------------------------------------------------------------------- Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

23 Huhti 202431min

Hyperautomation, Open Security Data Architecture, and the Future of SIEM with Neal Humphrey

Hyperautomation, Open Security Data Architecture, and the Future of SIEM with Neal Humphrey

Ron Eddings and Neal Humphrey, Vice President of Market Strategy at Deepwatch, discuss the changes in Security Operations infrastructure, and how these changes in structure, data, and automation are going to impact operations in the near future. Their discussion will revolve around more than just SIEM, alerts, and responses; it will go into market changes, vendor movement, and how the future of SOC is demanding a shift in mindset and strategy beyond "Let a machine handle it..." Impactful Moments: 00:00 - Welcome 01:05 - Introducing guest, Neal Humphrey 03:09 - Looking Back at SecOps 06:11 - Modern SOC Wall 11:49 - Hyperautomation; the Future of SOAR? 15:02 - Hyperautomation & Normalization 17:29 - From our Sponsor, Deepwatch 19:18 - OSDA & Deepwatch 25:32 - Hyperautomaiton or OSDA 1st 30:25 - Can I Show The Value of A Tool? 34:30 - Who is OSDA White Paper for? 36:43 - One Step Better…   Links: Connect with our guest, Neal Humphrey: https://www.linkedin.com/in/neal-humphrey-b909773/ Check out the White paper by Deepwatch: https://www.deepwatch.com/the-security-operations-center-cannot-hold/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

16 Huhti 202440min

Securing Your SaaS and Cyber Influencer Networking with CRO Bob Horn

Securing Your SaaS and Cyber Influencer Networking with CRO Bob Horn

Ron Eddings sits down with Bob Horn, Chief Revenue Officer at Valence Security. Their conversation centers around the world of SaaS security, examining the current landscape and challenges in managing SaaS risks. Bob also shares experiences from his 25-year career in sales, focusing on the importance of storytelling in sales and innovative approaches of marketing through leveraging cybersecurity influencers. Impactful Moments: 00:00 - Welcome 00:44 - Introducing guest, Bob Horn 03:36 - Sales & Storytelling in Cybersecurity 07:13 - Current State of SaaS 09:28 - From our Sponsor, Valence Security 10:29 - More SaaS, More Problems 13:52 - Great Security Improves Your Team 17:01 - Consequence of Being Attacked 19:10 - Influencer & In-Person Marketing 25:55 - The Future of SaaS 28:01 - One Step Better…   Links: Check out Valence Security: https://www.valencesecurity.com/ Connect with our guest, Bob Horn: https://www.linkedin.com/in/bob-horn-699a70/ Join us LIVE with Shlomi Matachin on Tuesday, April 16th at 12p ET / 9a PT: https://www.linkedin.com/events/7181368974062895106/comments/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

9 Huhti 202430min

From ‘Hand-to-Hand Combat’ To Management in Cyber with Ofer Gayer

From ‘Hand-to-Hand Combat’ To Management in Cyber with Ofer Gayer

HVS Host Ron Eddings chats it up with guest Ofer Gayer, VP of Product at Hunters. While both of them reminisce about their first love in security research, Ofer clarifies how he diverted his path and reached the VP stage, while also helping to level up his teams. They’ll conclude by discussing how AI is the ‘zeitgeist of our time’ and how you can get better at whatever you’re doing in cyber. Impactful Moments: 00:00 - Welcome 01:10 - Introducing guest, Ofer Gayer 03:12 - ‘Start-up’ in Research 07:55 - Security Research- First Love 10:55 - “A lot of People Want to be Product Managers” 14:46 - “I Had IT Remove My Privileges” 18:20 - Transitioning to Visionary/Zeitgeist 25:30 - Embracing AI Solutions 32:30 - One Step Better…   Links: Connect with our guest, Ofer Gayer: https://www.linkedin.com/in/ofer-gayer/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

2 Huhti 202435min

How Threat Actors Are Accessing Your SaaS Environments with Jaime Blasco

How Threat Actors Are Accessing Your SaaS Environments with Jaime Blasco

Ron Eddings and Jaime Blasco, Co-Founder and CTO at Nudge Security, discuss how well-known adversaries are taking advantage of enterprises that don’t have visibility into their full SaaS footprint, and therefore can’t secure it. Grab a front-row seat to gain a new perspective on your vulnerabilities through the eyes of an attacker.   Impactful Moments: 00:00 - Welcome 01:10 - Introducing guest, Jaime Blasco 02:30 - Real World Impact of SaaS Vulnerabilities 07:35 - Exploring AI & Security Implications 09:50 - Evolution of Threat Actors & Targeted Companies 15:45 - From our Sponsor, Nudge 17:17 - Attackers, Tokens & Ticketing Systems 22:50 - Lazarus & Malicious SaaS Apps 26:50 - The Attackers are Talking with You… 29:18 - Run it In the Cloud & Make Honey Tokens 34:04 - Future of SaaS & AI in Cybersecurity 39:00 - Increase Visibility, Reduce Risk   Links: Connect with our guest, Jaime Blasco: Check out our friends at Nudge: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

26 Maalis 202445min

The Future of Endpoint Threats and Why Zero Trust is the Only Option with Rob Allen

The Future of Endpoint Threats and Why Zero Trust is the Only Option with Rob Allen

Get ready for a SPECIAL episode! Ron Eddings will take you on an inside look at Threatlocker’s rapidly growing event, Zero Trust World, and will talk with Rob Allen, Chief Product Officer at Threatlocker, to discuss what you can find out from your endpoints (hint: it’s more than remote access tools you didn’t know were running!)   Impactful Moments: 00:00 - Welcome 01:24 - Zero Trust World Sneak Peek! 02:21 - From our Sponsor, Threatlocker 03:50 - Introducing guest, Rob Allen 05:03 - What’s Zero Trust World 10:40 - Technical Executive Leaders 16:24 - Managing from the Top Down 20:33 - More Than Allow Listing 24:38 - Rubber Ducky, You’re the One… 26:59 - Assume Breach 29:30 - Some Interesting Finds 35:55 - Where Most of the Action Happens 26:30 - One Step Better…   Links: Connect with our guest, Rob Allen: https://www.linkedin.com/in/threatlockerrob/  Check out https://www.threatlocker.com/  to learn more! See the Zero Trust World recap portion here on our YouTube Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

20 Maalis 202443min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
rss-niinku-asia-on
psykologia
jari-sarasvuo-podcast
aamukahvilla
ihminen-tavattavissa-tommy-hellsten-instituutti
rss-vapaudu-voimaasi
rss-arkea-ja-aurinkoa-podcast-espanjasta
mielipaivakirja
rss-psykalab
rss-valo-minussa-2
rss-rouva-keto
rss-anteeks-etukateen
aloita-meditaatio
rss-liian-kuuma-peruna
rss-monarch-talk-with-alexandra-alexis
rss-operaatio-podcast
rss-narsisti