Keeping It Open Source with Metasploit’s HD Moore
Hacker Valley Studio15 Syys 2022

Keeping It Open Source with Metasploit’s HD Moore

This season of Hacker Valley Red wraps up with another interview of an incredible offensive cybersecurity legend. Known first and foremost for his work founding Metasploit and his recent work co-founding Rumble, HD Moore joins the show this week to hear about his journey from spiteful hacker to successful founder. HD walks through the history of Metasploit, the motivation behind their coding decisions, his opinions on open source software, and the excitement of exploration and discovery.

Timecoded Guide:

[04:57] Catching up with HD’s career from his hacking exploits in the ‘90s through his founding of Metasploit to his recent activities with Rumble

[11:41] Getting personal with the feelings and takeaways from a project as successful and impactful on the cyber industry as Metasploit

[18:52] Explaining HD’s personal philosophies around accessible education and the risk of sharing vulnerable information publicly

[25:39] Diving deep into the technical stories of HD’s path of discovery and exploration during his time at Metasploit

[31:14] Giving advice for future founders and hackers looking to make a legendary impact on the cybersecurity community

Sponsor Links:

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!

Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!

What were some of the trials, tribulations, and successes of Metasploit?

Although Metasploit has had a lasting impact on the cyber world, HD Moore is not afraid to admit that part of Metasploit existed out of spite for critics, employers, and gatekeepers in the cybersecurity industry. In terms of trials and tribulations, HD saw a great deal of criticism come from his peers and from professionals ahead of him in the industry, often displaying rudeness towards the quality of the exploits and Metasploit’s audience of young hackers. Later, HD says that a surprising and amusing side effect of his success with the project was watching employers and peers go from criticizing to lifting up his work with Metasploit and attributing success of many hacking professionals to its creation.

“When we started the Metasploit project, we really wanted to open up to everybody. We wanted to make sure that, even if you barely knew how to program, you can still contribute something to Metasploit. So, we did our best to make it really easy for folks to get in touch with us, to submit code.”

Where does your philosophy land today on giving information freely?

HD has heard the same opinions many professionals that teach and give information freely have heard: “You’re making it easier for people to use this information the wrong way.” Instead of considering the worst possible outcomes of making hacking accessible, HD chooses to acknowledge the importance of accessible education and publicly provided information. According to HD, if someone is creating and teaching content to the next generation of red teamers, that content is theirs to use. Whether they’re a physical pen tester teaching lock picking or a hacker disclosing a vulnerability, what they choose to share with others has to be based on personal moral code and what others do with that information is up to them.

“It comes down to: You do the work, you own the result. If you're teaching people how to do stuff, great, they can do what they want. You can decide to do that, you can decide not to do that, but it's your decision to spend your time training people or not training them.”

Is it possible to be a CEO, or a co-founder, and stay technical?

The downside of success in the cybersecurity industry is often stereotyped as losing the opportunity to be a hands-on hacker. However, for HD, his success has allowed him to do the exact opposite and instead prioritize his time to be technical. HD believes strongly in the ability to make this happen through proper delegation of duties, incorporating new leaders and managers in your company or project, and acknowledging when you may need the help to bring what you’re working on to the next level. HD is proud of his success with Metasploit and Rumble, and is happy that he was able to hand off certain duties to other professionals that he knew would do better if they had a chance in the founder’s shoes.

“Don't let the growth of your company change what you enjoy about your work. That's really the big thing there, and there's lots of ways you can get there. You can hire folks to help out, you can promote your co-founder to CEO. You can bring on program managers or project managers to help with all the day to day stuff."

What advice do you have for people looking to follow a similar cyber career path?

Content is the name of the game, especially when you’re looking to get more eyes on what you do. HD is the first to admit that putting himself out there in a blog post, on a podcast, or at a stage show is not always a walk in the park, taking him out of his comfort zone and often away from the tech that he spends his time on. However, publicly displaying himself and his work has brought attention to Rumble and Metasploit, and HD knows he would not have achieved this level of success without putting his content out into the world, hearing feedback from his peers, and even receiving his fair share of criticism from industry professionals.

“Not all of it is the most fun thing to do all the time, but it is crucially important, not just for growing yourself and getting out there and getting feedback from your peers, but for learning because you learn so much from the feedback you get from that effort.”

-----------

Links:

Stay in touch with HD Moore on LinkedIn, Twitter, and his website.

Learn more about Rumble, Inc on LinkedIn and the Rumble website.

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn

Catch up with Chris Cochran on Twitter and LinkedIn

Continue the conversation by joining our Discord

Jaksot(406)

Cyber Defense Reinvented: The New Era of Attack Surface Management with Isaac Clayton

Cyber Defense Reinvented: The New Era of Attack Surface Management with Isaac Clayton

In this episode, Host Ron Eddings talks with guest Isaac Clayton, Senior Research Engineer at NetSPI. Ron and Isaac discuss the importance of ASM for organizations of all sizes, the challenges of asset identification, and framing a practical strategy to handle ASM.   Impactful Moments: 00:00 - Welcome 03:00 - Introducing guest, Isaac Clayton 04:25 - Understanding ASM 07:57 - Factoring in Attackers 10:47 - “Admit it’s a hard problem” 12:35 - Challenges & Surprises 15:03 - From our Sponsor, NetSPI 15:41 - The Right Medicine, The Right Dosage 19:04 - Zero Trust is Not Enough 20:37 - Prioritization— Baked In! 21:33 - The ASM Learning Curve 26:12 - “Not all ASM is Created Equal”   Links: Connect with our guest, Isaac Clayton : https://www.linkedin.com/in/isaac-clayton-24088696/ Check out NetSPI: asm.netspi.com Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

16 Tammi 202432min

Cyber Resilience Unpacked: Securing Tomorrow Today with Bill Bernard

Cyber Resilience Unpacked: Securing Tomorrow Today with Bill Bernard

In this episode, Host Ron Eddings dives deep into crafting a resilient cybersecurity approach with guest speaker Bill Bernard, VP of Security Strategy at Deepwatch. Bill discusses the necessity of understanding business objectives to protect valuable assets but emphasizes focusing on risk-based strategies in addition to stronger detection and response mechanisms to help you play the long game.   Impactful Moments 00:00 - Welcome 01:43 - Introducing guest, Bill Bernard 04:22 - Understanding Emerging Threats 06:19 - What’s Old is New Again 08:48 - Buy a Helmet, Not a Bodysuit 11:57 - Defining Cyber Resilience 15:30 - Deepwatch’s Strategy for Resilience 18:31 - From our Sponsor 20:03 - MDR and Effective MDR Engagements 27:18 - Where Does AI Fit In With MDR? 32:57 - Staying One Step More Resilient 35:05 - Deepwatch- The Right Fit for You   Links: Connect with our guest, Bill Bernard : https://www.linkedin.com/in/billbernardchicago/ Take a Tour of the Deepwatch Managed Security Platform https://www.deepwatch.com/deepwatch-platform/#platform-tour Read the Move Beyond Detection and Response to Accelerate Cyber Resilience white paper, here: https://www.deepwatch.com/resource/go-beyond-cybersecurity-become-cyber-resilient/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

9 Tammi 202437min

Looking Backward to GROW Forward in Cybersecurity in 2024

Looking Backward to GROW Forward in Cybersecurity in 2024

In this episode, we’ll take a walk down memory lane. Hacker Valley looks back to 2023 to bring you some of the best clips with great advice and insight into being more creative, reflective, and resourceful with the hopes of inspiring you in 2024 to grow beyond where you are today. Impactful Moments 00:00 - Welcome 00:54 - A New Year is on the Way! 01:54 - ChatGPT and Cybersecurity 04:40 - Becoming an Industry Creative 07:47 - Leveraging AI in the Future with Storytelling - with Scott Sunderland 09:12 - Advice for your Content Creation Journey - with Jason Rebholz 11:15 - How to Start your Cybersecurity Book - with Kim Crawley 14:13 - Join our Mastermind 14:50 - The Right Platform for You - with Phillip Wylie 17:08 - Finding your Focus - with Simone Biles & Amy Bream 20:41 - Leveraging Human Resources in Cyber   Links: Check out the episodes highlighted: ChatGPT & Industry Creative-https://www.youtube.com/watch?v=-u6m0SXFTmA Scott Sunderland-https://www.youtube.com/watch?v=5pwTruINFiM Jason Rebholz-https://www.youtube.com/watch?v=Ao81IRnffc8 Kim Crawley-https://www.youtube.com/watch?v=rKny7kVeRM0 Phillip Wylie-https://www.youtube.com/watch?v=z5B1E2vp0DY Simone Biles & Amy Bream-https://www.youtube.com/watch?v=DiebZS9s7sg Cyber Resources-https://www.youtube.com/watch?v=UoTk3w_78co Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

2 Tammi 202423min

What’s Lurking In Your Containers? AMBERSQUID Operations, Freejacking, and Microservice Exploitation

What’s Lurking In Your Containers? AMBERSQUID Operations, Freejacking, and Microservice Exploitation

In this episode, Host Ron Eddings, discusses new tactics of adversaries with Director of Threat Research at Sysdig, Michael Clark. Michael digs into the cloud and shares trends about the AMBERSQUID operation and how to protect yourself from potential container-based threats.   Impactful Moments 00:00 - Welcome 01:20 - Introducing guest Michael Clark 03:09 - Finding AMBERSQUID 06:46 - Mining and Monitoring AWS Services 10:47 - Defending Against AMBERSQUID 14:03 - The Speed of Container-Based Threats 18:13 - The Costs of Freejacking 23:08 - Attribution & The Future Threat 26:30 - CIEMs Like You Have Secrets   Links: Connect with Michael Clark: https://www.linkedin.com/in/michaelclarkinpa/ Check out Sysdig’s Threat Research: https://sysdig.com/threat-research/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

19 Joulu 202323min

Pivotal Policy in the Age of AI with AJ Grotto

Pivotal Policy in the Age of AI with AJ Grotto

In this episode, Host Chris Cochran chats it up with former White House Senior Director for Cyber Policy, AJ Grotto. AJ shares his viewpoints about the current state of AI policies, the potential risks and benefits of AI technology, and the challenges in crafting effective policies in the field of cybersecurity. Impactful Moments 00:00 - Welcome 00:45 - Introducing guest, AJ Grotto 01:14 - Are Cyber and AI Separate? 03:37 - US Cyber Policy 08:06 - The Reality of AI Risk 11:20 - From Law to Cyber Policy 14:47 - Join our Mastermind! 15:36 - Policy Implementations 18:55 - Cyber Warfare and AI 22:13 - Advice for Getting into Cyber Policy   Links: Connect with AJ: https://www.linkedin.com/in/andrew-grotto-2534b510a/ More about AJ and his current work: https://fsi.stanford.edu/people/andrew-j-grotto Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

12 Joulu 202324min

Ransomware: How to Use AI to Create a Readiness Kit with Scott Sutherland

Ransomware: How to Use AI to Create a Readiness Kit with Scott Sutherland

The adversary is using Artificial Intelligence. Why aren’t you? In this episode, Host Chris Cochran talks with Scott Sutherland, VP of Research at NetSPI, about everyone’s favorite hot topics; ransomware and AI. Scott will detail his experience with simulating ransomware attack scenarios, as well as discussing the difficulties businesses face when dealing with ransomware threats and prevention mechanisms and how AI can be leveraged to help. Impactful Moments 00:00 - Welcome 01:10 - Introducing guest, Scott Sunderland 03:24 - Interactions with Generative AI Chatbots 04:14 - Use of AI and Readiness 15:16 - A word from our Sponsor, NetSPI 15:55 - Using AI to develop Exercises 20:46 - Collaboration beats Adversaries 25:08 - Ransomware Bots 26:15 - Role of AI in Storytelling Continuously keep pace with your expanding attack surface with the most comprehensive suite of offensive security solutions: https://www.netspi.com/hackervalley Links: Connect with Scott Sutherland: https://www.linkedin.com/in/scottpsutherland/ Learn more about our sponsor, NetSPI: https://www.netspi.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

5 Joulu 202328min

Cover Your SaaS: Navigating OAuth and SaaS Security Challenges

Cover Your SaaS: Navigating OAuth and SaaS Security Challenges

SaaS misconfigurations may be responsible for up to 63% of security incidents. Do your SaaS applications have risky OAuth grants and misconfigurations? Let’s not find out. We will unravel the complexities of OAuth and how attackers are using OAuth to move from one app to another. Our special guest Jaime Blasco, co-founder and CTO at Nudge Security, shares techniques to protect your SaaS apps and identify risky and malicious OAuth grants. Are you ready to cover your SaaS and avoid finding yourself in the hot seat?    Show some love to our sponsor Nudge Security and win a Steam Deck: https://www.nudgesecurity.com/steamdeck   Links: Connect with Jamie Blasco: https://www.linkedin.com/in/jaimeblasco/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

28 Marras 202345min

Standing Out On LinkedIn as a Cybersecurity Professional with Chris Hughes

Standing Out On LinkedIn as a Cybersecurity Professional with Chris Hughes

In this episode, host Ron Eddings speaks with Chris Hughes, President at Aquia, Cyber Innovation Fellow at CISA, and cybersecurity legend. Special guest, Chris Hughes, was initially inspired to build a personal brand through a desire to mend his weaknesses and highlight his strengths. However, LinkedIn offered a platform to display his growth and learning, leading to him amassing over 50,000 followers! In addition to sharing his story, Chris will emphasize tips on how to start your own personal brand.   Key Moments: 00:00 -Welcome 00:56 - Introducing Guest, Chris Hughes 01:59 - Finding His Way to Cyber 03:20 - Brand Building on LinkedIn 05:19 - Power of Networking and Personal Branding 11:32 - Be a Part of Cyber Creator Con! 14:31 - The Impact of LinkedIn on Career Opportunities 16:48 - The Art of Content Creation on LinkedIn 20:16 - Cashing in on Career Capital 22:05 - Advice for Building a Personal Brand   Links: Follow Chris on LinkedIn: https://www.linkedin.com/in/resilientcyber/ Check out Chris’ Podcast: https://resilientcyber.substack.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

21 Marras 202323min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
jari-sarasvuo-podcast
aloita-meditaatio
rss-duodecim-lehti
rss-psykalab
psykologia
rss-vapaudu-voimaasi
rss-niinku-asia-on
ihminen-tavattavissa-tommy-hellsten-instituutti
rss-narsisti
adhd-podi
rss-liian-kuuma-peruna
uskonnon-pitka-oppimaara
aamukahvilla
kesken
rss-valo-minussa-2
rss-monarch-talk-with-alexandra-alexis
rss-anteeks-etukateen