Episodes
In this episode of the cyber riddler, we talked about the critical first stage of cyberattacks: Initial Access. Learn how hackers breach organizations using tactics like phishing, exploiting vulnerabilities, stolen credentials, and supply chain attacks. We’ll explore real-world examples, discuss why initial access is so crucial, and share practical strategies to defend against these threats. Whether you’re a cybersecurity professional or just curious about how breaches happen, this epis...
Published 11/21/24
Published 11/21/24
In this episode, we explore the modern cybersecurity threat landscape, examining sophisticated attacks like ransomware-as-a-service, supply chain breaches, and file-less malware. We discuss essential defensive strategies, including the use of Zero Trust architecture, behavioral analytics, and other tools. Alongside these defenses, we emphasize the importance of proactive threat hunting and a strong incident response plan. This episode serves as a reminder of what you should do and hunt for th...
Published 09/05/24
In this episode of The Cyber Riddler podcast, we venture into the shadowy world of zero-day exploits, one of the most well known threats in the cybersecurity world . Zero-day exploits represent vulnerabilities that can be targeted before they are even known to exist, making them a significant concern for both organizations and individuals. We explore the lifecycle of a zero-day exploit, from discovery and weaponization to delivery and exploitation. Through notable case studies, we illustrate ...
Published 06/04/24
In this episode, delve into the world of cyber security through the lens of expert threat hunters. As they navigate the complex digital landscape, these skilled professionals employ advanced techniques and tools to investigate systems meticulously. Their mission: to unearth hidden implants and payloads that lurk undetected, posing significant risks. Through a combination of expertise, intuition, and cutting-edge technology, they reveal how they stay one step ahead of cyber threats, ensuring...
Published 03/26/24
In this episode of The Cyber Riddler,  We dive into the cunning world of phishing scams, focusing on how Normal Users are reacting to these emails and how SOC (Security Operations Center) analysts can expertly analyze suspicious emails. We outline the essential tools and steps for dissecting emails, from examining sender addresses and email headers to scrutinizing links and attachments for malicious content. The episode also stresses the importance of staying updated on phishing trends,...
Published 02/06/24
Explore the world of web security in our latest episode, 'HTTPS and TLS Tales'  deep into the mechanisms that differentiate HTTPS from HTTP, uncovering the layers of encryption, authentication, and data integrity that safeguard our online interactions. From the pivotal role of TLS to real-world cases of security breaches and the evolving landscape of cyber threats, this episode offers a comprehensive look at the technologies that keep the internet secure.  Twitter: @almorabeaTwitter:...
Published 12/30/23
In this episode, we'll dive deep into the world of Threat Intelligence, exploring its critical role in cybersecurity. From the basics of data collection to the challenges of information sharing, we'll cover it all. Discover how Threat Intelligence empowers organizations to detect and respond to cyber threats, and stay ahead of evolving tactics. Join us for a comprehensive discussion that sheds light on this essential aspect of modern cybersecurity. Twitter: @almorabeaTwitter:...
Published 12/10/23
Dive into the shadowy world of lateral movement in cybersecurity.  In this episode of The Cyber Riddler. Explore how attackers stealthily navigate networks post-breach, using techniques from credential exploitation to abusing legitimate tools. Featuring real-world scenarios, this episode unveils the strategies behind advanced persistent threats and red team tactics. Learn about essential defenses like network segmentation and vigilant monitoring. Tune in for an essential guide to...
Published 11/21/23
In this episode of The Cyber Riddler, we dive deep into the shadowy world of insider threats. We unravel the complexities of individuals within an organization who pose a risk to its security from the inside. We'll explore real-life cases, dissect the motives behind insider attacks, and discuss the latest strategies and technologies to safeguard your company against this often underestimated danger Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com
Published 11/07/23
In this episode we've talked about The Lazarus Group, Which is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. We've discussed about their latest campaign where they targeted security researchers. and how they did the same act in the past. hope you like the episode. Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com
Published 09/20/23
In this episode we've covered the basics of malware analysis. Things that malware authors want to hide in their malware. How they want to make it hard for malware analysts to do their job. Our guest today has an extensive experience in malware analysis. He publishes many videos on malware reverse engineering on his channel and he is very knowledgeable when it comes to this field. Full Interview below: https://youtu.be/HuHATqK850sBlog...
Published 09/06/23
In this episode we've talked about kernel drivers, We covered a variety of different topics like how to load a driver, signing process, HVCI and others, and we closed with Intel CET and Shadow stack. Yarden has a very great experience when it comes to windows internals topics, her work mainly in the defending side, she previously worked at SentinelOne and CrowdStrike and currently she is a senior security researcher at Trail of Bits, I hope you enjoy the episode. Full Interview...
Published 08/23/23
Dive into cybersecurity's captivating world with our latest episode on Vulnerability Research! Discover the secrets of ethical hackers, uncover different vulnerabilities, and explore responsible disclosure processes. Get insider tips and tricks to level up your cybersecurity knowledge. Our guest  Kevin is a renowned cybersecurity specialist and ethical hacker with years of experience and a keen eye for security flaws.  Full Interview below: https://youtu.be/YURVs70d4ik Other Links: Blog...
Published 07/26/23
This Week's episode is about Windows Internals in depth, we've talked about things from an offensive and defensive perspective. Things like Hooks, Kernel callbacks, how security companies are using them and how Red Teamers are leveraging them as well. We've talked about many other concepts such as user space mode and kernel space mode, Patch Guard and many others. This episode is part of The Cyber Riddler podcast, Check out the other episodes on any of your favorite podcast apps. Just search...
Published 07/16/23
In this episode we talked about Digital forensics and Incident response aka DFIR, how to get started, and how crucial it is to deal with incidents. We also talked about various topics including memory dump and analysis, ransomeware and stories from the past about interesting incidents. This episode was starring Paula Januszkiewicz, CQURE CEO. Who's Paula? https://thecyberriddler.com/person/paula-januszkiewiczFind the full description on the blog post available in the podcast website...
Published 07/12/23
This week's episode talks about DNS in general and DNS attacks, we barely scratched the surface. DNS is playing a major role in our network communication and hackers take advantage of DNS attacks for their own gain.  Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com
Published 06/10/23
LoLBins or Living Off The Land Binaries are binaries within the operating system it doesn't matter if it's a windows or unix based system. these binaries are heavily utilized by hackers to avoid detections, in this episode we will be diving into the world of LoLBins and we will discover how hackers are using them.  Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com
Published 05/20/23
In this episode we scratched the surface of browser exploitation methods and we went through different techniques used by the attackers to gain access to your device. We also went through different old CVEs that have been used in the past. We hope you enjoy the episode.  Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com
Published 04/16/23
In this episode we talked about cryptography in general and then we dived into the world of ransomware starting from when ransomware approximately started and then we talked about ransomware tactic and delivery mechanisms , evasion techniques and then we talked about the zeppelin  ransomware and how lance and his team were able to recover and reconstruct the keys by doing some RSA factorization and other interested techniques. the episode have a video too you can see the full episode on...
Published 03/22/23
Today's episode is about Pseudo Random Number Generators and how we can achieve Randomization. We also explain how applications can suffer big time when they don't have random values generated in their crypto systems Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com
Published 02/17/23
Today's episode is about Pseudo Random Number Generators and how we can achieve Randomization. We also explain how applications can suffer big time when they don't have random values generated in their crypto systems Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com
Published 02/17/23
Exploit code are amazing, But sometimes the technique behind it is what makes it shiny, In this episode I want you to look at exploit codes from different perspective. not just finding vulnerabilities for the sake of finding vulnerabilities. always change your mindset when you do R&D from finding one vulnerability to finding one technique that works for majority of vulnerabilities Reference: Why You Shouldn’t Trust NTDLL from Kernel Image Load...
Published 02/01/23
This Episode will give you a glance of Threat Intelligence and the world of APTs in this episode we will talk in general about different APT Groups, specifically about APT 29 aka Cozy Bear and how they achieve stealthiness while hiding in the shadows  Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com
Published 01/19/23
This Episode will give you a glance of Threat Intelligence and the world of APTs in this episode we will talk in general about different APT Groups, specifically about APT 29 aka Cozy Bear and how they achieve stealthiness while hiding in the shadows  Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com
Published 01/19/23