Bots are actionable scripts that can slow your day to day business, be enlisted in denial of service attacks, or even keep you from getting those tickets Taylor Swift you desperately want.

You would think there is a procedure to End-of-Life a medical device, right? Erase personal health info. Erase network configuration info.That isn’t necessarily so.

With the recent Clop attack on customers of MoveIt, ransomware is now old news. Attackers are skipping the encryption and simply extorting the exfiltrated data, according to Thomas “Mannie” Wilken, from the Accenture Cyber Threat Intelligence Dark Web Reconnaissance Team.

Imagine a data dump of files similar to the Snowden Leaks in 2013, only this it’s not from the NSA but from NT Vulkan, a Russian contractor. And it’s a framework for targeting critical IT infrastructures.

Rather than use backdoor exploits, attackers are stealing credentials going through the front door. How are they gaining credentials. Sometimes it’s from the tools we trust. Paul Geste and Thomas Chauchefoin discuss their DEF CON 31 presentation Visual Studio Code is why I have (Workspace) Trust issues as well as the larger question of how much we should trust tools that we depend on daily.

What if an GPC project OAUTH access token wasn’t deleted? This could expose databases to bad actors.

How do you conduct an incident response for an entire country? When it’s 27 different life-critical government ministries each with up to 850 individual devices -- that’s uncharted territory.

What is is like to hack an entire country, to take it’s government services offline, to deny a government an ability to function? Costa Rica knows.

Speaking at Black Hat 2023, Kelly Shortridge is bringing cybersecurity out of the dark ages by infusing security by design to create secure patterns and practices.

Are we doing enough to secure our health delivery organizations? Given the rise of ransomware attacks, one could day we are not.

Internet domains are brittle. One could hack into a military, a foreign government, or even global commercial web services domain using flaws in the underlying architecture.

Who among us has not seen phish in their inbox? Aviv Grafi, from Votiro, gets into the weeds about how malicious documents are formed and how they might (despite good secure posture) still end up in your inbox or browser.

Could the nudges and prompts like those from our Fitbits and Apple watches be effective in enforcing good security behavior as well?

Say you’re an organization that’s been hit with ransomware. At what point do you need to bring in a ransomware negotiator? Should you pay, should you not?

Small to Medium Business are increasingly the target of APTs and ransomware. Often they lack the visibility of a SOC. Or even basic low level threat analysis.

More and more criminals are identified through open source intelligence (OSINT). Sometimes a negative Yelp review can reveal their true identity.

It’s time to evolve beyond the UNIX operating system. OSes today are basically ineffective database managers, so why not build an OS that’s a database manager?

Incident response in the cloud. How is it different, and why do we need to pay more attention to it today, before something major happens tomorrow.

We’ve seen drug marketplaces and extremists use the Dark Web. Will generative AI tools like ChatGPT make things crazier by lowering the barrier to entry?

Booth babes and rampant sexism were more of a problem in infosec in the past. That is, until Chenxi Wang spoke up. And she’s not done changing the industry.

What if DEF CON CTFs were televised? What if you could see their screens and have interviews with the players in the moment? Turns out, you can.

When we hear about bad actors on a compromised system for 200+ days, we wonder how they survived for so long. Often they hide in common misconfigurations. Paula Januszkiewicz, CEO of Cqure, returns to The Hacker Mind to explain.

Having a common framework around vulnerabilities, around threats, helps us understand the infosec landscape better. STRIDE provides an easy mnemonic.

Hacking websites is perhaps often underestimated yet is super interesting with all its potential for command injections and cross site scripting attacks.