On the latest episode of Security Nation, we’re joined by Daniel Crowley, IBM X-Force Red’s Research Director — aka Global Research Baron (a title that delights Jen Ellis’s British sensibilities). Daniel tells Jen and Tod all about his team’s security research internship program, which gets undergrad and grad students involved in pentesting and other forms of research in real-world environments through a series of bootcamps. He also divulges some research project ideas for those looking to uncover vulnerabilities in hidden places — including your calendar invites.
Stick around for the Rapid Rundown, where Jen and Tod talk about DEF CON highlights, the Cyber Symposium non-findings, and — you guessed it — ransomware.
Daniel is the primary author of the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. In the security industry since 2004, he is a frequent speaker at conferences like Black Hat, DEF CON, Shmoocon and SOURCE. Daniel also holds the noble title of Baron in the Principality of Sealand.
- The original Watchfire paper on HTTP Request Smuggling from 2005
- HTTP request smuggling reborn by James Kettle
- HTTP/2 Request Smuggling from DEF CON 2021
- Free TCP/IP bugs
- Free ICS bugs
- Snyk's Zip Slip research
Rapid Rundown Links:
- All the DEF CON videos
- Tempest Radio Station Presentation by Paz Hameiri
- Tempest Radio Station paper
- How to get started in cybersecurity AMA on Reddit
- Rob Graham's Live Tweeting of the Cyber Symposium