Last updated at Wed, 03 Aug 2022 20:19:55 GMT
In this episode of Security Nation, Jen and Tod chat with Curt Barnard, Principal Security Researcher at Rapid7, about a new tool he’ll be presenting at Black Hat Arsenal, the showcase of open-source tools at Black Hat 2022 in Las Vegas. Curt gives us the details about the tool, Defaultinator, which helps security pros look up and audit for default credentials more quickly and effectively. He also tells us what else he’s excited about at this year’s lineup of cybersecurity conferences in Vegas next week.
Stick around for our Rapid Rundown, where Tod and Jen talk about a Rapid7 alum’s discovery of a vulnerability in DSL- and fiber-based web routers from Arris, as well as a recent article that debates the benefits of sharing exploit proofs of concept versus keeping them private.
Curt Barnard is a cybersecurity professional with 15 years of experience across both the public and private sector. At Rapid7, Curt is a Principal Security Researcher working with projects Sonar and Heisenberg, analyzing internet-wide security issues with global impact. Before joining the team at Rapid7, Curt spent time breaking software with the Department of Defense, vetting cybersecurity companies for venture capital firms, and building his own startup from the ground up. When he isn't busy popping calc.exe, Curt enjoys changing your desktop's wallpaper and moving your icons around.
- Learn all about Defaultinator.
- Read up on the Raspberry Pi default password vulnerability.
- Check out the GitHub repositories for Defaultinator.
Rapid Rundown links
- Read Derek Abdine's disclosures on Arris and Arris-like routers.
- Check out the Security Boulevard article on keeping PoCs secret.
- Peruse Matt Blaze’s tweet thread on teaching physical security secrets despite complaints from locksmiths.
Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.