The Red Room

In this expansive and irreverent episode, Remy and Simon welcome Miranda from Malware Security to dissect the latest evolutions in phishing and AI red teaming. From the ethics of supply chain rootkits in gaming software to GPT hallucinations hijacking repo names, the team explores the shifting definitions of what constitutes a phishing attack in the age of AI. Miranda stays on for all three segments: a speculative discussion on “alt-phishing,” an in-depth interview on offensive AI security, and a final review of some standout AI red team tooling, including Microsoft’s new open-source platform “PyRIT.”

The Redacted team are back for another episode, and this week we’re exploring malware, the PowerShell module, and we break down obfuscation as a goal and a process. We also recently attended the BSides conference at the end of September and met with some amazing people. We managed to record some of our conversations, and present them here in all their glory. Enjoy!

Matthew is a principal security consultant within the Proactive Labs team, with over 15 years’ experience in the Information Technology industry, and with 10 years’ in offensive security. As a penetration tester, Matthew has extensive experience in both private and public sectors, performing technical security assessments, and penetrating large, complex organisation systems with demonstrated impact against high-profile targets. Matthew enjoys performing realistic security assessments, identifying root cause issues of technical problems, and explaining them to every level of audience. We also chat about whether or not AI will ever get good at red teaming and hacking, and then review the popular tool Responder.

Remy & Simon sat down with a whole host of people at the DEF CON 32 Hacking Conference to find out what they’re doing there, and the unique projects and products they’re developing. On ground at the Las Vegas Convention Center, unsurprisingly in Las Vegas, Nevada, the Redacted founders met, in no particular order, with: 1. Aerospace – Spanky (https://www.aerospacevillage.org/) 2. Biohacking – Nina (https://www.villageb.io/) 3. Blue Team Game – Amy (https://www.cygence.com.au/about) 4. Car Hacking – Ben (https://www.carhackingvillage.com/) 5. ES 1 – Ben (https://embeddedvillage.org/) 6. ES 2 – Tivo (https://embeddedvillage.org/) 7. ES 3 – Thomas (https://www.linkedin.com/in/stacksmashing/) and he talks about hextree (https://www.hextree.io/) 8. Game Hackers – Julian (https://gamehacking.gg/) 9. IoT – Ben (https://iotvillage.org/index.html) 10. RF – ZeroChaos and Wasabi (https://rfhackers.com/) 11. Tamper Evident – Morfir (https://forum.defcon.org/node/14513?t=13456) 12. Tryhackme – Ashu (https://tryhackme.com/) (https://www.linkedin.com/in/ashu-savani/) 13. Voting – Harri (https://www.votingvillage.org/about) 14. XR village – Starr (https://www.xrvillage.org/)

This week we’re speaking with some amazing red teamer guests; Naima Naima is a senior consultant and penetration tester with extensive experience in web application security, organisation, and network penetration testing and policy development. Naima has a Bachelor of Science (Chemistry) and a Master of Cyber Security. Her experience includes identification of a critical business logic flaw in a SalesForce application that led to a vulnerability that could have resulted in a $20,000 per attack to a client if publicly identified, as well as chained application vulnerabilities that saw a large-scale simulated data compromise against a client. Naima’s recent work has been the development of risk assessments for a large federal government client. Nathan Nathan is a highly competent Principal consultant and penetration tester with extensive expertise in network penetration testing and a solid background in red teaming. He possesses a deep interest in various areas, including internal and external infrastructure, wireless security, web application testing, and compliance. His core skill set encompasses web penetration testing, network penetration testing, infrastructure review, as well as exceptional customer service. With a strong foundation in critical and analytical thinking, Nathan consistently delivers comprehensive and effective solutions. Additionally, he takes charge of overseeing the development of Mercury’s adversarial C2 infrastructure, showcasing his leadership and technical prowess. Nathan has also conducted wireless workshops at the ADF Cyber Skills Challenge, teaching the community about wireless security.