Cyber Frontiers

Cyber Exploitation with SSRF & CMS Swiss Cheese – CF037

Listen Mobile: Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show based on the current work he does. Please leave a REVIEW (iPhone or iPad) – ;type=Podcast&ls=1&mt=1 Support the Average Guy Tech Scholarship Fund: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at This week on Cyber Frontiers Christian and Jim delve into new approaches in Server Side Request Forgeries (SSRF) that have played an increasing role in vulnerability disclosure for common web applications such as WordPress. Before diving in, we review the BitDefender Box product, a consumer-based device to protect IoT devices and enable home security for the average guy. After wrapping up our review, we dive deep into SSRF and some of the new ways in which hackers have bypassed common protections as featured in an upcoming talk at DEFCON 25. From the deep dive we explore some of the recent malicious activity taking place on the interwebs – targeting major CMS platforms and taking advantage of some of the earlier techniques we discuss. And as the internet continues to show its similarities to swiss cheese, the internet relies on listeners like you to help stay savvy and keep your organizations and peers safe and secure.   SSRF: A New Injection Favorite of Hackers #Tsai “We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF (Server Side Request Forgery) protections” Speaking of which… DEFCON 25 talks are up! July 27th – July 30th WordPress Black SEO Spam BitDefender Box $129 for the box. More funding for AI cybersecurity: Darktrace raises $75M at an $825M valuation     Jim’s Twitter: #!/jcollison Contact Christian: Contact the show at Find this and other great Podcasts from the Average Guy Network at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

On Cybersecurity and Ransomware – CF036

Listen Mobile: Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show based on the current work he does. Please leave a REVIEW (iPhone or iPad) – ;type=Podcast&ls=1&mt=1 Support the Average Guy Tech Scholarship Fund: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at This week on Cyber Frontiers Christian is joined by Jim to dive into news of the latest Petya Ransomware attack. We step back from the buzz around it and focus on what distinguishes ransomware from ordinary malicious code, and what data sets and resources can be used to investigate if ransomware evolves into something more than what it is today. We also discuss steps that the average consumer can take to reduce the likelihood of being impacted by these types of attacks. We also take the time to analyze profit motives, how cyber criminals target individuals and organizations, and what the future may hold for corporate responsibility in responding to these attacks. We specifically review Microsoft’s patch management strategy under Windows 10 in comparison to previous operating systems, and what some email providers are or aren’t doing to shut-down cybercrime in ways that could actually harm the consumer. After taking stock of the latest challenges in cybersecurity, we take a detour to explore major headlines regarding the billion dollar ruling the European Union handed to Google over the assertion that Google picked winners and losers for comparison and competitor shopping online. We explore the data issues for major corporations navigating international law, and how legal systems are generally struggling to keep up with the pace of technology. On Cybersecurity and Ransomware Ransomware Continues to Be Pervasive on the Cheap But is the profit worth it? Providers enter the fray of corporate responsibility University Spotlight: Analyze Malware and Ransomware Samples for yourself! Data and Legal Challenges A Preview of Our Next Show How do you feel about AV in a box?  Are security appliances in the home a good deterrent for consumers?   Jim’s Twitter: #!/jcollison Contact Christian: Contact the show at Find this and other great Podcasts from the Average Guy Network at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

Essential Cybersecurity Science with Josiah Dykstra – CF035

Listen Mobile: Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show based on the current work he does. Please leave a REVIEW (iPhone or iPad) – ;type=Podcast&ls=1&mt=1 Support the Average Guy Tech Scholarship Fund: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at Introduction: Josiah Dykstra – Author of Essential Cybersecurity Science Publication Date: 12/15 Book:   Interview: What was the impetus that led to the publication of this book? What are the core tenants / issues discussed? A lot of the book frames core problems in cybersecurity as being best framework through the lense of the scientific method. What aspects of the field today are scientific, and what areas are lacking in this approach? Is the scientific approach similar or different to the academic approach taken by cybersecurity researchers in major academic institutions leading in the field? How does your approach to cybersecurity overlap and/or intersect with visualizations in cybersecurity? Are data visualizations in the field difficult to make, and can they paint different insights than raw data? Topics of Conversation: Core problems in the field today. Case Study: Where does IoT fit into the model of essential cybersecurity science. How do we promote individuals to be involved in the field? Are we driving different populations of qualified individuals who know only applied cybersecurity instead of having a theoretical understanding as well?   Jim’s Twitter: #!/jcollison Contact Christian: Contact the show at Find this and other great Podcasts from the Average Guy Network at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

2017 Cybersecurity Outlook and 2016 Reflections – CF034

Listen Mobile: Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show based on the current work he does. Please leave a REVIEW (iPhone or iPad) – ;type=Podcast&ls=1&mt=1 Support the Average Guy Tech Scholarship Fund: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at This week on Cyber Frontiers Christian and Jim recap on how 2016 shaped up for cyber security, and whether any of our past predictions came true. Based on the headlines of this year and academic research, we discuss the outlook for 2017 and where we are likely to see flows and ebbs in the type of cyber security intrusions impacting us all. A Happy New Year to all of our Cyber Frontier listeners, and we look forward to having you with us for 2017! The world is moving towards a fully encrypted internet, slowly but surely. Malicious adversaries are already taking advantage of this in the delivery of new malware payloads. How badly are companies’ reputations impacted after a cybersecurity breach? See if you can measure for yourself by seeing how many of the below breaches you remember hearing about this year: Yahoo rounded out a year’s worth of horrendous data breaches that show we are still the same glide path for similar headlines next year. Law enforcement provided Yahoo in November 2016 with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts, including yours. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016. Malware is changing, and changing fast. This was one of the best examples of how IoT devices can be used to do the same old thing in new and clever ways.   Jim’s Twitter: #!/jcollison Contact Christian: Contact the show at Find this and other great Podcasts from the Average Guy Network at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

A Case Study in Webserver Malware for Admins and Users Alike – CF033

Listen Mobile: Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show based on the current work he does. Please leave a REVIEW (iPhone or iPad) – ;type=Podcast&ls=1&mt=1 Support the Average Guy Tech Scholarship Fund: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at This week on Cyber Frontiers Christian is joined by Jim to walkthrough new and exciting malware that had a real-world impact recently on the Maplegrove network. Christian describes the forensic process of identifying the manifestation, reverse engineering the foreign code, putting defenses in place, and triaging potential impacts. We discuss the ways in which malware like this becomes an issue for many blogger enthusiasts on extensible platforms like WordPress, and we discuss what users can do about it in addition to administrators protecting the hosting companies that run and manage your websites and data. It’s a great show that highlights real-world malware in the wild with learning points throughout. Base-64 Encoder/Decoder We discussed this being a common technique for attackers to evade signature detection by encoding their PHP files multiple times. This site will help you untangle that spider web. Malware Payload WSO is the Web Shell that eventually ends up getting deployed when the malware is successful for future command and control operations. Here’s a pretty close example of what the malware looks like unpaced from the decoder: If you aren’t inclined to view the code, checkout a user tutorial of what the actual page looks like once its loaded and in the attacker’s’ hands. (Access to security info, file manager, terminal/console, SQL, etc.). Point of Entry The subject plugin that exposed the vulnerability on a customer container: Google Analytics Counter Tracker v. WordPress Security Plugin Resources Here are some of the common solutions we discussed for tracking file system changes, detecting vulnerable versions of plugins, and more: All in One WordPress Security Centrora Security WordFence Google Authenticator (for 2FA) Jim’s Twitter: #!/jcollison Contact Christian: Contact the show at Find this and other great Podcasts from the Average Guy Network at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

Reflection on Cyber Culture: Societal Impact and Living (In)Securely In the Modern Age – CF032

Listen Mobile: Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show based on the current work he does. Please leave a REVIEW (iPhone or iPad) – ;type=Podcast&ls=1&mt=1 Support the Average Guy Tech Scholarship Fund: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at This week on Cyber Frontiers Jim and Christian pause to reflect on 9/11 (the day of recording), and how cybersecurity has impacted our nation’s wellbeing over the past decade. From here we branch into some of the many challenges associated with the future of information warfare, and introduce research concepts that are being pioneered for thwarting the evolving threats of our time. We uncover some interesting themes and conclude the show with a discussion of useful tools that any cyber researcher should know about for studying malware and its footprint on systems and networks. Jim’s Twitter: #!/jcollison Contact Christian: Contact the show at Find this and other great Podcasts from the Average Guy Network at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »
Cyber Frontiers

DEFCON 24 – CF031

Listen Mobile: Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future Through an Academic Perspective!   Christian Johnson, a student at the University of Maryland will bring fresh and relevant topics to the show based on the current work he does. Please leave a REVIEW (iPhone or iPad) – ;type=Podcast&ls=1&mt=1 Support the Average Guy Tech Scholarship Fund: WANT TO SUBSCRIBE? We now have Video Large / Small and Video iTunes options at You can contact us via email at Full show notes and video at This week on Cyber Frontiers Christian Recaps DEFCON 24 and walks through highlights and observations from the conference proceedings. We talk about what it means to be a Jittery MacGyver (building a bionic hand from a coffee maker), manipulating airline boarding passes, hotel point of sale systems, reverse engineering, Java runtime exploitation, that pesky Windows Schannel library and more! This year’s conference was hosted at Bally’s in Vegas. Approximately fifteen to twenty thousand of the world’s hacking elite attended for three days of fun. With 240 dollars cash paid at the door, electronic hacker badges, and no information required at registration – security evangelists from many different perspectives and communities were in attendance. We saw a variety of presenters international and domestic from universities, security companies, independent consultants, etc. give interesting talks throughout the security space. All of the presentations for DEFCON 24 have now been posted to: Audio and video for the conference should eventually start to be uploaded and published from DEFCON (the folders on the media drive are at least showing as of publishing this show). If you attended DEFCON or are interested in having us cover one of the presentations in depth on a future podcast, shoot us a note and we’ll be happy to give you a deep dive analysis on the topic of your choosing! Hedberg — The Bionic Hand Made from One Keurig Coffee Maker   ;feature=   Jim’s Twitter: #!/jcollison Contact Christian: Contact the show at Find this and other great Podcasts from the Average Guy Network at Music courtesy of Ryan King. Check out the Die Hard Cafe band and other original works at: / 
Continue Reading »