Global Security Forum

 View Only
Expand all | Collapse all

Ask the X-Force Red Hackers Anything - Post Your Questions Now, Then Join Our Webinar on Feb. 6

  • 1.  Ask the X-Force Red Hackers Anything - Post Your Questions Now, Then Join Our Webinar on Feb. 6

    Posted Mon January 20, 2020 09:15 AM
    Edited by Jennifer Tullman-Botzer Tue February 11, 2020 03:17 AM

    The IBM Security Community is kicking off the new year with another chance for you to bring your questions straight to the experts! Our next Ask Me Anything (AMA) webinar is scheduled for Thurs., Feb. 6 and it will feature 6 members of the IBM Security X-Force Red hacking team.

    As you may be aware, X-Force Red is an autonomous team of hackers hired to break into organizations and uncover vulnerabilities before criminals have a chance to exploit them. Though their methods may parallel the techniques used by criminal attackers, the goal for X-Force Red is always to help clients harden their defenses and protect their most important assets.

    The X-Force Red hackers participating in our AMA are:

    Charles Henderson, Global Managing Partner and Head of X-Force Red, @angus_tx
    Stephanie Carruthers (a.k.a. Snow)
    , Global Social Engineering Expert, @_sn0ww
    Jared Haight
    , Red Team Hacker, @jaredhaight
    Dustin Heywood (a.k.a. Evil Mog)
    , Hacker, @evil_mog
    Adam Laurie (a.k.a. Major Malfunction)
    , Hardware Hacking Expert, @rfidiot
    Steve Ocepek
    , Hacking CTO, @nosteve


    So, which security issues and threats are at the top of your mind? What vulnerabilities and risks keep you awake at night?

    Register now for the webinar, then take a look at the panelists' areas of interest and expertise below and post your questions to this thread.

    To post a question, please log in to the IBM Security Community by clicking the blue "Sign in or Join" button in the top right corner of this page. You can also email your questions to jennifer@il.ibm.com. We'll answer as many of your questions as possible during the live session on Feb. 6!


    Meet our hackers:


    Charles Henderson is a business executive, hacker and vulnerability researcher who uses his unique perspective to build valuable security programs for clients. He has more than two decades of experience leading hacking and vulnerability research teams. Charles is frequently interviewed by CNN, Fox Business, NBC and other major television and print media outlets due to his vast hacking experience and ability to translate technical concepts into a language that all audiences – security and non-security – can understand. Charles has been hacking since he was nine years old.

    Stephanie Carruthers leads the social engineering practice, focusing on open-source intelligence gathering, phishing, vishing and physical security assessments for X-Force Red clients. In 2014, after practicing social engineering techniques for only two years, Stephanie won the Def Con social engineering competition. She has been building social engineering practices and engagements from the ground up ever since.

    Jared Haight is a member of the X-Force Red Adversary Simulation team. He brings over 15 years of IT experience covering development, systems administration, and information security. This background allows him to quickly assess environments and provide effective and practical guidance on security issues. He is a developer behind several open source projects including PS>Attack and the Faction C2 Framework. Jared holds the Offensive Security Certified Professional (OSCP) certification and has presented and provided training at several prominent industry conferences. Jared has been hacking since he was 15 years old.

    For more than a decade, Dustin Heywood has honed his expertise as a strategic information security professional. As a senior X-Force Red hacker, he serves as a trusted consultant to clients and peers, specializing in password assessments and password security research. Dustin has managed in-house security "blue teams," red teams, security controls and has performed countless penetration tests. He was also a glider pilot, air cadet and glider familiarization pilot in the Canadian forces and a civilian contractor and is currently a senior pyrotechnician, restricted locksmith tools license holder and a certified scuba diver. Dustin has been hacking since he was nine years old.

    With four decades of information technology and security experience, Adam Laurie is a founding father of hacking. Adam and his brother wrote a plug in for Apache, called Apache-SSL. It became the first secure, open source web server, and was used by 70 percent of the world's web server market.He also built and integrated systems for enterprise telecommunication companies and banks and transformed an underground nuclear bunker into his own data center. Adam is a Def Con quartermaster, meaning he is responsible for all of the equipment used at the conference. Over the years, Adam has watched the conference grow from 150 to 40,000 attendees. Adam has been hacking since he was 16 years old.

    Steve Ocepek has received five patents in network security in the past 15-plus years. With extensive experience in both penetration testing and network defense, Steve builds, manages, delivers security services to IBM's global client base. While Steve's expertise spans across network, application, IoT and every other type of security, he particularly has an advanced hacking skillset for cloud environments and has built cloud infrastructures from the ground up. Steve has been hacking since he was four years old.



    The content of this webinar will be based around your questions; however, we expect to cover a wide breadth of topics and therefore may not get into too much technical detail. Please ask whatever you want, and if we don't have time to do a deep dive on your topic, we'll be sure to follow up with you after the event concludes.


    ------------------------------
    Jennifer Tullman-Botzer
    Community Manager
    IBM Security
    ------------------------------


  • 2.  RE: Ask the X-Force Red Hackers Anything - Post Your Questions Now, Then Join Our Webinar on Feb. 6

    Posted Tue January 21, 2020 12:00 PM
    I am new to IBM Partner community and will be interested to learn more about
    ethical hacking - where the thin red line stops. While it sounds great to
    have brute force hacking by ethical hackers to break into the customer's
    system, how prepared are the customer to experiment this?

    Robert K Joseph____________

    Step Ahead Solutions, Inc
    Certs: 8(a) SDB, EDWOSB, DBE, SWBE & SMBE
    19925 Stevens Creek Blvd. Suite 100,
    Cupertino, CA 95014
    * Off: 408.725.7560 x5130 | Mob: 408.771.9663
    *kjoseph@stepaheadsolution.com | www.stepaheadsolution.com
    <http://www.stepaheadsolution.com/>




  • 3.  RE: Ask the X-Force Red Hackers Anything - Post Your Questions Now, Then Join Our Webinar on Feb. 6

    Posted Thu January 30, 2020 04:50 AM
    Edited by Jennifer Tullman-Botzer Thu January 30, 2020 04:51 AM
    @Kenny Joseph, thanks for starting things off with a great question!

    ​The X-Force Red team members are expecting lots more questions from our Community, so don't be shy. Post your questions for the hackers here before the Feb. 6 webinar or email me directly at jennifer@il.ibm.com.

    We're waiting to hear where your curiosity lies and what topics interest you most!


    ------------------------------
    Jennifer Tullman-Botzer
    Community Manager
    IBM Security
    ------------------------------


  • 4.  RE: Ask the X-Force Red Hackers Anything - Post Your Questions Now, Then Join Our Webinar on Feb. 6

    Posted Thu February 06, 2020 02:50 PM
    HI Team, Its really great and I am one of the great followers of the white hat hacking or hackers of IBM, but its Queries  for all the panelists but it is more  for the Steve and Adam,

    1)how they made it into IBM as IBM is technically ready with the arsenal  for the full stack tools available for us to explore and defend ourselves from various attacks.

    2)how far we can get and safe our cutomers and how quick we can respond, is any golden hour or threshold hour is there to stop and quarantine the attacks and vulenrabilities.
    3) How  we can file the patents on security can share your expeiernces more in the open source world and also how we can focus it for the good tech and safer IT

    ------------------------------
    BALA BHASKAR KALAPARAPU
    ------------------------------