WE'RE IN!

In this episode of WE’RE IN, Josh Mason sits down with Sayaan Alam, a Level 5 Synack Red Team (SRT) member who started his hacking journey at 14 years old. Sayaan shares his story of how he became the second-youngest researcher onboarded to the SRT and how he climbed the ranks to become recognized on the Synack Acropolis.

Timestamps:

00:54 Meet Sayaan: Starting Bug Bounties at 14

01:33 Joining the Synack Red Team (SRT)

03:18 SRT Onboarding Process

04:41 Climbing the Tiers: From Level 1 to Level 5

05:42 Why Synack is Different from Other Platforms

06:30 Improving Professional Pentesting Skills

06:58 Finding Patterns in Client Architectures

08:32 The AI Chatbot Vulnerability: SSRF Case Study

10:57 Remediation Advice for AI File Handling

11:58 Trends in AI Chatbot Security & Stored XSS

13:12 Thoughts on Sara: The Synack Autonomous Red Agent

14:29 How to Connect with Sayaan

15:07 Outro and Closing Remarks

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This conversation explores how AI is transforming the offensive security landscape, focusing on the rise of AI-driven vulnerabilities, the evolution of pen testing, and the integration of human and AI efforts in cybersecurity. The discussion highlights the importance of adapting to new threats and the role of Synack's Autonomous Red Agent in enhancing vulnerability detection and remediation processes.
Timestamps
04:51
Traditional vs. Modern Pen Testing Approaches
07:55
The Role of Human Analysts in AI-Driven Security
10:57
Introducing Sara Pentest: A New Era in Testing
13:16
Executing a Sara Pentest: A Step-by-Step Guide
20:13
Real-Time Insights from Sara Pentest
23:20
Technical Difficulties and Collaboration
23:25
Exploring Pen Test Engagements
27:00
Successful Pen Test Outcomes and Future Implications

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Synack Red Team member Bloodtyper reveals his journey from the DMZ to discovering critical AI prompt injection vulnerabilities. Learn how he creates bug bounty reports that get accepted, as well as other golden nuggets of advice to learn and grow your penetration testing skills.
CHAPTERS:
0:00 Introduction
01:03 Military Origins & The DMZ
01:58 Hacker Origin Story
04:06 Transitioning from Infantry to Tech
07:22 Joining the Synack Red Team (SRT)
08:04 Learning with Hack The Box
09:52 Bug Bounty Reporting Strategy
12:14 Synack Vuln Ops
16:03 Advice for New Pentesters
18:44 AI Prompt Injection Deep Dive
21:35 Retesting & Patch Verification
23:25 How to Improve Patching
26:02 Advice to Learn Cyber Security

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Adam Logue, Independent Security Researcher and Synack Red Teamer, discusses his experiences with responsible disclosure and bug bounty programs, and provides a fascinating technical deep dive into a vulnerability he found in Microsoft 365 Copilot during a client-facing engagement.
Timestamps:
00:49 - Adam's background with responsible disclosure and bug bounty programs
04:33 - Description of M365 vulnerability
12:34 - Demo of the vulnerability
17:53 - How to pentest AI
20:45 - Getting started in pentesting
23:07 - Benefits of hacking with Synack

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Blake and Cynthia take an in-depth look at the evolving ransomware threat landscape, the interplay between government and private sector in cybersecurity, and the challenges and opportunities presented by new technologies like AI.
Timestamps: 
00:19 - Halcyon’s Ransomware Research Center
07:24 - Actors behind ransomware campaigns
11:22 - Will AI help offense or defense? 
17:29 - Known vulnerabilities
21:10 - Where do you fall on ransomware payments?
28:24 - How to stop bad actors
30:44 - Guest fun fact

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.