OwlTail

Cover image of David Maynor

David Maynor

11 Podcast Episodes

Latest 28 Aug 2021 | Updated Daily

Weekly hand curated podcast episodes for learning

Episode artwork

03/08/17 Guest David Maynor

LawyerLiz

Show Topic:: "When Toys Talk: Privacy & Security of IoT Toys"Security Researcher David Maynor joins Liz to discuss how connected dolls, teddy bears, and other toys are listening and recording and the resulting security implications.

59mins

4 Apr 2017

Episode artwork

11/23/16 Guests Thomas Geffroyd and David Maynor

LawyerLiz

Hackers in Video Games: In Watch_Dogs_2, Ubisoft's latest video game release, a hacker works to bring down San Francisco's (fictional) "all-seeing" surveillance system that connects and collects everything. Thomas Geffroyd, Watch_Dogs_2 Content Brand Director, and David Maynor, one of the game's Narrative Consultants, join Liz to discuss the technology and hacking found in the game.

57mins

28 Nov 2016

Similar People

Episode artwork

05/25/16 Guests Robert Graham and David Maynor

LawyerLiz

Elizabeth welcomes security researchers Robert Graham (CEO, Errata Security) and David Maynor (Talos Security Intelligence and Research Group, Cisco) to discuss how drones, cars, and coffeemakers connect as part of the Internet of Everything and what happens when hackers enter the picture.

58mins

27 May 2016

Episode artwork

Robert Graham and David Maynor - HamSammich – long distance proxying over radio

DEF CON 23 [Audio] Speeches from the Hacker Convention

HamSammich – long distance proxying over radio Robert Graham Erratasec.com David Maynor Erratasec.com The ProxyHam talk was mysteriously canceled. However, it’s easy to replicate the talk from the press coverage. In this talk, we propose “HamSammich”, creating a point-to-point link in order to access WiFi from many miles away, as a means to avoid detection. We show how off-the-shelf devices can be configured to do this for less than $200. After demonstrating the working system, we’ll talk about radio signals. This includes both the FCC regulatory issues which may have caused the cancelation of the original talk, as well as signals-intelligence, and the practicalities of being detected and caught. Finally, we’ll talk about hiding signals with SDR, a more complicated and expensive technique, but one that hides better in the electromagnetic spectrum. We’ll demonstrate not only a working system, but what the 900MHz spectrum looks like, and how to track down a working system. Robert Graham is the CEO of Errata Security, a pentest/consulting firm. He's known for creating the first IPS, the BlackICE series of products, sidejacking, and masscan. In his spare time, he scans the Internet. He has been speaking at several conferences a year for the past decade. Twitter: @ErrataRob David Maynor is the CTO of Errata Security, and chief pentester. He’s a frequent speaker at conferences, most infamously in the Apple WiFi scandal. In his spare time, he builds weapons for Skynet’s domination of the planet. Twitter: @Dave_Maynor

30 Oct 2015

Most Popular

Episode artwork

David Maynor: Architecture Flaws in Common Security Tools (English)

Black Hat Briefings, Japan 2005 [Audio] Presentations from the security conference

"Look at your new device! It has a great case, plenty of buttons, and those blue LEDs - wow! But when you strip away the trappings of modern artistic design, what does it really do and how does it help you sleep at night? Perhaps most importantly, what do hackers know about this new toy that you do not? Would you be surprised to know that simple TCP fragmentation can evade most security products in the world? What would you think if you learned that a hacker can apply simple, normally accepted encoding schemes to launch attacks right through most security tools? Come and see what hackers know; if you rely on these products to keep you safe, you can't afford not to.David MaynorMr. Maynor is a research engineer with the ISS Xforce R&D team where his primary responsibilities include reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread. Before ISS Maynor spent the 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable. Before that Maynor contracted with a variety of different companies in a widespread of industries ranging from digital TV development to protection of top 25 websites to security consulting and penetration testing to online banking and ISPs."

1hr 9mins

31 Oct 2006

Episode artwork

David Maynor: NX: How Well Does It Say NO to Attacker's eXecution Attempts?

Black Hat Briefings, Las Vegas 2005 [Video] Presentations from the security conference

NX. It's known by different names to different people. AMD calls it Enhanced Virus Protection, or EVP. Microsoft calls its support Data Execution Prevention, or DEP. After the press about how this new technology will stop hackers and worms in their tracks, many people call it a modern marvel. But this new technology has several layers of confusion surrounding it in regards to where it is implemented, how it protects and even when its on. This talk will unwrap the information while showing that at best NX is a speed bump and not a stop sign to malicious intruders. David Maynor is a research engineer with the ISS Xforce research and development team where his primary responsibilities include reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread. Before ISS Maynor spent the 3 years at Georgia Institute of Technology (GaTech), with the last two years as a part of the information security group as an application developer to help make the sheer size and magnitude of security incidents on campus manageable. Before that Maynor contracted with a variety of different companies in a widespread of industries ranging from digital TV development to protection of top 25 websites to security consulting and penetration testing to online banking and ISPs.

36mins

4 Jun 2006

Episode artwork

Johnny cache and David Maynor: Device Drivers

Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference

Application level security is getting better. Basic stack based string overflows have become rare, and even simple heap overflows are getting hard to find. Despite this fact there is still a huge avenue of exploitation that has not been tapped yet: device drivers. Although they don’t sound very interesting, they are full of simple security programming errors as they are often developed for performance and in tight time frames. The traditional thinking is that although the code is bad an attacker can’t really get to it. Development of reliable off the shelf packet injection techniques combined with the excessive complexity of the 802.11 protocol creates a perfect combination for security researchers. Ever seen a laptop owned remotely because of a device driver? Want to?

57mins

4 Jun 2006

Episode artwork

Johnny cache and David Maynor: Device Drivers

Black Hat Briefings, Las Vegas 2006 [Audio] Presentations from the security conference

Application level security is getting better. Basic stack based string overflows have become rare, and even simple heap overflows are getting hard to find. Despite this fact there is still a huge avenue of exploitation that has not been tapped yet: device drivers. Although they don’t sound very interesting, they are full of simple security programming errors as they are often developed for performance and in tight time frames. The traditional thinking is that although the code is bad an attacker can’t really get to it. Development of reliable off the shelf packet injection techniques combined with the excessive complexity of the 802.11 protocol creates a perfect combination for security researchers. Ever seen a laptop owned remotely because of a device driver? Want to?

57mins

4 Jun 2006

Episode artwork

David Maynor and Robert Graham: Data Seepage: How tgive attackers a roadmap tyour network

Black Hat Briefings, Europe 2007 [Audio] Presentations from the security conference.

"Long gone are the days of widespread internet attacks. What's more popular now are more directed or targeted attacks using a variety of different methods. Since most of these attacks will be a single shot styled attack attackers will often look for anyway tincrease the likelihood of success. This is where data seepage comes in. Unbeknownst ta lot of mobile professional's laptops, pdas, even cell phones can be literally bleeding information about a company's internal network. This can be due tapplications like email clients that are set tstart up and automatically search for its mail server, windows may be attempting tremap network drives, an application could be checking for updates. All this information can be used by an attacker tmake attacks more accurate with a higher likelihood of success. Don't laugh and dismiss this as a trivial problem with nimpact. Through demonstrations and packet caps we will show how this problem can be the weak link in your security chain. "

1hr

9 Jan 2006

Episode artwork

David Maynor & Robert Graham: Simple Solutions to Complex Problems from the Lazy Hacker?s Handbook: What Your Security Vendor Doesn?t Want You to Know .

Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.

Security is very hard these days: lots of new attack vectors, lots of new acronyms, compliance issues, and the old problems aren?t fading away like predicted. What?s a security person to do? Take a lesson from your adversary... Hackers are famous for being lazy -- that?s why they?re hackers instead of productive members of society. They want to find new and interesting shortcuts to a quick payoff with minimal effort. Or, they look at a protocol designed by committee and find all the issues that never got a vote. Why not use the same enterprising approach to a quick and easy victory in the security arms race against them? Stop dialing the phone to your security vendor and pay attention. This talk will shine light on simple methods to fix complex problems that your security vendor doesn?t want you to know about. Problems that will be addressed are: - How to take care of client side exploits with ease. - Find tons of 0day by letting someone else do the all the work. - Employ simple measures to keep a wireless network key secure. All this without buying ANOTHER product! If you are drowning in problems, this talk could be just the lifeline you need...

50mins

9 Jan 2006

Loading