9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
In this episode of Security Nation, Jen and Tod chat with Curt Barnard, Principal Security Researcher at Rapid7, about a new tool he’ll be presenting at Black Hat Arsenal, the showcase of open-source tools at Black Hat 2022 in Las Vegas. Curt gives us the details about the tool, Defaultinator, which helps security pros look up and audit for default credentials more quickly and effectively. He also tells us what else he’s excited about at this year’s lineup of cybersecurity conferences in Vegas next week.
Stick around for our Rapid Rundown, where Tod and Jen talk about a Rapid7 alum’s discovery of a vulnerability in DSL- and fiber-based web routers from Arris, as well as a recent article that debates the benefits of sharing exploit proofs of concept versus keeping them private.
Curt Barnard is a cybersecurity professional with 15 years of experience across both the public and private sector. At Rapid7, Curt is a Principal Security Researcher working with projects Sonar and Heisenberg, analyzing internet-wide security issues with global impact. Before joining the team at Rapid7, Curt spent time breaking software with the Department of Defense, vetting cybersecurity companies for venture capital firms, and building his own startup from the ground up. When he isn’t busy popping calc.exe, Curt enjoys changing your desktop’s wallpaper and moving your icons around.
Interview links
Rapid Rundown links
Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C