This is the Official podcast for HackTalk.net. In Episode 0×01 we will be discussing why the podcast was formed along with some Do’s and Don’ts of con, why security awareness programs suck, how to protect yourself against getting your DB posted to pastebin and ensuring your user’s credentials are safe even if they do get posted online, a really cool technique for persistence using WMIs and talk about some tips on secure password storage.

A few weeks ago while checking out the Shazam.com website I decided, “Hey, I wonder if I can find any small vulnerabilities in Shazam.” I thought of this because I had not heard of their security posture recently despite the fact that they are such a large website. I soon found myself a nice little XSS vulnerability in their search functionality.