[root@kali]# whoami

[root@kali]# Bobby Rauch

|

Senior Offensive Security Engineer. Security Researcher. Red Teamer. MIT Graduate.

Initiate Connection
Bobby Rauch Profile

Behind the Shell

Bobby is a Boston, Massachusetts, USA - based Senior Offensive Security Engineer and red teamer at a Fortune 500, security researcher, and co-host of The Cyber Idiots podcast. He has found high severity vulnerabilities in Fortune 500 companies including Microsoft, Apple, and Oracle. His research has been published by the Boston Globe, Brian Krebs, Bleeping Computer, Ars Technica, and other major tech publications. His technical blog posts have been read by more than 200,000 readers, and he has spoken at offensive security conferences around the world including Defcon's Red Team Village, Hardwear.io, m0lecon Turin, and Bsides London. Bobby holds a Bachelor's Degree in Computer Science from MIT, as well as OSCP and OSWE certifications.

Press & Media

Featured research in major publications.

ARS TECHNICA

Google pushes .zip and .mov domains onto the Internet, and the Internet pushes back

Another illustration of the potential for abuse came in a recent post by security researcher Bobby Rauch. In it, he showed how an attacker could use the .zip TLD to create a malicious URL that could fool just about anyone and that looks almost identical to the legitimate one it’s mimicking.

The Boston Globe

Your CharlieCard can be hacked by an Android phone, MBTA admits

"Anyone in Boston with an Android phone and a curiosity about how the CharlieCard works can exploit those same vulnerabilities," said Rauch.

KrebsOnSecurity

Apple AirTag Bug Enables 'Good Samaritan' Attack

Research into how Apple's AirTag "Lost Mode" could be weaponized for phishing and credential harvesting via XSS.

BleepingComputer

GIFShell attack creates reverse shell using Microsoft Teams GIFs

A new attack technique called 'GIFShell' allows threat actors to abuse Microsoft Teams for novel phishing attacks and covertly executing commands to steal data using ... GIFs.

Conferences & Speaking

Sharing knowledge across the globe.

"Un-fare Advantage” - Hacking The MBTA CharlieCard From 2008 | hardwear.io

Hardwear.io San Francisco

Watch on YouTube

“GIFShell” — Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs

m0lecon Turin

Watch on YouTube
Las Vegas 2024

Hacking Processes: Introducing the Redteaming Process Framework: RTPF.

Ready to hack processes? Join @bobbyrsec & @dubfr33 at RTV during @defcon 32

Defcon Red Team Village
London, UK 2022

"GIFShell" — Covert Attack Chain And C2 Utilizing Microsoft Teams GIFs

Bsides London

Blog

Technical deep dives and research published on Medium.

bobbyrsec@

/mnt/blog/medium

Breaking Down a Google Drive Phishing Scam — Total Security or Total Affiliate Scam?

Mac malware and OSINT analysis of a fake Google Drive storage alert

bobbyrsec@

/mnt/blog/medium

The Dangers of Google's .zip TLD

Can you quickly tell which of the URLs below is legitimate? An analysis of how the new .zip top-level domain introduces new vectors for phishing and social engineering.

cat /all_posts

Teaching

Sharing foundational knowledge through formal educational platforms.

/usr/bin/linkedin

Introduction to Offensive Security

A comprehensive course covering all things offensive security in a beginner-friendly format - taken by 5K learners so far

Start Learning on LinkedIn
/usr/bin/mit

MIT High School Cybersecurity Course (Intro)

An overview of the week-long intensive cybersecurity program at MIT for high school students through Summer Springboard

Watch on YouTube

Certifications

Validated industry credentials in offensive security

OSWE Badge

OSWE

Offensive Security
Web Expert
OSCP Badge

OSCP

Offensive Security
Certified Professional

Cyber Idiots Podcast

Idiots talking all things cyber

The Cyber Idiots Podcast Episode 15: When Cybersecurity Meets Donuts and Chickens - A Modern Crisis

Watch / Listen on YouTube

The Cyber Idiots Podcast Episode 14 - AI Can't Math and Weddings are a Scam

Watch / Listen on YouTube
cat /all_videos

$ /bin/connect

Send a secure communication packet.