Podcasts by Pauls Security Weekly (Video-Only)

Pixelating Info, Pilfer Or Report, Digital Credit Unions, & Airtag Abuse - PSW #728 from 2022-02-18T10:00

This week in the Security News: To steal or collect a bug bounty, print bombing an NFL team, Webkit strikes again, hackers be framing, TIPC Linux kernels, is that an Airtag in your pocket or?, I...

Running Windows Inside Containers On Linux - PSW #728 from 2022-02-17T22:00

Yes, this is possible! We have incoporated into our vulhub-lab project a way to run Windows inside a Docker Container that is running on Linux. We didn't invent this technique but we will show y...

Cybersecurity Coordinator Under President Obama - Michael Daniel - PSW #728 from 2022-02-17T10:00

Michael joins us to discuss the importance of information sharing, how to convey cybersecurity practice and topics to senior leaders, cybersecurity regulation, myths surrounding militarizing cyb...

Uncovering a Major Linux PolicyKit Security Vulnerability: Pwnkit - Wheel - PSW #727 from 2022-02-11T10:00

Qualys researcher, Wheel, will discuss the discovery of the 12 year old Linux vulnerability in PolicyKit - which Qualys had dubbed, PwnKit. Wheel will provide an overview of the vulnerability an...

AR vs. VR, Hacking Mazdas, Risqué Latte Art, Crypto Wormholes, & Carding Forum Seized - PSW #727 from 2022-02-10T22:00

In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it’s 3rd hacking group, The ‘Metaverse’ of security challenges, $323 Mi...

Cybersecurity Is Not Just a Technical Problem - Brian Honan - PSW #727 from 2022-02-10T10:00

We have spent decades tackling security threats with technology, and we are failing badly. We need to look and learn from other industries and see how they have improved their industry. In parti...

Securing Olympians, Hiding in UEFI, 'Fingerprinting GPUs', & P4x vs. North Korea - PSW #726 from 2022-02-04T10:00

This week in the Security News: Temporary phones, webcam hacks that are so much more, bags of cash, patch Wordpress plugins and patch them some more, crowd-sourced-government-funded vulnerabilit...

Linux Post Exploitation - PSW #726 from 2022-02-03T22:00

In this Technical Segment, Paul walks through Linux Post Exploitation!

Github: https://github.com/SecurityWeekly/vulhub-lab

Covert EDC & Physical Pen Tests - Brent White - PSW #726 from 2022-02-03T10:00

Discussing every-day-carry items that are utilized during covert entry assessments. Also discussing the concealment of these tools, and which tools we use for various assessment types.

Se...

12 Year Linux Bug, Recovering Bitcoin, Lulzsec's Impact, & Pimp My Cubicle - PSW #725 from 2022-01-28T10:00

This week in the Security News: More QR codes you shouldn't trust, race conditions in Rust, encrypting railways, Pwnkit - the latest Linux exploit, tricking researchers into crashing, cybersecur...

Securing Ubiquiti WiFi Systems - PSW #725 from 2022-01-27T22:00

Ubiquiti has become a crown favorite for WiFi (and many other solutions). Learn how to do some basic security, update the software, change passwords and more!

Visit Listen

Cracks in the Castle - Jimmy Sanders - PSW #725 from 2022-01-27T10:00

Enterprises today has an ever expanding attack surface. Jimmy Sanders, Head of Security for DVD.com, joins to discuss how Organizations are constantly trying to stay ahead of the latest known an...

REvil Gang Arrested, 5G & Airplanes, Zoom Zero-Click, & Stolen Brownies - PSW #724 from 2022-01-21T10:00

In the Security News: Malware targets Ukraine, I wonder where that's coming from?, evil Google Docs comments, Russia grabs REvil, funding a dictatorship, Zoom zero clicks, When 9-year old's laun...

Using WPScan To Find WordPress Vulnerabilities - PSW #724 from 2022-01-20T22:00

wpscan is a free tool for scanning WordPress, and let's face it, there are many vulnerabilities to be found in Wordpress! This segment will walk you through installing, configuring and using wps...

Cyber Resilience - Cybersecurity Mental Health - Neal O'Farrell - PSW #724 from 2022-01-20T14:58:29

What can we do to raise awareness on issues of mental health for cybersecurity professionals? Neal walks us through some of the issues and ways to deal with them. Neil has also put together trai...

Mailing USBs, DoS in DoorLock, Moxie Resigns, QR Code Mystery, & Jarring Revelations - PSW #723 from 2022-01-15T10:00

This week in the Security News: Attacking RDP (from the inside), NetUSB exposed, the old mailing USB drives trick, a persistent DoS in your doorLock, Signal gets a new CEO, attacking the patchin...

CanSecWest, PacSec, & PWN2OWN - Dragos Ruiu - PSW #723 from 2022-01-14T22:00

Dragos is the Organizer of CanSecWest, PACSEC, originator of PWN2OWN, and does security auditing, and virtual engagement/training.

Visit Listen

Log4j Exploit Step-By-Step - PSW #723 from 2022-01-13T16:13:15

The log4j vulnerability still exists in many environments. Learn how to exploit this vulnerability in our step-by-step guide. Please only use this information for research and testing purposes, ...

Zip Tie Pick, Wifi/Bluetooth Bugs, Domain Controllers, & Beetle Behavior - PSW #722 from 2021-12-24T10:00

The greatest exploit in the world, throw some more logs on the log4j fire, lock picking with a zip tie, hacking metal detectors, please disclose your vulnerabilities here, bugs in Wifi and Bluet...

The State Of Internet Exposed Services - John Matherly - PSW #722 from 2021-12-23T22:00

John joins us to talk about what its like to run scans of the Internet on a regular basis. We'll talk about some trends, such as what is more exposed, what is less exposed, and how select segmen...

Lock Picking & Physical Security - Deviant Ollam - PSW #722 from 2021-12-23T10:00

Many of us, myself included, learned lock picking techniques from Deviant. He comes on the show to talk about physical security in a pandemic, how to train for lock picking and physical security...

Printing Shellz, Block Chain For C2, Wordpress Theft, & Log4j Who? - PSW #721 from 2021-12-17T10:00

This week in the Security News: Printing Shellz, the exploit is in the link, 42 CVEs, time to update all of your browsers again, Microsoft App spoofing vulnerability, stealing credit cards in Wo...

What to Expect in 2022 - Sinan Eren - PSW #721 from 2021-12-16T22:00

Since it is Dec 15 - might make sense to have a discussion on what might be coming in 2022 in terms of security - topics could span Ransomware, and other threats as well as technology segments l...

All Your Holiday Hack Challenge Belong To Us - Ed Skoudis - PSW #721 from 2021-12-16T15:13:24

Let's talk about the 2021 SANS Holiday Hack Challenge. Lotsa great new stuff this year, with a focus on hardware hacking in a virtual world... plus TWO cons at the North Pole.

Se...

The 2021 Security Landscape & What Lies Ahead - Shailesh Athalye - PSW #720 from 2021-12-03T10:00

What are the key security challenges that customers faced this year? What did attackers do differently in 2021, and why are they succeeding more often? What can we expect in 2022? Shailesh will ...

Authentication Vulnerabilities - PSW #720 from 2021-12-03T10:00

Sven will present common vulnerabilities and issues that arise when implementing authentication and authorization in web applications.

This segment is sponsored by Invicti. Visit...

Bypassing Biometrics, Hiding in Plain Sight, Hacker Cinema, & High Aspirations - PSW #720 from 2021-12-02T22:00

In the Security News for this week: Stop hiding your secrets in plain sight, Detecting Wildcard DNS Abuse, $5 setup that hacks biometrics, Managing passwords with pen and paper, Windows 10 Zero ...

Suing Satoshi, Trojans in IDA, FBI Spam, Beg Bounties, & UPNP Strikes Again - PSW #719 from 2021-11-19T10:00

This week in the Security News: The FBI is spamming you, hacking exists in the mind, Beg Bounties, nasty top-level domains, MosesStaff, why own one npm package when you can own them all, how muc...

Skill Building: CTFs & Computer Fundamentals - Derek Rook - PSW #719 from 2021-11-18T22:00

Derek and the hosts will discuss technologies to build CTFs as well as what types of things to consider while doing so. They will also talk about the computer fundamentals that are often underva...

Building Vulnerable Docker Containers (On Purpose) - PSW #719 from 2021-11-18T15:01:09

I needed to create some vulnerable targets for testing exploits and my default password finder I wrote in Python (featured in previous episodes). I found a few useful projects, including Vulhub,...

TIPC Kernel Vulns, SBDCs, Truckloads of GPUs, & Hardcoded SSH Keys - PSW #718 from 2021-11-12T10:00

This week in the Security News: NPM hijacked again, hardcoding your keys, PAN-ODay, more Nmap in your python or python in your nmap, put your Docker API to rest, Busybox will own your box, Micro...

MAVSH - Sachin Mahajan - PSW #718 from 2021-11-11T22:00

Over the course of 2020 and 2021 new UAV regulations and restrictions, such as Remote Identification, have threatened UAV hobbyist's ability to fly freely. These new regulations did leave hobbyi...

Stalkerware Capabilities in the Real World - Lodrina Cherne, Martijn Grooten - PSW #718 from 2021-11-11T10:00

Can using technology risk your personal safety? Tracking information can be shared with attackers and facilitate cyberstalking in multiple ways including key logging and screen sharing. Explorat...

Shrootless Bug, Statistic Stats, Trojan Source, Fake Students, & Clippy Returns - PSW #717 from 2021-11-05T09:00

This week in the Security News: LOLbins that make you LOL, over exposing your medical records, Shrootless gets past SIP, 73.6% of statistics are made up and other such lies, we love Signal, if a...

Peel Back the Layers of Your Enterprise with Security Onion 2 - Doug Burks - PSW #717 from 2021-11-04T21:00

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. We've got a new container-based platform that is more flexible, more powerful, ...

Part 2: Scanning For Default Creds With Python - PSW #717 from 2021-11-04T09:00

We've updated our script with all sorts of new features. The latest version uses the TOML configuration file format to store the vendor information and the credentials to test with. We'll focus ...

Iranian Gas, Smelly Towns, View Source Legality, EBCDIC & GDPR, & Unlocking Oculus Go - PSW #716 from 2021-11-02T17:28:37

This week in the Security News we talk: Its still not illegal to look at HTML source code, Nobelium strikes again, npm infections, gas is cheap in Iran, if you can get it, Google Tensor, going b...

What Exactly Is an Incident Commander, Anyway - Matt Linton - PSW #716 from 2021-10-28T21:00

You may have seen the term "Incident Commander" in discussions about incident response, but do you know where that term came from and what it means? How can professionalizing your incident respo...

Focusing on Preventing Ransomware - Roger Grimes - PSW #716 from 2021-10-28T09:00

A good backup is not prevention. Its recovery. Roger A. Grimes, author of the just released Ransomware Protection Playbook (Wiley), and author of 12 other books and over 1100 articles on compute...

Wild Hippos, Chrome FTP, L0phtCrack Is Open-Source, Win 11 Pentium, & Legacy Systems - PSW #715 from 2021-10-23T09:00

This week in the Security News: More security advice for non-profits, faster 0-day exploits, ban all the things, you are still phishable, how to treat security researchers, what the heck is cybe...

Scanning For Default Credentials With Python - PSW #715 from 2021-10-22T21:00

We've been working on this Python project that will use the Nmap Python library to scan the local network, enumerate select systems and devices, try to login with default or known credentials, a...

Evolution & Maturity of the Cybersecurity Industry - Maxime Lamothe-Brassard - PSW #715 from 2021-10-22T09:00

The business of Security is gaining in maturity, from being an obscure corner of IT to becoming a core part of the C-Suite. How is this transformation happening and what can we learn from the si...

IoT Rickroll, Suing Over Disclosures, K-12 Cybersecurity Act, & SS7 Signaling - PSW #714 from 2021-10-16T09:00

This week in the Security News: Following the ransomware money, the Mystery Snail, school cybersecurity is the law, sue anyone, just not security researchers, "hacking" a flight school, refusing...

GraphQL - Sven Morgenroth - PSW #714 from 2021-10-15T21:00

Sven will talk about GraphQL APIs. He is going to show common issues that arise from its usage and how to attack GraphQL applications.

This segment is sponsored by Invicti. Visit...

Open Source Endpoint Security with Osquery & Fleet - Zach Wasserman - PSW #714 from 2021-10-14T21:00

The world's top tech organizations are pursuing an open-source endpoint security strategy using osquery. We will dig into how osquery and Fleet can enable observation, collection, and investigat...

LANtennas, ESXi & Python, Twitch Leaks, Facebook BGP, & iPhone Is Always On - PSW #713 from 2021-10-11T14:32:23

This week in the Security Weekly News: Brushing that data breach under the rug? Get sued by the US Government!, all your text messages belong to someone else, beware of the Python in your ESXi, ...

Up & Running With Security Onion - PSW #713 from 2021-10-08T21:00

There are many options to choose from when setting up The Security Onion. The use cases are vast, including a NIDS (Zeek, Suricata), HIDS (Beats, Wazuh, osquery) and standalone instances for a S...

Survey Says: Improve Your Security Posture by Purple Teaming - Dan DeCloss - PSW #713 from 2021-10-08T09:00

Today Dan DeCloss, CEO of PlexTrac, joins the panel to share results from a CyberRisk Alliance survey of 315 security practitioners in the U.S. and Canada. This research, sponsored by PlexTrac, ...

Pickpocketing Apple Pay, Mandatory Breach Reporting, Huawei Fears, & Cyber Criminals - PSW #712 from 2021-10-01T21:00

In the Security News, Microsoft adds automated mitigations for Exchange servers, Senior US cyber officials support mandatory breach reporting, 2021 has broken the record for 0days, but maybe tha...

Defense Strategies to Combat Sophisticated Ransomware - Mehul Revankar - PSW #712 from 2021-10-01T09:00

To defend themselves, companies need to detect ransomware attacks early, gather the intelligence to understand the attack, and prevent the attacks from occurring in the future. Qualys’ Mehul Rev...

Renting Your Phone, Public-Key Explained, Toilet Identification, & AutoDiscover Bug - PSW #711 from 2021-09-25T09:00

This week in the Security News: What to do with your old hardware, renting your phone, "persistently execute system software in the context of Windows", sensational headline: ransomware could ca...

Nzyme - Paul Asadoorian & Larry Pesce - PSW #711 from 2021-09-24T21:00

In this segment Paul and Larry attempt to confirm or deny that Nzyme performs intelligent device fingerprinting and behavioral analytics to detect rogue actors. Classic signature-based detection...

Velociraptor - Digging Deeper - Mike Cohen, Wes Lambert - PSW #711 from 2021-09-24T09:00

Velociraptor is a multi-platform, open-source, endpoint forensics, monitoring, and response platform that allows security professionals to quickly and easily dig through host artifacts and perfo...

Dubious Drones, NSO Group, Apple's Bug Bounties, Ghostscript 0-Day, & IBM Server Bugs - PSW #710 from 2021-09-18T09:00

This week in the Security News: Anonymous hacks Epik (with a K), Fuzzing Close-Source Javascript Engines, ForcedEntry, 8 Websites that can replace computer software, REvil decryptor key released...

Brakeman - Justin Collins - PSW #710 from 2021-09-17T21:00

Brakeman is a free static analysis security tool specifically designed for Ruby on Rails applications. It analyzes Rails application code to find security issues at any stage of development. Jus...

The State of Network Security in 2021 - Sinan Eren - PSW #710 from 2021-09-17T09:00

Network breaches, ransomware attacks, and remote-work challenges highlight the need for cloud-native Secure Access Service Edge (SASE) deployments.

Show Notes: Listen

Iframe Security - Benjamin Daniel Mussler - PSW #709 from 2021-09-04T09:00

Benjamin will discuss securing iframes with the sandbox attribute. This segment is sponsored by Acunetix.

Visit https://securitywee...

Hacking Honda, Insider Threat Galore, ChaosDB, USB File Weight, & Linux 5.14 - PSW #709 from 2021-09-03T21:00

This week in the Security News: Hacking Honda, a fact about single-factor, disarming your home and alarming vulnerability disclosure response, btw, you have a Sudo vulnerability, NSO under inves...

Nmap Vulnerability Scanning/Flan Scan - PSW #709 from 2021-09-03T09:00

Paul presents a Technical Segment that walks through Nmap, Vulners scripts, & Flan Scan!

Visit https://www.securityweekly.com/psw Listen

Yard Sales, Bitcoin Thief Charged, Mouse Privilege Escalation, & LED Eavesdropping - PSW #708 from 2021-08-28T09:00

This week in the Security News: Some describe T-Mobile security as not good, if kids steal bitcoin just sue the parents, newsflash: unpatched vulnerabilities are exploited, insiders planting mal...

Trends in Mac Malware & Apple Security - Patrick Wardle - PSW #708 from 2021-08-27T21:00

Apple's new M1 systems offer a myriad of benefits for both macOS users, and unfortunately, to malware authors as well. In this talk Patrick details the first malicious programs compiled to nativ...

Working With OpenVAS - PSW #708 from 2021-08-27T09:00

Gain some insights into the OpenVAS project, why you might want to use it and some of the best implementations. This segment will dive right into the extended setup by compiling OpenVAS, and all...

Shifting Left Probably Left You Vulnerable, Here’s How To Make it Right - Sonali Shah - PSW #707 from 2021-08-21T09:00

Shifting security left is good - but it’s an incomplete strategy that often leads to a false sense of security. In this segment, Sonali will discuss how organizations can reduce their risk of br...

Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer - . Wheel - PSW #707 from 2021-08-20T21:00

The Qualys Research Team discovered a size_t-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain ro...

Tractorload of John Deere Vulns, T-Mobile Breach, Kalay IoT Hack, & HolesWarm - PSW #707 from 2021-08-20T09:53:03

In the Security News for this week: Buffer overflows galore, how not to do Kerberos, no patches, no problem, all your IoTs belong to Kalay, the old pen test vs. vulnerability scan, application s...

Cyber-Symposiums, Apple Backdoor, Crypto Theft, & "Quadruple Extortion" - PSW #706 from 2021-08-14T09:00

This week in the Security News: Accenture gets Lockbit, $600 million in cryptocurrency is stolen, and they've started returning it, Lee and Jeff's data is leaked (among other senior citizens), a...

Offensive Operations With Mythic - Kyle Avery - PSW #706 from 2021-08-13T21:00

Mythic is an open-source, multi-platform framework for conducting red team engagements. This talk will cover the automated deployment of a Mythic server, developing new "wrappers" to extend the ...

OSINT & Social Engineering - Joe Gray - PSW #706 from 2021-08-13T15:14:38

Joe will discuss his upcoming Book, "Practical Social Engineering" in addition to OSINT. He is primarily passionate about OSINT and adjacent forms of Intelligence, but will need to discuss some ...

'Master Faces', Ship Hijacked, Windows Container Escape, & DNS Loopholes - PSW #705 from 2021-08-07T09:00

This week in the Security News: PwnedPiper and vulnerabilities that suck, assless chaps, how non-techy people use ARP, how to and how not to explain the history of crypto, they are still calling...

The Stakes Are Raised When Protecting the Foundation of Computing - Scott Scheferman - PSW #705 from 2021-08-06T21:00

With Eclypsium researchers' discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of com...

RF Village at DefCon - Rick Farina, Rick Mellendick - PSW #705 from 2021-08-06T09:00

The RF Hackers Sanctuary is a group of experts in the areas of Information, Wifi, and Radio Frequency Security with the common purpose to teach the exploration of these technologies with a focus...

PetitPotam Attack, History of RickRolling, & Foxit PDF Vulns - PSW #704 from 2021-07-31T09:00

This week in the Security News: From a stolen laptop to inside the company network, the essential tool for hackers called "Discord", fixin' your highs, hacking DEF CON, an 11-year-old can show y...

Cyber-Physical Attacks - Michael Welch - PSW #704 from 2021-07-30T21:00

Join Michael Welch for a discussion on the ramifications a cyber-physical attack can have on ill prepared organizations. As a third-party expert, Michael can speak to: • The importance of being ...

The B Is for Business - Alyssa Miller - PSW #704 from 2021-07-30T09:00

Alyssa will discuss the growing trend of organizations implementing Business Information Security Officers. We'll talk about how the BISO builds bridges between the security and business organiz...

Windows Vulns Galore, Homoglyph Domains, Pegasus, & "Trust No One"! - PSW #703 from 2021-07-24T09:00

This week in the Security News: Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux...

CyberMarket & Democratisation/Globalisation of CyberSecurity Consulting - Gordon Draper - PSW #703 from 2021-07-23T21:00

CyberMarket.com is a marketplace where CyberSecurity Consultancies and clients can find each other. There is a growing trend where CyberSecurity Consultants recognize the gap between what they a...

Online Safety & Security: Dating Apps & Online Marketplaces - Jeff Tinsley - PSW #703 from 2021-07-23T09:00

Safety in online dating spaces is an issue the dating industry has grappled with for some time; with the surge of dating app usage during the pandemic, the demand for dating apps to take respons...

Ransomware Task Force, Year of the Linux Desktop?, & Ring Doorbell Encryption - PSW #702 from 2021-07-17T09:00

The White House announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popu...

The Journey from Network Security Engineer to Podcast Host - Jack Rhysider - PSW #702 from 2021-07-16T21:00

In this segment of Paul's Security Weekly, Paul and crew interview Jack Rhysider about how he got his start in Information Security, the projects and careers he worked on over the years, and how...

The BIOS Disconnect - Scott Scheferman - PSW #702 from 2021-07-16T09:00

Eclypsium researchers identified vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This disconnect impacted 129 Dell models of consumer and business laptops, desktops, a...

LinkedIn Breach, Bitcoin From Banks, PrintNightmare, & NFC Flaws in ATMs - PSW #701 from 2021-07-03T09:00

This week in the Security News: LinkedIn breach exposes user data, Why MTTR is Bad for SecOps, 3 Things Every CISO Wishes You Understood, USA as a Cyber Power, is ignorance bliss for hackers, fl...

The Rise of Sim Swapping - Haseeb Awan - PSW #701 from 2021-07-02T21:00

80% of SIM-Swap attacks are successful. This could lead to greater financial loss and loss of social status since this is where hackers latch onto. The statistics are true and spreading like a w...

New Security Threats Stemming from PII Online - Rob Shavell - PSW #701 from 2021-07-02T09:00

Deep dive on the data broker industry, and how new threats are stemming from the widespread availability of employee/personal information publicly for sale at data broker websites.

Thermostat Hijacking, MA Androids, Windows 11, Hacking Pelotons, & John McAfee - PSW #700 from 2021-06-26T09:00

In the Security News for this week Paul and the crew talk: Windows 11, Drive-by RCE, Cookies for sale, McAfee has passed away, 30 Million Dell Devices at risk, & more!

Visit Listen

CFAA: Recent US Supreme Court Case Van Buren v. US - Thomas Lonardo - PSW #700 from 2021-06-25T21:00

Brief history and purpose of the CFAA. Discussion of the majority and dissenting "Van Buren" opinion. Implications for the computer forensic and security profession.

Segment Resources: Listen

Career Pathing and Advice From Offensive Security - Jim O'Gorman - PSW #700 from 2021-06-25T09:00

Offensive Security expert Jim O'Gorman talks through his own career progression and training, revealing what it takes to be successful in infosec. He also covers key learning tracks and gives co...

Web Cache Poisoning - Timur Guvenkaya - PSW #699 from 2021-06-21T16:11:37

This presentation will cover how incorrect implementation of caching mechanism within web application might lead to the Web Cache Poisoning vulnerability that can potentially affect all the user...

"Eavesdropping Cameras", Ransomware Poll Results, Windows 11, & CVS Records Leak - PSW #699 from 2021-06-18T21:00

This week in the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10's End-Of-Life, Drones that hunt for human s...

Avoiding the Silo: Bridging the Divide Between Security + Dev Teams - Brian Joe - PSW #699 from 2021-06-18T09:00

Too often, developers and security teams have a siloed relationship. That separation can lead to inefficiencies and gaps in security across software development, ultimately leading to anything f...

ANOM Bust, Ransomware Solutions, NAC, & A PCI Deathmatch! - PSW #698 from 2021-06-12T09:00

This week, In the Security News Paul & the crew discuss: Microsoft Patches 6 Zero-Days Under Active Attack, US seizes $2.3 million Colonial Pipeline paid to ransomware attackers, the largest pas...

Protecting the Attack Surface - Rob Gurzeev - PSW #698 from 2021-06-11T21:00

What does it mean to protect the attack surface? What's the difference between attack surface protection vs. attack surface management? Rob Gurzeev, CEO and Founder at Cycognito, joins us to dis...

OpenWRT for Enterprise and Labs - Gene Erik - PSW #698 from 2021-06-11T09:00

OpenWRT is a mature and well supported project. It is supported on many hardware platforms and available as production-level products. OpenWRT has developed into a platform that is filled with e...

CFAA Ruling, Amazon Sidewalk, Agile Security Testing, & WordPress Plugins - PSW #697 from 2021-06-05T09:00

This week In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June ...

Digital Transformation's Impact On IT Asset Visibility - Sumedh Thakar - PSW #697 from 2021-06-04T21:00

Over the past year, organizations have rapidly accelerated their digital transformation by leveraging technologies such as cloud and container that support the shift to IoT and a remote workforc...

Attack Surface Discovery and Enumeration - Dan Tentler - PSW #697 from 2021-06-04T09:00

We've let the compliance world drive security for so long there are folks that literally have no idea what 'reasonably secure' looks or feels like because they've never seen it before.

Se...

M1 Chip Flaw, Boeing 747 Hacking, Don't Blame the Intern, & John Deere - PSW #696 from 2021-05-29T09:00

This week in the Security Weekly News, Paul and the Crew Talk: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blami...

Cybersecurity Canon - Rick Howard - PSW #696 from 2021-05-28T21:00

Rick Howard joins to talk about his Cybersecurity Canon project, the rock and roll hall of fame for Cybersecurity literature! The Cybersecurity Canon Committee has announced it's hall of winners...

Polarity’s Power-up Sessions, Add an Ability in 15 Minutes - Paul Battista - PSW #696 from 2021-05-28T09:00

Training is critical but it is tough to break away from the day to day. Polarity is running free 15 minute training sessions that leverage our community edition to leave you with a new ability t...

21 Nails: Behind the Scenes Discussion of Qualys Exim Vulnerability Discovery - Wheel - PSW #695 from 2021-05-22T09:00

Join Qualys researcher Wheel for a discussion on the team's recent discovery and disclosure of multiple critical vulnerabilities in the Exim mail server. This includes discussion of the vulnerab...

Five by Five: Why the Cyber Defense Matrix Gets Great Reception - PSW #695 from 2021-05-21T21:00

Five years after Sounil Yu originally introduced the Cyber Defense Matrix at the 2016 RSA conference, he just wrapped up the third workshop based on the framework. CDM has its own website, is an...

Unplugging the Internet, Diversity, Cyber NTSB, & Best Practices - PSW #695 from 2021-05-21T09:00

This week in the Security News: Is the cyber NTSB a good thing?, Russian virtual keyboard for the win, information should be free, hang on while I unplug the Internet, security MUST be taken ser...

Executive Order, New & Old Wifi Vulns, Pipeline Hack, & Distro-Less Linux - PSW #694 from 2021-05-15T09:00

This week in the Security News: President Biden issues a 34-page executive order on Cybersecurity, Did you hear about the pipeline hack?, New/Old Wifi vulnerabilities, get this Apple didn't want...

Attack Surface Mapping w/ AMASS - PSW #694 from 2021-05-14T21:00

Learn how to use Amass to collect information about your Internet exposed assets. We'll cover usage of the configuration file (heavily), then put it altogether by integrating Nmap and a screensh...

How Hacking Naked Changed My Life - Alex Chaveriat - PSW #694 from 2021-05-14T09:00

"I hack naked" - Not my best choice of a phrase to use with a prospective client though, now that it is done, might as well go through with this terrible idea... This is the story of a kick-off ...

Job Expectations, Pi Password Thief, Python Masscan, & Pingback - PSW #693 from 2021-05-08T09:00

This week in the Security Weekly News the crew talks: Pingback is back, was it ever really gone?, damn QNAP ransomeware, anti-anti-porn software, Qualcomm vulnerabilities, spreading pandas on Di...

Biden Administration EO on Cyber - Jim Langevin - PSW #693 from 2021-05-07T21:00

US Congressman Jim Langevin joins to talk about Executive Orders, International Interest in Cyber, & more in this gripping interview!

Visit Listen

Building a Risk-Based Vulnerability Management Program - Bob Erdman - PSW #693 from 2021-05-07T09:00

Risk-based vulnerability management is more than just a vulnerability scan or assessment. It incorporates relevant risk context and analysis to prioritize the vulnerabilities that pose the great...

AirDrop Vulns, Linux Hypocrite Commits, Wi-Fi Code Execution, & We'll Miss You Dan - PSW #692 from 2021-05-01T09:00

This week in the Security News, Penetration testing leaving organizations with too many blind spots, A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks, Apple AirDrop Vulnerabil...

Smart Building Control System Cybersecurity - The Real World - Fred Gordy - PSW #692 from 2021-04-30T21:00

Currently, in the United States, there are over 87 billion square feet of commercial real estate. Smart Building control systems pervasive throughout these buildings and helped increase efficien...

Protecting the Hybrid Workforce - Fleming Shi - PSW #692 from 2021-04-30T09:00

Fleming will cover the vulnerabilities of a hybrid workforce and how employees are now working from anywhere, not just their homes. Zero trust will play a large part in securing workforces in th...

Feds Have a Busy Two Weeks, British Tween Takes On TikTok, & More Facebook Woes... - PSW #691 from 2021-04-24T09:00

This week in the Security News, U.S Formally Attributes SolarWinds Attack to Russian Intelligence Agency, FBI Clears ProxyLogon Web Shells from Hundreds of Orgs, Justice Dept. Creates Task Force...

Encrypted Collaboration & Communication - Joel Wallenstrom - PSW #691 from 2021-04-23T21:00

This conversation will introduce Wickr to the PSW listeners. Joel Wallenstrom will discuss the importance of end-to-end encrypted collaboration and communication as it relates to enterprise and ...

Why Now is the Time for K-12 Cybersecurity Education - Kevin Nolten - PSW #691 from 2021-04-23T09:00

With the U.S. facing a shortage of roughly 314,000 cybersecurity professionals in the workforce, according to CSIS, there is an urgent need to build cybersecurity skills and fill the workforce p...

Facebook Dump, Hacking Your Dishwasher, Zoom 0-Click Exploit, & Ubiquity Response - PSW #690 from 2021-04-10T09:00

This week in the Security News, Polish blogger sued after revealing security issue in encrypted messenger, The Facebook dump and Have I Been Pwned, LinkedIn and more_eggs, APTs targeting Fortine...

Lessons Learned When Migrating from On Prem to Cloud - Dutch Schwartz - PSW #690 from 2021-04-09T21:00

Less than 15% of enterprise customers are primarily cloud native. With so many companies still in early stages of cloud migration, what are the key lessons learned from early adopters as well as...

nzyme - Free & Open WiFi Defense System - Lennart Koopmann - PSW #690 from 2021-04-09T09:00

Nzyme is a new kind of WiFi IDS (WIDS) that detects adversaries by looking at hard to spoof characteristics of an attacker. Existing WIDS tend to look at extremely easy to spoof metadata like ch...

Ubiquiti Breach, Tesla, PHP, & More Sagas - PSW #689 from 2021-04-03T09:00

npm netmask library has a critical bug, when AI attacks, firmware attacks on the rise, Microsoft Hololens and order 66, a real executive order 13694, The Ubiquity breach saga, the FreeBSD and wi...

Cybersecurity Journalist - Robert Lemos - PSW #689 from 2021-04-02T21:00

Paul, and the rest of the PSW Hosts, will talk to Robert about how he got his start in InfoSec.

Visit https://www.securityweekly.com...

The Intersection of Cybersecurity & Cryptocurrency - Nick Percoco - PSW #689 from 2021-04-02T09:00

With an uptick in malware scams and email compromises, the best thing we can do is educate the cryptocurrency community about risks and security best practices. Listen

Open Redirects - An Underestimated Vulnerability - PSW #688 from 2021-03-27T09:00

Learn what redirects are, the different types, how they work and how they are exploited by attackers. Oh, also learn how to defend against redirect attacks!

Sven's Slide Deck - Open Redir...

DOOM Exploit, iPhone Deep Fakes, & 11 0-Days Infect Devices - PSW #688 from 2021-03-26T21:00

This week in the Security News: Doom exploit wins an award, a puzzle honors Alan Turing, anyone can create a deepfake, Jabber bugs, unquoted service paths, Nim malware, Deadly sins of secure cod...

Taming Vulnerability Overload - Mehul Revankar - PSW #688 from 2021-03-26T09:00

Almost weekly, hackers discover and exploit vulnerabilities in popular programs like SolarWinds and Microsoft Exchange Server, impacting thousands. While it would be great to eradicate these vul...

Plextrac Mini-Series Episode 1: Purple Teaming - Bryson Bort - PSW #687 from 2021-03-20T09:00

The first episode of Security Weekly's podcast mini-series with PlexTrac "Getting the Real Work Done in Cybersecurity" starts with PlexTrac's bread and butter, Purple Teaming! The group - along ...

Security Grades, Mirai, Quantum Cryptography, & Hacking "Beer" - PSW #687 from 2021-03-19T21:00

In the Security News, If software got a security grade, most would get an F, SolarWinds hackers got some source code, new old bugs in the Linux kernel, hack stuff and get blown up, stop hacking ...

Getting The Real Work Done With Plextrac - Dan DeCloss - PSW #687 from 2021-03-19T09:00

Dan will run through some customer testimonials on how they are using Plextrac effectively to get the real work done in security! This segment is sponsored by PlexTrac.

Visit Listen

Ransomware Research, Threats, and Futures - Assaf Dahan - PSW #686 from 2021-03-13T10:00

Assaf Dahan, Sr Director, Head of Threat Research at Cybereason, discusses current trends in ransomware research. What happens when we're not watching or watching the wrong indicators? And threa...

Russian regex, John McAfee, Verkada Hack, & Microsoft Exchange - PSW #686 from 2021-03-12T22:00

Microsoft Exchange had some vulnerabilities, how could you not hear about them?, Russians try to throttle Twitter, silicon valley security camera company has been breached and we get to see what...

How Illicit Markets Really Operate - David Hétu - PSW #686 from 2021-03-12T10:00

David has been studying the structure, size and scope of illicit markets for over 10 years. He has come to realize just how fragmented illicit markets are, how a few select vendors often control...

Patching Exchange Servers, Book Reviews, Rockwell, & Forgotten AM Broadcasts - PSW #685 from 2021-03-06T10:00

This week, In the Security News, Calling all people who know how to patch MS Exchange servers, we need you, Rockwell Automation PLC flaws and what you can't do about it, a book review I agree wi...

How To Build A Kick-Ass PC - PSW #685 from 2021-03-05T22:00

Paul recently built a new PC for daily work and security-related tasks. It's a monster PC! The build was researched heavily, and in this segment, Paul will share all the tips and tricks to you c...

Offensive Cybersecurity Education and Getting Started in Pentesting - Phillip Wylie - PSW #685 from 2021-03-05T10:00

Phillip will discuss his passion for offensive cybersecurity education, mentoring, and getting started in pentesting. He co-authored a book based on his conference talk "The Pentester Blueprint:...

TV Hacking, Nvidia, Nation States, NASA, & WMware - PSW #684 from 2021-02-27T10:00

This week In the Security News, Nvidia tries to throttle cryptocurrency mining, Digging deeper into the SolarWinds breach, now with executive orders, NASA's secret message on Mars, vulnerabiliti...

Wait, You Did What? How To Be A Cybersecurity Hero... - Bryan Seely - PSW #684 from 2021-02-26T22:00

Bryan will talk about how and why he wire-tapped the US Secret Service and FBI, how he used his Marine Corps training, cyber abilities, social engineering, and OSINT to rescue his foster daughte...

"Confessions of a CIA Spy - The Art of Human Hacking" Book Release - Peter Warmka - PSW #684 from 2021-02-26T10:00

Peter will tell the story behind the story of his new book "Confessions of a CIA Spy - The Art of Human Hacking" including key highlights from the book regarding data protection. Peter's new boo...

Unearthing a 10-Year Old SUDO Vulnerability - . Wheel - PSW #683 from 2021-02-13T10:00

“Wheel” was part of the team that discovered the heap overflow vulnerability in SUDO, Baron Samedit (CVE-2021-3156), that impacted major Unix-like operating systems included Linux, macOS, AIX an...

CD Projekt Ransomwared, Ciphers, Water Supply Hacked, & Clubhouse Security Risks - PSW #683 from 2021-02-12T22:00

This week in the Security News, Police Playing copyrighted music to stop video of them being posted online, Border agents can search phones freely under new circuit court ruling, Microsoft warns...

What Does Zero Trust Mean To You? - Peter Smith - PSW #683 from 2021-02-12T10:00

In this segment we'll unpack "Zero Trust", what does it mean and how can it be applied as a concept to information security today? It certainly begs the question what and who do you trust? Often...

Vending Machine Hack, Chucky's Amber Alert, HarmonyOS, & Realtek Vulns - PSW #682 from 2021-02-06T10:00

Security in a Complex World, Huawei’s HarmonyOS embodies “Fake it till you make it”, Hackers Infiltrating the World of Online Gaming, Sloppy patches breed zero-day exploits, Dutch researcher hac...

Quantum Computing & Finding the Truth - Bill DeLisi - PSW #682 from 2021-02-05T22:00

Bill will provide insight on best practices for internet safety, for work from home, family-friendly internet habits which leads to the conversation of secure chats/files, & more!

Starting A Non-Profit To Help Small Companies With CMMC - Josh Marpet - PSW #682 from 2021-02-05T10:00

Small federal contractors are being required to become compliant with a new standard, CMMC. They've never had to do the level of security and compliance maturity that it requires! What do they d...

Fighting IoT Insecurities - Terry Dunlap - PSW #657 from 2021-01-31T22:10:42.023393

Arrested at 17 while hacking with a Commodore 64, Terry went on to work for the US National Security Agency help track terrorists. He left the NSA in 2007 to bootstrap Tactical Network Solutions...

Larry Pesce, Getting Started with FL2k - Paul's Security Weekly #570 from 2021-01-31T22:10:42.023393

An introduction to FL2K: Software Defined Radio is all the rage for detecting unknown signals and transmitters. We'll show you how to set up and use a surreptitious transmitter to start your jou...

Security Weekly #469 - Russell Beauchemin from 2021-01-31T22:10:42.023393

Russell is a graduate of RIC with a B.A. in English, minor in Chem, M.A. in Media Studies, and currently pursuing his PhD in Education at Lesley University.

Full Show Notes: http://wiki.s...

Security Weekly #462 - Sean Metcalf from 2021-01-31T22:10:42.023393

Security Weekly #449 - Security News from 2021-01-31T22:10:42.023393

We talk about the dangers of selfies, the FTC coming to our rescue encouraging open source for IoT devices and so much more! Jack, Paul, Larry, Not Kevin, Essobi and Apollo host.

Security Weekly #448 - Security News from 2021-01-31T22:10:42.023393

We talk about the dangers of selfies, the FTC coming to our rescue encouraging open source for IoT devices and so much more! Jack, Paul, Larry, Not Kevin, Essobi and Apollo host.

Security Weekly 448 The Vulnerability Management Maturity Curve HDVideo from 2021-01-31T22:10:42.023393

Recorded Future and Virsec - PSW #617 from 2021-01-31T22:10:42.023393

We interview Roman Sannikov, the Director and Analyst on Demand at Recorded Future. We also interview Ray DeMeo, the Chief Operating Officer at Virsec.

Full Show Notes: Listen

LogRhythm To The Cloud - Sam Straka - PSW - Interview #614 from 2021-01-31T22:10:42.023393

Sam Straka is the Technical Product Manager at LogRhythm, and he will be talking about the movement of their market to the Cloud, how LogRhythm is innovating in that area, and why total cost of ...

MITRE ATT&CK: Katie Nickels, MITRE - Paul's Security Weekly #612 from 2021-01-31T22:10:42.023393

Katie Nickels is the ATT&CK Threat Intelligence Lead at MITRE Corporation. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observatio...

Biometric Authentication, Jumio - Paul's Security Weekly #611 from 2021-01-31T22:10:42.023393

Growth of account takeover and how to prevent it Data breaches continue to threaten organizations and expose usernames and passwords on the Dark Web, enabling fraudsters to use stolen data to ac...

SambaCry, FBI Warnings, and Hacking Segways - Paul's Security Weekly #523 from 2021-01-31T22:10:42.023393

Exploiting SambaCry, a warning from the FBI, hacks versus hurricanes, hacking segways, and more security news!

Full Show Notes: https...

AttackDefense Labs Platform - Paul's Security Weekly #609 from 2021-01-31T22:10:42.023393

We interview Vivek Ramachandranis the Founder & CEO of Pentester Academy. Pentester Academy, our AttackDefense Labs platform and other topics. Vivek will show a demo of their AttackDefense labs....

OneLogin Woes, Shadow Brokers Identity, oAuth Nightmares - Paul's Security Weekly #516 from 2021-01-31T22:10:42.023393

Chipotle and OneLogin suffer breaches, Windows XP Too Unstable To Spread WannaCry, Patches Available for Linux Sudo Vulnerability, Cisco, Netgear Readying Patches For Samba Vulnerability, oAuth ...

Exploiting Client-Side Node.js with Moses Hernandez - Paul's Security Weekly #516 from 2021-01-31T22:10:42.023393

I know what you're thinking, Node.js is server-side right? Not exactly. It turns out many client-side applications have embedded Node.js. And its not always updated to the latest version. And, i...

David Conrad, ICANN - Paul's Security Weekly #501 from 2021-01-31T22:10:42.023393

David Conrad is a long-time and active participant in Internet infrastructure, development, and operations. As the CTO of ICANN, David is at the heart the organization’s mission to help maintain...

EMOTET Disrupted, "Ghost" Hackers, & Why Privacy is 'Like Bubblewrap' - PSW #681 from 2021-01-30T10:00

In the Security News, why privacy is like bubble wrap, South African government releases its own browser just to re-enable flash support, former Lulzsec hacker releases VPN zero-day used to hack...

How Tall Do You Have to Be to Ride the Ride? - Dan DeCloss - PSW #681 from 2021-01-29T22:00

Today’s segment will discuss effective assessments, the maturity of your security posture, and the composition of your team. Specific topics in the episode include the what, when, and how of con...

XDR and Vitamins - Michael Roytman - PSW #681 from 2021-01-29T10:00

What is XDR? How do we know the security protections we're investing in are working? All this and Paul's CBD Pineapple Pizza Drink on this week's show.

This segment is sponsored ...

WRT54G Hacking History, 70 Unpatched Cisco Vulns, & Bypassing MFA - PSW #680 from 2021-01-16T10:00

In the Security News, How two authors became part of WRT54G hacking history, European police and German law enforcement have taken down the illegal "DarkMarket" online marketplace, 70 unpatched ...

Hacking Ubiquiti Devices - Jon Gorenflo - PSW #680 from 2021-01-15T22:00

Ubiquiti network gear has become a favorite among tech enthusiasts, but various Ubiquiti products have had some serious vulnerabilities in recent history. Listen in as we discuss hack, secure, a...

Beyond Phishing Blockers - Ryan Noon - PSW #680 from 2021-01-15T10:00

Ryan Noon joins Paul, and the rest of the PSW team, this week to chat through the importance of resilience in everything companies do to protect cloud-stored data and IP, unpack growing enterpri...

Custom Python Encryption, Shady 0-Days, & The Great iPwn - PSW #679 from 2021-01-09T10:00

In the Security News, Nissan Source code leaked, how the shady 0-Day sales game is evolving, Hack the Army 3.0 announced, creating your own custom encryption in python, FBI warns of swatting att...

What Has Changed (or Not) Since Our Last Visit? - Ming Chow - PSW #679 from 2021-01-08T22:00

-What are we seeing from infosec graduates as they come into the enterprise to begin their careers? -How has data privacy changed since 2014? -Is the cloud a solution, or creates more problems? ...

Automated Vulnerability Remediation - The Good, the Bad and the Ugly - PSW #679 from 2021-01-08T10:00

The way we identify, prioritize, and mitigate software vulnerabilities was built in the reverse order. Why did it happen? Could a new remediation strategy finally form an alliance between IT and...

SolarWinds Attack, AIR-FI Technique, & Zodiac Cypher Decoded - PSW #678 from 2020-12-19T10:00

In the Security News, How suspected Russian hackers outed their massive cyberattack, Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure, Zodiac Killer Cipher Solved, a Securi...

Securing The Enterprise Software Supply Chain - Harry Sverdlove - PSW #678 from 2020-12-18T22:00

SolarWinds is just the latest example of how the enterprise software supply chain, when compromised, can be used successfully by attackers. These coordinated and well-managed attacks prey on tru...

Generating Threat Insights Using Data Science - Roi Cohen, Shani Dodge - PSW #678 from 2020-12-18T10:00

In this world of countless vulnerabilities, we need to find a way to identify threats. Prioritizing known vulnerabilities is a step in the right direction but definitely not enough. There is a n...

Hacking Matters Panel - PSW #677 from 2020-12-12T10:00

Hacking matters. The term hacking has gotten away from us over the years. I believe we've reclaimed it, to a certain extent. The goal of this panel is to discuss all things hacking culture. What...

Innovative Blue Team Techniques Panel - PSW #677 from 2020-12-11T22:30

We often hear that offensive security techniques are "sexier" than defensive blue team techniques. In this panel discussion, we attempt to level the playing field (on so many levels...) between ...

The State Of Penetration Testing Panel - PSW #677 from 2020-12-11T10:00

Join us for a lively discussion surrounding the topic of penetration testing. Sure, we've called out differences between vulnerability scanning and penetration testing. Moving past this particul...

Security News w/ Ed Skoudis - PSW #676 from 2020-12-05T10:00

Ed Skoudis returns to talk to us about the Holiday Hack Challenge! Then, in the Security News, Thousands of unsecured medical records were exposed online, Advanced Persistent Threat Actors Targe...

Zero Trust Data Security - Jeff Capone - PSW #676 from 2020-12-04T22:00

Ensure all your data is secure, without impacting the business.

This segment is sponsored by SecureCircle. Visit https://securi...

From Chaos to Topia - Vicarius - PSW #676 from 2020-12-04T10:00

More computers, more software, and faster development cycles lead to more vulnerabilities. The security and IT teams are put under immense pressure to tackle the growing number of vulnerabilitie...

IoT Cybersecurity Improvement Act, TCL Smart TV Flaw, & Popping Reverse Shells - PSW #675 from 2020-11-21T10:00

In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write a...

Understanding How Data Science Applies to Infosec - Michael Roytman - PSW #675 from 2020-11-20T22:00

Michael takes us through some of the common AI and ML methods of data science and how they apply to our InfoSec problems.

This segment is sponsored by Kenna Security. Visit Listen

Threat Actors & Recent Trends - Jamie Fernandes, Karsten Chearis - PSW #675 from 2020-11-20T10:00

Jamie and Karsten join us for a discussion about recent attack trends, threat actors, and campaigns carried out by malicious threat actors. Everything from gift card scams to the latest techniqu...

Cobalt Strike Leak, DNS Cache Poisoning, & Decrypting Open SSH - PSW #674 from 2020-11-14T10:00

In the Security News, not all cyberattacks are created equal, Google patches two more Chrome zero days, What does threat intelligence really mean, Cobalt Strike leaked source code, DNS cache poi...

Challenges With Securing Container Environments - Badri Raghunathan, Sumedh Thakar - PSW #674 from 2020-11-13T22:00

Sumedh and Badri discuss challenges associated with container Security & DevOps need for visibility into containers. Qualys' new approach to runtime security.

This segment is spo...

Disrupt Attacks at the Endpoint with Attivo Networks - Joseph Salazar - PSW #674 from 2020-11-13T10:00

Attackers have repeatedly demonstrated that they can evade perimeter defenses to compromise a system inside the network. Once they get in, they must break out from that beachhead, conduct discov...

Multiple iOS 0-Days, Intel Malware Defense, & Windows 0-Day Under Attack - PSW #673 from 2020-11-07T10:00

In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, Windows 10 zero-day could allow hackers to seize control of your computer, A Nameless Hiker and the Case the I...

Proactive Security Using Runbooks - Dan DeCloss - PSW #673 from 2020-11-06T22:00

Runbooks can be a game changer when it comes to executing proactive security assessments and tabletop exercises. This segment will highlight how to use runbooks to enhance your proactive securit...

Abusing JWT (JSON Web Tokens) - Sven Morgenroth - PSW #673 from 2020-11-06T10:00

Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use...

JavaScript Web Tokens, NVIDIA GeForce Experience Vulns, & Hacking Coffee Pots - PSW #672 from 2020-10-31T09:00

In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irriation systems and door openers are...

How Computer Vision Balances Thoroughness & Speed - PSW #672 from 2020-10-30T21:00

Polarity uses computer vision that works like augmented reality for your data. It's not a new dashboard to search or a new portal to manage. Polarity augments your existing workflows, enriching ...

Determining Vulnerability Exploitation With Real Software Activity - PSW #672 from 2020-10-30T09:00

Only integrating vulnerability characteristics to determine risk leaves half the prioritization canvas empty. Observing and analyzing user interaction and other surrounding software characterist...

Discord Vulnerabilities, Chrome 0-Day, & Severe WordPress Flaw - PSW #671 from 2020-10-24T09:00

In the Security News, Testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite,...

Hackers Hitting Below The Belt - Scott Scheferman - PSW #671 from 2020-10-23T21:00

In 2020 attackers are increasingly targeting firmware and hardware - going below the operating system to hide from traditional security solutions and gain persistence. Both nation state actors a...

Sysmon Endpoint Monitoring, Now w/ Clipboard Voyeurism - Corey Thuen - PSW #671 from 2020-10-23T09:00

Sysmon is a free endpoint monitoring tool published by Microsoft in their sysinternals suite. It generates process creations, network connections, file creations, DNS, and now clipboard monitori...

'BleedingTooth' Vulnerability, Zoom Rolls Out E2EE, & 50,000 Cameras Compromised - PSW #670 from 2020-10-17T09:00

In the Security News, Microsoft Uses Trademark Law to Disrupt Trickbot Botnet, Barnes & Noble cyber incident could expose customer shipping addresses and order history, Zoom Rolls Out End-to-End...

Democratizing & Saasifying Security Operations - Patrick Garrity - PSW #670 from 2020-10-16T21:00

Threats are no longer only a concern of large sophisticated organizations and there is a continued need to democratize security operations and controls so they are accessible to organizations of...

Prioritize This, Prioritize That, Prioritize With Context! - Roi Cohen, Shani Dodge - PSW #670 from 2020-10-16T09:00

Software vulnerabilities are exploding in growth at an unprecedented rate, and security teams are struggling to stay afloat. Lifebuoys (i.e. CVSS base scores) aren’t doing much to save them, eit...

10 Years Since Stuxnet, Rare Bootkit Discovered, & Thin Client Vulnerabilities - PSW #669 from 2020-10-10T09:00

US Air Force slaps Googly container tech on yet another war machine to 'run advanced ML algorithms', Rare Firmware Rootkit Discovered Targeting Diplomats, NGOs, Hackers exploit Windows Error Rep...

Assembling Your First Infosec Home Lab - Tony "tjnull" Punturiero - PSW #669 from 2020-10-09T21:00

Assembling an infosec home lab is great way to learn more about the ever-changing programs and systems in the cyber world. However, it can get complicated to figure out what you really need to g...

Fast And Secure Web - Alexander Krizhanovsky - PSW #669 from 2020-10-09T09:00

Tempesta FW is an open source hybrid of an HTTPS accelerator and a firewall aiming to accelerate web resources and protect them against DDoS and web attacks. The project is built into the Linux ...

Ryuk Ransomware Attack, Windows XP Server Leak, & Potential Return to 'Hackers' - PSW #668 from 2020-10-03T09:00

In the Security News, Rumored Windows XP Source Code Leaked Online, Hospitals hit by countrywide ransomware attack, China-linked 'BlackTech' hackers start targeting U.S, a 13-year-old student wa...

Intrusion Detection Honeypots: Detection Through Deception - Chris Sanders - PSW #668 from 2020-10-02T21:00

Intrusion Detection Honeypots are fake services, data, and tokens placed inside the network to lure attackers into interacting with them to give away their presence. If you can control what the ...

NGINX As An RTMP Proxy - PSW #668 from 2020-10-02T09:00

Paul will discuss his process for creating a docker container for running NGINX as an RTMP proxy for streaming video to multiple services; complete with SSL and authentication.

V...

Zerologon Attack, CrimeOps, & BLESA Bluetooth Flaw - PSW #667 from 2020-09-19T09:00

Three Cybersecurity Lessons from a 1970s KGB Key Logger, MFA Bypass Bugs Opened Microsoft 365 to Attack, How Hackers Can Pick Your LocksJust By Listening, U.S. House Passes IoT Cybersecurity Bil...

Elastic Security Opens Public Detections Rules Repo - James Spiteri - PSW #667 from 2020-09-18T21:00

Following the release of our detection engine, Elastic opened up a new GitHub repo of our public detection rules. See: https://github.com/elastic/detection-rules. This is where our security inte...

Key Findings From The Newly Released BSIMM11 Report - Mike Ware - PSW #667 from 2020-09-18T09:00

BSIMM11, the latest version of the Building Security In Maturity Model (BSIMM), was created to help organizations plan, execute, measure, and improve their Application Security program/initiativ...

Chrome Sandbox Exploit, Cisco Jabber CVE, & Lea Snyder w/ BSides Boston - PSW #666 from 2020-09-12T09:00

We welcome special guest Lea Snyder, BSides Boston Organizer, to talk all things BSides Boston 2020 for its 10 year anniversary! In the Security News, Cisco Patches Critical Vulnerability in Jab...

Building Security Into the DevOps Lifecycle - Sumedh Thakar - PSW #666 from 2020-09-11T21:00

DevOps has gained momentum over the years as its methods have been used by teams worldwide to accelerate application delivery. But where we continue to struggle is in integrating security into t...

The Patchless Horseman - Roi Cohen & David Asraf - PSW #666 from 2020-09-11T09:00

Every time you deploy a patch nothing has ever gone wrong, right? Most of us have been burned by deploying a patch, causing downtime in your environment, getting in trouble with users and manage...

Slack RCE, Tesla Dodges Ransomware, & Cisco Router 0-Day - PSW #665 from 2020-09-05T09:00

The NSA Makes Its Powerful Cybersecurity Tool Open Source, The bizarre reason Amazon drivers are hanging phones in trees near Whole Foods, Elon Musk Confirms Serious Russian Bitcoin Ransomware A...

Cybersecurity & Patient Safety - Justin Armstrong - PSW #665 from 2020-09-04T21:00

Successful attacks on healthcare entities are steadily increasing. Sophisticated criminals and nation states are focusing more attention on healthcare than ever before. The main goals are to ste...

Lovable Security: Be a Data Custodian, Not a Data Owner - Fredrick "Flee" Lee - PSW #665 from 2020-09-04T18:43:12

Loveable Security: Flee's approach to cybersecurity is that is should be "loveable." He thinks cybersecurity perpetuates a myth of an elite, isolated team of stealth insiders who are seen as enf...

Predicting Vulnerabilities In Compiled Code - Roi Cohen & Shani Dodge - PSW #664 from 2020-08-29T09:00

The growth in software vulnerability exploitation creates a need for better prediction capabilities. Over time, there have been shifts in the ways of discovering vulnerabilities in binary code. ...

SWVHSC Micro Interviews: Polarity & Netsparker - Ferruh Mavituna, Paul Battista - PSW #664 from 2020-08-28T21:00

Most analysts will tell you that they balance between being thorough and getting the job done quickly. Paul Battista asked the security community to weigh in on this debate. He’ll share what the...

Hacking Tesla's Model 3, 28,000 Printers Hijacked, & iOS 14 Privacy Changes - PSW #664 from 2020-08-28T09:00

Google Researcher Reported 3 Flaws in Apache Web Server Software, Medical Data Leaked on GitHub Due to Developer Errors, Experts hacked 28,000 unsecured printers to raise awareness of printer se...

SWVHSC Micro Interviews: Gravwell & Rapid7 - Corey Thuen, Deral Heiland - PSW #663 from 2020-08-22T09:00

What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? Corey Thuen, Founder of Gravwell, covers the high level and low-level tech...

Voice Phishers, 'SpiKey' Lock Picking, & Coffee Cup Hackers - PSW #663 from 2020-08-21T21:00

New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, The Sounds a Key M...

Protecting Critical Infrastructure In Hybrid Clouds - Dan Perkins, Harry Sverdlove - PSW #663 from 2020-08-21T09:00

Customers are concerned about protecting critical services such as Active Directory from compromise. It's game over if AD is compromised. AD environments can be heterogeneous; public cloud, on-p...

Vulnerability Rich - Contextually Blind! - Michael Assraf - PSW #662 from 2020-08-15T09:00

It s not uncommon to find the traditional vulnerability assessment report buried under the CISO family picture, compliance books, and his latest blood pressure test. These reports highlight the ...

Adobe RCEs, Amazon Alexa Vulns, & TeamViewer Flaw - PSW #662 from 2020-08-14T21:00

This week, Amazon Alexa One-Click Attack Can Divulge Personal Data, Adobe tackles critical code execution vulnerabilities in Acrobat, Reader, Threat actors managed to control 23% of Tor Exit nod...

Why Elastic Is Making Endpoint Security 'Free And Open' - Mike Nichols - PSW #662 from 2020-08-14T09:00

Elastic believes that transparency and collaboration must be the new norm for the greater infosec community to succeed in stopping threats at scale. With many individuals now working from home, ...

Automating Your Vulnerability Management Program - Mehul Revankar, Sumedh Thakar - PSW #661 from 2020-08-08T09:00

In this segment, we discuss the importance of automating the Vulnerability Management Program and discuss Qualys VMDR which takes vulnerability management to the next level bringing detection an...

SWVHSC: Netgear Flaws, Satellite Spying, & Stealing UltraLoq Keys - PSW #661 from 2020-08-07T21:00

How hackers could spy on satellite internet traffic with just $300 of home TV equipment, Smart locks opened with nothing more than a MAC address, 17-Year-Old 'Mastermind' and 2 Others Behind the...

SWVHSC: Observing Disinformation Campaigns - Chad Anderson - PSW #661 from 2020-08-07T09:00

Chad talks about the DomainTools COVID research (and how they stumbled on the CovidLock Android ransomware), mapping the Reopen Campaigns in more detail. He will then touch on some of the work h...

GNU GRUB2 Vulnerability, 'BootHole' Secure Boot Threat, & Garmin Ransomware Hack - PSW #660 from 2020-08-04T17:47:08

A Vulnerability that Allowed Brute-Forcing Passwords of Private Zoom Meetings, Russia's GRU Hackers Hit US Government and Energy Targets, a New tool that detects shadow admin accounts in AWS and...

MIDAS - Siddharth Bhatia - PSW #660 from 2020-08-01T09:00

MIDAS uses unsupervised learning to detect anomalies in a streaming manner in real-time and has become a new baseline. It was designed keeping in mind the way recent sophisticated attacks occur....

Gravwell Big Bang Release - Corey Thuen - PSW #660 from 2020-07-31T21:00

The Gravwell Data Fusion platform is releasing a major update this week. New features make analyzing logs and network data much easier for new users while still keeping the raw power of a unix-l...

Cisco Security Flaw, Million Dollar Bounties, & Jackpotting ATMs - PSW #659 from 2020-07-25T09:00

Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecur...

The Power of the Cloud Platform: One Single Agent, One Global View - Sumedh Thakar - PSW #659 from 2020-07-24T21:00

Leveraging the unifying power of a cloud-based security platform to provide full context and comprehensive visibility into the entire attack chain for a complete, accurate risk-based analysis an...

Affects of COVID-19 on Web Applications - Zane Lackey - PSW #659 from 2020-07-24T09:00

Zane Lackey joins us once again to talk about Zero Trust, Cloud Security, and the impact of COVID-19 on Digital Transformation! This segment is sponsored by Signal Sciences.

Visi...

Twitter Mega Hack, 3rd Party IoT Vulns, & Windows DNS SIGRed RCE - PSW #658 from 2020-07-18T21:00

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers, Zoom Addresses Vanity URL Zero-Day, Docker attackers devise clever technique to avoid detection,a massive DDoS Attack Launche...

Welcome Our Newest Host! - John Snyder - PSW #658 from 2020-07-18T09:00

The guys welcome our newest host to the family. John Snyder will replace Matt Alderman on Security and Compliance Weekly. Tune in to hear about how John made the jump from being a trial lawyer i...

Artificial Intelligence and Machine Learning in Cybersecurity - Ankur Chowdhary - PSW #658 from 2020-07-17T21:00

With advent of Internet of Things (IoT) and emerging cloud technologies, ensuring continued cybersecurity at scale is a challenging task. An ever growing increase in demand of cybersecurity work...

RCE Chaos, Zoom 0-Day, & Banning TikTok - PSW #657 from 2020-07-11T09:00

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, Cisco Talos discloses technical details of Chrome and Firefox flaws, Palo Alto Networks Patches Command Injection Vulnerabilities in...

IPv6 Tunneling - Joff Thyer - PSW #657 from 2020-07-10T09:00

In this technical demo, Joff will show how you can bring up an IPv6 tunnel to learn and play with IPv6 connectivity and basic concepts. This tech segment will largely be a demo on a Debian based...

Netgear RCE, Guacamole Flaws, & 'Lucifer' DDoS Botnet - PSW #656 from 2020-07-05T09:00

Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software, Firefox 78 is out with a mysteriously empty list of security fixes, Python Arbitrary File Write Prevention: The Tarb...

OSINT Scraping with Python - Ryan Hays - PSW #656 from 2020-07-04T18:23:20

With bug bounties becoming more and more main stream for organizations. The bounty hunters are turning to more and more automation. Open source intelligence gathering can be automated with the u...

Work From Home Cyber Security - Jerry Chen - PSW #656 from 2020-07-03T09:00

Hackers know that more people are working from home now and accessing/ sending/ sharing sensitive company data through their home networks. How can businesses help employees secure their home ne...

New Web Technology & Impact on Automated Security Testing - Benjamin Daniel Mussler - PSW #655 from 2020-06-13T21:00

As web applications have evolved from static HTML pages into fully-fledged applications with a native feel to them, web browsers continue to provide developers with truly novel functionality. Th...

OSS Vulnerabilities, UPnP Flaws, & 0-Days for Bad People - PSW #655 from 2020-06-13T09:00

Hospital-busting hacker crew may be behind ransomware attack that made Honda halt car factories, 3 common misconceptions about PCI compliance, SMBleed could allow a remote attacker to leak kerne...

Enhancing Vulnerability Management By Including Penetration Testing Results - Dan DeCloss - PSW #655 from 2020-06-12T21:00

We’ll discuss how organizations can improve their vulnerability management life cycle and demo some quick ways to get started with vulnerability management and combining penetration test results...

Root Cert Chaos, Octopus Scanner, & RobbinHood & the Merry Men - PSW #654 from 2020-06-06T21:00

Octopus Scanner Sinks Tentacles into GitHub Repositories, RobbinHood and the Merry Men, Zoom Restricts End-to-End Encryption to Paid Users, Hackers steal secrets from US nuclear missile contract...

PCAPS Or It Didn't Happen- Corey Thuen - PSW #654 from 2020-06-06T09:00

Threat hunting activities often require packet capture analysis but capturing and storing PCAP at scale is rough. This segment covers open source tools for collecting packet captures on demand w...

Lightweight Vulnerability Management Using NMAP - PSW #654 from 2020-06-05T21:00

Paul delivers a Technical Segment on Lightweight Vulnerability Management using NMAP!

Visit https://www.securityweekly.com/psw f...

Ed Skoudis & Security News - PSW #653 from 2020-05-30T09:00

In this week's Security News, NSA warns Russia-linked APT group is exploiting Exim flaw since 2019, Hackers Compromise Cisco Servers Via SaltStack Flaws, OpenSSH to deprecate SHA-1 logins due to...

"Burn-In: A Novel of the Real Robotic Revolution" - Peter Singer - PSW #653 from 2020-05-29T21:00

"Burn-In: A Novel of the Real Robotic Revolution" (May 26 release) is a new kind of novel+nonfiction. It uses the technothriller format as a way to share real research on the ways that AI+automa...

2020 MITRE ATT&CK Malware Trends - Greg Foss - PSW #653 from 2020-05-29T09:00

The MITRE ATT&CK framework has had a major impact on the cybersecurity industry and has given a defenders a haystack in which to focus their defensive efforts. What’s most interesting, perhaps, ...

Stuxnet, RCE's Everywhere, & Breach Chaos - PSW #652 from 2020-05-23T21:00

In the Security News, Hackers target the air-gapped networks of the Taiwanese and Philippine military, Stored XSS in WP Product Review Lite plugin allows for automated takeovers, Remote Code Exe...

HTTP Security Headers In Action - Sven Morgenroth - PSW #652 from 2020-05-23T09:00

HTTP security headers are an easy and effective way to harden your application against all kinds of client side attacks. We'll discuss which security headers there are, what functions they have ...

Building An InfoSec Career - Jason Nickola - PSW #652 from 2020-05-22T21:00

The guests on Trust Me I'm Certified have dropped some real knowledge and I'd like to distill that down as well as talk about building technical skills, looking at your career as a 'thing' that ...

Ramsay Malware, Top 10 CVE's, & Reverse RDP Attacks - PSW #651 from 2020-05-16T21:00

In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensit...

Securing Remote Access: Quarantines & Security - Harry Sverdlove - PSW #651 from 2020-05-15T21:00

We use terms such as Social Distancing, Quarantine, and Contact Tracing on a regular basis amid the current crisis. How do these apply to Information and Network Security?

To lea...

MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data - Mike Nichols - PSW #651 from 2020-05-15T09:00

In this episode of Paul's Security Weekly, we will dive into the recently published MITRE ATT&CK second-round evaluation based on APT29. While MITRE does not declare a "winner," stressing that t...

Vulnerability Madness, IoT Botnets, & Breach Chaos - PSW #650 from 2020-05-11T16:32:54

In the Security News, Naikon APT Hid Five-Year Espionage Attack Under Radar, PoC Exploit Released for DoS Vulnerability in OpenSSL, 900,000 WordPress sites attacked via XSS vulnerabilities, Kaij...

Project Fantastic - Bringing The CLI to GUI Users - PSW #650 from 2020-05-08T21:00

Lots of IT and security professionals do not want to use the CLI, which has set them back. Fantastic exposes the same power as the CLI in an easy to use GUI that is more consistent and hopefully...

Public Utility Security and National Guard Support - Chris Elgee, Jim McPherson - PSW #650 from 2020-05-08T09:00

Public utilities are under fire from malicious actors now, more than ever. At the same time, authorities for National Guard units are expanding, allowing greater levels of support. However, this...

Defensive Strategies and Qualys VMDR - PSW #649 from 2020-05-02T21:00

The crew talks about how to accomplish asset management, vulnerability management, prioritization of remediation, and the actual remediation steps! No small task! Then check out a deep dive demo...

Python Pickling, Sophos 0-Day, & AWS RDS MySQL - PSW #649 from 2020-05-02T09:00

In the Security News, Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web, Scammers pounce as stimulus checks start flowing, NSA shares list of vulnerabilities comm...

Fighting the Cyber War With Battlefield Tactics - Jeremy Miller, Philip Niedermair - PSW #649 from 2020-05-01T21:00

Jeremy Miller, a former Green Beret and current CEO of Lionfish Cyber Security, will discuss how mission set tactics used by Special Forces can be applied directly to the cyber war being waged t...

iOS Mail Hijack, Hacking Satellites, & 0-Days for Days - PSW #648 from 2020-04-25T21:00

In the Security News, Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis, Wanna hack a Satellite? The Navy will let you…, IBM 0-day released for days after not...

Layer8 Conference & WorkshopCon - Ori Zigindere, Patrick Laverty - PSW #648 from 2020-04-25T09:00

Patrick Laverty created and co-organizes the Layer 8 Conference with Lea Snyder. This year will be the 3rd annual conference that solely focuses on social engineering and OSINT topics. Ori Zigin...

The Insider Threat - Steven Bay - PSW #648 from 2020-04-24T21:00

Steven Bay has over 16 years of cybersecurity experience, spanning the military, government, consulting, and enterprise security. For 10 of those years, he supported the National Security Agency...

Hospital Hackers, $500K Zoom 0day, & SFO Windows Hackers - PSW #647 from 2020-04-18T21:00

This week in the Security News, How to teach your iPhone to recognize you while wearing a mask, Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic, VMwa...

Pen Testing to Validate Vulnerability Scanners - Magno Gomes - PSW #647 from 2020-04-18T09:00

Many people inaccurately use vulnerability scans or vulnerability assessments as terms that are synonymous with penetration tests. Those that do know the difference often think you have to choos...

Threat Intel Program Strategies - Wade Woolwine - PSW #647 from 2020-04-17T21:00

Defining key areas of investment that organizations need to consider in their programs. Within the areas of investment, we talk about functional areas and defining capabilities within each funct...

Zoom, Kubernetes, and Hacking - PSW #646 from 2020-04-11T21:00

A little about Zoom vulnerabilities and data leaks and Cisco Webex vulnerabilities. We talk about security Kubernetes and how the same security principals apply, vulnerabilities in ICS systems a...

Tales From The Crypt...Analyst - Part 2 - Jeff Man - PSW #646 from 2020-04-11T09:00

In the second part of our interview series with the legend Jeff Man, he continues his discussion with Paul, Matt, and Lee, about the many myths, legends and fables in hacker history. One of the ...

To Hunt or Not To Hunt; This is Never a !=? - Tyler Robinson - PSW #646 from 2020-04-10T21:00

We welcome Security Weekly's own Tyler Robinson for a Technical Segment, to talk about how individuals are tracked and then demonstrates different TTPs Nisos uses to hunt and track people of int...

Security News - To Zoom or Not to Zoom - PSW #645 from 2020-04-04T16:00

This segment will largely focus on the recent Zoom vulnerabilities and the responses from security researchers, the security community and enterprises. Should you stop using Zoom? Tune in to fin...

IoT Devices: Security and Privacy Labels Research - Lorrie Cranor - PSW #645 from 2020-04-04T04:00

At Carnegie Mellon University we are designing a usable security and privacy label for smart devices to help consumers make informed choices about Internet of Things device purchases and encoura...

Collaboration Between NetOps and SecOps in Today's World - Matt Allen - PSW #645 from 2020-04-03T16:52:18

Matt and the Security Weekly crew will discuss how the interaction between network engineers and security operations has changed over the years, as well as the value of the network when identify...

Drobo Exploit, Docker Escape, SMBv3.11 - PSW #644 from 2020-03-21T09:00

SANS Penetration Testing | Microsoft SMBv3.11 Vulnerability and Patch CVE-20200796 Explained, Drobo 5N2 4.1.1 - Remote Command Injection, $100K Paid Out for Google Cloud Shell Root Compromise, W...

Zen And The Art Of Logs In The Cloud - Corey Thuen - PSW #644 from 2020-03-20T21:00

Struggling with how to get your logs from the cloud? Have no fear, Corey and the Security Weekly crew talk about how to configure your logs in the cloud, use cloud-native services to handle the ...

Work from home securely - PSW #644 from 2020-03-20T09:00

The challenges and differentiated values of desktop and laptop protection and administrative tool control (e.g., Powershell, SSH) for remote users and administrators to work securely. Visit http...

Protecting Data on Employee 0wned PCs - Gabe Gumbs - PSW #643 from 2020-03-15T10:30

COVID-19, among other things, has deemed it necessary for many to work from home. There are several security concerns that need to be raised, such as those who work from home still require acces...

Connected devices security - Dorit Naparstek - PSW #643 from 2020-03-15T09:00

Hacks performed on connected & IoT devices, such as routers, security cameras, smart meters, etc. are increasingly common, and revealing major vulnerabilities in existing security measure. This ...

Girls Who Hack and Secure Open Vote - Bianca Lewis - PSW #643 from 2020-03-14T16:00

Girls Who Hack teaches classes primarily to middle school girls on hacking and making. Secure Open Vote is an end to end, open source election system that is in the design stages. www.BiaSciLab....

Tomcat, AWS Malware, Hacker Movies - PSW #642 from 2020-03-09T16:24:37

Apache Tomcat AJP exploit, malware in AWS, hacker movies and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode642...

Mark Cooper, PKI Solutions - Mark Cooper - PSW #642 from 2020-03-08T00:54:36

How SHAKEN/STIR and PKI will end the global robocall problem Link to an article Mark wrote for Dark Reading: https://www.darkreading.com/endpoint/shaken-stir-finally!-a-solution-to-caller-id-spo...

Active Directory, Azure and Windows Security - Sean Metcalf - PSW #642 from 2020-03-08T00:42:34

Active Directory & Microsoft Cloud (Azure AD & Office 365) Security, including a breakdown of Microsoft's security offerings and recommendations for cloud migrations for Active Directory.

Cool Things We Found At RSAC 2020 - PSW #641 from 2020-03-02T01:33:34

We found some cool stuff at RSAC 2020! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: Listen

Protect Ya Data - Gabe Gumbs - PSW #641 from 2020-03-01T23:59:28

Gabriel Gumbs and the Security Weekly crew discuss strategies for protecting your data. We will explore practical use-cases for needing to manage access and protect your data as it pertains to s...

Tales From The Crypt...Analyst - Jeff Man - PSW #641 from 2020-03-01T23:09:04

There are many myths, legends and fables in hacker history. One of the themes of these legends surrounds some of the first red team hackers working for the US Government out of NSA. The building...

Tesla Sensors, Israeli Soldiers Phished, Machine Learning - PSW #640 from 2020-02-24T10:00

Nedbank Says 1.7 Million Customers Impacted by Breach at Third-Party Provider, 500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users, 5 inch piece of electrical tape can fool T...

Kubernetes/Container Security - Ian Coldwater - PSW #640 from 2020-02-23T10:00

Ian Coldwater is the Lead Platform Security Engineer at Heroku. Ian will discuss Kubernetes and container security!

Visit https://www.securit...

Unifying SIEM And Endpoint Security - PSW #640 from 2020-02-22T10:00

Elastic recently released Elastic Security 7.6 - the culmination of months of work by the security team and a monumental leap forward toward delivering a unified threat protection and security a...

Docker, 42 Vulnerabilities, Backdoors, Spying on 100+ Foreign Govs. - PSW #639 from 2020-02-16T10:00

In the Security News, Misconfigured Docker Registries Expose Thousands of Repositories, a Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus chec...

The Unprotected Attack Surface of the Enterprise - John Loucaides - PSW #639 from 2020-02-15T10:00

Hackers are using firmware implants and backdoors to compromise enterprise security with attacks that are stealthy and persistent. It’s time for information security specialists to learn how to ...

Living in Blue Team Land and Skicon - O'Shea Bowens - PSW #639 from 2020-02-14T10:00

O'Shea Bowens is the CEO of Null Hat Security. O'Shea will discuss why I think blue teaming is as essential now as our red brothers. Mistakenly calling out APT's. A new type of security conferen...

Security News - PSW #638 from 2020-02-09T09:30

In the Security News, Twitter fixes API bug that can reveal users, Microsoft patches flaws in Azure stack, 8 cities that have been crippled by cyber attacks and how they fought against it, and s...

Adventures In AWS Computing - PSW #638 from 2020-02-08T10:30

Paul shows you how to create secure Docker containers and begin to deploy them to Amazon ECS. This segment focuses on the security aspects of taking a legacy/non-contanerized application to the ...

BADASS Army - The Fight Against Revenge Porn - Katelyn Bowden - PSW #638 from 2020-02-07T10:00

After finding her own intimate photos online without her consent, Katelyn Bowden discovered that there weren't many resources for those who find themselves victims of this sort of abuse. In resp...

Wawa Breach, Citrix ADC, Magecart Hackers, Ragnarok Ransomware - PSW #637 from 2020-02-03T10:00

In the Security News, NHS alerted to severe bulbs in GE health equipment, Ragnarok Ransomware targets Citrix ADC & disables Windows Defender, suspected Magecart hackers arrested in Indonesia, Wa...

Stopping Python Backdoor Attacks - Peter Smith - PSW #637 from 2020-02-02T10:00

The recent MechaFlounder was a backdoor attack linked to Iranian threat actors who targeted Turkish entities. Similar Python-based backdoor attacks have managed to evade traditional network secu...

The Unicorn Project and The Five Ideals - Gene Kim - PSW #637 from 2020-02-01T10:00

In this week's episode of Paul's Security Weekly, Paul and the guys welcome back Gene Kim to interview him about his newest book "The Unicorn Project". Gene shares with us his goals and aspirati...

Tomatoes, Jeff Bezo, Vuln. In AMD ATI Radeon, 'The Rise of Skywalker' - PSW #636 from 2020-01-26T10:00

In the Security News, Microsoft Security Shocker As 250 Million Customer Records Exposed Online, the NSA Offers Guidance on Mitigating Cloud Flaws, Multiple Vulnerabilities Found in AMD ATI Rade...

Electronic Frontier Foundation (EFF), Godwin's Law, Freedom of Speech - Mike Godwin - PSW #636 from 2020-01-25T10:00

Paul, Doug and Tyler interview Mike Godwin about the creation of the EFF, why it was created and how he became involved, some of the first cases taken on by the EFF, Godwin's Law, the right to r...

Dug Song - Engineer to Entrepreneur - Dug Song - PSW #636 from 2020-01-24T18:21:43

Paul, Doug and Tyler interview Dug Song about how he got his start in Information Security, what prompted him to begin work for dsniff, his transition from engineer to entrepreneur, what he lear...

CVE-2020-0601, Netscaler RCE, npm - PSW #635 from 2020-01-19T10:00

We discuss the details and impact of the latest flaw, disclosed by NSA, in Windows 10 that allows attackers to pass off malware as signed applications and so much more. The Citric Netscaler vuln...

Hacking IoT Devices - Jeff Spielberg, Ryan Speers - PSW #635 from 2020-01-18T10:00

The world continues to see a proliferation of highly insecure IoT/embedded products. How can companies making embedded products design security in from the start, and why don t they do it today?...

What Does It Mean To Be A Hacker? - PSW #635 from 2020-01-17T21:58:47

This is the Hacker Culture Roundtable discussion from the Security Weekly Christmas podcast marathon and features almost all of our hosts and special guests. Hacking is a term used to describe t...

Security News: January 9, 2020 - PSW #634 from 2020-01-13T10:00

In the security news, Car hacking hits the streets, 4 Ring employees fired for spying on customers, MITRE presents ATT&CK for ICS, and Las Vegas suffers cyberattack on the first day of CES!

The Keys to Your Kingdom: Protecting Data in Hybrid and Multiple Public Clouds - Ambuj Kumar - PSW #634 from 2020-01-12T10:00

According to Gartner, 70% of businesses are adopting a hybrid cloud and multi-cloud strategy to augment their internal data centers. The challenges of protecting data and using encryption for mu...

Improve Pen Testing Outcomes With Purple Teaming - PSW #634 from 2020-01-11T10:00

Purple teaming reduces the lifespan of vulnerabilities found from pentests by facilitating knowledge transfer between red and blue teams in the remediation phase. PlexTrac provides a single inte...

Security News: January 2, 2020 - PSW #633 from 2020-01-05T10:00

In the security news, mysterious Drones are Flying over Colorado (watchout Mr. Alderman), 7 Tips for Maximizing Your SOC, The Most Dangerous People on the Internet This Decade, North Korean Hack...

Diplomacy, Norms and Deterrence in Cyberspace - Chris Painter - PSW #633 from 2020-01-04T09:30

Global conversations around acceptable norms of behavior in cyberspace (particularly for states), attribution, accountability, and deterrence (though we have not done well on the last one), rece...

Security History - Lessons from the past - PSW #632 from 2020-01-03T10:00

The history of security can be traced back to a variety of different sources. The amount of articles on the topic is dizzying. Most will cite names of early phone phreaks, Kevin Mitnick, Kevin P...

Who is Going to Protect the Brave New Virtual Worlds and HOW? - Kavya Pearlman - PSW #633 from 2020-01-03T02:58:57

Emerging technologies such as Virtual, Augmented and Mixed Reality are inevitably gaining momentum and helping businesses gain competitive advantage. These technological advancements are giving ...

Security vs. Compliance - PSW #632 from 2019-12-28T17:00

It was once said that if Security and Compliance were in a relationship the status would be "It's Complicated". This discussion will aim to help you understand this relationship and how it can b...

Holiday Hack Challenge - PSW #631 from 2019-12-25T10:00

Each year the team at Counterhack Challenges makes available the Holiday Hack Challenge. Led by Ed Skoudis, and created by some of the most talented security professionals in the industry, it is...

The State of Penetration Testing - PSW #631 from 2019-12-24T10:00

Penetration testing has evolved quite a bit in the past year. As defenses shift, and in some cases get much better, attack techniques and landscapes have changed as well. - What has changed in t...

DevOps and Securing Applications - PSW #632 from 2019-12-23T19:33:23

- Given that DevOps is a process and its execution requires many different tools, how do we get started "doing DevOps"? - What about DevOps allows us to produce more secure applications? - What ...

Blue Team Tactics and Techniques - PSW #631 from 2019-12-23T16:39:12

It's often said that attackers need only to get it right once, where defenders have to be right all of the time. Those of us who have worked in a security role as a defender know we don't always...

Risks, Ransomware, Data Leaks, Oh My! - PSW #630 from 2019-12-15T10:00

In the Security News, Reveton ransomware schemer stripped of six years of freedom, £270,000, and Rolex, Web-hosting firm 1&1 hit by almost €10 million GDPR fine over poor security at call centre...

Backdoors & Breaches - The Card Game - PSW #630 from 2019-12-14T10:00

John Strand is a Security Analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures. John will be talking about Backdoors & Breaches, the Incident Response card ...

Runtime Protection for Containers - Jorge Salamero - PSW #630 from 2019-12-13T10:00

Jorge Salamero is the Director of Technical Marketing at Sysdig. Jorge enjoys playing with containers and Kubernetes, home automation and DIY projects. Currently, he is part of the Sysdig team, ...

Defecting Chinese, IoT Smartwatch, and Malicious SDKs - PSW #629 from 2019-12-09T10:00

Netflix: BPF is a new type of software we use to run Linux apps securely in the kernel, Automated security tests with OWASP ZAP, HackerOne Breach Leads to $20,000 Bounty Reward, US-CERT AA19-339...

Open Source Intelligence (OSINT) in Cyber - PSW #629 from 2019-12-08T10:00

Micah Hoffman is the Principle Investigator at Spotlight Infosec. Looking to increase the publicity of using Open Source Intelligence (OSINT) in traditional cyber fields like pentest, DFIR, and ...

Outlook on Phishing in 2020 - Eric Brown - PSW #629 from 2019-12-07T10:00

Eric Brown is the Sr. Security Analyst at LogRhythm. Eric will cover topics including: Phishing Trends, 2020 Outlook, Top 4 Types Eric is seeing: Exec Phish / Legit websites (Box/sites.google/On...

The Marvel Universe - PSW #628 from 2019-11-28T10:00

In the Security News, Disney Plus Blames Past Hacks for User Accounts Sold Online, Why Multifactor Authentication Is Now a Hacker Target, How the Linux kernel balances the risks of public bug di...

Coalfire Incident & DerbyCon Communities - PSW #628 from 2019-11-27T10:00

Dave Kennedy is the Founder & CEO of TrustedSec. Dave comes on the show to talk about the Coalfire incident and DerbyCon communities.

Visit h...

The Next Generation of SOCs - Peter Liebert - PSW #628 from 2019-11-26T10:00

Peter Liebert is the CEO at Liebert Security. After working in and with SOCs for the majority of my career, as well as building one from the ground up for the State of California, there are some...

Humans vs. Machines - PSW #627 from 2019-11-18T10:00

Two security researchers earned $60,000 for hacking an Amazon Echo, Amazon Kindle, Embedded devices Open to Code-Execution, This App Will Tell You if Your iPhone Gets Hacked, Two New Carding Bot...

Simulating Ransomware Attacks with SCYTHE - PSW #627 from 2019-11-17T10:00

Bryson Bort (Founder and CEO of SCYTHE) will demonstrate how to safely simulate ransomware and a multi-staged APT with lateral movement in your production environment! How would your organizatio...

The Ethics of Surveillance - Dr. Kevin Harris - PSW #627 from 2019-11-16T10:00

As advancements have been made in technologies new surveillance tools have been designed giving those charged with protecting citizen’s additional opportunities to prevent crimes or identify tho...

Security News: November 7, 2019 - PSW #626 from 2019-11-11T10:00

In the Security News, Who is responsible for Active Directory security within your organization?, Apple publishes new technical details on privacy features, How to ensure online safety with DNS ...

Arcade Hustle - PSW #626 from 2019-11-10T10:00

Kevin Finisterre is a Co-founder of Arcade Hustle. Josh Valentine is a Co-founder of Arcade Hustle. Josh and Kevin have spent the last year immersing ourselves in arcade platforms, games, and ca...

Peter Smith, Edgewise - Peter Smith - PSW #626 from 2019-11-09T10:00

Peter Smith is the Founder & CEO of Edgewise.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: Listen

Security Weekly RoundTable, Cyberwire - PSW #625 from 2019-11-03T09:00

Paul and Matt sit down with Dave Bittner from Cyberwire to discuss the state of security podcasts, the latest security trends, and the security community.

Visit Listen

Format String Vulnerabilities - PSW #625 from 2019-11-02T09:00

Sven Morgenroth is the Security Researcher at Netsparker. Sven joins us again to talk about Formatting string vulnerabilities.

To learn more about Netsparker, visit: Listen

A New Prescription for Security - Philippe Courtot, Sumedh Thakar - PSW #625 from 2019-11-01T09:00

Philippe Courtot is the Chairman and CEO of Qualys. Sumedh Thakar is the Chief Product Officer Qualys. Philippe Courtot, chairman and CEO of Qualys will examine the impact of today's complex and...

Endgame To Elastic Endpoint Security - Mark Dufresne - PSW #624 from 2019-10-27T09:00

Last week, Elastic and Endgame announced that they have formally joined forces to introduce Elastic Endpoint Security. Together, they combine Elastic’s free and open SIEM with Endgame's endpoint...

Security News: October 24, 2019 - PSW #624 from 2019-10-26T09:00

In the news, we talk Security News, discussing how Amazon Echo and Kindle devices were affected by a WiFi bug, Ransomware and data breaches linked to uptick in fatal heart attacks, a woman was o...

Mental Health Hackers & Veterans - Tom Williams - PSW #624 from 2019-10-25T09:00

Tom Williams is the Director of Veterans Operations of Veterans MHH. Speaking about the challenges that veterans face and how MHH is looking to address those.

Visit Listen

Cybercrime, Threat Hunting, & APT - PSW #623 from 2019-10-21T09:00

Peter Kruse is the Founder of CSIS Security Group. "Nothing specific but a Google search will provide numerous research I have been involved with and conferences I have spoken at including Kaspe...

Security News: October 17, 2019 - PSW #623 from 2019-10-20T09:00

Cybercrime Tool Prices Bump Up in Dark Web Markets, Pen testers find mystery black box connected to ships engines, Using Machine Learning to Detect IP Hijacking - Schneier on Security, and much ...

What Makes A Good Pentest Report? - Daniel DeCloss - PSW #623 from 2019-10-19T09:00

DeCloss is the President and CEO of PlexTrac. The segment will focus on the importance of a high-quality report and what red and blue teamers should recognize goes into a good report. Often time...

Security News: October 3, 2019 - PSW #622 from 2019-10-07T09:00

This week, we talk Security News, how Turkey fines Facebook $282,000 over privacy breach, why the FBI is encouraging not to pay ransomware demands, the top 10 cybersecurity myths that criminals ...

Security & Compliance Introduction - PSW #622 from 2019-10-06T09:00

It’s the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs,...

Data Privacy and The Journey to Code - Stewart Room - PSW #622 from 2019-10-05T09:00

Stewart Room is a Partner of PwC. Security Professionals have long understood the need to deliver security outcomes in technology and data, but is the privacy community on the same page? Data Pr...

Security News: September 26, 2019 - PSW #621 from 2019-09-30T09:00

How a hacker took over a smart home with vulgar music and rising temperatures, a security warning for 23 million YouTube creators following a crazy hack attack, Vimeo sued for storing faceprints...

Perry Carpenter and Chris Edwards - PSW #621 from 2019-09-29T09:00

We interview Perry Carpenter and Chris Pritchard at DEF CON SE Village. Perry Carpenter talks about how (as someone on the autism spectrum) has used various social-engineering related skills to ...

Billy Boatright, Edward Miro, & Jayson Street - PSW #621 from 2019-09-28T09:00

We interview Billy Boatright, Edward Miro, and Jayson Street at DEF CON SE Village. Billy talks about Impostor Syndrome. Edward Miro talks about Rideshare OSINT – Car Based SE For Fun & Profit. ...

iOS, Equifax Is Back, & phpMyAdmin CSRF Zero-Day - PSW #620 from 2019-09-23T09:00

In the Security News, how an iOS 13 flaw could provide access to contacts with passcode, Equifax demands more information before making payouts, confidential data of 24.3 million patients were d...

Audio Security - PSW #620 from 2019-09-22T09:00

Wes Widner is the Cloud Engineering Manager at CrowdStrike. Wes will be talking about personal voice assistants are the wave of the future. So naturally we should wonder about the unique attack ...

Anything Red/Purple Teaming - Jason Lang - PSW #620 from 2019-09-20T09:00

Jason Lang is the Sr. Security Consultant of TrustedSec. Modern day red teaming against some of the largest company's in the US. Current passion is Ansible for red teamers (i.e. fast infrastruct...

SE Village Interviews: Chris Kirsch & Micah Zenko - PSW #619 from 2019-09-16T09:30

At DEF CON 2019, we interview Chris Kirsch on Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers Cold reading is a technique to make others believe that you have p...

Capital One Breach, Edgewise - Peter Smith - PSW #619 from 2019-09-15T09:00

Peter Smith is the Founder & CEO of Edgewise. Peter will be covering the Capital One breach and the AWS metadata service with request forgery. He will explain how to solve this problem with Edge...

Security News: September 12, 2019 - PSW #619 from 2019-09-14T09:00

This week, we present the Security News, to discuss New ransomware grows 118% as cybercriminals adopt fresh tactics and code innovations, Period Tracker Apps share data with Facebook, U.S. Cyber...

SE Village 2020 and Innocent Lives Foundation - Christopher Hadnagy - PSW #618 from 2019-09-01T09:00

Christopher Hadnagy is the Chief Human Hacker of Social-Engineer, LLC. Chris will be giving an overview of inaugural SEVillage Orlando 2020. Brief description of the training workshops provided....

Analyzing Custom Log Sources - Corey Thuen - PSW #618 from 2019-08-31T09:00

Corey Thuen is the Co-Founder at Gravwell. Security analytics using the new Sysmon DNS logging and Sysmon DNS logging dropped this week.

Full Show Notes: Listen

Security News: August 28, 2019 - PSW #618 from 2019-08-30T09:00

In the news, we discuss how AT&T employees took bribes to plant malware on the company’s network, how hackers could decrypt your GSM calls, 80 suspects charged with massive BEC scam, and how the...

Critical Patches, Automox - Richard Melick - PSW #617 from 2019-08-25T09:00

Waiting to deploy critical patches makes you a bigger target - Cybercriminals Have Seven-Day Advantage to Weaponize Vulnerabilities, According to New Research from Tenable- Cyber Criminals have ...

Deobfuscating JavaScript to Investigate Phishing Domains - PSW #617 from 2019-08-24T09:00

Paul gives a technical segment on deobfuscating JavaScript to investigate phishing domains.

To learn more about DomainTools, visit: https...

DEF CON 27 Interviews - PSW #616 from 2019-08-19T09:00

In this segment, we interview O'Shea Bowens from Null Hat Security and Tyler Robinson from Nisos, Inc., from the Blue Team Village. Then we interview Aaran Leyland in the Social Engineering Vill...

Security News: August 15, 2019 - PSW #616 from 2019-08-18T09:00

The Huawei shenanigans get deeper and more broad. - This is why I have issues with supply chain, CapitalOne hacker may have stolen from 30 more companies, New Data Breach Has Exposed Millions Of...

Blue Team To Red Team, Offensive Security - Tony Punturiero - PSW #616 from 2019-08-17T09:00

Tony Punturiero is the Community Manager at Offensive Security. Discussing about my adventure transferring from being on the blue side to becoming a pentester/red teamer full time. Created an in...

Joshua Douglas, Mimecast - PSW #615 from 2019-08-15T09:00

During this discussion, Joshua and Paul will speak about the threats facing organizations today and how they are evolving. Josh will also discuss how IT and security teams need to understand the...

Security Do's and Don'ts - PSW #615 from 2019-08-14T09:00

Paul, Larry, Doug, and Gabe talk about Software Development: Security Do's & Don'ts.

?Visit our website: https://www.securityweekly.com
...

Gabriel Gumbs, Spirion - PSW #615 from 2019-08-13T18:44:09

Gabriel Gumbs is the VP of Product Management at Spirion where his focus is on the strategy and technology propelling Spirion’s rapidly-growing security platform.

?Visit our website: Listen

Security News - PSW - News #614 from 2019-08-05T09:00

In the Security News, the US government issues a light aircraft cyber alert, thieves steal a laptop with 30 years of Data from University of Western Australia, RCE is possible by exploiting flaw...

Signal Sciences Kubernetes, Doug Coburn - PSW #614 from 2019-08-04T09:00

Talk about the way Signal Sciences is implemented, especially in the container world. Where we sit in the stack for protection of the web apps in those containers and common first things identif...

Security News - Paul's Security Weekly #613 from 2019-07-26T17:36:11

In the Security News, a phishing scheme that targets AMEX cardholders, the list of labs affected by the American Medical Collection Agency data breach continues to grow, a Silk Road drug dealer get...

Integrity Through Prevention, WEforum - Paul's Security Weekly #613 from 2019-07-26T01:32:49

Troels Oerting is the Head of the Global Centre for Cybersecurity established by World Economic Forum in 2018. Troels talks about Security, Privacy, Integrity through Prevention, Protection and Pro...

DDoS, Murray Goldschmidt - Paul's Security Weekly #613 from 2019-07-26T01:12

Murray Goldschmidt is the COO & Co-founder of Sense of Security. Murray talks about the Intro to Sense of Security, DDoS in 2019, New trends, and How to address these issues! Full Show Notes: https...

Security News: July 18, 2019 - Paul's Security Weekly #612 from 2019-07-22T09:00

Slack Resets User Passwords After 2015 Data Breach, Hacker Breached Sprint Customer Accounts Through Samsung Website, Why 72% of people still recycle passwords Why 100% of Security Weekly hosts ...

Topic Segment: Security Roundtable - Paul's Security Weekly #612 from 2019-07-21T09:00

Topics being discussed: Vulnerability Management, Patching, Asset Management, and System Hardening.

Full Show Notes: https://wiki.sec...

Porn Pirating, Zoom RCE, & Huawei - Paul's Security Weekly #611 from 2019-07-15T09:00

In the Security News, Zoom's RCE Vulnerability is affecting over 700,000 companies, how YouTube is trying to ban hacking videos, 1TB of police body cam footage is available online, and how the U...

Blue/Purple Teaming (defense) - Paul's Security Weekly #611 from 2019-07-13T09:00

Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense ...

Security News - Paul's Security Weekly #610 from 2019-07-01T09:00

Nearly 100 drivers following Google Maps detour get stuck in muddy field, Breach at Cloud Solution Provider PCM Inc., Inside the West s failed fight against China s Cloud Hopper hackers, Mozilla...

Tools to Hack Your Career, CyberSecJobs - Paul's Security Weekly #610 from 2019-06-30T09:00

Kathleen Smith is the CMO at CyberSecJobs.Com/ClearedJobs.Net. We all have cool tools, but not necessarily the best ones for career search or professional development. Why is it so hard? Many of...

CySA+ & PenTest+ Certs, ITProTV - Paul's Security Weekly #610 from 2019-06-29T09:00

Don Pezet will be discussing the new CySA+ and PenTest+ certs that ITProTV has to offer! Don has been working in the IT industry for more than 18 years and in training for more than 12 years. He...

Security News - Paul's Security Weekly #609 from 2019-06-24T09:00

In the Security News, how not to prevent a cyberwar with Russia, the case against knee-jerk installation of Windows patches, U.S. customs and Border Protection data breach is the result of a sup...

Purple Teaming, SCYTHE - Paul's Security Weekly #609 from 2019-06-23T09:00

We welcome back Bryson Bort, who is the Founder/CEO of GRIMM. Bryson will be talking about Purple Teaming, Top Attack Simulation Scenarios, and Testing Command & Control Channels.

To lear...

Grim, Vim, & Neovim - Paul's Security Weekly #608 from 2019-06-18T09:00

In the Security News, the rise of purple teaming, the World's largest beer brewer sets up a Cyber-security team, a mystery signal shutting down key fobs in an Ohio neighborhood, why hackers igno...

Sysmon DNS Logging, Gravwell - Paul's Security Weekly #608 from 2019-06-17T13:12:59

We welcome back Corey Thuen, Founder and CEO of Gravwell, to talk about security analytics using the new Sysmon DNS logging that dropped this week!

To get involved with Gravwell, visit: <...

1 Click Microsegmentation, Edgewise - Paul's Security Weekly #608 from 2019-06-15T09:00

Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter comes on the show to talk...

SalesForce, iPhones, & Old Androids - Paul's Security Weekly #607 from 2019-06-10T09:00

In the Security News, SalesForce bans customers from gun sales, what is your iPhone talking to overnight, Office retires support for old Android versions, and really how likely are weaponized ca...

Mental Health & Wellness - Paul's Security Weekly #607 from 2019-06-09T09:00

We welcome back Amanda Berlin, CEO of Mental Health Hackers to talk about why its important to educate technology professionals about unique mental health risks faced by people in the field, and...

Detection & Response, Endgame - Paul's Security Weekly #607 from 2019-06-08T09:00

In this episode of Paul's Security Weekly, we will talk with Paul Ewing of Endgame about how to close the 'breakout window' between detection and response, and hear about Endgame's recently anno...

Gatekeeper, WannaCry, and BlueKeep- Paul's Security Weekly #606 from 2019-06-03T09:00

In the security news, giving you the latest on thousands of infected servers from a cryptojacking campaign, an open letter to the GCHQ calling out spy agencies, and a new vulnerability that make...

Automate IT, SaltStack - Paul's Security Weekly #606 from 2019-06-02T09:00

David Boucha is a Sr. Engineer at SaltStack. David will be talking about how Salt Open and SaltStack Enterprise can help you automate your infrastructure including servers (cloud, on-prem, virtu...

BlueKeep Vulnerability, Robert Graham - Paul's Security Weekly #606 from 2019-06-01T09:00

Paul Asadoorian and Robert Graham from Errata Security show you how to search for the BlueKeep vulnerability, or CVE-2019-0708, that has been affecting hundreds of thousands of systems!

F...

Digital Hygiene & The School System - Paul's Security Weekly #606 from 2019-05-31T13:57:09

Eric Butash and Mike Klein from Highlander Institute, join us on the show to talk about, what schools are doing to protect Student Data?, how do we teach our student the importance of good digit...

Google, Huawei, & Windows 0-Day - Paul's Security Weekly #605 from 2019-05-27T09:00

In our final segment, Doug, Jeff, Patrick, and Lee give you the latest security news to talk about a Zero Day for Windows, the battle over Huawei with the US and Google, & unpatched hardware and...

Does DNS Fit Into A Secure Architecture - Paul's Security Weekly #605 from 2019-05-26T09:00

In our second segment, we welcome Justin Murphy, Cloud Security Engineer at Cisco, to talk about DNS in the Security Architecture!

Full Show Notes: Listen

Matthew McMahon, Salve Regina University - Paul's Security Weekly #605 from 2019-05-25T09:00

We welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training!

Full Show Notes...

Singapore, Cisco, and Israeli Spyware - Paul's Security Weekly #604 from 2019-05-20T09:00

In the Security News, Singapore passes an anti-fake news law, WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware, major security issues found in Cisco routers, and Microsoft ...

Fixing Identity and Access Management - Paul's Security Weekly #604 from 2019-05-19T09:00

Federico Simonetti is the CTO of Xiid Corporation. Federico comes on the show to discuss How To Fix Identity & Access Management.

Full Show Notes: Listen

Julian Zottl, Raytheon - Paul's Security Weekly #604 from 2019-05-18T09:00

Julian Zottl is the Cyber and Information Operations SME at Raytheon. Julian joins us on the show to talk about side-channel attacks!

Full Show Notes: Listen

Security News - Paul's Security Weekly #603 from 2019-05-13T09:00

The top 5 mistakes that create field days for hackers, WordPress 5.2 brings new security features, a discontinued Insulin pump with security a security flaw in high demand, and how to communicat...

Chris Sanders, AND & RTF - Paul's Security Weekly #603 from 2019-05-12T09:00

Chris Sanders is the Founder of Applied Network Defense & Rural Technology Fund. He is also the Director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to pub...

From IT to OT Security, Lesley Carhart - Paul's Security Weekly #603 from 2019-05-11T09:00

Lesley Carhart is the Principal Threat Analyst at Dragos Inc.. Lesley has been performing digital forensics and incident response on unconventional systems and advanced adversary attacks for ove...

Nokia 9, Julian Assange, & Tenable - Paul's Security Weekly #602 from 2019-05-06T15:30:45

In the Security News, how Tenable experts found 15 flaws in wireless penetration systems, Julian Assange refused exfiltration to the US, PoC exploits for old SAP config flaws increase risk of at...

Joshua Abraham, Praetorian - Paul's Security Weekly #602 from 2019-05-05T09:00

Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for attackers!

Full Show Notes: Listen

Philip Niedermair, National Cyber Group - Paul's Security Weekly #602 from 2019-05-04T09:00

We welcome Philip Niedermair from National Cyber Group. Philip is the CEO at National Cyber Group and he joins us to discuss the National Cyber Education Program!

Full Show Notes: Listen

Fujifilm, Facebook, & Black Holes - Paul's Security Weekly #601 from 2019-04-30T09:00

Serious vulnerabilities found in Fujifilm x-ray devices, Facebook could be fined 5 billion over privacy violations, preinstalled malware on bootleg streaming devices, hackers using SIM swapping ...

The Canary Tool, Thinkst - Paul's Security Weekly #601 from 2019-04-28T16:00

Haroon Meer is the CEO and Researcher at Thinkst. He is coming on the show to talk about why hackers should create companies, and some of the technical details behind Thinkst' tool Canary!

SaaS Product, Cloudneeti - Paul's Security Weekly #601 from 2019-04-28T09:00

Guru Pandurangi is the CEO and Founder of Cloudneeti, to talk about how their SaaS product is delivering continuous cloud security and compliance assurance to businesses migrating or using cloud...

Merissa & Jessica, WSC - Paul's Security Weekly #600 from 2019-04-15T09:00

Merissa Villalobos is the North America Talent Acquisition Leader for NCC Group, a global security consulting firm and has been recruiting in security for 10 years. She got her start in Virginia...

Bitcoin, WikiLeaks, & Julian Assange - Paul's Security Weekly #600 from 2019-04-15T09:00

In the news, Bitcoin mining ban considered by China's economic planner, Yahoo strikes $117.5 million data breach settlement, Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwor...

Gabriel Gumbs, Spirion - Paul's Security Weekly #600 from 2019-04-13T09:00

Gabriel Gumbs is the VP of Product Management at Spirion where his focus is on the strategy and technology propelling Spirion’s rapidly-growing security platform. A cybersecurity industry vetera...

OceanLotus, Russia, & Google - Paul's Security Weekly #599 from 2019-04-01T09:00

In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam's OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules...

Threat Hunting & AI Hunter, ACM - Paul's Security Weekly #599 from 2019-03-31T09:00

In the Technical Segment, we welcome back our friend Chris Brenton, Chief Operating Officer at Active Countermeasures, to discuss why threat hunting is the missing link between our protection to...

Mary Beth Borgwing, Cyber Social Club - Paul's Security Weekly #599 from 2019-03-30T09:00

This week, we welcome back Mary Beth Borgwing, President and Founder of of the Cyber Social Club, to talk about Uniting Women in Cyber!

Full Show Notes: Listen

Android Q, Sirens, & Korean Hotels - Paul's Security Weekly #598 from 2019-03-25T09:00

In the Security News, how Android Q will come with improved privacy protections, hacked tornado sirens taken offline ahead of a major storm, and how Putty released an update that fixed 8 new sec...

Iris, DomainTools - Paul's Security Weekly #598 from 2019-03-24T09:00

In this segment, we run a Technical Demo with our sponsor DomainTools, all about Domain Investigation with DomainTools Iris!

To learn more about DomainTools, visit: Listen

Marcus Carey, Tribe of Hackers - Paul's Security Weekly #598 from 2019-03-23T09:00

Marcus Carey is the Founder & CEO at Threatcare. Navy Cryptologist turned cybersecurity entrepreneur, Marcus Carey is Currently working as founder and CEO of cybersecurity company Threatcare. He...

Malware Sandboxing, VMRay - Paul's Security Weekly #597 from 2019-03-18T09:00

We interview Carsten Williams, Co-Founder and CEO at VMRay, discussing malware sandboxing! Carsten is the original developer of CWSandbox, a commercial malware analysis suite that was later rena...

Tesla, YouTube, & Sexy Selfies - Paul's Security Weekly #597 from 2019-03-17T09:00

New WordPress flaw lets unauthenticated remote attackers hack sites, Tesla allegedly spied on and ran a smear campaign on a whistleblower, Facebook and Instagram suffer most severe outage ever, ...

Evolution of Zero Trust, Edgewise - Paul's Security Weekly #597 from 2019-03-16T08:30

We welcome Peter Smith, Founder and CEO of Edgewise to talk about the evolution of Zero Trust! Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University...

YouTube Censorship & Vulnerabilities- Paul's Security Weekly #596 from 2019-03-04T10:00

YouTube controversy on ALL fronts, Cisco SOHO wireless VPN firewalls and routers open to attack, Ring doorbell flaw opens door to spying, bot plagues, free hacking toolkits, and everything you n...

David Marble, OSHEAN - Paul's Security Weekly #596 from 2019-03-03T10:00

David Marble is the President & CEO at OSHEAN. David joins us to talk about what to expect at at this years Rhode Island Cybersecurity Exchange Day! This conference will be held on March 13th 20...

Threat Intelligence, Recorded Future - Paul's Security Weekly #596 from 2019-03-02T10:00

Allan Liska is the Senior Solutions Architect at Recorded Future. Allan talks about threat intelligence – no longer just for the secret squirrels among us. While the term can elicit reactions ra...

Passwords, Splunk, & Nest Microphones - Paul's Security Weekly #595 from 2019-02-25T10:00

In the Security News, password managers leaking data in memory, security analysts are only human, Splunk changes position of Russian customers, Google admits error over hidden microphone, and a ...

Steve Brown, SecureWorld Keynote - Paul's Security Weekly #595 from 2019-02-24T10:00

Steve Brown, Keynote Speaker at SecureWorld Boston 2019 to discuss his talk about Building Your Strategic Roadmap for the Next Wave of Digital Transformation!

Full Show Notes: Listen

SILENTRINITY Updates, BHIS - Paul's Security Weekly #595 from 2019-02-23T10:00

Marcello Salvati, Security Analyst at our sponsor Black Hills Information Security, to give some updates on his Post Exploitation Tool SILENTRINITY! Sign up for the BHIS Mailing List to receive ...

Security News - Paul's Security Weekly #594 from 2019-02-18T10:00

Why it's way too easy to sell counterfeit goods on amazon, how to defend against the runC container vulnerability, creating a dream team for the new age of cyber security, how you can get a wind...

Enterprise-ish Network Security: Pt. 1 - Paul's Security Weekly #594 from 2019-02-17T10:00

There are quite a few choices for selecting open-source and inexpensive hardware to build your network and provide tools to monitor for security events. In this segment we'll discuss some of the...

Harry Sverdlove, Edgewise - Paul's Security Weekly #594 from 2019-02-16T10:00

Harry Sverdlove, Chief Technology Officer of Edgewise for an interview, to talk about The Future of Firewalls!

To learn more about Edgewise, visit: Listen

Connie Mastovich, InfoSec World 2019 - Paul's Security Weekly #593 from 2019-02-11T10:00

Connie Mastovich is the Sr. Security Compliance Analyst at Reclamere and she will be speaking at InfoSec World 2019. Connie's talk will be about "The Dark Web 2.0: How It Is Evolving, and How Ca...

DetectionLab, Chris Long - Paul's Security Weekly #593 from 2019-02-10T10:00

DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logg...

5G, Zero-Days, & National Museum - Paul's Security Weekly #593 from 2019-02-10T10:00

5G networks must be secured from hackers and bad actors, zero-day vulnerability highlights the responsible disclosure dilemma, a flaw in multiple airline systems exposes passenger data, security...

Japan, Imperva, & DDoS - Paul's Security Weekly #592 from 2019-02-04T10:00

In the Security News, 5 tips for access control from an ethical hacker, Japan is to hunt down Citizens insecure IoT devices, kid tracking watches allow attackers to monitor real time location da...

The Future Of Security - Paul's Security Weekly #592 from 2019-02-03T10:00

In our second segment, the Security Weekly hosts will discuss the Future of Security, such as major changes, evolving threats, and security culture!

Full Show notes: Listen

Web App Scanning w/ Authentication, Acunetix - Paul's Security Weekly #592 from 2019-02-02T10:00

Benjamin Daniel Mussleris the Senior Security Researcher at Acunetix. Benjamin will come on the show to talk about Web App Scanning with authentication.

Full Show Notes: Listen

DerbyCon, Flaws, & Azure DevOps - Paul's Security Weekly #590 from 2019-01-21T10:00

Two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for zero-day exploits are rising, new attacks target recent PHP framework vulnerability, an...

PowerShell for Fun and Profit - Paul's Security Weekly #590 from 2019-01-20T10:00

Joff will demonstrate some syntax with PowerShell useful for transferring data into a network while pen testing. The technical segment assumes that the pen testing is able to directly use PowerS...

Dr. Eric Cole, Secure Anchor Consulting - Paul's Security Weekly #590 from 2019-01-19T10:00

Dr. Eric Cole is the leading cybersecurity expert in the world, known as the go-to for major political and business power players.

Full Show Notes: Listen

Hyatt, El Chapo's IT, and Amazon Key - Paul's Security Weekly #589 from 2019-01-14T10:00

Why Hyatt Is Launching a Public Bug Bounty Program, Amazon Key partners with myQ, Web vulnerabilities up, IoT flaws down, enterprise iPhones will soon be able to use security dongles, and how El...

pktrecon, Kory Findley - Paul's Security Weekly #589 from 2019-01-13T10:00

Kory Findley talks about his Github project pktrecon. Internal network segment reconnaissance using packets captured from broadcast and service discovery protocol traffic. pktrecon is a tool for...

Bryson Bort, SCYTHE - Paul's Security Weekly #589 from 2019-01-12T10:00

Bryson is the Founder and CEO of SCYTHE and Founder of GRIMM. He comes on the show to talk about Attack Simulation.

To learn more about SCYTHE.io, go to: Listen

Android, Nest, & Linux Malware - Paul's Security Weekly #591 from 2019-01-08T10:00

Cellular carriers are implementing services to identify cell scam leveraging, New Android Malware uses motion sensor to avoid detection, Linux Malware disables security software to mine cryptocu...

PewDiePie, DOOM Roomba, and 9/11 - Paul's Security Weekly #588 from 2019-01-07T10:00

Hijacking smart TV's to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, turning your house into a DOOM level with a Roomba, and hopefully you're over that New Year's hangover, ...

Breaches, Privacy, Compliance and More! - Paul's Security Weekly #588 from 2019-01-06T10:00

The Security Weekly crew has a lively topic discussion on the following: Security Breaches, Privacy, Vulnerability Disclosure, Evaluating Security Solutions, and Compliance.

Full Show Not...

Topics & Questions - Paul's Security Weekly #591 from 2019-01-06T10:00

In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs!

...

Helping People In The Security Community - Paul's Security Weekly #588 from 2019-01-05T10:00

"Phoneboy" has been helping the security community for over 15 years. We fondly remember Phoneboy as a resource that helped us configure our Check Point firewalls back in the day! Phoneboy comes...

Chris Morales, Vectra - Paul's Security Weekly #591 from 2019-01-05T10:00

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. Christopher is a wi...

Hacking the Brainstem, Mandy Logan - Paul's Security Weekly #587 from 2018-12-24T10:00

Following a series of 5 strokes and major head injuries, Mandy is no longer in the construction engineering industry. Instead, she is pursuing all things InfoSec with an emphasis on Incident Res...

What The Heck Are "Security Basics"? - Paul's Security Weekly #587 from 2018-12-23T10:00

The question comes up quite often, what should organizations be doing to meet the basic security requirements? We often hear the terms "Security Basics", "Minimum Security Standards" or dear lor...

Detecting Attacker Behavior, LogRhythm - Paul's Security Weekly #587 from 2018-12-22T10:00

Vaughn will discuss using freely available tools and logs you are already collecting to detect attacker behavior. Vaughn has a cookbook that will allow you to configure and analyze logs to detec...

Taylor Swift, KringleCon, & 3D Head - Paul's Security Weekly #586 from 2018-12-17T10:00

How Taylor Swift used Facial Recognition to Thwart Stalkers, unlocking android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, To...

Don Murdoch, Regent University Cyber Range - Paul's Security Weekly #586 from 2018-12-15T10:00

Don Murdoch is the Assistant Director at Regent University Cyber Range. Don discusses his book "Blue Team Handbook Incident Response Edition".

Full Show Notes: Listen

Ed Skoudis, Counter Hack Challenge - Paul's Security Weekly #586 from 2018-12-14T20:47:46

Ed Skoudis, Founder of the Counter Hack Challenge and Kringle Con 2018, joins us on the show to talk about this years challenge and what's in store! "Welcome to Counter Hack Challenges, an organ...

Marriott Breach, Lame Printer Hack, and Docker - Paul's Security Weekly #585 from 2018-12-10T10:00

This week, how Docker containers can be exploited to mine for cryptocurrency, WordPress sites attacking other WordPress sites, why the Marriott Breach is a valuable IT lesson, malicious Chrome e...

Marcello Salvati, BHIS - Paul's Security Weekly #585 from 2018-12-09T09:30

Marcello Salvati is a security consultant at BHIS, and is giving a technical segment on SilentTrinity. Marcello will solve the red team tradecraft problem of gaining dynamic access to the .net a...

Lenny Zeltser, Minerva Labs - Paul's Security Weekly #585 from 2018-12-08T10:00

Lenny Zeltser the VP of Products at Minerva, will be giving a technical segment on Evasion Tactics in Malware from the Inside Out. He will explain the tactics malware authors use to evade detect...

Wietse Venema & Dan Farmer, SATAN - Paul's Security Weekly #584 from 2018-12-02T10:00

Wietse Venema and Dan Farmer, the Developers of Security Administrator Tool for Analyzing Networks (SATAN), talk about their experience as developers, their journey to creating SATAN and their d...

Sven Morgenroth, Netsparker - Paul's Security Weekly #584 from 2018-12-01T10:00

Sven will talk about PHP Object injection vulnerabilities and explain the dangers of PHP's unserialize function. He will show the format of serialized PHP Objects, explain PHP's magic methods an...

"Dunkin" Donuts, Microsoft, & Marijuana - Paul's Security Weekly #584 from 2018-12-01T10:00

Hackers breach Dunkin Donuts, how insiders are serious threats to security in an organization, the return of email flooding, Microsoft helps police shut down fake tech support in India, and how ...

Spectre, ATMs, and Japan's Minister - Paul's Security Weekly #583 from 2018-11-19T10:00

7 new Spectre/Meltdown attacks, Hacking ATM's for free cash is easier than Windows XP, AI can now fake fingerprints fooling ID scanners, and Japan's cybersecurity minister admits he's never used...

John Moran, DFLabs - Paul's Security Weekly #583 from 2018-11-18T10:00

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. John Moran talks about IncMan SOAR an...

Jon Buhagiar, Sybex - Paul's Security Weekly #583 from 2018-11-17T10:00

Jon Buhagiar is responsible for Network Operations at Pittsburgh Technical College for the past 19 years. Jon is currently a Network+ Review Course Instructor at Sybex, and he joins us to talk a...

Apache, Dirty Cow, & Edge - Paul's Security Weekly #582 from 2018-11-12T10:30

Cisco accidentally released Dirty Cow exploit code, Apache Struts Vulnerabilities, Zero Day exploit published for VM Escape flaw, Spam spewing IoT botnet infects 100,000 routers, and some of the...

Eyal Neemany, Javelin Networks - Paul's Security Weekly #582 from 2018-11-11T10:00

Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks. Eyal will be discussing securing remote administration, remote credentials, explains that ...

Corin Imai, DomainTools - Paul's Security Weekly #582 from 2018-11-10T10:00

Corin Imai is Sr. Security Advisor for DomainTools. Corin began her career working on desktop virtualization, networking, and cloud computing technologies before delving into security. This inte...

AWS Lambda, Bleedingbit, and Cisco - Paul's Security Weekly #581 from 2018-11-05T10:00

AWS Security Best Practices, Masscan and massive address lists, Bleedingbit vulnerabilities, and Cisco Zero-Day exploited in the wild, ! All that and more, on this episode of Paul's Security Wee...

Matt Toussain, BHIS - Paul's Security Weekly #581 from 2018-11-04T09:00

Matt Toussain a Security Analyst at Black Hills Information Security, will be giving a tech segment on remote access tools (RAS).

To learn more about BHIS, go to: Listen

Aleksei Tiurin, Acunetix - Paul's Security Weekly #581 from 2018-11-03T09:00

Aleksei Tiurin is the Senior Security Researcher for Acunetix. Aleksei is giving a technical segment on insecure deserialization in Java/JVM and explains what polymorphism is. Aleksei Tiurin is ...

AI Fear, FDA, Tesla, and D-Link - Paul's Security Weekly #580 from 2018-10-29T09:00

Fear of AI attacks, the FDA releases cybersecurity guidance, watch hackers steal a Tesla, serious D-Link router security flaw may never be patched, and California addresses default passwords! Al...

Yossi Sassi, Javelin Networks - Paul's Security Weekly #580 from 2018-10-28T09:00

Yossi Sassi is the Co-Founder and Cybersecurity Researcher at CyberArtSecurity.com. Yossi joins us for a tech segment to talk about using windows powershell, discussing DCSync, DCShadow, creativ...

Veronica Schmitt, DFIRLABS - Paul's Security Weekly #580 from 2018-10-27T09:00

Veronica Schmitt is the Sr. Digital Forensic Scientist for DFIRLABS. Veronica explains what SRUM is in WIndows 10. She explains how SRUM can be a valuable tool in Digital Forensics.

Full ...

Shodan, Apache, ICS, and Controllers - Paul's Security Weekly #579 from 2018-10-22T09:00

How to use the Shodan search engine to secure an enterprise's internet presence, Apache access vulnerability could affect thousands of applications, vulnerable controllers could allow attackers ...

John Walsh, CyberArk - Paul's Security Weekly #579 from 2018-10-21T09:00

John Walsh the DevOps Evangelist for CyberArk joins us on the show. John talks about the articles he wrote for CyberArk about Kubernetes, DevSecOps, and how to strengthen your container authenti...

Mark Dufresne, Endgame - Paul's Security Weekly #579 from 2018-10-20T09:00

Mark Dufresne explains why MITRE created their tool and what the MITRE attack framework is.

Full Show Notes: https://wiki.securitywee...

DerbyCon, Russians, and Next Story - Paul's Security Weekly #578 from 2018-10-15T09:00

New Apple and Microsoft security flaws at Black Hat Europe, CCTV makers leaves at least 9 million cameras public, upset Google+ users are sueing Google, US weapons systems apparently can be easi...

Omer Yair, Javelin - Paul's Security Weekly #578 from 2018-10-14T09:00

Omer is End-Point team lead at Javelin Networks. The team focuses on methods to covertly manipulate OS internals. Before Javelin Networks, he was a malware researcher at IBM Trusteer for two yea...

Lee Neely, Lawrence Livermore National Lab - Paul's Security Weekly #578 from 2018-10-13T09:00

Lee Neely is a senior IT and security professional at LLNL with over 25 years of extensive experience with a wide variety of technology and applications from point implementations to enterprise ...

Linux Bugs, macOS Zero-Day, & Twitter Exposed - Paul's Security Weekly #577 from 2018-10-01T09:00

In the security news, Russian Hackers use Malware that can survive OS reinstalls, Facebook’s 2-Factor authentication With a phone number isn’t only for security, it’s used for ads ,FBI warns com...

Offensive Operating Against SysMon, Carlos Perez - Paul's Security Weekly #577 from 2018-09-30T09:00

Carlos Perez delivers the Technical Segment on How to Operate Offensively Against Sysmon. He talks about how SysMon allows him to create rules, and track specific types of tradecraft, around pro...

Mike Nichols, Keith McCammon, & Shawn Smith - Paul's Security Weekly #577 from 2018-09-29T09:00

Mike Nichols is the VP of Product Management at Endgame, and he manages the Endgame endpoint protection platform. Keith McCammon is the Chief Security Officer and Co-Founder of Red Canary, and h...

GovPayNow.com, AmazonBasics, and FBI - Paul's Security Weekly #576 from 2018-09-25T21:00

Senate can't protect senators staff from Cyber Attacks, Equifax fined by ICO over data breach that hit Britons, US Military given the power to hack back and defend forward,and AmazonBasics Micro...

Threat Hunting in the Cloud, Apollo Clark - Paul's Security Weekly #576 from 2018-09-23T09:00

Apollo Clark goes through inventory management, access management, config management, patch management, automated remediation, logging and monitoring, and deployment tools.

Full Show Note...

Mike Ahmadi, DigiCert - Paul's Security Weekly #576 from 2018-09-22T09:00

Mike Ahmadi oversees IoT security solutions and technical implementations for DigiCert customers across various verticals that include industrial, transportation, smart city, consumer devices an...

Microsoft, Elon Musk, Kernel and Powershell - Paul's Security Weekly #575 from 2018-09-17T09:00

Microsoft accidentally lets encrypted Windows 10 out the the world, Kernel exploit discovered in macOS, PowerShell obfuscation ups the anty on anti virus, Google outlines incident response proce...

Bypassing PAM, Eyal Neemany - Paul's Security Weekly #575 from 2018-09-16T09:00

Eyal Neemany describes how to bypass Linux Pluggable Authentication Modules provide dynamic authentication support for applications and services in a Linux or GNU/kFreeBSD system. Eyal Neemany i...

Brian Coulson, LogRhythm - Paul's Security Weekly #575 from 2018-09-15T09:00

Brian Coulson is a Senior Security Research Engineer in the Threat Research Group of LogRhythm Labs in Boulder, CO. His primary focus is the Threat Detection Modules such as UEBA, and NTBA.

Supermicro, Apache Struts, & HTTPS - Paul's Security Weekly #574 from 2018-09-10T09:00

In the security news, Spanish driver tests positive for every drug test, vulnerabilities found in the remote management interface of Supermicro servers, Apache Struts 2 flaw in the wild, HTTPS c...

Beacon Analysis, Chris Brenton - Paul's Security Weekly #574 from 2018-09-09T09:00

Beacon analysis is an integral part of threat hunting. If you are not looking for beacons you take the chance of missing compromised IoT devices or anything that does not have a threat mitigatio...

Wim Remes, Wire Security bvba - Paul's Security Weekly #574 from 2018-09-08T09:00

Wim Remes from Wire Security bvba comes on the show to talk about pentesting, SDLC, the state of security, life of a (virtual) CISO, and certifications.

Full Show Notes: Listen

Texas, T-Mobile, and Jack Daniel - Paul's Security Weekly #573 from 2018-09-03T09:00

In the Security News this week, Zero-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to ...

No-Script Automation Tool, John Moran - Paul's Security Weekly #573 from 2018-09-02T09:00

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. Prior to joining DFLabs John worked f...

Jayson Street, SphereNY - Paul's Security Weekly #573 from 2018-09-01T09:00

Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCo...

Burp Suite 2.0, DNC, and NotPetya - Paul's Security Weekly #572 from 2018-08-27T09:00

The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artific...

PHP Type Juggling Vulnerabilities, Netsparker - Paul's Security Weekly #572 from 2018-08-26T09:00

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He comes on the show to discuss PHP Type Juggling...

Tod Beardsley, Rapid7 - Paul's Security Weekly #572 from 2018-08-25T09:00

Tod Beardsley is the Director of Research at Rapid7. Paul talks to Tod about his recent projects Sonar and Heisenberg. They also discuss Tod's Under the Hoodie pentest report.

Full Show N...

Cigars and Security - Paul's Security Weekly #571 from 2018-08-21T09:00

Paul and Matt Alderman had the chance at DEF CON to sit down and talk about Cigars and Security. In our very first episode, Paul asks Matt questions on how he got started in Security, who some o...

Spoofing GPS with a hackRF, Larry Pesce - Paul's Security Weekly #571 from 2018-08-20T17:24:46

Our very own Larry Pesce delivers the Technical Segment this week on Spoofing GPS with a hackRF.

Full Show Notes: https://wiki.securi...

ThinkPenguin, Hacking Bodycams, & Adobe Flaws - Paul's Security Weekly #571 from 2018-08-19T16:00

In the Security News this week, Hacking Police Bodycams, Adobe fixes critical code execution flaws in latest patch update, Researchers develop device to aid in hunt for stealthy ATM card skimmer...

Yale University, Spam's Revival, and SDR - Paul's Security Weekly #570 from 2018-08-06T09:00

Reddit breached after hackers bypass 2FA, Yale University discloses old school data breach, and 5 steps to fight unauthorized cryptomining. All that and more, here on security weekly!

Ful...

Joshua Abraham, Praetorian - Paul's Security Weekly #570 from 2018-08-04T09:00

Josh is a key member of the technical execution team. In this capacity, he is responsible for leading, directing, and executing client-facing engagements that include Praetorian’s tactical and s...

Bluetooth Bug, Tenable, and Cosco - Paul's Security Weekly #569 from 2018-07-30T09:00

Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and GhostPack.

Chris Dale, Netsecurity - Paul's Security Weekly #569 from 2018-07-29T09:00

Chris Dale is the Head of the Penetration Testing & Incident Handling groups at Netsecurity, a mid-sized company based out of Norway. Along with significant security expertise, Chris has a backg...

Dean Coclin, DigiCert - Paul's Security Weekly #569 from 2018-07-28T08:30

Dean Coclin is the Senior Director of Business Development at DigiCert. Dean brings more than 30 years of business development and product management experience in software, security, and teleco...

Pen Testing, SIM Hijackers, & Mining Bitcoin - Paul's Security Weekly #568 from 2018-07-24T09:00

In the Security News this week, the evolutionary waves of the penetration testing, the SIM Hijackers, Roblox blames virtual "gang rape" on hack, thousands of Mega logins dumped online, Facebook ...

Chris Spehn, Mandiant's Red Team - Paul's Security Weekly #568 from 2018-07-23T09:00

Chris 'Lopi' Spehn is a consultant on Mandiant's red team. Chris was formerly a penetration tester for major credit card companies and retailers. Chris is also the founder of Illinois State Univ...

Davi Ottenheimer, MongoDB - Paul's Security Weekly #568 from 2018-07-22T09:00

Davi Ottenheimer is a strategist and author focused on cultural disruptions and defense ethics in emerging data platforms and intelligent machines; for more than twenty years’ he has led global ...

Airport Security, Dark Web, and Apple - Paul's Security Weekly #567 from 2018-07-16T09:00

In the Security News this week, Hackers put Airport Security system Access on the Dark Web, Arch Linux PDF reader package poisoned,Chrome defends Spectre, & Cisco patches bug in VoIP phones.

Limor Elbaz, Peerlyst - Paul's Security Weekly #567 from 2018-07-15T09:00

Limor is an entrepreneur, product evangelist, security expert, and a business development executive. She is the Founder of Peerlyst, the largest community of security professionals, serving more...

Zane Lackey, Signal Sciences - Paul's Security Weekly #567 from 2018-07-14T09:00

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund....

WPA3, Ticketmaster, and Don't Wipe So Hard - Paul's Security Weekly #566 from 2018-07-03T09:00

Terrible passwords outlawed in Microsoft's new Azure tool, Ticketmaster suffers security breach in personal and payment data, stop wiping your butt so hard, Toronto cops in big trouble for eatin...

Fun with Android APK's, Joff Thyer - Paul's Security Weekly #566 from 2018-07-02T09:00

Ever wonder how to get started pen testing Android Apps? This tech segment will demonstrate a few basic techniques and tools to give you a taste of mobile app assessments with the Android platfo...

Tom Brennan & Gary Berman - Paul's Security Weekly #566 from 2018-07-01T09:00

Tom Brennan from Proactive Risk and Gary Berman from Cyberman Security, come on the show and talk about their journey up till their comic. They give us the inside scoop on their comic book, "The...

Golden Tickets, 911 Callers, and Hacking Therapy - Paul's Security Weekly #565 from 2018-06-25T09:00

In the Security News this week, shutting down the Internet to prevent cheating, Yubico claims a bug bounty and upsets researchers, patching MRI scanners, getting your money back after being scam...

NMAP Scripts With LUA and NSE - Paul's Security Weekly #565 from 2018-06-24T09:00

Jason Wood delivers this technical segment on NMAP. Everyone loves using Nmap and the Nmap Scripting Engine. We don't always write NSE scripts though. Writing scripts for can be a bit intimidati...

Galen Hunt, Microsoft Azure - Paul's Security Weekly #565 from 2018-06-23T09:00

Founder of Microsoft Azure Sphere, Galen Hunt is a Distinguished Engineer at Microsoft. Azure Sphere provides an end-to-end solution that enables any device manufacturer to create highly-secured...

Pennsylvania, Equifax, and US Senators - Paul's Security Weekly #564 from 2018-06-19T09:00

In the Security News this week, Smart lock can be hacked in seconds, librarian sues Equifax over 2017 data breach wins $600, Neighbors of Cold War Air Force deserter knew him as 'Tim'. In the ra...

Keith Hoodlet: Bug Bounty Hunting - Paul's Security Weekly #564 from 2018-06-18T09:00

Keith will be talking through some of the tools, techniques, and procedures he uses to perform recon, identify targets of interest, and report findings faster and easier.

Full Show Notes:...

Jason Haddix, Bugcrowd - Paul's Security Weekly #564 from 2018-06-17T09:00

As the Vice President of Trust & Security, Jason works with clients and security researchers to create high value, sustainable, and impactful bug bounty programs.

Full Show Notes: Listen

CounterTack, Phishing Attacks, and Who Uses Flash? - Paul's Security Weekly #563 from 2018-06-11T09:00

In the Security News this week, Google Chrome has a critical vulnerability, Flash has another zero-day exploit, Colorado passes “most stringent” breach notification law, hackers hack a plane fro...

John Kinsella, Layered Insight - Paul's Security Weekly #563 from 2018-06-10T09:00

John Kinsella is a co-founder and head of product for Layered Insight, a container security startup based in San Francisco, California. His 20-year background includes security and network consu...

Jake Reynolds, LogRhythm - Paul's Security Weekly #563 from 2018-06-09T09:00

Jake Reynolds is the Technology Alliances Engineer at LogRhythm, where he is responsible for supporting the development and management of the company’s integrations with third-party technology p...

Acoustic Attacks, Bromium, and New GDPR Law - Paul's Security Weekly #562 from 2018-06-04T09:00

Dozens of vulnerabilities discovered in DoD's enterprise travel system, what Apple hiding with iOS 11.4, Git repository vulnerability leds to remote code execution attacks, and feeling for Kaspe...

Chris Elgee & Lee Ford, Mass. Army National Guard G-6 - Paul's Security Weekly #562 from 2018-06-03T09:00

Chris is a full time husband, father of four, and pen tester; he's a part time Army officer, an aspiring SANS instructor, and the back-up church bass player. Lee Ford spent 2yrs in Information s...

Ronnie Flathers, Uptake Technologies - Paul's Security Weekly #562 from 2018-06-02T09:00

Ronnie Flathers is an experienced pentester and security consultant who is equally addicted to both netsec and appsec and splits his time appropriately. He currently is the AppSec Pentest Lead a...

GDPR, DOJ Sinkholes, & PornHub - Paul's Security Weekly #561 from 2018-05-28T09:00

In the news, what will GDPR's impact be on U.S. consumer privacy, DOJ Sinkholes VPNfilter control servers found in U.S., the most important characteristics of a successful DevOps engineer, FBI s...

Bypassing Chrome's XSS Auditor - Paul's Security Weekly #561 from 2018-05-27T09:00

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative w...

Steven Bellovin, Columbia University - Paul's Security Weekly #561 from 2018-05-26T09:00

Steven M. Bellovin is the Percy K. and Vidal L. W. Hudson Professor of Computer Science at Columbia University, member of the Cybersecurity and Privacy Center of the university's Data Science In...

Project Zero, Securus, and CIA's "Vault 7" Mega-Leak - Paul's Security Weekly #560 from 2018-05-22T09:00

Google Project Zero call Windows 10 Edge Defense ACG flawed, Wapiti Web Application vulnerability scanner 3.0.1 packet storm, CIA's "Vault 7" Mega-Leak, and Trump eliminates national cyber-coord...

Configuring Your Own Travel Router with OpenVPN - Paul's Security Weekly #560 from 2018-05-21T09:00

Sometimes you just need a router handy when traveling. This allows you to connect multiple devices, use a VPN for all of them, and allow you to connect to a network via Wifi, Ethernet or USB 4G ...

Matthew Silva, RWU - Paul's Security Weekly #560 from 2018-05-20T09:00

This week we interview Matthew Silva, an Undergraduate student attending Roger Williams University, and is the President and Founder of the Cybersecurity and Intel Club!

Full Show Notes: ...

Microsoft Zero-Day, Mirai DDoS Attack, and GDPR - Paul's Security Weekly #559 from 2018-05-14T09:00

"Microsoft Patches Two Zero-Day Flaws Under Active Attack", "5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws", "Mirai DDoS attack against KrebsOnSecurity cost device owners $300,...

Docker Security Incident: Lessons Learned - Paul's Security Weekly #559 from 2018-05-13T09:00

Paul delivers the Technical Segment this week entitled "Docker Security Incident: Lessons Learned"!

Full Show Notes: https://wiki.sec...

Joe Gray, Advanced Persistent Security - Paul's Security Weekly #559 from 2018-05-12T09:00

Joe Gray is a native of East Tennessee. He joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. He joins Paul and the crew th...

Drupal, Twitter, iLo Ransomware, and Cambridge Analytica - Paul's Security Weekly #558 from 2018-05-06T09:00

Firms running Cisco WebEx are told to update their software, Medical devices vulnerable to KRACK Wi-Fi attacks, Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0, Facebook fires engineer ...

Leonard Rose, Principal Security Architect at Limelight Networks - Paul's Security Weekly #558 from 2018-05-05T09:00

Leonard Rose, Principal Security Architect at Limelight Networks, joins Paul and the crew this week for an interview!

Full Show Notes: Listen

Equifax, Amazon, & Hacking Hotels - Paul's Security Weekly #557 from 2018-04-30T09:00

In the news, Western Digital My Cloud EX2 NAS device leaks files, Equifax has spent $242.7 million on its data breach so far, New Skill let Amazon Alexa Spy on Users, Hackers find devious way to...

Jeff Man, Recap of RSAC - Paul's Security Weekly #557 from 2018-04-29T09:00

This week in the Topic Segment, our very own Jeff Man gives us a recap on the 2018 RSA Conference! He discusses HackerOne CEO talking Bug Bounty programs, DevSecOps day at RSA demonstrates how t...

Ferruh Mavituna, Founder of Netsparker - Paul's Security Weekly #557 from 2018-04-28T09:00

Ferruh Mavituna is the Founder and Product Manager of Netsparker. He developed the first and only proof-based web security scanner with state-of-the-art, accurate vulnerability detection and exp...

Drupal, Microsoft, & NSA - Paul's Security Weekly #556 from 2018-04-23T09:00

In the news, Microsoft built its own custom Linux OS to secure IoT devices, another critical flaw found in Drupal CorePatch your sites immediately, Facebook plans to build its own chips for hard...

Long Live Penetration Testing - Paul's Security Weekly #556 from 2018-04-22T09:00

We've spent time defining the value of penetration testing, how we can do them better and how organizations can make the most out of this activity. The question today is, "Do we still need penet...

Adrian Sanabria, Savage Security - Paul's Security Weekly #556 from 2018-04-21T09:00

Adrian is the Research Director and Co-Founder of Savage Security. He spent a decade building security programs and defending large financial firms. He also spent many years as a consultant, per...

RTF Bugs, Attacking Accountants, & Trollcave - Paul's Security Weekly #555 from 2018-04-16T09:00

In the news, RTF bug finally gets patched, so many ways to bridge an air gap, attacking accountants, spoofing all the ports and Trollcave, and more on this episode of Paul’s Security Weekly!

Got Privs? Extract and Crack the Creds - Paul's Security Weekly #555 from 2018-04-15T09:00

In the bad old days we used to exploit LSASS memory to dump hashed credentials from memory. When dealing with a domain controller, and a large environment this is dangerous. This segment will ad...

Ron Gula, Gula Tech Adventures - Paul's Security Weekly #555 from 2018-04-14T09:00

Ron is a Serial Cyber Security Entrepreneur. He founded Tenable Network Security and Network Security Wizards, and has 15+ years experience as CEO in cyber security industry. He joins Paul and t...

Intel, Cisco, Facebook, & Twitter - Paul's Security Weekly #554 from 2018-04-09T09:00

In the news, Intel drops plans to develop Spectre microcode for ancient chips, Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking, VirusTotal launches 'Droidy' sandbox...

Masha Sedova, Elevate Security - Paul's Security Weekly #554 from 2018-04-08T09:00

Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Securit...

Katherine Teitler, MISTI - Paul's Security Weekly #554 from 2018-04-07T09:00

Katherine Teitler is the Director of Content for MISTI, where she is responsible for programming information security conferences, workshops, and summits. Katherine also writes on a variety of s...

Apple, Meltdown, & Atlanta Hackers - Paul's Security Weekly #553 from 2018-04-02T09:00

In the news, Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext, Windows 7 Meltdown patch opens worse vulnerability, Atlanta Hit by Ransomware Attack Impacting Multiple Se...

Cutting The Cord: The Ideal Home Network Setup - Paul's Security Weekly #553 from 2018-04-01T09:00

In this weeks Technical Segment, Paul delivers his segment entitled Cutting The Cord: The Ideal Home Network Setup. Paul and the crew discuss Nvidia Shield, Firewalls, Parental Control, and othe...

Rob Cheyne, SourceBoston - Paul's Security Weekly #553 from 2018-03-31T09:00

Rob Cheyne is a highly regarded technologist, trainer, security expert and serial entrepreneur. He has 25 years of experience in the information technology field and has been working in informat...

Alex Stamos, Facebook, Uber, and The Cuban Sonic Weapon - Paul's Security Weekly #552 from 2018-03-25T09:00

The Scarlett Johansson PostgreSQL Malware Attack, Alex Stamos might be leaving Facebook, is Mark Zuckerberg in trouble with the law again?, Uber self-driving car hits and kills pedestrian, and C...

How To Find The Most Innovative Tech At A Security Show - Paul's Security Weekly #552 from 2018-03-24T09:00

Paul and Jeff express their likes and dislikes of vendor booths. Discover how to be a good sales-rep for your company, how to make yourself stand out in the vendor space, and how to be loose in ...

Dick Wilkins, Phoenix Technologies - Paul's Security Weekly #551 from 2018-03-20T09:00

Dick Wilkins is an Associate Professor of Computer Science at Thomas College in central Maine and is Principal Technology Liaison for Phoenix Technologies, a USA based system boot firmware devel...

Flash, Pwn2Own, & VMware - Paul's Security Weekly #551 from 2018-03-19T09:00

In the news, Memcrashed Memcached DDoS exploit tool, Flash, Windows Users: It's Time to Patch, VMware releases security updates, what happens when Bitcoin miners take over your town, and more on...

Patrick Laverty, Rapid7 - Paul's Security Weekly #551 from 2018-03-18T09:00

Patrick is a pentester for Rapid7, has done SIRT work for Akamai and was a web application developer at Brown University. He joins Paul and the crew this week for an interview!

Full Show ...

Cisco, Kali, Equifax, & Facebook - Paul's Security Weekly #550 from 2018-03-12T09:00

In the news, Cisco hardcoded passwords, Kali on Windows, Equifax recovers $114 million on $26.5 million in expenses from breach, and more on this episode of Paul's Security Weekly!

Full S...

Sven Morgenroth, Netsparker - Paul's Security Weekly #550 from 2018-03-11T10:00

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls.

Full Show Notes: Listen

Stefano Righi, UEFI - Paul's Security Weekly #550 from 2018-03-10T10:00

Stefano has over 35 years of experience in research and development. Stefano is representing AMI on the UEFI Forum Board of Directors and serves on the UEFI Security Response Team. He joins Larr...

Quickjack, Olympics, Largest DDoS Attack, and Bad AI is Still Bad AI - Paul's Security Weekly #549 from 2018-03-05T10:00

In the news, Quickjack advanced Clickjacking & frame slicing attack tool, how to fight mobile number port-out scams, the Russians hacked the Olympics, top 5 ways security vulnerabilities hide in...

Bruce Sussman, SecureWorld Boston - Paul's Security Weekly #549 from 2018-03-04T10:00

Bruce Sussman spent more than 20 years on TV screens in Portland, Oregon. He joins Paul and crew this week for an interview!

Full Show Notes: Listen

Mary Beth Borgwing, Mach37 - Paul's Security Weekly #549 from 2018-03-03T10:00

Mary Beth Borgwing is an Advisor to MACH 37 and Center for Innovation (CIT). She joins Paul and team this week for an interview! Full Show Notes: Listen

DoubleDoor, NSA, & Google - Paul's Security Weekly #548 from 2018-02-18T10:00

In the news, DoubleDoor IoT botnet abuses two vulnerabilities to circumvent firewalls, cyber-attackers continue to be financially motivated, Internet security threats at the 2018 Olympics, and m...

Michael Bazzell, OSINT & Privacy Consultant - Paul's Security Weekly #548 from 2018-02-17T10:00

Michael Bazzell spent 18 years as a government computer crime investigator. He joins Paul and crew this week for an interview!

Full Show Notes: Listen

Steve Tcherchian, XYPRO Technology - Paul's Security Weekly #548 from 2018-02-16T10:00

Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Information Security Officer and the Director of Product Management for XYPRO Technology. He joins Paul and team this week for an interview! Listen

Bitcoin, NSA, and Facebook - Paul's Security Weekly #547 from 2018-02-12T10:00

In the news, multiple vulnerabilities in 7-Zip, how getting granular improves network security, NSA exploit use on rise for cryptocurrency mining,and more on this episode of Paul’s Security Week...

ESP8266 SoC0, Larry Pesce - Paul's Security Weekly #547 from 2018-02-11T10:00

Larry Pesce delivers the Technical Segment on an intro to the ESP8266 SoC!

Full Show Notes: https://wiki.securityweekly.com/Episode54...

Zane Lackey, Signal Sciences Paul's Security Weekly #547 from 2018-02-10T10:00

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund....

MITRE, John Strand - Paul's Security Weekly #546 from 2018-02-04T10:00

John Strand, Managing Intern of Black Hills Information Security, delivers the Technical Segment on MITRE!

Full Show Notes: https://w...

Mark Arnold & Will Gragido, InfoSecWorld 2018 - Paul's Security Weekly #546 from 2018-02-03T10:00

Will Gragido is an internationally recognized information security specialist. Mark Arnold brings more than 20 years of technical and leadership experience to his role as a Senior Director of Se...

AI Celebrity Porn, NSA Exploit, and Bitcoin Exchange - Paul's Security Weekly #546 from 2018-02-02T17:55:29

Bitcoin exchange robbed, Deepfakes AI celebrity porn channel shut down by Discord, NSA Exploit Use On Rise For Crypto Currency Mining, First Jackpotting Attacks Hit U.S. ATMs, and more! Full Show N...

BIND, Intel, and Brickerbot - Paul's Security Weekly #545 from 2018-01-29T10:00

In the news, Intel warns "Don’t install our patch!", what you need to know about hash length extension attacks, Meltdown and Spectre patching has been a total train wreck,and more on this episod...

Critical Security Control Resources, John Strand - Paul's Security Weekly #545 from 2018-01-28T10:00

John Strand delivers the Technical Segment on Critical Security Control Resources!

Full Show Notes: https://wiki.securityweekly.com/E...

Kevin Donovan, ObserveIT - Paul's Security Weekly #545 from 2018-01-27T10:00

Kevin is one of ObserveIT's insider threat experts and a Senior Solutions Architect. He joins Larry and team this week for an interview on Paul's Security Weekly!

Full Show Notes: Listen

BIND, Intel, and Brickerbot - Paul's Security Weekly #544 from 2018-01-22T10:00

In the news, BIND comes apart thanks to ancient denial of service vuln, Brickerbot taking out your IoT one device at a time, Intel fix causes reboots and slowdowns, WiFi alliance announces WPA3 ...

Adam Gordon, ItPro.TV - Paul's Security Weekly #544 from 2018-01-20T10:00

With over 30 years of experience as both an educator and IT professional, Adam holds numerous Professional IT Certifications. He joins Paul and team this week for an interview on Paul’s Security...

Rebekah Brown, Rapid7 - Paul's Security Weekly #544 from 2018-01-19T15:25:41

Rebekah Brown has spent more than a decade working in intelligence and information security. Today, Rebekah leads the threat intelligence programs at Rapid7, where her responsibilities include prog...

Skype, Apple, and Wi-Fi Alliance - Paul's Security Weekly #543 from 2018-01-15T10:00

In the news, prosecutors say Mac Spyware stole millions of user images over 13 years, Skype finally getting end-to-end encryption, Apple set to patch yet another macOS password security flaw, 14...

Jake Williams, SANS - Paul's Security Weekly #543 from 2018-01-14T10:00

Jake Williams is the founder of Rendition Infosec and is a Senior Instructor at the SANS Institute. MalwareJake clears last weeks news story with the latest news on Meltdown and Spectre. He join...

Diana Kelley & Ed Moyle, Security Curve - Paul's Security Weekly #543 from 2018-01-13T10:00

Diana Kelley is the Cybersecurity Field CTO at Microsoft and a cybersecurity thought leader, practitioner, executive advisor, speaker, author and co-founder of SecurityCurve. Ed Moyle is current...

VMWare, Meltdown, Spectre, and Chip Hacks That Work - Paul's Security Weekly #542 from 2018-01-08T10:00

10 things in cybersecurity that you might have missed in 2017, a flaw in major browsers, a critical flaw in phpMyAdmin, beware of a VMWare VDP remote root issue, how to protect your home router,...

Mimikatz Event Log Clearing Feature with John Strand - Paul's Security Weekly #542 from 2018-01-07T10:00

John will be talking about the new mimikatz event log clearing feature.

Full Show Notes: https://wiki.securityweekly.com/Episode542 Listen

Marcello Salvati, Coalfire Labs - Paul's Security Weekly #542 from 2018-01-06T10:00

Marcello Salvati is a senior security consultant at Coalfire Labs by day and by night a tool developer who discovered a novel technique to turn tea, sushi and dank memes into somewhat functionin...

Fake Bitecoin, North Korea, and Wordpress - Paul's Security Weekly #541 from 2017-12-27T10:00

In the news, we discuss Uber paying hacker to keep quiet, flaw in Intel processors, banking apps found vulnerable to MITM attacks, Apple patching all other High Sierra security holes,and more on...

Kevin Finisterre, Department 13 - Paul's Security Weekly #541 from 2017-12-26T10:00

Kevin Finisterre is a principal of the security consultancy Digitalmunition, he enjoys testing the limits and is constantly dedicated to thinking outside the box. Kevin’s primary focus has alway...

Bob Hillery, InGuardians - Paul's Security Weekly #541 from 2017-12-25T10:00

Bob Hillery join us on Security Weekly and is an experienced consultant in Information Systems Security Management. He is a founder and Chief Research Officer with InGuardians, Inc. and has an e...

On-Demand Webcasts, Net Neutrality, and Pentesting - Paul's Security Weekly #540 from 2017-12-18T10:00

In the news, we talk about pentesting, On-Demand webcasts, net neutrality, Vegemite, and more on this episode of Paul’s Security Weekly!

Full Show Notes: Listen

Ed Skoudis, Holiday Hack Challenge - Paul's Security Weekly #540 from 2017-12-17T10:00

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS P...

Joe Gray, Advanced Persistent Security - Paul's Security Weekly #540 from 2017-12-16T10:00

Joe Gray is a native of East Tennessee. He joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. He is also the owner of the A...

Uber, Vulnerable Banking Apps, and Bluetooth - Paul's Security Weekly #539 from 2017-12-11T10:00

In the news, a new Windows evasion technique, naked rowers, undetectable malware, social engineering from your shed and banking apps vulnerable to MITM attacks.

?Full Show Notes: Listen

Bypassing Two-Factor Authentication - Paul's Security Weekly #539 from 2017-12-10T10:00

Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks. Eyal Neemany talks about bypassing two-factor authentication on Active Directory.

?...

Lisa O'Connor, Accenture - Paul's Security Weekly #539 from 2017-12-09T10:00

Lisa leads Global Security Research and Development at Accenture Labs. In this role, she curates and manages a portfolio of cyber research, including threat intelligence, advanced cyber hunting,...

High Sierra, NSA, WordPress, and HP - Paul's Security Weekly #538 from 2017-12-04T10:00

More secure WordPress updates, paying attention to SD-WAN security, NSA's "Red Disk" data leak, why gets you root, HP bloatware, and more security news!

Full Show Notes: Listen

Network Telemetry with Mick Douglas, SANS Institute - Paul's Security Weekly #538 from 2017-12-03T10:00

Our good friend Mick Douglas takes an excerpt from SANS 555 and demonstrates using network telemetry to find unauthorized hosts with ELK stacks!

Full Show Notes: Listen

Allison Miller Paul's Security Weekly #538 from 2017-12-02T10:00

Allison Miller has been working in the intersection of cybersecurity, human behavior, and predictive analytics for almost two decades. She has pioneered the use of data-driven detection technolo...

DoD, Oracle, Apple, and Boeing - Paul's Security Weekly #537 from 2017-11-20T10:00

Blaming Russia, compromising Apple’s facial recognition, books to give to your 30-year old self, malware on NSA employee computers, and more security news!

Full Show Notes: Listen

Mike Roderick & Adam Gordon, ITProTV - Paul's Security Weekly #537 from 2017-11-19T10:00

Our good friends Mike Roderick and Adam Gordon, two of ITProTV’s many security ninjas, deliver a tech segment and demo on virtualization, TPM, VMware, and virtual desktop infrastructure (VDI) as...

Kyle Wilhoit, DomainTools - Paul's Security Weekly #537 from 2017-11-18T10:00

Kyle Wilhoit, a Senior Security Researcher for DomainTools, discusses all things dark web, illegal internet trade, and more with Paul!

Full Show Notes: Listen

Ex-NSA, Microsoft, Vault 8, and Backdoor in SATNAV - Paul's Security Weekly #536 from 2017-11-13T10:00

Marissa Mayer testifies, starting wars by hacking back, hacking fingerprint biometrics, the halfway point of Mr. Robot, and more security news!

Full Show Notes: Listen

Tech Segment: Sven Morgenroth, Netsparker - Paul's Security Weekly #536 from 2017-11-12T10:00

We welcome Sven Morgenroth back to the show! Sven currently works as a Security Researcher at Netsparker. He rejoins us to deliver a technical segment on content security policies and cross-site...

Amanda Berlin, NetWorks Group and Lee Brotherston, Wealthsimple - Paul's Security Weekly #536 from 2017-11-11T10:00

Amanda Berlin of NetGroup and Lee Brotherston of Wealthsimple join Paul, Michael, and Larry for a discussion on the Defensive Security Handbook and its implications in the world of security!

Gadi Evron, Cymmetria - Paul's Security Weekly #535 from 2017-11-06T10:00

Gadi Evron founded Cymmetria in 2014 with a vision of revolutionizing security technology, strategy, and innovation. He joins Paul, Doug, and Jeff for an interview about honeypots, hacking back,...

Tim Medin, SANS Institute - Paul's Security Weekly #535 from 2017-11-05T09:00

Tim Medin from SANS comes on the show and does a tech segment on Windows PowerShell using PowerShell Empire.

Full Show Notes: https:/...

Richard Moulds, Whitewood Security - Paul's Security Weekly #535 from 2017-11-04T09:00

Richard Moulds, General Manager of Whitewood Security, makes his triumphant return to the show!

Full Show Notes: https://wiki.securit...

Microsoft, KRACK, Docker, and Kubernetes - Paul's Security Weekly #534 from 2017-10-23T09:00

Microsoft mocks Google for failed security fix, 5 steps to building a vulnerability management program, Pornhub, and kids smartwatches are harbouring major security flaws.

Full Show Notes...

Borrowing Data, Joe Vest and Andrew Chiles, MINIS - Paul's Security Weekly #534 from 2017-10-22T09:00

Joe Vest and Andrew Chiles from MINIS talk about Borrowing data to hide binaries. Joe Vest is the Co-Founder of the security consulting company MINIS LLC. He has over 17 years' experience with a...

Wendy Nather, Duo Security - Paul's Security Weekly #534 from 2017-10-21T09:00

Wendy Nather is Principal Security Strategist at Duo Security. Wendy is also a good friend of the Security Weekly team! She speaks regularly on topics ranging from threat intelligence to identit...

Windows, Disqus, Cyberattacks, and FBI Cyberstalker - Paul's Security Weekly #533 from 2017-10-16T09:00

Windows Phone is dead, Disqus gets hacked, malvertising on X rated websites, North Korea ups their cyberattack game, the FBI arrests a cyberstalker, and more security news!

Full Show Note...

Matthew Toussain, SANS Institute - Paul's Security Weekly #533 from 2017-10-15T09:00

Matthew Toussain is an active-duty Air Force officer and the founder of Spectrum Information Security. He regularly hunts for vulnerabilities in computer systems and releases tools to demonstrat...

Pausing Processes with PowerShell with Mick Douglas, SANS - Paul's Security Weekly #533 from 2017-10-14T09:00

Mick Douglas is a SANS instructor and the Managing Partner for InfoSec Innovations. He joins us to demonstrate pausing potentially malicious executables in PowerShell!

Full Show Notes: Listen

Equifax, Google, Alex Stamos, and Kaspersky - Paul's Security Weekly #532 from 2017-10-09T09:00

New Gmail security, who to blame for the Equifax breach, three billion compromised Yahoo accounts, embarrassing encryption ignorance, and why is Alex Stamos hunting down Russian political ads on...

Ran Levi, Podcast Israel Media - Paul's Security Weekly #532 from 2017-10-08T09:00

Ran Levi started Making History! Podcast in 2007, which has become the most successful podcast in Israel. He has authored three books on malware, science, and more.

Full Show Notes: Listen

Don Pezet, ITProTV - Paul's Security Weekly #532 from 2017-10-07T09:00

Our good friend Don Pezet joins Paul, Doug, and Ran for a discussion on his background in security! Don is a Co-Founder and Host of ITProTV, a video IT training company based in central Florida....

#TrevorForget, PGP, Oracle, and Linux Kernel - Paul's Security Weekly #531 from 2017-10-04T09:00

Don't worry about PGP private key exposure, Signal taps up Intel's SGX for increased security, a two-year-old Linux Kernel issue resurfaces, Bill Gates's biggest mistake, Oracle patches away, an...

Ed Skoudis, Counter Hack - Paul's Security Weekly #531 from 2017-10-03T09:00

Ed Skoudis is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. He has the rare ability to translate advanced technical knowledge into easy-to-master guidance. Ed r...

Jim Nitterauer, AppRiver - Paul's Security Weekly #531 from 2017-10-02T09:00

Jim Nitterauer, CISSP is currently a Senior Security Specialist at AppRiver. He's well-versed in ethical hacking and penetration testing techniques. Jim joins us for a nostalgia-packed DNS discu...

Windows 10, Zerodium, Linus Torvalds, and Equifax - Paul's Security Weekly #530 from 2017-09-18T09:00

No excuses for Equifax, mixed reviews for Apple’s facial recognition, Adobe and Microsoft patch away, one MILLION dollars for Tor zero-days, and more security news!

Full Show Notes: Listen

What It Takes To Attack an ICS with Mike Assante, SANS Institute - Paul's Security Weekly #530 from 2017-09-17T09:00

Mike Assante is the Director of Critical Infrastructure and ICS for the SANS Institute. He clears up the confusion of Dragonfly 2.0 and explains control systems and how those attacks work.

Ted Demopoulos, SANS Institute - Paul's Security Weekly #530 from 2017-09-16T09:00

Ted Demopoulos is a Senior SANS Instructor, a recipient of the Department of Defense Award of Excellence, and the author of Infosec Rock Star: How to Accelerate Your Career Because Geek Will Onl...

Flaw in Apache, Wikileaks Unveils Project Protego, and Linux 4.13 - Paul's Security Weekly #529 from 2017-09-12T09:00

The nightmare that is patching IoT devices, essential bug bounty programs, controlling voice assistants, flaws in Apache Struts2, and more security news!

Full Show Notes: Listen

Mobile Application Assessment with Chris Crowley, SANS Institute - Paul's Security Weekly #529 from 2017-09-10T09:00

Chris Crowley is a SANS instructor and independent consultant based in the Washington, D.C. area. Mr. Crowley overviews his approach to keeping mobile applications secure in this technical segme...

Michele Jordan, Under the Oak Consulting - Paul's Security Weekly #529 from 2017-09-09T09:00

Michele Jordan is the Founder and Principal Consultant of Under the Oak Consulting. She has worked in IT and network security for over 35 years. Michele delves into her background in security, h...

FCC, The Fappening, and Boarding Passes - Paul's Security Weekly #528 from 2017-09-04T09:00

Are you sick of The Fappening yet? We're not! Larry and Dave have fun with boarding passes, hacking pacemakers, the FCC hosting your memes, and more information security news!

Full Show N...

Dave Kennedy, DerbyCon 2017 Preview - Paul's Security Weekly #528 from 2017-09-03T09:00

Larry and Dave discuss the upcoming DerbyCon conference, shenanigans from past cons, and reiterate the mission that DerbyCon was founded around in the first place!

Full Show Notes: Listen

Tech Segment: Kyle Wilhoit, DomainTools - Paul's Security Weekly #528 from 2017-09-02T09:00

Kyle Wilhoit is a Senior Security Researcher at DomainTools; he focuses on research DNS-related exploits, investigate current cyber threats, and exploration of attack origins and threat actors. ...

Larry's Capture-the-Flag Scenario - Paul's Security Weekly #527 from 2017-08-28T09:00

Larry had a technical problem that he needed to solve. Larry demonstrates a new capture-the-flag scenario. Larry explains how to capture a particular wireless packet in the middle of all this no...

Richard Moulds, Whitewood Security - Paul's Security Weekly #527 from 2017-08-27T09:00

Richard Moulds is the General Manager of Whitewood Security. Whitewood aims to help its customers to take control of the generation of random numbers across their application infrastructure.

Fappening 2017, Open AWS, Flipboard, and Bitcoin - Paul's Security Weekly #527 from 2017-08-26T09:00

More Celebrity Nude Photos Hacked and Leaked Online, A Company Offers $500,000 For Secure Messaging Apps Zero-Day Exploits, Beware of Windows/MacOS/Linux Virus Spreading Through Facebook Messeng...

Airdrop, Rowhammer, and Profexor Goes Dark - Paul's Security Weekly #526 from 2017-08-21T09:00

More Chrome extensions have been compromised, disabling safety features in cars, being targeted via AirDrop, USB is less secure (go figure), and more security news!

Full Show Notes: Listen

Bypassing Input Filters with Sven Morgenroth, Netsparker - Paul's Security Weekly #526 from 2017-08-20T09:00

Your WAF is not safe! Sven Morgenroth, a Security Researcher at Netsparker, blows Paul’s mind with his ninja-esque input filter bypass skills in this technical segment!

Full Show Notes: <...

Bryson Bort, GRIMM - Paul's Security Weekly #526 from 2017-08-19T09:00

Bryson Bort is the Founder and CEO of GRIMM, a Washington, D.C. based security engineering and consulting services company. Bryson delves in-depth into his entrepreneurship journey, the problems...

Paul's Printer Hacking Adventures - Paul's Security Weekly #525 from 2017-08-15T09:00

Printer attacks have been around for some time. Paul describes some of the latest techniques and research into printer hacking, including capturing print jobs, manipulating print jobs and other ...

Dropbox, BeyondTrust, Marcus Hutchins, and DEF CON - Paul's Security Weekly #525 from 2017-08-14T09:00

Mystery bug bounties, Marcus Hutchins pleads not guilty, a password guru regrets past advice, Dropbox and offline two-factor authentication, and more security news!

Full Show Notes: Listen

Aram Jivanyan, BeSafe - Paul's Security Weekly #525 from 2017-08-13T09:00

Aram is the Founder and CEO of BeSafe (formerly Skycryptor), an encrypted cloud company that uses proxy re-encryption techniques to protect user data. He provides a demo on his techniques to ens...

WannaCry, FBI Arrests Researcher, and Smart Guns - Paul's Security Weekly #524 from 2017-08-08T09:00

WannaCry's killswitch domain registrant is arrested, making infosec more inclusive, hacking 113-year-old subway signs, security standards for smart devices, and more security news!

Full S...

VaporTrail with Larry Pesce and Galen Alderson, InGuardians - Paul's Security Weekly #524 from 2017-08-07T09:00

Larry and his intern, Galen Alderson, present a demo of their Vaportrail project! Galen shows us how to exfiltrate data from networks using broadcast FM radio and other inexpensive materials. Listen

Danny Miller, Ericom Software - Paul's Security Weekly #524 from 2017-08-06T09:00

Danny Miller, the Director of Product Marketing at Ericom Software, joins us to discuss how enterprises can protect themselves by utilizing isolated browsing and other techniques!

Full Sh...

Bypassing Corporate Firewalls with Sven Morgenroth, Netsparker - Paul's Security Weekly #523 from 2017-07-23T09:00

Sven Morgenroth of Netsparker joins us to expound upon an original blog post on bypassing corporate firewalls and vulnerable web applications in this technical segment!

Full Show Notes: <...

Javelin ADProtect vs. Microsoft ATA with Almog Ohayon - Paul's Security Weekly #523 from 2017-07-22T09:00

Almog Ohayon of Javelin Networks pits Javelin ADProtect against Microsoft ATA in an epic threat analytics showdown!

Full Show Notes: ...

Windows Vulnerabilities, Dirty Radio Songs, and Prime Day - Paul's Security Weekly #522 from 2017-07-17T09:00

Russians on PornHub, dirty songs on the radio, Windows security protocol vulnerabilities, tomato plant security, and more security news!

Full Show Notes: Listen

Hardening Software RNGs with Don Pezet, ITProTV - Paul's Security Weekly #522 from 2017-07-16T09:00

This is a random technical segment on implementing random number generators in Linux. Don shows us the ins and outs of the entropy pool, the different between /dev/random and /dev/urandom, and s...

Joe Desimone, Endgame - Paul's Security Weekly #522 from 2017-07-15T09:00

Learn about "fileless" malware, threat actors, evading detection on the endpoint and more!

Joe Desimone is a Malware Researcher at Endgame. He focuses on tracking and countering APTs, rev...

Tim Helming, DomainTools - Paul's Security Weekly #521 from 2017-07-11T09:00

Tim Helming joins us to talk about all things related to domains, including luxury domain abuses, the security value of the whois database and more!

Full Show Notes: Listen

Demystifying the Art of Hunting with Paul Ewing, Endgame - Paul's Security Weekly #521 from 2017-07-10T20:45:29

Paul Ewing from Endgame talks about the different types of threat hunting (network, host and logs) and the pros and cons of each!

Full Show Notes: Listen

Google Patches, Wordpress, and GnuPG - Paul's Security Weekly #521 from 2017-07-10T09:00

How to hire infosec professionals, patching automation code, hijacked Android devices, Bitdefender support for Mac, and more security news!

Full Show Notes: Listen

Linux hacking, Petya, and Windows - Paul's Security Weekly #520 from 2017-07-03T09:00

Separating the hacked and the paranoid, remote Linux hacking, Petya goes postal at FedEx, today’s mainstream hacktivism tools, and why choosing Windows should get you fired!

Full Show Not...

Domain Admin in Active Directory, Guy Franco - Paul's Security Weekly #520 from 2017-07-02T09:00

Guy came on the show and gave a live demo on how to become Domain Admin in an Active Directory environment, and keep those privileges for 20+ years. Guys shows us how to abuse service accounts t...

Moses Hernandez, Cisco Systems - Paul's Security Weekly #520 from 2017-07-01T09:00

Moses returns to the show to discuss his background in technology and security (which is eerily similar to Paul's!). The crew then got into a deep discussion of the history of many different tec...

Bye Bye Chrome, GhostHook, and Cisco - Paul's Security Weekly #519 from 2017-06-26T09:00

Why Firefox is superior, spies in Mexico, WannaCry shuts down a car plant, Cisco patches critical vulnerabilities, hacking air-gapped networks, and more security news!

Full Show Notes: Listen

Reverse Analyzing Attacks for Detection, Justin Henderson Paul's Security Weekly #519 from 2017-06-25T09:00

Learn how to use Windows Event Logs to catch attackers in your network, including domain admin group enumeration and mimikatz attacks! Justin Henderson (@SecurityMapper) categorizes these techni...

Eric Conrad, SANS - Paul's Security Weekly #519 from 2017-06-24T09:00

Eric Conrad comes into the studio to talk about a groundbreaking new CTF aimed at the defenders and how to become a SANS instructor. A healthy dose of UNIX/Linux nerd talk and how to give effect...

Iot is broken and 1 Million Exposed Endpoints - Paul's Security Weekly #518 from 2017-06-19T16:32:12

One MILLION endpoints, WannaCry is linked to North Korea, IoT is broken (what's new?),inside a porn-pimping spam botnet, fixing Windows Defender, and more security news!

Full Show Notes: ...

ProxyCannon with Carrie Roberts, Black Hills Information Security - Paul's Security Weekly #518 from 2017-06-17T12:30

Carrie Roberts of Black Hills Information Security joins us to show hot to use Burp and ProxyCannon to Prevent IP blacklisting while password spraying in this technical segment!

Full Show...

Trey Forgety, NENA - Paul's Security Weekly #518 from 2017-06-16T19:29:18

Trey Forgety is the Director of Government Affairs and Information Security Issues at the National Emergency Number Association. He worked with the White House to develop policy for a nationwide...

NSA Contractor Arrested, PPT Malware - Paul's Security Weekly #517 from 2017-06-13T04:00

• FBI Arrests NSA Contractor for Leaking Secrets
• getsploit: Search & Download Exploits!
• Some non-lessons from WannaCry
• IDG Contributor Network: Top 5 InfoSec concerns for...

Detecting The Empire's Death Star Attack Paul's Security Weekly #517 from 2017-06-12T21:00

byt3bl33d3r recently released "DeathStar", which use Powershell Empire's API to automatically obtain Domain Admin privileges in an Active Directory environment with the Click of a button. Some m...

Graham Cluley - Paul's Security Weekly #517 from 2017-06-12T16:38:15

Graham Cluley is an award-winning security blogger, researcher and public speaker. In this interview, we discuss ransomware, stealing content, the motivations of attackers, IoT, and more!

Security For Small Business - Paul's Security Weekly #516 from 2017-06-03T09:00

Don Pezet from ITPro.TV joins us on the show to help us identify security challenges and solutions for small business/mid-market. Backups are key, as are ease of use and support. The most import...

Security News - Paul's Security Weekly #515 from 2017-05-31T09:00

Gravityscan is keeping WordPress sites safe, WiFi to see through walls, Dodged a bullet and stepped in front of another one, Twitter Flaw Allowed You To Tweet From Any Account, and Latest Cb Def...

Tech Segment: How Compromise Happens: Active Directory is Vulnerable - Paul's Security Weekly #515 from 2017-05-30T16:53:07

Almog Ohayon from Javelin Networks gives a demo on how compromises happen and counteract them.

Full Show Notes: https://wiki.security...

Branden Williams - Paul's Security Weekly #515 from 2017-05-27T09:00

Dr. Branden R. Williams has twenty years of experience in business, technology, and information security as a consultant, leader, and an executive. Branden has world for well known Information S...

Security News - Paul's Security Weekly #514 from 2017-05-22T09:00

WordPress announces a bug bounty program, stealing voice prints, hacking Mar-a-Lago, XP PCs dodge WannaCry’s ransom, and more security news!

Full Show Notes: Listen

Tech Segment: Disabling SMBv1 - Paul's Security Weekly #514 from 2017-05-21T09:00