SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here
- 1 Episode Media
- 2 Announcements
- 3 Interview: Matt Bergin of Core Impact
- 4 Tech Segment: Kati Rodzon & Mike Murray of MAD Security on Social Engineering War Stories
- 5 About
- 6 How
- 7 References
- 8 Stories
Security Weekly - Episode 337 for Tuesday July 2nd, 2013
- The Hills have IPs!! Defensive Intuition (the Consulting arm of Security Weekly Enterprises) and Black Hills Information Security have joined forces to offer all your training, Active Defense and pen test needs! Visit www.blackhillsinfosec.com for more information.
- Register at Blackhat USA Las Vegas! Offensive Countermeasures: The Art Of Active Defense July 27-28 & 29-30.
- We are looking for sponsors for monthly webcasts in conjunction with SANS - contact paul -at- hacknaked.tv for details!
- The Stogie Geeks Show! - Kick some ash with the Stogie Geeks, Sunday nights at 8:30PM EST. Come have a cigar with us! If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink! Make sure you print out your $5.00 off coupon here!
- BSides RI recap and wrap-up. We are already actively working on next year, we're looking for sponsors and volunteers, and we have a web site! http://bsidesri.org
Interview: Matt Bergin of Core Impact
Matt "Level" Bergin, age twenty four, works for CORE Security as a Senior Security Consultant where his day job consists of discovering, exploiting, and mitigating vulnerabilities in their client’s network environments. Before joining CORE, Matt became well recognized in the industry through his activities in the US Cyber Challenge and publications of vulnerability research such as his discovery of the Microsoft IIS 7.5 FTP Heap Overflow.
- What is kfuzz, and what does it do?
- What would be a good application of kfuzz? any examples in the wild?
- Tell us about what else you are presenting at Black Hat.
- Three words to describe yourself
- If you were a serial killer, what would be our weapon of choice?
- In a game of ass grabby-grabby do you prefer to go first or second?
- If you wrote a book about yourself, what would the title be?
- Stranded on a desert island, which tablet would you bring with you if you could choose only one: Android, iPad or Surface?
Tech Segment: Kati Rodzon & Mike Murray of MAD Security on Social Engineering War Stories
Social Engineering War Stories
Social engineering is the art of coercing -let face it manipulating- someone into giving you information, allowing you access, or doing something for you. It's basically the art of behavior modification and moment-to-moment training.
Fresh off of a physical penetration test for a major company, Michael and Kati will talk about the psychological techniques that do and do not work. When is it time to blend it? When is it time to stand out? What patterns of behavior can be used to your advantage?
Many of the techniques talked about are taken from basic social psychology as well as behavior analysis and modification theory. Even though these topics are traditionally small scale, Michael and Kati will discuss how they are applied on a larger scale in a pentest.
- We are in the process of archiving and cataloging our technical segments, please visit the Security Weekly Technical Library and we indexed all of the interviews we have conducted. Also, please follow us on Google+ The Security Weekly Google+ Community, The Security Weekly Google+ Page and Paul's Google+ Page.
- Larry teaching SANS SEC617 all over and coming to a city near you in 2013. Sign up for NS2013 in Vegas. or my vLive class this summer (6/24-8/14) and get a free MacBook Air, Toshiba Ultrabook, or an $850 discount (use the codes here: http://www.sans.org/vlive/specials). Larry will also be teaching SEC575 (Mobile pentesting) at CyberCon later this year.
- The Shadowcrew forum was taken down in 2004 but the search for the people behind it didn't stop there. Aleksi Kolarov has finally been extradited to the US and was arraigned in Newark yesterday.