From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 494

Recorded December 22, 2016


  • Jeffrey Man - Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon
  • Jack Daniel - Works for Tenable Network Security and is a co-founder of Security BSides.
  • Larry Pesce, Director of Research and Senior Managing Consultant at InGuardians
    • Larry Pesce, Swami of Security, Oracle of the Online and Hotshot Of Hacking
    • Larry Pesce, destroyer of embedded systems and injector of RF energy.
  • Michael Santarcangelo - founder of SecurityCatalyst.com, author of Into the Breach, and creator of the leadership-driven Straight Talk Framework - with our favorite question, "What problem are you trying to solve?"
  • Joff Thyer - SANS Instructor, Penetration Tester and Security Researcher with Black Hills Information Security.
    • Joff Thyer, Geeking out with the best of them. Known to attract multiple waitresses with a single smile and utterance of g'day. Deployer of cocktail recipes in desperate situations. Hacker of many a thing! If it's got code running on it, it can be hacked.
    • Joff Thyer, musician, proud father, and friend to many.
  • Paul Asadoorian - He is a male who is extremely charming in manner because of his gentlemanly behavior. He has good looks and thinks that women are better than men. He also has a high pain tolerance and likes it kinky.

Episode Audio



  • Make sure you visit http://securityweekly.com/subscribe and subscribe to all of our shows! You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked News, Enterprise Security Weekly, and Startup Security Weekly.

Interview: Eric "Munin" Rand, Brown Hat Security - 6:00PM-7:00PM

Eric is an amateur blacksmith and a professional blue-team consultant from Southern California, who lives in the mountains with his wife and cats. Having found a way to turn paranoia into money, he spends his days providing technical support to defensive security operations folks and contemplates how to make everyone's jobs a lot easier.

Technical Segment: Rudolph the Credit Card-Swiping Reindeer, Joshua Marpet and Scott Lyons - 7:00PM-7:30PM

How do you find credit card numbers that have slipped out of the Cardholder Data Environment?

We're going to examine different ways to search for credit card numbers on a server. Why? Well, if you do a PCI audit, one of the things you should do is make sure you don't have CC#'s anywhere outside the cardholder data environment (CDE). If you do, that's what's known as a "bad thing", or alternatively, a "resume-generating event." We'll talk about some commercial solutions, then look at the regexes and python scripts to do it yourself. If I can spin up an environment, we'll do a search live on a VM on my laptop.

Security News - 7:30PM-8:30PM

http://www.noradsanta.org/ - Track Santa Claus around the World!

Paul's Stories

  1. Russian Methbot Steals Millions Daily From US Companies
  2. EFF: Dear Tech, Delete Your Logs Before It's Too Late
  3. Energy Firm Points To Hackers After Kiev Power Outage
  4. Is Huawei About to Buy a Security Vendor?
  5. Nokia sues Apple, claims patent infringement in iPhone and other devices
  6. Home routers under attack in ongoing malvertisement blitz
  7. Op-ed: Why Im not giving up on PGP
  8. Security Vulnerabilities Discovered in Airline In-Flight Entertainment Systems
  9. SAP Chief Security Officer Details Approach to Infrastructure and Software Security
  10. Reality Hacking: The Secret World Of AI, Bots And Fake News

Joff's Stories

  1. Op-Ed: I'm GIVING UP on PGP
  2. NIST CFP Encryption in a Post Quantum Computing World

Jeff's Stories

Joshua's Stories

Scott's Stories