ASW Episode00

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #0

Recorded January 5, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements

    • Also check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: Currently On-Demand we have webcasts with: Cybereason, Onapsis, Signal Sciences, BHIS, and Stealthbits!
    • If you work in IT and want to have access to an awesome library of OnDemand training head on over to ITPro.TV/securityweekly! They are now accepting requests for demos of the IT Team solution that allows you and your co-workers to access over 3300 hours of training at any time! Use the code SecWeekly30 for the 7-day free trial and 30% off!
    • InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW! You can catch talks from Adrian Sanabria, Diana Kelley and Ed Moyle, Jennifer Manella, Joseph Zacharias, Mark Arnold, Matias Madou, and Summer Fowler. Good job!
    • Check out our DomainTools Webcast Pivoting Through Malicious Infrastructure. Hosted by Paul Asadoorian, Michael Santarcangelo, and Taylor Wilkes-Pierce. Join Michael and Paul as they explore, using domain names and DNS information in a candid discussion with Taylor Wilkes-Pierce from DomainTools. We’ll deep-dive into one of 2017's most notorious phishing attacks to show you how to use domain data and pivoting to profile threat actors and prevent future attacks.

    Topic: Rise of Application Security

    A Brief History of Application Security

    The History of Application Security Testing (Part 1)

    The History of Application Security Testing (Part 2)

    A Brief History of Software, Security, and Software Security

    Learning & Tools


    Burp Vulners Scanner

    SANS Secure DevOps Tool Chain (POSTER)


    Impatient (technology) Employers are Designing Their Own Courses

    IOHIDeos MacOS 0day

    Missing nmap plugin released

    A Simple Explanation of the Differences Between Meltdown and Spectre

    Google Project Zero writeup on Spectre and Meltdown CPU vulnerabilities

    Official Logo-emblazoned CPU vulnerabilities page

    Google Security Blog: What you need to know about the CPU vulnerabilities

    Intel CPU Design Flaw leaks Kernel Memory AMD Processors not effected

    Measurable CPU differences in AWS from Intel CPU vulnerabilities

    AWS Official statement RE: CPU vulnerabilities

    Negative results testing the Intel CPU Design

    PostgreSQL: Fix for intel hardware vulnerability will lead to performance regressions

    Chrome recommended remediations against CPU vulnerabilities

    Quick (temporary) remediation instructions for Google Chrome RE: Meltdown vulnerability

    Mozilla Firefox patches being pushed to mitigate vulnerabilities from the Intel vulnerabilities

    Intel CEO Just Sold a Lot of Stock

    Starbucks Wi-Fi mines Monero via CoinHive

    'CoffeeMiner' PoC as a result of Starbucks Wi-Fi compromise

    Docker your Command & Control (C2)

    The 100x Engineer

    Millions of American Households Exposed Online

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+