ASW Episode09

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #9

Recorded March 16, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • Go to and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to and register using the code SW75WMKW to get a $75 discount!
    • We’ve recently added “The State of Security Education and Training” webcast with ITProTV & RWU to our content available On-Demand at: This material is available free to our security weekly listeners and subscribers. Also, be sure to check out “The State of Penetration Testing” with BHIS and some other previously recorded webcasts you may have missed!
    • BSides Orlando is coming up on April 7th; Tickets are $20, and students can register for free with their student ID. For more information, tickets are available at
    • Bugcrowd is Hiring! After closing a Series C funding round at $26 Million, Bugcrowd is expanding headcount across the organization. Checkout, or email to find out more


    Everything you require for learning Application Security is Free

    Learning & Tools

    1.) Introducing Metta: Uber’s Open Source Tool for Adversarial Simulation

    2.) Probable Wordlists

    3.) AttackDeploy gets dockerized


    Bugs, Breaches, and More!

    1.) Researchers Say AMD Processors Have Serious Vulnerabilities and Backdoors

    2.) AMD short interest, new historical high

    3.) Silas Cutler: Folks are missing the point of #AMDflaws hard. It's not about getting root, but keeping root forever. Read the report

    4.) Know who hacked the Binance cryptocurrency exchange? Earn $250,000

    5.) Hijacked MailChimp Accounts Used to Distribute Banking Malware

    6.) Samba 4.7.6, 4.6.14 and 4.5.16 Security Releases Available for Download

    If you build it, they will come

    1.) ACME v2 and Wildcard Certificate Support is Live

    2.) Voodoo Kali

    3.) Generating XSS Payloads from Polyglot Files using Deep Learning

    4.) You Can Soon Own a HAL 9000 Replica That Uses Amazon Alexa to Control Your Home, Dave

    Food for Thought

    1.) Former Equifax executive charged with insider trading after data breach

    2.) Awesome Developer Streams

    3.) 1% of Reddit communities initiating 74% of all conflicts

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+