ASW Episode41

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #41

Recorded November 26, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • Join us for our Webcast with Chronicle entitled "Intelligence Powered Malware Hunting". This webcast will be held December 5th @3-4pm EST. Go to to register now!

    Interview: Brent Dukes

    Brent Dukes
    is a Director of Information Security.
    Brent Dukes is a hacker, and Director of Information Security for an established manufacturing company. His background in software and systems engineering in radio protocols and IoT products gives him a diverse background for making and breaking many different types of systems. Brent has spoken on various topics at security and hacker conferences such as DEF CON, BSides Boston, and Boston Application Security Conference. His hacking interests range from binary and hardware reverse engineering, to web applications and CTFs.


    Bugs, Breaches, and More!

    1.) Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers

    2.) Second WordPress hacking campaign underway, this one targeting AMP for WP plugin

    3.) USPS Took a year to fix a vulnerability that exposed all 60 million users' data

    If you Build It, They Will Come

    1.) Rowhammer attacks can now bypass ECC memory protections

    2.) This JavaScript can snoop on other Browser Tabs to work out what you're visiting

    3.) Yet another memory leak in ImageMagick

    Learning & Tools

    1.) SwiftnessX: A cross-platform note-taking & target-tracking app for Pentesting

    2.) Serpico - a Pentesting Report Generation and Collaboration Tool:web

    3.) The Big List of Naughty Strings

    Food for Thought

    1.) Digital Ocean Survey: Developer Trends in the Cloud - Open Source Edition

    2.) The internet is evolving: HTTP will no longer use TCP

    3.) CommitStrip: One final detail

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+