From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 417 - 6:00PM

Episode Media


Intro, Sponsors & Announcements


[Cut to Paul Live Shot]

"This week we interview Chris Roberts on hacking the not-so-friendly skies, Tenable's Sean Mitchell give us some career advice, and we may even have ANOTHER Wordpress vulnerability (or five) to talk about in the stories of the week. All that and more on this edition of Security Weekly!"

[Cut to Larry Live shot]


Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, and the cocktails flow steady its Paul’s Security Weekly!

[Cut to sponsor logo]

  • Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/

[Cut to security weekly logo]

Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet...

[Cut to live shot of Paul]

Larry: Here's your host, a man loves to do favor that are big AND easy (just like your penis)........Paul Asadoorian!"

Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 417 for Thursday May 7th, 2015

  • Introduce hosts and guests


[Cut to Announcement graphics]

  • Ready to learn Combat Firmware Analysis? Register for my Blackhat course "Embedded Device Security Assessments", a 2-day hosted class at Blackhat Las Vegas. Registration includes breakfast, lunch, and access to the Blackhat Briefings Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal! Visit http://securityweekly.com/iot to register today!
  • Don't forget to Register for BSides Boston coming up on May 9th!
  • Don't forget to Register for SOURCE Boston coming up April 25-28th!
  • Be sure to check out Paul and John's new SANS class, SANS 550: Active Defense, Offensive Countermeasures and Cyber Deception!

[Cut to shot on Paul]

Guest Interview: Chris Roberts - 6:05PM-6:35PM

EmbedVideo received the bad id "oo1sb0kYiJc"" for the service "youtube".


Regarded as one of the world’s foremost experts on counter threat intelligence within the cybersecurity industry, Roberts constructs and directs One World Labs’ comprehensive portfolio of cyber defense services designed to improve the physical and digital security posture of both its enterprise and government clients. Roberts understands enterprise security requirements, having served as both an in-house security expert and consultant on IT security, engineering and architecture/design operations for scores of Fortune 500 companies across the finance, retail, energy and services sectors. Further, he regularly engages with various government agencies on critical security issues of national importance.


  1. One World Labs
  2. Interview with Fox News on Airplane Communications Vulnerabilities
  3. RT interview with Chris Roberts
  4. THE Tweet
  5. Follow Chris Roberts on Twitter


  1. How did you get your start in information security?
  2. Tell us about your recent escapades with the airlines.

Five Questions

  1. Three words to describe yourself.
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

EmbedVideo received the bad id "txIDafxDA10"" for the service "youtube".

[Play music, Cut to sponsor logo, THEN START RECORDING]



[Cut to webcast graphic]

  • Santa, Paul and John are doing a webcast series titled Cracking The Code: How Security Nerds Become IT Leaders. Part 1, titled "From Penetration Testing Results To Improvement" will be held on June 10, 2015 at 2PM EST. You can get all the details at http://securityweekly.com/crackingthecode

[End Music]


[Cut to Paul]

  1. If you are working in IT and you want to get into security what are some tips you have for folks?
  2. Which certifications carry the most weight in terms of getting a job in security?

Stories of the Week - 7:30PM-8:00PM

EmbedVideo received the bad id "WBi155j8pQc"" for the service "youtube".

[Play music, Cut to sponsor logo, THEN START RECORDING]


  • Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
  • This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com


[Cut to announcement Graphics]

  • Security Weekly listeners receive 10% off products in our store with discount code 'IHACKNAKED'
  • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27

[End Music]

Paul's Stories

  1. Mimikatz vs Windows 8.1, Server 2012
  2. Netflix Releases FIDO Incident Response Tool
  3. Usbkill Script Can Render Computers Useless
  4. In charge of security? We need to talk...
  5. Would you buy an Ubuntu phone that doubled as a desktop PC?
  6. The Internet of Things will take a beating at DefCon
  7. Vixie Proposes 'Cooling-Off Period' For New Domains To Deter Cybercrime
  8. Infusion pump is hackable … but rumours of death are exaggerated
  9. Millions of WordPress websites at risk from in-the-wild exploit
  10. Google Ad Injectors
  11. Attackers exploit vulnerabilities in two WordPress plugins
  12. How to interview prospective employers
  13. iPad crash grounds dozens of American Airlines flights

Larry's Stories

  1. IoT at DEF CON 23. Also CFP.
  2. Google ad injectors hosting malware for Android
  3. Lenovo update tool vulnerable to MiTM
  4. Cyberlock gaggs on DMCA
  5. Here’s the Cyberlock short disclosure
  6. Win 10 to abandon patch tuesday
  7. Master lock combos in 8 tries or less. When can we get Samy on the show?
  9. Alleged strongarm tactics for IR via falsification via Tiversa

Joff's Stories from his Kangaroo Pals