From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 444 - 6:00PM

Episode Media


Intro, Sponsors & Announcements


This week, Ed Skoudis joins us to talk about the Holiday Hacking Challenge and we talk about the future of penetration testing with our very own John Strand. Security news for the week addresses this question: "Who is the man behind Bitcoins?" All that and more so stay tuned!."


Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, systems aren't the only things getting penetrated, functions are the only things getting wrapped, bits aren't the only things getting banged and the cocktails flow steady its Paul’s Security Weekly!

  • Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
  • And by Netsparker, the developers of the ONLY false positive free web application security scanners, enabling you to automatically identify vulnerabilities and security flaws in all your websites, web applications and web services. Netsparker scanners are available in two editions, Netsparker Desktop and Netsparker Cloud, the enterprise level online scanning service. For more information visit their website on https//www.netsparker.com/securityweekly/
  • Looking for a career change? Tenable Network Security is hiring! Everything from programmers to researchers, check out all of the available positions at http://securityweekly.com/tenablejobs. If you are listening to this show, check out the following two positions, both technical and both are work from home: Nessus Vulnerability Research Engineer and C Software Engineer
  • Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com

Larry: here's your host, a man who can dream about you, if he can't hold you tonight, Paul Asadoorian!

Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 444 for Thursday, December 10th 2015


  • Use discount code "BLACKFRIDAY" and save 50% on all items in the store, including Hack Naked shirts and limited edition Security Weekly 10-year anniversary hoodies! Visit http://shop.securityweekly.com today!
  • Start your 2016 conference plans now and attend Infosec World 2016 http://infosecworld.misti.com/

Special Segment: Ed Skoudis Holiday Hack Challenge Update - 6:05PM-6:20PM

EmbedVideo received the bad id "agEs_ZJ5FvQ"" for the service "youtube".

  1. What is one thing about you that most people do not know?
  2. Choose a song that, in your opinion, best represents one of the following: A) Your life B) One you would play to get "pumped up" C) The best break up song
  3. As most people know, the popular game of ass-grabby-grabby is played with teams of 3. Choose two people, other than yourself, to represent your team in the popular game of ass-grabby-grabby.
  4. If you could have dinner with one person, other than those you chose to be your parents, who would it be and why? (Alive or Dead, Fiction or Non-Fiction)
  5. Outside of the career you chose, or the career that chose you, if you could choose anything, what would be your fantasy career or job?

Special Segment: John Strand on the Future of Penetration Testing - 6:20PM-7:00PM

EmbedVideo received the bad id "Y--jiE0w4XU"" for the service "youtube".


5 Questions on Pen Testing:

1) What can you do to prepare to receive a penetration test?

2) How can you make the most of pen test results?

3) What scenarios are not being pen tested today the present the most risk to organizations?

4) How can we work to build in more effective pen testing for BYOD environments?

5) What will we be pen testing in the future that organizations are just beginning to think about implementing today? (Docker, more cloud, etc...)

Stories of the Week - 7:00PM-8:00PM

EmbedVideo received the bad id "PqwJ40BqIek"" for the service "youtube".


  • This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/

Paul's Stories

  1. The Programming Languages That Spawn The Most Software Vulnerabilities
  2. "Lock up your top-of-racks
  3. "France Looking At Banning Tor
  4. "Vulnerabilities found in Lenovo
  5. Linksys routers vulnerable through CGI scripts
  6. "Trump Says ""Closing The Internet"" Is A Good Way To Fight Terrorism"
  7. Known Security Flaw Found In More Antivirus Products
  8. "Toys Could Be Used As Spying Devices
  9. "Cisco Warning of Vulnerabilities in Routers
  10. The Employee Password Habits That Could Hurt Enterprises
  11. Internet Root Name Servers Survive Unusual DDoS Attack
  12. "Enforcing USB Storage Policy with PowerShell
  13. "New Burp Feature - ClickBandit
  14. In patches we trust: Why software updates have to get better
  15. Bitcoin’s Creator Satoshi Nakamoto Is Probably This Unknown Australian Genius
  16. Australian Police Raid Chap's Home In Hunt For Bitcoin Creator
  17. Bitcoin whodunit leads to Oz - CNET
  18. Some notes on fast grep

Larry's Stories

  1. AOL vulns going way, way back
  2. free/$20 SDR training
  3. cheap $25 RFID cloner
  4. VTech Breach reveals passwords stored as md5 hashes
  5. Army no longer putting SSNs on dog tags
  6. Got any Satoshi's?

Michael's Stories

Joff's Stories

  1. Encryption - did the founders ever imagine where we would be today?

Kevin's Stories

Jeff's Stories

  1. Wyndham Breach