Episode447

From Paul's Security Weekly
Jump to: navigation, search


Paul's Security Weekly - Episode 447 - 6:00PM

Episode Media

MP3

Intro, Sponsors & Announcements

Paul: This week, We interview Chis Domas.

Larry: Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, systems aren't the only things getting penetrated, functions are the only things getting wrapped, bits aren't the only things getting banged and the cocktails flow steady its Paul’s Security Weekly!

Sponsors

  • Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
  • And by Netsparker, the developers of the ONLY false positive free web application security scanners, enabling you to automatically identify vulnerabilities and security flaws in all your websites, web applications and web services. Netsparker scanners are available in two editions, Netsparker Desktop and Netsparker Cloud, the enterprise level online scanning service. For more information visit their website on https//www.netsparker.com/securityweekly/
  • This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more

Larry: Here's your host, here's a man who has no idea what he's going to say, eh?, Paul Asadoorian!

Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 447 for Thursday, January 14th 2016

Interview: Chis Domas - 6:05PM-7:00PM

Chris Domas is an embedded systems engineer and cyber security researcher, focused on innovative approaches to low level hardware and software RE and exploitation.

The M/o/Vfuscator:

  • World's first single instruction C compiler
  • Based on a proof that the "mov" instruction is Turing-complete
  • Takes C code and compiles it into only "mov" instructions (unconditional data transfers on x86)
  • Proved the Turing-completeness of the x86 instructions: xor, adc, add, xadd, sub, sbb, and others & allows compiling to wide variety of single and dual instruction targets
  • Illustrated applications in hidden computation, code obfuscation, anti-reverse engineering

The Memory Sinkhole:

REpsych:

..cantor.dust..:

Stories of the Week - 7:00PM-8:00PM

Sponsors

  • Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/

Paul's Stories

  1. DSA-3444 wordpress - security update
  2. Fortinet SSH Backdoor Found In Firewalls
  3. Was Sean Penn really responsible for El Chapo’s arrest? | Fusion
  4. Denial-of-Service Flaw Patched in DHCP
  5. Curious Tale of a Microsoft Silverlight Zero Day
  6. "Adobe Patches Code Execution Flaws in Reader
  7. The Infamous 'Hacker Manifesto' Just Turned 30
  8. $30 Webcam Spun Into Persistent Network Backdoor
  9. Microsoft finally has a proper way to opt out of Windows 7/8 to Windows 10 upgrades
  10. Why thinking like a criminal is good for security
  11. IoT Security: $1-per-Thing To Protect Connected Devices
  12. "Cisco fixes unauthorized access flaws in access points
  13. Powerball lessons for infosec
  14. Mythical vuln-disclosure program

Larry's Stories

I need links but...
  1. The witch who removes Viruses with a Magic - about as effective as "real" AV
  2. TrendMicro API goodies from Tavis Ormandy - Wow, node.js fail and others.

Jack's Stories

  1. Ann Caracristi, who cracked codes, and the glass ceiling, at NSA, dies at 94

Joff's Stories

  1. Hard Coded Backdoor in Fortinet Devices
  2. Hardware/Software Hack on WiFi Doorbell
  3. Ransomware Impacts Cloud Service
  4. Trend Micro Critical Defects