Episode485

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 485

Episode Audio

Recorded: October 13, 2016

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.


Announcements

  • Make sure you visit http://securityweekly.com/subscribe and subscribe to our new shows including Enterprise Security Weekly and Startup Security Weekly. You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked TV and Enterprise Security Weekly.

Interview: Scott Lyons and Joshua Marpet - 6:00-7:00PM

  • Scott Lyons

V.P. of Business Development for WarCollar Industries Graduate of the school of hard business knocks Has worked all over the IT industry, from client-side to fulfilling client needs in both commercial and federal sectors Assisted in multiple Bsides Events, a Goon at both ShmooCon and DEFCON Certification holder (won’t say which) Has the work ethic of an OX His passions are people and cigars SLyons@warcollar.com @CSP3R_TH3_GH0ST


  • Joshua Marpet, Guarded Risk -

Joshua Marpet is a well known Security Researcher and speaker. With experience gained from many positions in industries ranging from the Federal Reserve System and law enforcement to cosmetics companies and blacksmithing, Josh has been around the block more than once. http://www.guardedrisk.com/

http://www.irongeek.com/i.php?page=videos/derbycon6/308-business-developement-the-best-non-four-letter-dirty-word-in-infosec-scott-lyons-and-joshua-marpet

  1. Three words to describe yourself.
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

Listener Feedback: Drinking From The InfoSec Fire Hose - 7:00PM-7:30PM

Kevin Geil,

As for the errata, in the last 3 episodes, there has been a lot of mention of responder. It piqued my interest because I had just set up a lab to test Responder a few weeks ago. I think it was Larry who introduced Responder as an LLMNR sniffer, but that's not exactly what it does. It's much cooler than just sniffing, Responder responds to LLMNR queries, and abuses the "Trust anyone who responds" relationship by spoofing the response. I wrote up my lab activity, and have it posted here: http://friendandfamilytech.com/responderlab1 (It's really short, I promise). Forgive my not so nice website, but the fact that I can't seem to find the time to make my desired improvements relates to my question for your crew:

As far as your personal learning and projects go, how do you guys decide how to appropriately drink from the infosec fire hose? It seems like every new thing I break into has the potential to consume a lifetime in learning the details and fundamentals. Specifically, when you're learning something new, how do you decide how deep to go, and then when to stop?

______________________________________________________________________________________________________________________________________________________________________________________________________________________________________

Security News - 7:30PM-8:30PM


Paul's Stories

  1. Disappearing Messages Added to Signal App
  2. IoT Devices as Proxies for Cybercrime
  3. Telnet, SSH prod of death smashes Cisco broadband boxes offline
  4. How Hackers Plant False Flags to Hide Their Real Identities | Motherboard
  5. Nuclear Power Plant Disrupted by Cyber Attack
  6. JTAG Explained (finally!): Why "IoT" Makers, Software Security Folks, and Device Manufacturers Should Care - Senrio
  7. We're Not Going To Beat Cybercrime In Our Lifetime
  8. MITRE Will Give You $50k To Fingerprint Rogue IoT Devices
  9. IoT Malware Has Apparently Reached Almost All Countries
  10. Sex robots with warm skin to hit dating scene and could benefit relationships
  11. 4 cybersecurity trends you need to be aware of
  12. 4 cybersecurity trends you need to be aware of
  13. Yahoos CISO resigned in 2015 over secret e-mail search tool ordered by feds
  14. Hack Crashes Linux Distros with 48 Characters of Code

Larry's Stories

Joff's Stories

Michael's (Santa) Stories

Carlos's Stories

Jack's Stories