From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 504

Episode Audio

Recorded March 9th, 2017


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.


Interview: Hyrum Anderson, Endgame - 6:00PM-7:00PM

Hyrum Anderson[1]

Hyrum Anderson (@drhyrum) is the technical director for data science at Endgame, where he leads research on detecting adversaries and their tools using machine learning. Prior to joining Endgame he conducted information security and situational awareness research at FireEye, Mandiant, Sandia National Laboratories and MIT Lincoln Laboratory. He received his PhD in Electrical Engineering (signal and image processing + machine learning) from the University of Washington and BS/MS degrees from Brigham Young University. Research interests include adversarial machine learning, deep learning, large-scale malware classification, and early time-series classification.

Interview: Keith Hoodlet, InfoSec Mentor Project - 7:00-7:30PM

Keith Hoodlet[2]

Keith Hoodlet (@andMYhacks) started down the path of Information Security in the mid-90's as a kid playing Blizzard's popular PC game, “Diablo", on a computer he built from parts. During that time, he learned how to use Telnet to spoof multiple connections to Blizzard's online platform "Battle.net" using unauthenticated Diablo trial accounts. Keith eventually went on to build a front-end GUI for his “bot” using Visual Basic; needless to say, it wasn't long before he became hooked on programming, text user interfaces, and networking protocols.

Keith graduated with a B.A. in Psychology in 2009, and worked odd-jobs to support his wife while she pursued her Master's Degree during the recession. He recently attended classes in Computer Science at University of New Hampshire, and briefly worked for a small Managed Security Services Provider, where he earned his Splunk Architect certification.

Keith is an Organizing Committee member for BSides Boston, and currently works as an Engineer on the Customer Success team at Rapid7. In his free time, he continues to expand my knowledge of Web Application Development and Security with his mentor, Casey Dunham.

Security News - 7:30-8:30PM

Paul's Stories

  1. AT&T, IBM, Symantec join in new IoT Cybersecurity Alliance | 4-Traders
  2. Firefox 52 Expands Non-Secure HTTP Warnings, Enables SHA-1 Deprecation
  3. Oops! 185,000-plus Wi-Fi cameras on the web with insecure admin panels
  4. CIA Analyzed Where The NSA Equation Group Went Wrong
  5. IDG Contributor Network: Why the Samsung TV spying hack is way overblown
  6. Why email is safer in Office 365 than on your Exchange server
  7. Critical vulnerability under massive attack imperils high-impact sites
  8. There's Disconnect Between Security Execs, Operators, Report Reveals
  9. Online Trust Alliance Recommends a Shared Model to Limit IoT Risk
  10. WikiLeaks Dump of CIA Hacking Secrets Alerts Us All to Security Flaws
  11. Dr. Chase Cunningham, A10 Networks: The Dawn of the DDoS of Things (DoT)
  12. New Fileless Attack Using DNS Queries to Carry Out PowerShell Commands
  13. Put down the coffee, stop slacking your app chaps or whatever and patch Wordpress
  14. Its finally over: Mastermind behind Prenda Law porn trolls pleads guilty | Ars Technica
  15. A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
  16. Is Mentorship the Key to Recruiting Women to Cybersecurity?
  17. FCC halts data security rules

Larry's Stories

  1. WD "fart" Cloud pwnage
  2. Vault7 - Nation state vs. non-nation state hackers and sophistication of the tool sets. many tools listed are used by pentesters, some developed independently for internal use, some developed by co-workers,, friends, and even some on our project roadmaps.
  3. VxWorks total pwnage...

Jack's Stories

Jeff's Stories

Joff's Stories