Episode516

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 516

Episode Audio

Recorded on June 1, 2017

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Announcements

    Interview: Don Pezet, ITProTV - 6:00PM-7:00PM

    Don Pezet[1]

    Don Pezet has been working in the IT industry for over 18 years. In addition to working with the technologies, he has also been training others for over 12 years. He is a certified trainer with many vendors including Microsoft and Cisco. His combination of real-world experience, textbook knowledge, and a questionable sense of humor have helped him to entertain and educate thousands of people. He and his business partner Tim Broom founded ITProTV in 2013. ITProTV has been described as the Netflix of IT training, with over 2000 hours of original IT training content available online.

    Tech Segment: Finding Node.js with Moses Hernandez, Cisco/SANS - 7:00-7:30PM

    Moses Hernandez [2]

    Moses is a Consulting Systems Engineer for Cisco Systems, an instructor for the Penetration Testing Courses at SANS, and provides several days of Content for SEC642: Advanced Web Application Penetration Testing. He has been loosely involved in all things ‘computer’ since the mid 90 were when he ran bulletins boards as a teenager. Other than the regular types of jobs an info sec pro can hold, he has also worked as a platform operator automating application delivery and has given talks on working in the trenches with developers and operations. You can find him twittering and occasionally blogging at renegade.blog.

    Moses has been deeply researching NodeJS and its evolution from a purely server-side application platform into a client-side delivery mechanism. The purpose of the tectorial is show how someone can find Node.JS on a system, locate the different versions of it, and explore different ways to get through a desktop system(s).

    Security News - 7:30-8:30PM

    Paul's Stories

    1. GDS - Blog - ICS/SCADA Systems for Penetration Testers: A Typical Engagement
    2. oAuth nightmares talk
    3. Who Are the Shadow Brokers?
    4. Windows XP Too Unstable To Spread WannaCry
    5. Patches Available for Linux Sudo Vulnerability
    6. Hack Department of Homeland Security Act Would Bring Bug Bounty Program to DHS
    7. SMB Security: Don't Leave the Smaller Companies Behind
    8. WannaCry Development Errors Enable File Recovery
    9. OneLogin Suffers Breach - Customer Data Said To be Exposed, Decrypted
    10. Bikers Charged With Hacking Hundreds Of Jeeps And Motorcycles
    11. Cisco, Netgear Readying Patches For Samba Vulnerability

    Larry's Stories

    1. Operation Cobalt Kitty
    2. Booz Allen leave 60K classified docs in Amazon S3
    3. Attack and Defense, Jay Beale style
    4. Decoding DECT with an RTL-SDR - Self serving "plug"

    Jeff's Stories

    1. Chipotle Breach
    2. Bad Reporting on the Chipotle Breach
    3. Gives new meaning to “Blue Light Special”: K-Mart reporting another Credit Card Breach
    4. Jeff is keynoting Hak4kidz Chicago this weekend!

    Joff's Stories

    1. One Login Password Manager Hacked
    2. Patriotic Russian Hackers?
    3. Shadow Brokers 0Day Subscription