From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly #555

Recorded April 12, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Keith Hoodlet
    is the Senior Manager of Global DevSecOps at Thermo Fisher Scientific; Co-Founder of the InfoSec Mentors Project .
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Not Kevin
    Senior Security Engineer at Barkly, Co-Founder of Vermont Hackspaces, definitely Not Kevin.
  • Announcements

    • Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW75WMKW to get a $75 discount!

    Interview: Ron Gula, Gula Tech Adventures - 6:00PM-7:00PM

    Ron Gula
    is the Founder of Tenable and Gula Tech Adventures.

    Serial Cyber Security Entrepreneur. Founded Tenable Network Security and Network Security Wizards. 15+ years experience as CEO in cyber security industry.

    Ron started his cybersecurity career as a network penetration tester for the NSA. At BBN, he developed network honeypots to lure hackers and he ran US Internetworking's team of penetration testers and incident responders. As CTO of Network Security Wizards, Ron pioneered the art of network security monitoring and produced the Dragon Intrusion Detection System which was recognized as a market leader by Gartner in 2001. As CEO and co-founder of Tenable Network Security, Ron led the company's rapid growth and product vision from 2002 through 2016. He helped them scale to more than 20,000 customers worldwide, raise $300m in venture capital and achieve revenues in excess of $100m annually.

    Tech Seg: Got Privs? Extract and Crack the Creds by Joff Thyer - 7:00-7:30PM

    In the bad old days we used to exploit LSASS memory to dump hashed credentials from memory. When dealing with a domain controller, and a large environment this is dangerous. This segment will address a safer way to extract hashed credentials from the environment for subsequent download, and cracking.

    Joff has over 15 years of experience in the IT industry in roles such as enterprise network architect and network security defender. He has experience with intrusion detection and prevention systems, penetration testing, engineering network infrastructure defense, and software development.

    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Trollcave: 1.2 ~ VulnHub
    2. Malicious IoT hackers have a new enemy
    3. Warranty void stickers 'not valid' in US
    4. Portspoof - Spoof All Ports Open & Emulate Valid Services
    5. The Truth Hurts - The Hacker Factor Blog
    6. InfoSec Handlers Diary Blog - Threat Hunting & Adversary Emulation: The HELK vs APTSimulator - Part 2
    7. NetSec
    8. When Identity Thieves Hack Your Accountant Krebs on Security
    9. This Radio Hacker Could Hijack Citywide Emergency Sirens to Play Any Sound
    10. One in five serverless apps has a critical security vulnerability
    11. Microsegmentation: Strong Security in Small Packages
    12. Hacker Can Steal Data from Air-Gapped Computers through Power Lines - Well, the same group of researchers has previously demonstrated various out-of-band communication methods to steal data from a compromised air-gapped computer via light, sound, heat, electromagnetic, magnetic and ultrasonic waves.
    13. Protecting Routers and Other Network Equipment - Security Boulevard
    14. Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords

    Larry's Stories

    1. Hijacking emergency sirens
    2. Hacking 757's
    3. cheaper wifi cactus
    4. Russia has figured out how to jam US drones

    Keith's Stories

    1.) AWS Firewall Manager: Central Management for Your Web Application Portfolio

    2.) Jail for white collar pirates who stole from Oracle

    3.) Neo-Nazis Turn to Privacy-Focused Cryptocurrency Monero

    4.) Russia moves to block Telegram after encryption key denial

    Jason's Stories

    1.) Kemi Badenoch MP, self-confessed website hacker

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+