From Security Weekly Wiki
Jump to navigationJump to search

Recorded July 18, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Patrick Laverty
    is a Pentester for Rapid7
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.

  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.

    Interview: Katie Nickels, MITRE - 6:00-6:30PM

    Katie Nickelsis the ATT&CK Threat Intelligence Lead at MITRE Corporation

    Katie Nickels is the ATT&CK Threat Intelligence Lead at The MITRE Corporation, where she focuses on sharing how ATT&CK is useful for moving toward a threat-informed defense. She is also a SANS instructor for FOR578: Cyber Threat Intelligence. Katie has worked in network defense, incident response, and cyber threat intelligence for nearly a decade. She hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. With more than a dozen publications to her name, Katie has shared her expertise with presentations at BSidesLV, the FIRST CTI Symposium, multiple SANS Summits, Sp4rkcon, and many other events. Katie is also a member of the SANS CTI Summit and Threat Hunting Summit Advisory Board. She was the 2018 recipient of the President's Award from the Women's Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM.

    Segment Title/Topic:

    Segment Description:
    MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

    Segment Resources:

    Topic Segment: Security Roundtable 6:30 - 7:30PM

    In this segment, we're going to talk about various security topics, such as:

    • Vulnerability Management - Name three tips for a successful vulnerability management program. How has vulnerability management changed in recent years?
    • Patching - How can we motivate IT operations to apply patches more timely and consistently? Do we even need to rely on patches for security today? Can we just patch the critical ones?
    • Hunt Teaming - What can organizations do to discover breaches more quickly and consistently? What are the best and most effective ways to hunt?
    • Asset Management - How can organizations build and maintain an accurate inventory of software and systems?
    • System Hardening - How should organizations develop a standard for “secure” systems and how should the program be structured? How much do we rely on configuration standards and compliance versus developing our own standards?

    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Adoption rates of basic cloud security tools and practices still far too low - Help Net Security
    2. Is web crawling legal? - Towards Data Science
    3. Still not using HTTPS? Firefox is about to shame you
    4. Malicious Python packages found on PyPI - Help Net Security
    5. Hacked Bluetooth hair straighteners are too hot to handle
    6. Identity Theft on the Job Market - Schneier on Security
    7. 79% of US Consumers Fear Webcams Are Watching
    8. Over 800,000 Systems Still Vulnerable to BlueKeep Attacks | SecurityWeek.Com
    9. How Capture the Flag Competitions Strengthen the Cybersecurity Workforce
    10. Slack resets passwords for 1% of its users because of 2015 hack | ZDNet
    11. No, You Dont Need a Burner Phone at a Hacking Conference
    12. 8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
    13. Open Source Hacking Tool Grows Up
    14. Best Practices for Branch Office Edge Security
    15. Alan Turing - the face of the new 50 note
    16. 18% of Enterprises Holding Back on Windows 10 Upgrade
    17. Mysterious hackers steal data of over 70% of Bulgarians
    18. Woman arrested at Apple store after inserting half-dozen stolen iPads inside her vagina

    Jeff's Stories

    1. John Paul Stevens and the U.S. Navy at War Remembering a fellow Cryppie who helped the U.S. turn the tide on the Japanese during World War II
    2. Slack Resets User Passwords After 2015 Data Breach
    3. Hacker Breached Sprint Customer Accounts Through Samsung Website
    4. Why 72% of people still recycle passwords Why 100% of Security Weekly hosts drink
    5. A.I. has a bias problem and that can be a big challenge in cybersecurity I'll bet some of us agree with this and some disagree. Why? Bias.
    6. Lenovo Confirms 36TB Data Leak Security Vulnerability "These vulnerabilities, if exploited, could have impacted the integrity, availability, and confidentiality of the systems," - I've got a few problems with this statement...
    7. Apple Is Sending Out Another Silent Update To Fix RingCentral Webcam Flaw Does Apple have a problem with worms?
    8. Zoom vulnerability reveals privacy issues for users Wait, don't we use Zoom?

    Patrick's Stories

    1. Why BlueKeep Hasn't Wreaked Havoc Yet
    2. 800k Systems Still Vulnerable to BlueKeep
    3. Billy Rios and Jonathan Butts created a Device that can literally kill people
    4. YAAS - Yet Another App Store - Kali NetHunter