- 1 Announcements & Shameless Plugs
- 2 Kick off with Johnny Long
- 3 Marcus Ranum Interview
- 4 The Stogie Geeks Podcast
- 5 Ron Gula Interview
- 6 Tech Segment: Concealing Storage in Windows Volume Shadow Copy Service
- 7 Rob Graham Interview
- 8 Tech Segment: Ruby honeyports and the new anti-kit for android
- 9 Tech Segment: Busting Directories: Dirbuster and Alternatives
- 10 Tech Segment: Practical Password Brute Forcing
- 11 Tech Segment: New ways to Persist with Metasploit
- 12 HackNaked TV/ PaulDotCom Espanol /Dinner Break
- 13 Tech Segment: Google Hacking Diggity Project
- 14 Ancient alien beings, hypervisors and virtualization
- 15 Kevin Mitnick Interview
- 16 Pen Testing War Stories with Kevin Fiscus
- 17 Drunken Security News
Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 265 Hackers for Charity Twelve hour podcast for Friday October 28th, 2011.
Watch the show live below or at http://securityweekly.com/live August 31, 2012 10AM-6PM EDT
NOTE: The video will play the most recent show up until we are live!
The HFC group:
- Feeds children through a "food for work" program.
- Builds computer labs to help students learn skills and land jobs that are key to disrupting poverty's vicious cycle.
- Provides technical assistance to charities that can't afford IT services.
- Provides job experience and references to the Ugandan volunteers.
You can donate or get more involved via the Hackers for Charity website.
Kick off with Johnny Long
10 AM EDT
Johnny calls in to update us on his Hackers for Charity project.
Marcus Ranum Interview
- Marcus, what's the latest on cyberwar? Has stuxnet changed some of your views on Cyberwar?
- Speaking of SCADA, what can we do to improve the security of SCADA systems? It seems every month there is a new "SCADA hack" and vendors and organizations that aren't paying attention to security.
- Penetration tests are successful, and one of the primary ways in which we are gaining access to systems is through "client-side attacks". Essentially, we are tricking the user into running code, no vulnerabilities or "exploits" required. What can organizations do to protect against this threat?
- Speaking of vulnerabilities, there still seems to be a mindset in the community of "become vulnerable, exploit, apply patch, rinse, repeat". What can we do to shift people away from the "patch mindset" to defensive measures that actually work?
- Speaking of defensive measures, what are your thoughts on "smart firewalls"? Are they still the stop-gap measure that is masking the real problems?
Hosts: Paul Asadoorian & Tim "Bugbear" Mugherini
Noon - 1PM
Paul & Tim will smoke some cigars and tell you all about them, talk about what they's been smoking, and feature a "Stogie How-To" segment titled "The Top Ten Things You Should Not To Do With Your Humidor".
Ron Gula Interview
Tech Segment: Concealing Storage in Windows Volume Shadow Copy Service
Authors: Mark Baggett and Tim "LaNMaSteR53" Tomes
Rob Graham Interview
Tech Segment: Ruby honeyports and the new anti-kit for android
Author: John Strand
Tech Segment: Busting Directories: Dirbuster and Alternatives
Author: Larry Pesce
Tech Segment: Practical Password Brute Forcing
Author: Paul Asadoorian
Learn how to use CeWL and Hydra to password brute force web-based logins.
Tech Segment: New ways to Persist with Metasploit
Author: Carlos "DarkOperator" Perez
HackNaked TV/ PaulDotCom Espanol /Dinner Break
Tech Segment: Google Hacking Diggity Project
Author: with Jack "Tenacious" D.aniel
Ancient alien beings, hypervisors and virtualization
Your host for this journey will be none other than Eric Fitterman!
"Researchers in Central America recently discovered an ancient underground lake containing many new discoveries about the Mayan civilization. Among these discoveries were many mysterious glyphs depicting what appear to be other-worldy beings handing compact disks to Mayan priests. Excavation unearthed some ancient, but usable, compact disks, containing what appeared to be bootable Linux environments designed to reset passwords in VMware's ESX hypervisor. Eric Fiterman, of Rogue Networks, has extensively studied the artifacts from the project, and has learned that ancient alien beings may have given humans knowledge of hypervisors and virtualization long ago.
Eric believes that virtualization and computing were ancient technologies used by the Mayans, and that among this lost knowledge were the secrets of how to recover VMware hypervisor systems without a password. Eric will be discussing this recently discovered artifact, and is releasing a bootable ISO that allows users to restore ESX systems without re-installing the hypervisor."
Kevin Mitnick Interview
Pen Testing War Stories with Kevin Fiscus
Drunken Security News
(This segment can go anywhere during the 12 hours, it should last an hour)
10PM show over.