From Security Weekly Wiki
Jump to navigationJump to search

Episode Media

MP3 < Not yet published!


Paul's Security Weekly - Episode 396 for Thursday November 20th, 2014

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This episode is sponsored by Palo Alto Networks creators of THE next-generation firewalls, helping you enforce network security policies based on applications, users, and content. Visit them on the web at www.paloaltonetworks.com
  • And by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, the creators of Nessus, the worlds best vulnerability scanner. Check out the new Nessus Enterprise and Nessus Enterprise cloud, engage your IT department in the vulnerability management process today!
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man who doesn't give me enough time to create an intro even thought I tell him that I'm not ready, Paul Asadoorian"

  • Security Weekly Announcements:
    • Check out the SteelCon competition. Enter to win a SecurityTube Training course. You must write documentation for an open source project. Details can be found on the website. http://www.steelcon.info/competition/documentation-competition/
    • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18 and Berlin, Germany June 22-27
    • We have re-uploaded our most popular tech segments and interviews to a youtube playlist, dubbed "Security Weekly Reloaded" link here.

Guest Interview: Adrian Wade


Adrian Wade is a Director at Bright Things UN Ltd, an "internet of things" start up established this year in Bristol, England. Adrian had a twenty year career with engineering firms like Ericsson and Emerson Electric where he directed telecom site infrastructure business in the Asia Pacific region. In 2008 Adrian set up as an independent consultant helping telecom operators adopt smart energy systems that reduce carbon footprint and pay for themselves in energy bill reductions.

Adrian believes that everybody needs privacy on the internet occasionally and it should be easy to have it when you need it. Adrian can be found on twitter: @AdrianCloaked.


Link to the kickstarter project can be found here.

Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby grabby do you prefer to go first or second?
  5. Pick two celebrities to be your parents.

Tech Segment: Brandon McCann


Brandon McCann is a Principal security consultant with Accuvant LABS’ attack and penetration team with over seven years of experience in the information technology industry. Brandon specializes in focused penetration testing, antivirus avoidance and advanced email phishing tactics.

Brandon is co-founder of pentestgeek.com and the founder of the Phishing Frenzy open source project. Additionally, Brandon is an active part of the metasploit project with over 10 committed metasploit modules and continues to be very active within the security community. Brandon holds several certifications including: OSCP, CCENT, GCFA, MCP. Brandon can be found on twitter @zeknox.


Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby grabby do you prefer to go first or second?
  5. Pick two celebrities to be your parents.



  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Paul's Stories

  1. De-clocking tor traffic
  2. "Wireless attacks against 'air gapped' targets are possible
  3. You're Doing BYOD Wrong: These Numbers Prove It - Dark Reading
  4. DarkHotel: A Sophisticated New Hacking Attack Targets High-Profile Hotel Guests | WIRED
  5. BASHLITE Affects Devices Running on BusyBox
  6. "Major iOS security flaw ‘Masque Attack’ reportedly uncovered
  7. Reverse Engineer a Verisure Wireless Alarm part 1 – Radio Communications | Fun Over IP
  8. SANS Digital Forensics and Incident Response Blog | Protecting Privileged Domain Accounts: Restricted Admin and Protected Users | SANS Institute
  9. HP TippingPoint + Mobile Pwn2Own: Day 2 - HP Enterprise Business Community
  10. HP TippingPoint + Mobile Pwn2Own = Zero Day Filter... - HP Enterprise Business Community
  11. Disarming and Bypassing EMET 5.1
  12. Additional information about CVE-2014-6324

Larry's Stories

  1. OMG WEBCAMS! - Yes the ones with default or no creds, easily indexed by country for your voyeuristic pleasure.
  2. Phillips smart TV - Leveraging the “SERV. U” port, which is serial, in combination with network scans to root Phillips TVs. Connect via serial, get info. Scan, find UPNP inversions in combination with kernel versions from serial port. Determine that UPNP is vulnerable. Launch attacks and see when crashes occur via stderr sent to the serial port. Map memory after cross compiling libupnp for mips32, find overflow.
  3. An Unofficial survey - Do you use SSL/TLS on internal hosts? - I thought that the results were pretty ugly. Many of the respondents said, yes, but only in signifigantly under 25% of the cases where it could be used, and configured poorly with self signed or bogus certs. Ouch.
  4. Bashlite - Yep, malware using ShellShock on busybox. Looks like there will be a whole new set of owned embedded devices in our future.
  5. Kali with PiTFT support - I think I shoed one of these off on an earlier show; the ability to add a small TFT touch screen to a RasPi, which I use for Kismet and wardriving. Now there is support for a screen ON the Pi for Kali.
  6. butts. that is all. Dr. Krawetz did a great analysis of Paper’s Kim Kardashian image that would ”break the internet”. Not everything is as it seems, nor did it break the internet...
  7. Android Priv escalation - Yup, time to upgrade to 5.0 if you care about these things…good for us as attackers with the ability to bypass ASLR.

Jack's Stories

  1. Brigham and Women’s Hospital Notifies Patients of a Potential Privacy Incident A doctor is the victim of an armed robbery- and was forced to give up his password at gunpoint. That's not very nice.

=Dutch Police investigate security breach after confidential files are found via Google

  1. Is PGP Usable Yet? This site anwers the question.
  2. Violet Blue's 10 top security threats of 2014 (so far). Did she miss any?
  3. 44 felony counts!! reduced to a single misdemeanor charge. Sounds like the case against "evil hacker" Fidel Salinas fell apart under examination.
  4. White House to revive NSA surveillance legislation during next Congress in the aftermath of the defeat of the USA Freedom Act in the Senate.
  5. MS14-066 re-released since the original patches kinda broke stuff. Like SQL 2008 and stuff.
  6. MS14-068 released out of band to address Kerberos vulns in use in the wild. And Jack is terrified. And may even make a prediction.
  7. How to report "Microsoft" support scam calls. Microsoft really works to shut these scumbags down, if you or someone you know gets a call, here's how to report in the US, Canada, and the UK.

Joff's musings from down under