From Security Weekly Wiki
Revision as of 02:10, 28 January 2015 by Kcrawford (talk | contribs) (→‎Links)
Jump to navigationJump to search

Episode Media

MP3 < Not yet published!


Paul's Security Weekly - Episode 404 for Thursday January 29th, 2015

And now, from the dark corners of the Internet, where exploits run wild, packets aren’t the only things getting sniffed, and the beer flows steady its Paul’s Security Weekly!

  • This interview is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com
  • And by Black Squirrel. Pentest Networks from Your Browser! Exploit the limits of network security through just a browser. Have a Chrome exploit in your toolkit? Good, but for the rest of us there's Black Squirrel. Visit blacksquirrel.io for more information.

"Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet..."

"Here's your host, a man looks very much like Jesse Pinkman, bitch. Paul Asadoorian"

  • Security Weekly Announcements:
    • Cold weather got you down? Warm up to Embedded Device Security Assessments, a 2-day hosted class at the SANS ICS Summit on February 25-26th, Security Weekly listeners receive a 10% discount when using the code SECWEEK10. Register Here Today!
    • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in Orlando April 11-18, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27
    • Security Weekly listeners also receive 10% off products in our store with discount code 'IHACKNAKED'
    • Purchase an Encryption is not a crime t-shirt and support the EFF and Hackers for Charity here.

Guest Interview: Michael Santarcangelo


With nearly two decades shaping information security, Michael Santarcangelo is known as the catalyst to develop IT leaders. With his guidance, leaders improve their ability to prioritize assets and efforts, measure and demonstrate wins, and effectively communicate their value to other leaders. Freed-up energy enables higher levels of performance and accelerates change.


My book - Into the Breach

Twitter: @catalyst

My column at CSO Magazine: Translating Security Value

LinkedIn Profile (and writing there)


Five Questions

  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby grabby do you prefer to go first or second?
  5. Pick two celebrities to be your parents.


EmbedVideo received the bad id "J7mo4M36epo"" for the service "youtube".


  • Stories of the week is brought to you by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/
  • And by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!

Carlos's Stories

  1. Password Re-use Fuels Starwood Fraud Spike
  2. Flash Patch Targets Zero-Day Exploit
  3. Big bag of fixes: Oracle's Critical Patches for Jan 2015 close 160 holes, 93 remotely exploitable

Larry's Stories

  1. Pentesting Firebird Databases - These damned things frustrate the hell out of me and now I’m glad I have this guide. Turns out it is easier than I ever made it out to be.
  2. Hacking cars for Insurance dongles - Cell MiTM, reverse engineering, unsigned code and updates and now you have a wireless device you can use to control someone else’s car over CANBUS.
  3. Keysweeper - Capturing MS 2.4Ghz keystrokes. It has been done before but this one is a bit innovative; submits keystrokes via 2G cell to a remote server (that you control), log to onboard flash (coming soon?) and to serial port.
  4. Litter box DRM - Two weeks ago it was Keurig coffee DRM, this week, kitty litter DRM.
  5. LeakedIn - a pastebin trolling tool that looks for possible disclosures. I'd love to get the backend code so I could customize searches. If anyone knows of good automated pastebin search tools, I’d love to hear about them
  6. WPscan licensing - WPscan has a GPL licensce and lots of interesting things happen with folks selling it “in violation” of the GPL. Ryan Dewhurst sent one company a note to stop selling it and here is their response.

Joff's stories of his teenage mates of past days

  1. I like cool toys - {Ed. Joff, like this one?}