From Security Weekly Wiki
Jump to navigationJump to search

Episode 419 - Intro, Sponsors & Announcements 6:00PM-6:05PM

Episode Media



"This week we interview Gavin Millard from Tenable Network Security, put an end to the "wake up Mehreen" meme, and talk about jamming logs in our stories of the week, so stay tuned!"

Broadcasting live from G Unit Studios in Rhode Island, the show where exploits run wild, packets aren’t the only things getting sniffed, and the cocktails flow steady its Paul’s Security Weekly!

  • Brought to you by Pwnie Express - Check out the community edition and turn your Nexus 7 into a lean and mean pen testing machine. For all those hard to reach places, there's Pwnie Express, visit them on the web at http://pwnieexpress.com
  • And by Onapsis the leading provider of solutions to protect ERP systems from cyber-attacks. Customers can secure their SAP and Oracle business-critical platforms from espionage, sabotage and financial fraud risks. Visit them on the web at http://www.onapsis.com/

Now, fire up a packet capture, pour yourself a beer, and give the intern control of your botnet...

Paul: Hello everyone and welcome to Paul's Security Weekly - Episode 419 for Thursday May 21st, 2015, I'm your host Paul Asadoorian

  • Introduce hosts and guests


  • Ready to learn Combat Firmware Analysis? Register for my Blackhat course "Embedded Device Security Assessments", a 2-day hosted class at Blackhat Las Vegas. Registration includes breakfast, lunch, and access to the Blackhat Briefings Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal! Visit http://securityweekly.com/iot to register today!
  • Santa, Paul and John are doing a webcast series titled Cracking The Code: How Security Nerds Become IT Leaders. Part 1, titled "From Penetration Testing Results To Improvement" will be held on June 10, 2015 at 2PM EST. You can get all the details at http://securityweekly.com/crackingthecode

Interview: Gavin Millard, Shadow IT 6:05PM-7:00PM

EmbedVideo received the bad id "U8H3Pl24znM"" for the service "youtube".

This week Gavin Millard from Tenable Network Security joins us to shine a light on Shadow IT, talk about how to get things done in security, and several more topics related to information security. Gavin is also the husband of Mehreen, who you all may know from the popular Security Weekly meme "wake up Mehreen".


Gavin is a trained, ethical hacker who works with medium and large enterprises to address their cybersecurity challenges. With a deep understanding of how attackers plot a breach, he helps bring these companies to a trusted state of IT infrastructure. He previously worked as the Europe, Middle East and Africa (EMEA) technical director for Tripwire. He has also spoken frequently on data integrity, hacking and other key security topics. Current Position: As Technical Director, EMEA, Gavin is involved with the major clients in the EMEA region, helping to manage and reduce their attack surface.


  1. How did you get your start in information security?
  2. What the heck is Shadow IT?
  3. How do we get a handle on employees bringing their own devices? Do we control them? Do we control the information? Do we just give everyone a "secure" phone?
  4. Why is asset discovery so important?
  5. What actions should you be taking against the asset discovery?

Five Questions

  1. Three words to describe yourself.
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.


Gavin's Blog - http://www.codifysecurity.com/

Stories of the Week - 7:00PM-8:00PM

EmbedVideo received the bad id "Mq-IWWw7W7A"" for the service "youtube".


  • Brought to you by Black Hills Information Security, the leaders in penetration testing and active defense. Email consulting@blackhillsinfosec.com to request a quote today!
  • This segment is sponsored by The SANS institute the most trusted source for computer security training, certification and research. visit www.sans.org to learn more
    • Be sure to check out Paul and John's new SANS class, SANS 550: Active Defense, Offensive Countermeasures and Cyber Deception!
  • And by Tenable Network Security, creators of Nessus, the world's best vulnerability scanner! Jumpstart your security program today and evaluate SecurityCenter CV, THE continuous monitoring solution. www.tenable.com


  • Don't forget to Register for SOURCE Boston coming up May 25-28th!
  • Security Weekly listeners receive 10% off products in our store with discount code 'IHACKNAKED', which now include Hack Naked Stickers! Visit http://shop.securityweekly.com and get yours today!
  • Larry teaching SANS 617 Wireless Ethical Hacking and Defense coming up in, Austin, TX May 18-23, Baltimore, MD (SANSFIRE) June 13-20, and Berlin, Germany June 22-27, and lots more places so be certain to check the SANS web site for more course offerings!

Paul's Stories

  1. WordPress FeedWordPress 2015.0426 SQL Injection
  2. WordPress WP Photo Album Plus 6.1.2 Cross Site Scripting
  3. Phantom Menace Hack Strikes Oil Industry
  4. United Airlines Bug Bounty Pays With Miles
  5. Lets Call Stunt Hacking What it is
  6. Our Lord of the Flies moment
  7. How I Got Here: Marcus Ranum
  8. Toyota Prius batteries being targeted by car thieves
  9. 1.1 Million Hit In Another BlueCross BlueShield Breach
  10. Security Researchers Wary of Proposed Wassenaar Rules
  11. NetUSB Flaw Puts Millions Of Routers At Risk
  12. ‘90s-style security flaw puts “millions” of routers at risk
  13. How your next password could be your brain
  14. The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange
  15. Half Of Retail
  16. A practical history of plane hacking: Beyond the hype and hysteria

Kevin's Stories

Joff's Stories

Santar-Canned-Jello's Stories