From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 484

This week, Cody Pierce from Endgame will talk about exploit prevention. Security news will discuss Yahoo! spying, Mirai source code lessons learned, I will try my best, but fail, at not saying "I told you so!", and more! Our interview this week is with Ed Skoudis of Counterhack Challenges and The SANS Institute. Ed will discuss IoT security, the Holiday Hack Challenge and upcoming SANS Hackfest conference

Recorded: September 29, 2016


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.

Episode Audio

[] Coming Soon


  • Visit http://securityweekly.com/hotseat for the latest edition happening on Sept 13th 2PM EST, register today! We wile sit down with Yolonda Smith, Director of Product Management with Pwnie Express. We will dig into the shift in the number, types, and ownership of devices showing up on enterprise networks, and how you can protect your company from new threats from these devices. We will also get into some cool tech for monitoring and securing your enterprise from wireless, bluetooth, cellular and even good old wired device threats.
  • Make sure you visit http://securityweekly.com/subscribe and subscribe to our new shows including Enterprise Security Weekly and Startup Security Weekly. You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked TV and Enterprise Security Weekly.

Tech Segment: Pre-exploit Preventing - 6:00PM-6:30PM

Cody Pierce from Endgame will be giving a 15 minute segment on Pre-exploit Preventing.

Cody Pierce has been involved in computer and network security since the mid 90s. For the past 13 years he has focused on discovery and remediation of known and unknown vulnerabilities. Instrumental in the success of HP's Zero Day Initiative program, Cody has been exposed to hundreds of 0day vulnerabilities, advanced threats, and the most current malware research. At Endgame, Cody has lead a successful team tasked with analysing complex software to identify unknown vulnerabilities and leveraged global situational awareness to manage customer risk. A notable contributor to the vulnerability analysis and reverse engineering community Cody has been a subject matter expert in the media, referenced in industry literature, and has presented at notable industry conferences. Cody holds a unique perspective at the intersection of the most advanced threats and the state of the art in defensive measures and trends. https://www.blackhat.com/us-16/speakers/Cody-Pierce.html

Security News - 6:30PM-7:30PM

Paul's Stories

  1. Sex robots with warm skin to hit dating scene and could benefit relationships
  2. 4 cybersecurity trends you need to be aware of
  3. Yahoo’s CISO resigned in 2015 over secret e-mail search tool ordered by feds
  4. Hack Crashes Linux Distros with 48 Characters of Code
  5. Vulnerabilities in Insulin Pumps Can Lead to Overdose
  6. IoT Home Router Botnet Leveraged in Large DDoS Attack
  7. Source Code for IoT Botnet ‘Mirai’ Released — Krebs on Security
  8. Is My Webcam An Offensive Weapon?
  9. Domain Name Resolution Is A Tor Attack Vector
  10. "Hackers Hit Buzzfeed
  11. Yahoo Secretly Scanned Customer Emails For U.S. Intelligence

Larry's Stories

Shout outs to Tom and the SIU Security Dawgs!

  1. Everyone is wrong about conferences
  2. When DVRs go wild - Dr. Ullrich puts a vulnerable DVR on the internet.
  3. Signal fights back
  4. Mirai IoT malware and Krebs
  5. ShadowBrokers not happy about lack of bids

Joff's Stories

Michael's (Santa) Stories

Carlos's Stories

Jack's Stories

Interview: - Ed Skoudis 7:30-8:30PM

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.

Ed led the team that built NetWars, the low-cost, widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. His team also built CyberCity, the fully authentic urban cyber warfare simulator that was featured on the front page of the Washington Post. He was also the expert called in by the White House to test the security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and lead the team that first publicly demonstrated significant security flaws in virtual machine technology. He has a rare capability of translating advanced technical knowledge into easy-to-master guidance as the popularity of his step-by-step Counter Hack books testifies.