- 1 Paul's Security Weekly - Episode 504
- 2 Announcements
- 3 Interview: Hyrum Anderson, Endgame - 6:00PM-7:00PM
- 4 Interview: Keith Hoodlet, InfoSec Mentor Project - 7:00-7:30PM
- 5 Security News - 7:30-8:30PM
Paul's Security Weekly - Episode 504
Recorded March 9th, 2017
Interview: Hyrum Anderson, Endgame - 6:00PM-7:00PM
Hyrum Anderson (@drhyrum) is the technical director for data science at Endgame, where he leads research on detecting adversaries and their tools using machine learning. Prior to joining Endgame he conducted information security and situational awareness research at FireEye, Mandiant, Sandia National Laboratories and MIT Lincoln Laboratory. He received his PhD in Electrical Engineering (signal and image processing + machine learning) from the University of Washington and BS/MS degrees from Brigham Young University. Research interests include adversarial machine learning, deep learning, large-scale malware classification, and early time-series classification.
Interview: Keith Hoodlet, InfoSec Mentor Project - 7:00-7:30PM
Keith Hoodlet (@andMYhacks) started down the path of Information Security in the mid-90's as a kid playing Blizzard's popular PC game, “Diablo", on a computer he built from parts. During that time, he learned how to use Telnet to spoof multiple connections to Blizzard's online platform "Battle.net" using unauthenticated Diablo trial accounts. Keith eventually went on to build a front-end GUI for his “bot” using Visual Basic; needless to say, it wasn't long before he became hooked on programming, text user interfaces, and networking protocols.
Keith graduated with a B.A. in Psychology in 2009, and worked odd-jobs to support his wife while she pursued her Master's Degree during the recession. He recently attended classes in Computer Science at University of New Hampshire, and briefly worked for a small Managed Security Services Provider, where he earned his Splunk Architect certification.
Keith is an Organizing Committee member for BSides Boston, and currently works as an Engineer on the Customer Success team at Rapid7. In his free time, he continues to expand my knowledge of Web Application Development and Security with his mentor, Casey Dunham.
Security News - 7:30-8:30PM
- AT&T, IBM, Symantec join in new IoT Cybersecurity Alliance | 4-Traders
- Firefox 52 Expands Non-Secure HTTP Warnings, Enables SHA-1 Deprecation
- Oops! 185,000-plus Wi-Fi cameras on the web with insecure admin panels
- CIA Analyzed Where The NSA Equation Group Went Wrong
- IDG Contributor Network: Why the Samsung TV spying hack is way overblown
- Why email is safer in Office 365 than on your Exchange server
- Critical vulnerability under massive attack imperils high-impact sites
- There's Disconnect Between Security Execs, Operators, Report Reveals
- Online Trust Alliance Recommends a Shared Model to Limit IoT Risk
- WikiLeaks Dump of CIA Hacking Secrets Alerts Us All to Security Flaws
- Dr. Chase Cunningham, A10 Networks: The Dawn of the DDoS of Things (DoT)
- New Fileless Attack Using DNS Queries to Carry Out PowerShell Commands
- Put down the coffee, stop slacking your app chaps or whatever and patch Wordpress
- Its finally over: Mastermind behind Prenda Law porn trolls pleads guilty | Ars Technica
- A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
- Is Mentorship the Key to Recruiting Women to Cybersecurity?
- FCC halts data security rules
- WD "fart" Cloud pwnage
- Vault7 - Nation state vs. non-nation state hackers and sophistication of the tool sets. many tools listed are used by pentesters, some developed independently for internal use, some developed by co-workers,, friends, and even some on our project roadmaps.
- VxWorks total pwnage...