From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 520

Episode Audio

Coming Soon

Recorded on June 29, 2017


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jack Daniel
    Works for Tenable Network Security and Co-Founder of Security BSides.
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Announcements

    Interview: Moses Hernandez, Cisco Systems - 6:00PM-7:00PM

    Moses Hernandez [1]

    Moses is a Consulting Systems Engineer for Cisco Systems, an instructor for the Penetration Testing Courses at SANS, and provides several days of Content for SEC642: Advanced Web Application Penetration Testing. He has been loosely involved in all things ‘computer’ since the mid 90 were when he ran bulletins boards as a teenager. Other than the regular types of jobs an info sec pro can hold, he has also worked as a platform operator automating application delivery and has given talks on working in the trenches with developers and operations. You can find him twittering and occasionally blogging at renegade.blog.

    Five Questions

    1. Three words to describe yourself.
    2. If you were a serial killer, what would be your weapon of choice?
    3. If you wrote a book about yourself, what would the title be?
    4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
    5. Choose two celebrities to be your parents.

    Tech Segment:Admin hunting and methods of credential theft for high privileged accounts, Javelin Networks - 7:00-7:30PM

    Guy is a highly experienced Security Researcher & Developer. He performed as both Red Team and Blue Team attack and defense, in the Israeli intelligence unit of the cyber division and worked commercially as a security consultant. He is highly skilled in the field of Forensics and Security Analysis, with special development and research of cyber defense tools and offensive techniques for networks.

    Security News - 7:30-8:30PM

    Paul's Stories

    1. Separating the Paranoid from the Hacked
    2. Choosing Windows for your organization should get you fired - I love this because it is to controvertial of a viewpoint, and rocks the boat: In the wake of yet another ransomware attack—this time named NotPetya—I have a special message specifically for those of you working in organizations that continue to run Microsoft Windows as the operating system on either your servers or your desktops: You are doing a terrible job and should probably be fired. I know. That’s harsh. But it’s true. If you haven’t yet replaced Windows, across the board, you absolutely stink at your job.
    3. Virus (cough, cough, Petya) goes postal at FedEx, shares halted - FedEx has suspended trading of its shares on the New York stock exchange after admitting that its subsidiary TNT Express has been hit by "an information system virus."
    4. US reveals new airport security measures to avoid expanding laptop ban
    5. IoT Vulns Draw Biggest Bug Bounty Payouts - Finding vulnerabilities tied to the Internet of Things (IoT) carries the potential to capture payouts that are considered among the most lucrative for bug hunters, according to reports released Wednesday by Bugcrowd and HackerOne. IoT and hardware bugs found in such devices as routers, webcams, wearables, and automobiles pay an average of $724 per submission, which is substantially higher than the overall average of $451 per submission last year, according to Bugcrowd. As a result, IoT and hardware targets are viewed as the targets with the highest value.'
    6. Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response
    7. The Life, Death, And Legacy Of iPhone Jailbreaking - Awesome article: Things, however, have changed. The jailbreaking community is fractured, with many of its former members having joined private security firms or Apple itself. The few people still doing it privately are able to hold out for big payouts for finding iPhone vulnerabilities. And users themselves have stopped demanding jailbreaks, because Apple simply took jailbreakers' best ideas and implemented them into iOS. I mean, you can also just buy a phone from Google and run Android...
    8. Doxing, DoS & Defacement: Today's Mainstream Hacktivism Tools
    9. Hacking nuclear submarines how likely is the nightmare scenario?
    10. Linux Systemd Bug Could Have Led to Crash, Code Execution
    11. WikiLeaks Reveals How CIA Malware Tracks Geo-Location of its Targeted
    12. Enterprises just as vulnerable to IT risk as SMBs, Netwrix survey finds

    Jeff's Stories

    1. How an Entire Nation Became Russia’s Test Lab for Cyberwar
    2. British Navy’s Advanced New Aircraft Carrier Reportedly Runs on Windows XP
    3. Nato warns cyber attacks 'could trigger Article 5' as world reels from Ukraine hack

    Jack's Stories