From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly #526

Recorded August 17, 2017 at G-Unit Studios in Rhode Island!


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Interview: Bryson Bort, GRIMM - 6:00PM-7:00PM

    Bryson Bort is the Founder and CEO of GRIMM. Prior to GRIMM, Bryson led an elite research & development (R&D) division that directly contributed towards National Security priorities and interest. At the former, he served as the Deputy CTO for the company where he developed the corporate R&D program cybersecurity strategy, and was previously the Program Director of a business unit focused on supporting technology research and global infrastructure for DoD and the Intelligence Community.

    As a U.S. Army Officer, Bryson led a tactical communications platoon in support of Operation Bright Star in September 2001. He served as a Battle Captain and as a Brigade Engineering Officer in support of Operation Enduring Freedom before leaving the Army at the rank of Captain.

    1. How did you get your start in information security?
    2. How and why did you start Grimm?
    3. Tell us a little about what Grimm does today?
    4. Recently you've announced Crossbow, what problem does it solve?
    5. Why is there such a gap in testing security products?
    6. What are some of the specific gaps that people miss when testing their security program?
    7. Doesn't pen testing test such gaps?
    8. If the tests are malware that does not cause harm, what can it miss?
    9. What types of gaps does Crossbow test?
    10. How can you make the most out of testing with Crossbow?
    11. What is the most common gap found when people use Crossbow?

    Tech Segment: Bypassing Input Filters with Sven Morgenroth, Netsparker - 7:00-7:30PM

    Sven will be talking about and demoing how to bypass input filters for various web applications vulnerabilities. In his words:

    We will show what common mistakes developers make when deploying filters for their web applications, why encoding is superior to filtering and methodologies on how to approach web application firewalls and input validation from an attacker's point of view. We will demo bypasses and explain useful basics on bash, javascript, PHP and more that can aid in finding the right bypass. We will also show why there is not one general payload that is able to bypasses all filters and mistakes you can make when searching for the right payload to trick the filter.

    Security News - 7:30-8:30PM

    Paul's Stories

    1. Woman targeted with 120 images on public transport via AirDrop
    2. Unpatchable Flaw in Modern Cars Allows Hackers to Disable Safety Features
    3. Attackers Backdoor Another Software Update Mechanism
    4. Seven More Chrome Extensions Compromised
    5. Google Removes Chrome Extension Used in Banking Fraud
    6. Flash's Final Countdown Has Begun
    7. HBO Social Media Accounts Have Been Hacked
    8. ProtonMail Says It Hacked Back, Then Walks Claim Back
    9. Rowhammer RAM Attack Adapted To Hit Flash Storage
    10. Organizations Willing to Try Out Longer Passwords, Study Finds
    11. Study Shows Cyber-Security Pros Confident They Can Find Threats

    Larry's Stories

    1. Profexor goes dark, but on the other side is a witness for the FBI against the Russians for hacking the DNC
    2. Scottish parliament under cyber attack
    3. Self driving Car Hacking
    4. Hacking over USB...so much less secure than ever thought
    5. attribution is hard

    Joff's Stories

    Jeff's Stories

    1. when hacking and politics collide
    2. HBO hacked and hacked and…
    3. Fighting Neo-Nazis and Net Neutrality