From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #562

Recorded May 31, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Announcements

    • Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
    • Ticket Sales are open for Social Engineering RI Conference. Saturday, June 6th at Salve Regina University in Newport RI. Go to - http://se-ri.org/ to register! We are giving away 2 tickets to this conference. Please send your best meme of Paul and Larry to psw@securityweekly.com.
    • How do you feel about User and Entity Behavior Analytics? What about your SEIM? Check out Logrhythm's webcast on June 14th at 3:00pm-4:00pm.

    Interview: Ronnie Flathers, Uptake Technologies - 6:00PM-6:45PM

    Ronnie Flathers
    is the Appsec Lead for Uptake Technologies.
    Ronnie Flathers is an experienced pentester and security consultant who is equally addicted to both netsec and appsec and splits his time appropriately. He currently is the Appsec Pentest Lead at Uptake. Previously he was a member of Cisco's Assessment and Penetration Team where he performed countless pentests and got tired of getting DA all the time. Originally from beautiful San Diego he uprooted and moved to Chicago to get his start in consulting and has fallen in love with the city (besides the winters). Ronnie loves tinkering, writing tools and hacky scripts, and teaching. Besides speaking at conferences and going to meetups, he blogs and tries to share the knowledge in any way he can.

    Short Version: https://1drv.ms/f/s!Aq5mEA03Lijrg9d0X5t2Bqz7JCG9tQ

    The full slides are posted here:


    My latest blogpost about extracting SSH private keys from Windows 10's new ssh-agent: https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/

    Tech Seg: Chris Elgee and Lee Ford, Massachusetts Army National Guard G-6 - 6:45-7:45PM

    Chris is a full time husband, father of four, and pen tester; he's a part time Army officer, an aspiring SANS instructor, and the back-up church bass player. He is active in (ISC)2 and has brought online safety presentations to dozens of Maine schools. CISSP, OSCP, GPEN, GWAPT.

    Lee Ford spent 2yrs in Information security as the DCOE Assnt Team Chief. Was the lead Project Officer for the stand up of the MA Cyber Battalion. Have attended 4 Cyber Exercises including this years Cyber Yankee. Currently the Information Management Officer in the MA Army National Guard. GCIA, GCIH, Sec+, and Net +.

    Security News - 7:45PM-8:30PM

    Paul's Stories

    1. Study shows admins are doing a terrible job of patching servers - OMG, I can't: According to the study, open-source components were found in 96% of the applications the company scanned last year - That's because people without open-source software don't buy products like Black Duck
    2. Building Blocks for a Threat Hunting Program
    3. Dozens of Vulnerabilities Discovered in DoD's Enterprise Travel System
    4. Acoustic attacks can blue-screen Windows PCs
    5. What is Apple hiding with iOS 11.4?
    6. Git repository vulnerability leads to remote code execution attacks
    7. Bromium Secure Platform 4.1 Boosts Virtualization-Based Security
    8. Judge Tosses Kaspersky Lab Suits Against US Government Ban
    9. navigating-container-security-ecosystem
    10. Resetting Your Router the Paranoid (=Right) Way

    Larry's Stories

    Kevin's Stories

    1. Hacker Defaces Ticketfly’s Website, Steals Customer Database A hacker took control of Ticketfly's website and claims to have stolen the company's customer database.'
    2. New GDPR law DOESN’T apply to EU - after 'embarrassing' leak on website Brussels says new GDPR law DOESN’T apply to EU - after 'embarrassing' leak on [gov] website
    3. Sonic and ultrasonic attacks damage hard drives and crash OSes Attackers can cause potentially harmful hard drive and operating system crashes by playing sounds over low-cost speakers embedded in computers

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+