From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #577

Recorded September 27, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Carlos Perez
    is currently the Principal Consultant, Team Lead for Research at TrustedSec.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • Announcements

    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
    • DerbyCon is holding its first-ever Mental Health & Wellness Workshop - to help support their efforts, please go to DerbyCon.com/wellness
    • Join us for our Webcast with LogRhythm about "Tips & Tricks for Defending the Enterprise Using Open Source Tools". The webcast will be held September 27 @3:00PM EST!

    Interview: Mike Nichols of Endgame, Keith McCammon of Red Canary, & Shawn Smith of Panhandle Educators Federal Credit Union - 6:00-6:45PM

    Mike manages the Endgame endpoint protection platform. Mike leverages years of commercial and federal product development experience, as well his time as an Army cyber intelligence analyst, to ensure the product not only has a superior workflow, but also optimizes the analyst's time. He divides his time between internal engagement with engineering and customer support, and external engagement with existing customers and new sales prospects to better understand the needs of the customer and ensure proper translation to mission-enabling features. Prior to working at Endgame, Mike served in a variety of technical leadership roles at Fortscale, General Dynamics Fidelis Cybersecurity Solutions, and Deloitte.

    Keith runs Red Canary’s Security Operations Center and leads a group of expert analysts that monitor a continuous stream of potential attacks detected in their customers’ environments. Keith is a known expert in offensive cyber computing and defensive IT security from his background as Director of Commercial Security at Kyrus and Executive Director of Information Technology at ManTech.

    I was born in Massillon OH, but moved and live in Panama City, Florida for most of my Childhood and my Adult Life. I started out with computers at a young age, of 8, when I was introduced to a Commodore 64 Computer. From there, I learned about BBS's, and of course Games, and overall the functions of a computer. Through the 90's, I was involved in the early days of the Internet through Telnet on the BBS's. Also learned about Token ring Networks, and remember playing the original Doom LAN Style in our Computer Lab on the IBM Ps/2 Model 80 computers. Also, from there learned a good deal of FTP/IRC and Slackware Linux. In 1998, is where I started my IT Career as a Break Fix Tech, and worked my way to outside Network Tech for an IT Managed Service Provider in our Local Area. 15+ years of doing that, and one of my Clients seeked me out and hired me on full time as their IT Security Manager. It was 2015 where I started to get a interest in the IT Security / InfoSec Community. Prior to that, I was clueless on how deep the community goes. Back then all I knew was hey, you got "Trend Micro" installed, oh your good. But now I have learned a whole new world of Offensive and Defensive TTP's.

    Tech Segment: Carlos Perez: How to Operate Offensively Against SysMon - 6:45-7:30PM

    Security News - 7:45-8:30PM

    Paul's Stories

    1. Russian Hackers Use Malware That Can Survive OS Reinstalls
    2. FBI warns companies about hackers increasingly abusing RDP connections | ZDNet
    3. Facebooks 2-Factor Authentication With A Phone Number Isnt Only For Security, Its Used For Ads
    4. Teens unwittingly steal oregano after smashing van into pot dispensary
    5. New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions
    6. ex-NSA Hacker Discloses macOS Mojave 10.14 Zero-Day Vulnerability
    7. Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild
    8. How automakers are tackling connected vehicle vulnerability management | ZDNet
    9. NSA employee who brought hacking tools home sentenced to 66 months in prison
    10. Baddies just need one email account with clout to unleash phishing hell
    11. Twitter warns direct messages were exposed
    12. Cisco: Linux kernel FragmentSmack bug now affects 88 of our products | ZDNet

    Carlos' Stories

    Joff's Stories

    Jason's Stories

    1. Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks
    2. Sunny Cali goes ballistic, this ransomware is atrocious. Even our IT bill will be something quite ferocious
    3. How Social Media Can Cost You Thousands of Dollars