From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #580

Recorded October 25, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Patrick Laverty
    is a Pentester for Rapid7
  • Not Kevin
    Senior Security Engineer at Barkly, Co-Founder of Vermont Hackspaces, definitely Not Kevin.
  • Announcements

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • Join us for our Webcast with Signal Sciences entitled Which way should you shift testing in the SDLC? This webcast will be held November 8th @3-4pm EST. Go to securityweekly.com/signalsciences to register now!
    • One of our illustrious co-hosts, Patrick Laverty, will be co-presenting "Pentesting: Tips, Tricks and Stories" with Aaron Herndon at BSides CT 2019! Ticket sales are open until the day of the show (Saturday, November 3rd) for $20. Go to bsidesct.org to register now!

    Interview: Veronica Schmitt, DFIRLABS - 6:00-6:30PM

    Veronica Schmitt
    is the Sr. Digital Forensic Scientist for DFIRLABS.
    Veronica is a Partner at DFIRLABS. She is a forensicator, avid researcher and quite literally the superglue that holds DFIRLABS together. She was previously in charge of the Free State Cyber Forensic Laboratory of the Special Investigating Unit. After deciding that this title on its own wasn’t already too much of a mouthful, she departed the SIU in order to add Malware (Reverse) Engineer, Photographer, Seamstress, Super Mom and Sleep-deprived MSc Chaser to her list.

    In between attending Metallica concerts and being converted into a cyborg (no really, ask her about her metal bits sometime), she completed a Diploma in Criminal Justice and Forensic Investigation from the University of Johannesburg. Deciding to brave foreign climes and curiosities, she went on to receive training in Europe on digital forensics and cyber crime investigation from the United States Department of Homeland Security.

    She is an Associate Member of a number of professional bodies, including the Institute of Information Technology of Professionals of South Africa, the Association of Certified Fraud Examiners, and the International Association of Computer Investigative Specialists.

    Veronica has contributed to several publications, including the ISC2 CCFP : Certified Computer Forensic Practitioner.

    She is currently juggling a Master’s thesis on ransomware, several digital forensics cases, getting a quality forensics training company off the ground, and reverse engineering ransomware whilst also keeping her two year old from walking into things. You can contact her by lighting up the night sky with the DFIRLABS beacon mounted on the top of the Gotham police department, or alternatively by email.

    Tech Segment: Yossi Sassi, Javelin Networks - 6:40PM-7:00PM

    Yossi Sassi
    is the Co-Founder and Cybersecurity Researcher at CyberArtSecurity.com.
    White hat @ CyberArtSecurity.com, Advisory board @ Javelin Networks, international musician. Since early 1990s Sassi accumulated experience in IT Security / Adversary Simulations / Red & Blue Team engagements, conducting internal investigations (Cyber CSI) and more, including for the defense sector and large banks. Ex-Technology Group Manager @ Microsoft (~8 years, coded Windows Server Support Tools). Sassi spoke at International IT & Security events & conferences, as well as TED and TEDx events, and was awarded 4 Peace and friendship awards by cities and governments around the world. CISSP, M.A law.

    Security News - 7:10 - 8:00PM

    Paul's Stories

    1. Most security professionals fear AI attacks
    2. Masscan as a lesson in TCP/IP
    3. Have Network, Need Network Security Monitoring
    4. UPDATED VERSION: RouterSploit 3.4.0
    5. Serious D-Link router security flaws may never be patched
    6. FDA releases cybersecurity guidance
    7. Few employers have a culture that supports cybersecurity
    8. Watch Hackers Steal A Tesla
    9. Most Enterprise Vulns Remain Unpatched A Month After Discovery
    10. Securing Serverless: Attacking an AWS Account via a Lambda Function
    11. California Addresses Default Passwords
    12. Spies Among Us: Tracking, IoT & the Truly Inside Threat
    13. NotPetya Linked to Industroyer Attack on Ukraine Energy Grid
    14. RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence, (Wed, Oct 17th)

    Doug's Stories

    Kevin's Stories

    1. In Groundbreaking Decision, Feds Say Hacking DRM to Fix Your Electronics Is Legal "The new exemptions are a major win for the right to repair movement and give consumers wide latitude to legally repair the devices they own."
    2. Russian Malware Was Apparently Used in an Attempt to Sabotage a Saudi Petrol Plant "Cybersecurity firm FireEye points the finger at the Russian government and a government-linked facility for creating a destructive malware."
    3. British Airways: 185,000 more passengers may have had details stolen "Airline says customers affected by data breach will be contacted by Friday, as investigation continues"
    4. An ISP Left Corporate Passwords, Keys, and All its Data Exposed on the Internet "According to a new report by the security researchers at UpGuard, a Washington-based ISP by the name of Pocket iNet left 73 gigabytes of essential operational data publicly exposed in a misconfigured Amazon S3 storage bucket for months."'
    5. Technical Rundown of WebExec "... flaw in WebEx's WebexUpdateService allows anyone with a login to the Windows system where WebEx is installed to run SYSTEM-level code remotely. That's right: this client-side application that doesn't listen on any ports is actually vulnerable to remote code execution! A local or domain account will work, making this a powerful way to pivot through networks until it's patched."