From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #581

Recorded November 1, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • Carlos Perez
    is currently the Principal Consultant, Team Lead for Research at TrustedSec.
  • Announcements

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • Join us for our Webcast with Signal Sciences entitled Which way should you shift testing in the SDLC? This webcast will be held November 8th @3-4pm EST. Go to securityweekly.com/signalsciences to register now!
    • One of our illustrious co-hosts, Patrick Laverty, will be co-presenting "Pentesting: Tips, Tricks and Stories" with Aaron Herndon at BSides CT 2019! Ticket sales are open until the day of the show (Saturday, November 3rd) for $20. Go to bsidesct.org to register now!

    Technical Segment: Aleksei Tiurin, Acunetix - 6:00-6:30PM

    Aleksei Tiurin
    is the Senior Security Researcher for Acunetix.
    Aleksei Tiurin is a security researcher and pentester with over 8 years of experience in penetration testing and with a particular focus on ERP and banking systems and Windows-networks. For the last 4 years, he's been focusing on Web hacking and holds a position as Senior Security Researcher at Acunetix. Aleksei maintains a Java Deserialization CheatSheet and is the co-organizer of Defcon Russia (DCG #7812).

    Aleksei's Slides for Java Deser - File:Java Deser PSW.pdf (To Open: Click File and then click the Adobe logo)

    Tech Segment: Matt Toussain, BHIS - 6:30PM-7:00PM

    Matt is a guest lecturer at the University of Texas San Antonio and an author of the SANS Institute’s Enterprise Threat and Vulnerability Assessment course (SEC460). After graduating from the U.S. Air Force Academy, where he architected the summer cyber program that now trains over 400 cadets per year, Matthew served as the Senior Cyber Tactics Development Lead for the U.S. Air Force. Later, as a member of the 688th Cyber Warfare Wing, he managed the Air Force's transition of all 18 Cyber Protection Teams to fully operational capability. He is an avid supporter of cyber competitions and participates as a red team member or mentor for CCDC, Netwars, and the National Security Agency's Cyber Defense Exercise. Matt earned a master's degree in information security engineering as one of the first graduates of the SANS Technology Institute and speaks regularly at information security conferences like DEFCON.

    Security News - 7:30 - 8:30PM

    Paul's Stories

    1. Web Security Stats Show XSS & Outdated Software Are Major Problems
    2. AWS Security Best Practices: AWS Lambda Security Design for Failure
    3. Employee used US government network for adult websites, infected infrastructure with Russian malware
    4. Bleedingbit Bluetooth Vulnerabilities Expose WiFi APs to Risk
    5. Security researchers find flaws in chips used in hospitals, factories and stores
    6. Not Every Security Flaw Is Created Equal
    7. Cisco Zero-Day Exploited In The Wild To Crash And Reload Devices
    8. This One Weird Trick Turns Your Google Home Hub Into A Doorstop
    9. Masscan and massive address lists
    10. Best Practices for Threat Hunting in Large Networks
    11. 9 Traits of A Strong Infosec Resume
    12. Federal Employees Porn Infects Government Network With Malware

    Larry's Stories

    1. The “Ping of Death” in Apple products
    2. Hooray for embedding video in Word docs, because reasons
    3. Microsoft, making an attacker’s job harder (never thought I’d say that)
    4. BLE chip vulnerability exposes millions of devices

    Carlos' Stories

    Matt's Stories

    Jason's Stories

    1. Equifax Has Chosen Experian. Wait, What? - Not exactly security related, but ROFL!
    2. Buying Used Voting Machines on eBay
    3. Nice work if you can get it: GandCrab ransomware nets millions even though it has been broken