From Security Weekly Wiki
Jump to navigationJump to search

Recorded June 20, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Jack Daniel
    Works for Tenable Network Security and Co-Founder of Security BSides.
  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor

  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.

    Interview: AttackDefense Labs Platform - Vivek Ramachandran, Pentester Academy - 6:00-6:30PM

    Vivek Ramachandranis the Founder & CEO of Pentester Academy

    Topic: Pentester Academy, our AttackDefense Labs platform and other topics. Vivek will show a demo of their AttackDefense labs. We also have a free community security for your users to try out without requiring a subscription or credit card.

    Vivek Ramachandran has been researching Wi-Fi security for over a decade. He discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots) and others. He is the author of multiple five star rated books on Wi-Fi security which have together sold over 20,000+ copies worldwide and have been translated to multiple languages.
    Vivek’s work on wireless security (Caffe Latte attack) has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada and others. He has also spoken/trained at top conferences including BlackHat USA, Europe and Abu Dhabi, Defcon, Brucon, HITB, Hacktivity and others. Vivek is also the Founder, CEO of Pentester Academy, AttackDefense.com and Hacker Arsenal. Pentester Academy now trains thousands of customers from government agencies, Fortune 500 companies and smaller enterprises from over 90 countries.


    Interview: Purple Teaming - Bryson Bort, Scythe - 6:30-7:00PM

    Bryson Bortis the Founder/CEO of GRIMM

    Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.


    1. Purple Teaming - What is it? Why is it important? What are the top objectives for a purple team test? Who should be involved? What types of conditions should you test? What are the goals of a purple team?
    2. Top Attack Simulation Scenarios - While there are hundreds, if not thousands, of conditions and exposures to test for in our organization, where should I start? Perhaps you have a vulnerability scanning program and have had a pen test or two in the past, but now its time to start running attack simulations against the network and systems. What are the top 5 (or 10) tests to begin with? MITRE ATT&CK is great, but there are over 200 tests, what should I focus on first? Granted, every environment is different, however it would be helpful to give folks a starting point, starting with a few basic tests for common techniques used in various scenarios, e.g. defending MS Active Directory.
    3. Testing Command & Control Channels - Attackers, at some point, must communicate across the network either to issue commands to various backdoors/malware running on your systems. What are the most common methods of communication? What are the best ways to test for this in your environment? What communication channels are the most popular? How should I prioritize the remediation? Detecting attackers is even more difficult when they use techniques and protocols that closely emulate "normal" behavior on your network. How do we emulate, and ultimately detect, this behavior accurately to test our defenses?

    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. 5 Keys to Improve Your Cybersecurity
    2. Censorship vs. the memes
    3. Engineer's 'Smart Speaker Firewall' isolates Alexa devices in a snap
    4. How Not To Prevent a Cyberwar With Russia
    5. A Plan to Stop Breaches With Dead Simple Database Encryption
    6. Antivirus Evasion with Python
    7. The case against knee-jerk installation of Windows patches - Does applying patches as soon as they come out really help today? Some think not: With a few notable exceptions, in the real world, the risks of getting clobbered by a bad patch far, far outweigh the risks of getting hit with a just-patched exploit. Many security “experts” huff and puff at that assertion. The poohbahs preach Automatic Update for the unwashed masses, while frequently exempting themselves from the edict.
    8. Hacker conference speaker axed over abortion views - Jennifer's comments are very interesting: Jennifer Granick, legal counsel for the American Civil Liberties Union, asked what other views would disqualify someone from speaking at the conference. In a tweet, she asked: "Should Black Hat now ask potential speakers for their views on abortion, or is it fine so long as we don't know?" Two sides: 1) Are speakers political views criteria for being accepted to speak or not? 2) In this case its not only the person's views but a documented track record of voting against Women's rights, therefore justifiable to be asked not to speak at a conference? Also, Jennifer is questioning the access to the information, so as long as we don't share or publicize our views, thats okay and you can speak regardless of your views?
    9. The Backdoor in your Living Room - Apparently, the code is bad: For the Tizen OS, Amihai Neiderman recently defined that: “It may be the worst code I’ve ever seen,” “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.” Uhm, so our new developer is 15 and doing just fine.
    10. Designers built an AI penis detector to protest Googles prudish doodles
    11. Warning Issued For Apple's 1.4 Billion iPad And iPhone Users
    12. Massive Blackout Leaves Most of Argentina, Uruguay Without Power
    13. How To Test Drive 200+ Linux Distributions Without Ever Downloading Or Installing Them

    Jeff's Stories

    1. Data breach forces medical debt collector AMCA to file for bankruptcy protection
    2. U.S. Customs and Border Protection Data Breach Result of Supply Chain Attack
    3. A Method for Establishing Liability for Data Breaches Make 'em pay!
    4. Personal data of 2.7 million people leaked from Desjardins That's like, the entire population of Canada

    Doug's Stories

    1. https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-abused-in-the-wild/
    2. https://www.washingtonpost.com/business/2019/06/20/florida-city-will-pay-hackers-get-its-computer-systems-back/?utm_term=.44f823c01712

    Lee's Stories

    1. Phishing scam hacks 2FA Phishing email sends user to fake site, which passes username, password and one-time-token to real site.
    2. XSS Flaw exposes Google employees to attack. Flaw in Google site can be used to attack existing users of system.
    3. US-CERT AA19-168A: Microsoft OS BlueKeep Vulnerability Alert CUSA issues guidance regarding BlueKeep for Windows 2000, Vista, 7, 2003, 2003R2, 2008 & 2008R2.
    4. Google researcher finds weakness in MS SymCrypt Library used for Symmetric encryption on Windows 8 and beyond, flaw results in infinite loop/reboot, trigger able by benign looking X.509 certificate.
    5. Exim worm spreading through Azure Prevent worm spread by updating Exim service to 4.92 on linux.
    6. US Hacks Russian Grid Very difficult to verify as details classified. US Cyber Command reportedly using new powers to establish foothold on Russian Power Grid.
    7. Researcher scrapes 7 million Venmo transactions Make sure your Venmo account is set to private.
    8. A Duie Pyle goes Extra Mile after Ransomware A Duie Pyle went above and beyond to communicate status after Ransomware incident. Failed back to taking orders over the phone.