Difference between revisions of "Episode616"

From Paul's Security Weekly
Jump to: navigation, search
(Interview: Tony Punturiero, Offensive Security - 6:00-7:00PM)
Line 24: Line 24:
  
 
= Interview: Tony Punturiero, Offensive Security -  6:00-7:00PM =
 
= Interview: Tony Punturiero, Offensive Security -  6:00-7:00PM =
[[File:TonyPunturiero.jpg|right|250px|thumb|<center>'''[https://securityweekly.com/TJ_Null Tony Punturiero]'''is the Community Manager at [https://www.offensive-security.com/ Offensive Security]</center>]] Tony Punturiero (aka @tjnull) to the OffSec is an experienced pentester and red teamer for a government contractor, and is known for his great passion for educating and mentoring others. TJ is also an Adjunct Professor for a Local Community College teaching cybersecurity courses and coaches one of the top Community College's cyber team in the State of Maryland. He earned a BS in Cybersecurity from University of Maryland University College (UMUC) where he is a board member for the award winning UMUC Cyber Padawans. Over the year's, TJ has participated in over 200 Cyber Security competitions across the globe and is a 2 time SANS Netwars Champion.<br><br>TJ is also one of the Founding members/Lead moderators of NetSecFocus--an online Information Security community consisting of 5700+ members that has partnered with other infosec organizations such as Hackthebox, Wizard Labs, and Hackmethod. Other then having a passion for cybersecurity TJ enjoys hiking, traveling, going to breweries, and playing video games.<br><br>'''Segment Title/Topic:'''<br>The journey of turning from a blue teamer to a red teamer. Kickstarting an Infosec Community and much more!<br><br>'''Segment Description:'''<br>Discussing about my adventure transferring from being on the blue side to becoming a pentester/red teamer full time. Created an infosec community to help each people in the infosec field come together to learn from one another.<br><br>'''Segment Resources:'''<br>
+
[[File:TonyPunturiero.jpg|right|250px|thumb|<center>'''[https://twitter.com/TJ_Null Tony Punturiero]'''is the Community Manager at [https://www.offensive-security.com/ Offensive Security]</center>]] Tony Punturiero (aka @tjnull) to the OffSec is an experienced pentester and red teamer for a government contractor, and is known for his great passion for educating and mentoring others. TJ is also an Adjunct Professor for a Local Community College teaching cybersecurity courses and coaches one of the top Community College's cyber team in the State of Maryland. He earned a BS in Cybersecurity from University of Maryland University College (UMUC) where he is a board member for the award winning UMUC Cyber Padawans. Over the year's, TJ has participated in over 200 Cyber Security competitions across the globe and is a 2 time SANS Netwars Champion.<br><br>TJ is also one of the Founding members/Lead moderators of NetSecFocus--an online Information Security community consisting of 5700+ members that has partnered with other infosec organizations such as Hackthebox, Wizard Labs, and Hackmethod. Other then having a passion for cybersecurity TJ enjoys hiking, traveling, going to breweries, and playing video games.<br><br>'''Segment Title/Topic:'''<br>The journey of turning from a blue teamer to a red teamer. Kickstarting an Infosec Community and much more!<br><br>'''Segment Description:'''<br>Discussing about my adventure transferring from being on the blue side to becoming a pentester/red teamer full time. Created an infosec community to help each people in the infosec field come together to learn from one another.<br><br>'''Segment Resources:'''<br>
 
* https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html
 
* https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html
 
* https://github.com/tjnull
 
* https://github.com/tjnull

Revision as of 23:01, 15 August 2019

Recorded August 15, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist,
    Tribe of Hackers, & InfoSec Curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
    • We're currently running our annual Listener Feedback Survey! Please visit securityweekly.com -> click the survey tab & select "2019 Listener Survey" to submit your responses!
    • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
    • Mark your calendars for our Security Weekly Holiday Extravaganza! On December 19th, Security Weekly will be live-streaming 5 one hour panel discussions with some of the most knowledgable professionals in the industry! To round out the evening, Ed Skoudis will be joining the Security Weekly hosts to give his annual announcement about the CounterHack Holiday Hack Challenge! You can view the live stream on our Youtube channel or by visiting securityweekly.com/live. We hope to see you there!

    Interview: Tony Punturiero, Offensive Security - 6:00-7:00PM

    Tony Punturierois the Community Manager at Offensive Security
    Tony Punturiero (aka @tjnull) to the OffSec is an experienced pentester and red teamer for a government contractor, and is known for his great passion for educating and mentoring others. TJ is also an Adjunct Professor for a Local Community College teaching cybersecurity courses and coaches one of the top Community College's cyber team in the State of Maryland. He earned a BS in Cybersecurity from University of Maryland University College (UMUC) where he is a board member for the award winning UMUC Cyber Padawans. Over the year's, TJ has participated in over 200 Cyber Security competitions across the globe and is a 2 time SANS Netwars Champion.

    TJ is also one of the Founding members/Lead moderators of NetSecFocus--an online Information Security community consisting of 5700+ members that has partnered with other infosec organizations such as Hackthebox, Wizard Labs, and Hackmethod. Other then having a passion for cybersecurity TJ enjoys hiking, traveling, going to breweries, and playing video games.

    Segment Title/Topic:
    The journey of turning from a blue teamer to a red teamer. Kickstarting an Infosec Community and much more!

    Segment Description:
    Discussing about my adventure transferring from being on the blue side to becoming a pentester/red teamer full time. Created an infosec community to help each people in the infosec field come together to learn from one another.

    Segment Resources:


    Security News - 6:30 - 7:30PM

    Paul's Stories

    1. Researchers find security flaws in 40 kernel drivers from 20 vendors | ZDNet
    2. What a security researcher learned from monitoring traffic at Defcon
    3. Gamers Beware: Zero-Day in Steam Client Affects All Windows Users
    4. We checked and yup, it's no longer 2001. And yet you can pwn a Windows box via Notepad.exe
    5. Hack in the box: Hacking into companies with warshipping
    6. New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
    7. A compendium of container escapes - Help Net Security
    8. NULL license plate gets security researcher $12K in tickets
    9. Serious flaws in six printer brands discovered, fixed
    10. Should You Upgrade to Wi-Fi 6?
    11. Intel Patches High-Severity Flaws in Tools, NUC Firmware | SecurityWeek.Com
    12. The Flaw in Vulnerability Management: It's Time to Get Real
    13. New Research Finds More Struts Vulnerabilities

    Larry's Stories

    1. the Huawei shenanigans get deeper and more broad. - This is why I have issues with supply chain.
    2. CapitalOne hacker may have stolen from 30 more companies
    3. DEFCON 27 badge hacking for beginners
    4. Anti-surveilance techniques make you look like a….car. - Related, I really need to set up the open source license plate recognition software in front of my house...
    5. New, CRITICAL, workable RDP attack
    6. Why choosing and making a list of good VPN services is hard. - I also like the DIY option of Streisand, which I'd never heard of before.

    Jeff's Stories

    1. Black Hat USA 2019 Closes Out Another Record-Breaking Event in Las Vegas So that happened.
    2. New Data Breach Has Exposed Millions Of Fingerprint And Facial Recognition Records
    3. 28M Records Exposed in Biometric Security Data Breach
    4. Accused Capital One Hacker May Have Breached Over 30 Other Organizations
    5. Bad news: Your $125 Equifax data breach payout is pretty damn unlikely If everyone files a claim the individual payout is less than 25 cents.

    Lee's Stories

    1. Malware lingers in SMBs for an average of 800 days before discovery SMBs are often understaffed, or lack staff and infrastructure to detect and respond to Malware.
    2. Update to iOS 12.4 to Block New Vulnerabilities 13% of five year old or less iOS devices are not even running iOS 12.
    3. AirDrop and Password sharing can reveal passwords Bug in AirDrop can be used to reveal device information including a cryptographic hash that can be decoded to the device phone number.
    4. CafePress changes password policy after 23m pwned accounts CafePress was storing passwords insecurely, having users change their passwords fixes that. They aren't really acknowledging the breach.
    5. Equifax Settlement Phishing Surprise, there are phishing emails for the Equifax settlement. Use the FTC Site or go directly to Equifax Settlement site.
    6. New flaws in Qualcomm Chips expose Android Devices to Hacking Critical vulnerabilities dubbed "QualPwn" could allow devices to be exploited via WLAN firmware weakness. Devices with Qualcomm Snapdragon 835 and 435 chips vulnerable.



    BT Village and SE Village Interviews - 7:30 - 8:30PM

    • O'Shea Bowens, Null Hat Security
    • Tyler Robinson, Nisos, Inc.
    • Ãarań Łeyländ