Difference between revisions of "PSWEpisode623"

From Security Weekly Wiki
Jump to navigationJump to search
Line 28: Line 28:
 
*https://plextrac.com
 
*https://plextrac.com
 
*https://www.youtube.com/channel/UCDV3gtGanV1CkbhLiuKbFFQ
 
*https://www.youtube.com/channel/UCDV3gtGanV1CkbhLiuKbFFQ
 +
*https://plextrac.com/writing-a-killer-penetration-test-report/
 +
 
<!-- <center>{{#ev:youtube|iPHM80z9D9k}}</center>-->
 
<!-- <center>{{#ev:youtube|iPHM80z9D9k}}</center>-->
 
<br>
 
<br>

Revision as of 21:49, 17 October 2019

Recorded October 17, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: Daniel DeCloss, PlexTrac - 6:00-6:30PM

    DeClossis the President and CEO of PlexTrac

    Dan is the Founder and CEO of PlexTrac and has over 14 years of experience in Cybersecurity. Dan started his career in the Department of Defense and then moved on to consulting where he worked for various companies including serving as a Principal Consultant for Veracode on the penetration testing tesm. Dan's background and expertise is in application security and penetration testing, involving hacking networks, websites, and mobile applications for clients. He has also served as a Principal Security Engineer for the Mayo Clinic and a Sr. Security Advisor for Anthem – a Fortune 40 health insurance firm. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program.

    Dan has a Master’s Degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that there is a good understanding of how to reduce their overall risk.

    Segment Topic:
    What makes a good pentest report?

    Segment Description:
    The segment will focus on the importance of a high-quality report and what red and blue teamers should recognize goes into a good report. Often times, there’s no feedback loop after report delivery and collaboration can be limited post-engagement. That will lead into a demo of PlexTrac to highlight the efficiencies we provide when creating and receiving a report.

    Segment Resources:


    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted
    2. Planes, gates, and bags: How hackers can hijack your local airport | ZDNet
    3. Vulnerability found and fixed in HP bloatware | ZDNet
    4. 1 in 5 IT security professionals fear their connected toilets will be hacked | ZDNet
    5. Cybercrime Tool Prices Bump Up in Dark Web Markets
    6. Pen testers find mystery black box connected to ships engines
    7. Using Machine Learning to Detect IP Hijacking - Schneier on Security
    8. Baltimore to Buy $20M in Cyber Insurance Months After Attack | SecurityWeek.Com
    9. Dangerous Kubernetes Bugs Allow Authentication Bypass, DoS
    10. Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws
    11. Critical and high-severity flaws addressed in Cisco Aironet APs
    12. ISC Releases Security Advisories for BIND | CISA
    13. Older Amazon Devices Subject to Old Wi-Fi Vulnerability

    Larry's Stories

    Joff's Stories

    Lee's Stories


    Tech Segment: Peter Kruse, CSIS Security Group - 6:30 - 7:30PM

    Peter Kruse co-founded the Danish IT-security company CSIS in 2003 and is currently leading the eCrime department, which provides services mainly aimed at the financial sector. His ability to combine a keen appreciation of business needs and a profound technical understanding of malware has made CSIS a valued partner of clients not only in Scandinavia but also in the rest of Europe.
    Today, Peter is by far the most quoted IT-security expert in Denmark and considered among the most recognized in Europe. He has a long history of active participation in several closed and vetted top IT-security communities and has numerous international connections in the antivirus- and banking industry, law enforcement and higher education institutions.

    Segment Topic:
    Cybercrime, threat hunting, APT, spear phishing and tactics etc

    Segment Description:
    "Nothing specific but a Google search will provide numerous research I have been involved with and conferences I have spoken at including Kaspersky SAS, NCSC, Underground Economy, Virusbulletin, CARO, APWG, Hackdays, Confidence, Cyberhagen and many more."



    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+