Paul's Security Weekly (Video)

John Strand is a Security Analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures. John will be talking about Backdoors & Breaches, the Incident Response card game. To learn more about BHIS, visit: https://securityweekly.com/bhis Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode630

Jorge Salamero is the Director of Technical Marketing at Sysdig. Jorge enjoys playing with containers and Kubernetes, home automation and DIY projects. Currently, he is part of the Sysdig team, and in the past was a Debian developer. When he is away from computers, you will find him walking with his 2 dogs in the mountains or driving his car through a twisted road. To learn more about Sysdig, visit: https://securityweekly.com/sysdig Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode630

Netflix: BPF is a new type of software we use to run Linux apps securely in the kernel, Automated security tests with OWASP ZAP, HackerOne Breach Leads to $20,000 Bounty Reward, US-CERT AA19-339A: Dridex Malware , and much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode629

Micah Hoffman is the Principle Investigator at Spotlight Infosec. Looking to increase the publicity of using Open Source Intelligence (OSINT) in traditional cyber fields like pentest, DFIR, and cyber defense. Just created a new non-profit called The OSINT Curious Project (https://osintcurio.us) that is a clearinghouse for excellent OSINT information and resources. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode629

Eric Brown is the Sr. Security Analyst at LogRhythm. Eric will cover topics including: Phishing Trends, 2020 Outlook, Top 4 Types Eric is seeing: Exec Phish / Legit websites (Box/sites.google/OneDrive) / Fake O365 / HTML attachment, Use of/upload to VirusTotal, Value of Incident Response and Playbooks, Value of Training baseStriker, Has it been patched? Or just now detectable?, and Hunting Phish Kits. To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode629

In the Security News, Disney Plus Blames Past Hacks for User Accounts Sold Online, Why Multifactor Authentication Is Now a Hacker Target, How the Linux kernel balances the risks of public bug disclosure, A critical flaw in Jetpack exposes millions of WordPress sites, and Amazon tells senators it isn't to blame for Capital One breach! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628

Dave Kennedy is the Founder & CEO of TrustedSec. Dave comes on the show to talk about the Coalfire incident and DerbyCon communities. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628

Peter Liebert is the CEO at Liebert Security. After working in and with SOCs for the majority of my career, as well as building one from the ground up for the State of California, there are some lessons learned that can be shared with the wider community. The first is how to leverage automation and devsecops methodologies in your SOC and the second is how to break out of the traditional Tier 1-3 model. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628

Two security researchers earned $60,000 for hacking an Amazon Echo, Amazon Kindle, Embedded devices Open to Code-Execution, This App Will Tell You if Your iPhone Gets Hacked, Two New Carding Bots Threaten E-Commerce Sites, and much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode627

Bryson Bort (Founder and CEO of SCYTHE) will demonstrate how to safely simulate ransomware and a multi-staged APT with lateral movement in your production environment! How would your organization protect, detect and respond to a ransomware attack? Bryson is also announcing the availability of the SCYTHE marketplace where red teams can collaboratively build and share threats and modules to extend the SCYTHE platform while also sharing market intelligence on what enterprises are looking for in their assessments. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode627

As advancements have been made in technologies new surveillance tools have been designed giving those charged with protecting citizen's additional opportunities to prevent crimes or identify those who have violated laws or policies. While innovation has introduced a variety of new platforms there remains a concern of if the implementation of them is ethical. Additionally, there are concerns that surveillance has been and continues to be unequally applied. Our guest for this segment is Dr. Kevin Harris, the Program Director for Information Systems Security and Information Technology Management at American Public University. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode627

In the Security News, Who is responsible for Active Directory security within your organization?, Apple publishes new technical details on privacy features, How to ensure online safety with DNS over HTTPS, Amazons Ring Video Doorbell could open the door of your home to hackers, and much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode626

Kevin Finisterre is a Co-founder of Arcade Hustle. Josh Valentine is a Co-founder of Arcade Hustle. Josh and Kevin have spent the last year immersing ourselves in arcade platforms, games, and cabinets. There is quite a bit of cross over into the traditional security scene. There is even more to learn in the subtle differences of how each scene handles. We'd like to talk about our project Arcade Hustle, and the things we've learned during our into to the arcade scene. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode626

Peter Smith is the Founder & CEO of Edgewise. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode626

Paul and Matt sit down with Dave Bittner from Cyberwire to discuss the state of security podcasts, the latest security trends, and the security community. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode625

Sven Morgenroth is the Security Researcher at Netsparker. Sven joins us again to talk about Formatting string vulnerabilities. To learn more about Netsparker, visit: https://securityweekly.com/netsparker Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode625

Philippe Courtot is the Chairman and CEO of Qualys. Sumedh Thakar is the Chief Product Officer Qualys. Philippe Courtot, chairman and CEO of Qualys will examine the impact of today's complex and hyper-connected IT environments have on security and compliance. He will discuss why, in a world where everything connects, we need to regain the visibility we have lost, and why visibility is now the cornerstone of security. Simply put, it is difficult, if not impossible, to secure what we do not know or cannot see. To learn more about Qualys, visit: https://securityweekly.com/qualys Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode625

Last week, Elastic and Endgame announced that they have formally joined forces to introduce Elastic Endpoint Security. Together, they combine Elastic's free and open SIEM with Endgame's endpoint security product to give users an integrated solution that offers greater visibility across their environment. This is a step toward realizing Elastic's vision for applying search to multiple use cases, like threat hunting, fraud detection, and security monitoring. Now, when users deploy a data collection agent for Elastic SIEM, they can protect the endpoint simultaneously and remove the inefficiency of multiple solutions that can't respond in time to prevent damage and loss. And, to make Elastic Endpoint available to everyone, the company announced that they are eliminating per-endpoint pricing. No more counting endpoints or days of threat intelligence data retained. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode624

In the news, we talk Security News, discussing how Amazon Echo and Kindle devices were affected by a WiFi bug, Ransomware and data breaches linked to uptick in fatal heart attacks, a woman was ordered to type in her iPhone password so police could search the device, and how the military found Marijuana at a North Dakota nuclear launch facility! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode624

Tom Williams is the Director of Veterans Operations of Veterans MHH. Speaking about the challenges that veterans face and how MHH is looking to address those. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode624

Peter Kruse is the Founder of CSIS Security Group. "Nothing specific but a Google search will provide numerous research I have been involved with and conferences I have spoken at including Kaspersky SAS, NCSC, Underground Economy, Virusbulletin, CARO, APWG, Hackdays, Confidence, Cyberhagen and many more." Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode623

Cybercrime Tool Prices Bump Up in Dark Web Markets, Pen testers find mystery black box connected to ships engines, Using Machine Learning to Detect IP Hijacking - Schneier on Security, and much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode623

DeCloss is the President and CEO of PlexTrac. The segment will focus on the importance of a high-quality report and what red and blue teamers should recognize goes into a good report. Often times, there's no feedback loop after report delivery and collaboration can be limited post-engagement. That will lead into a demo of PlexTrac to highlight the efficiencies we provide when creating and receiving a report. To learn more about PlexTrac, visit: https://securityweekly.com/plextrac Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode623

This week, we talk Security News, how Turkey fines Facebook $282,000 over privacy breach, why the FBI is encouraging not to pay ransomware demands, the top 10 cybersecurity myths that criminals love, Doordash third-party breach hits 4.9 Million users, and how a "Bulletproof" Dark Web data center was seized by German police! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode622

It's the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs, and current compliance news. It's time for Security and Compliance Weekly. This show is hosted by: Jeff Man, Josh Marpet, and Scott Lyons. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode622

Stewart Room is a Partner of PwC. Security Professionals have long understood the need to deliver security outcomes in technology and data, but is the privacy community on the same page? Data Privacy requires outcomes for matters such as data accuracy, data minimization and fair processing, as well as risks, such as portability and access. These outcomes need tech and data solutions. In this session we will examine The Journey to Code, the next evolutionary step for Data Privacy. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode622

How a hacker took over a smart home with vulgar music and rising temperatures, a security warning for 23 million YouTube creators following a crazy hack attack, Vimeo sued for storing faceprints of people without their say-so, Selfie Android Apps push ads and can record audio, and how adopting DevOps leads to an improved security posture! Full Show Notes: https://wiki.securityweekly.com/Episode621 Visit https://www.securityweekly.com/psw for all the latest episodes!

We interview Perry Carpenter and Chris Pritchard at DEF CON SE Village. Perry Carpenter talks about how (as someone on the autism spectrum) has used various social-engineering related skills to become extremely successful in my career. Chris Pritchard talks about the basics of Social Engineering aKa how I break into Casinos, Airports and Critical National Infrastructure. Full Show Notes: https://wiki.securityweekly.com/Episode621 Visit https://www.securityweekly.com/psw for all the latest episodes!

We interview Billy Boatright, Edward Miro, and Jayson Street at DEF CON SE Village. Billy talks about Impostor Syndrome. Edward Miro talks about Rideshare OSINT – Car Based SE For Fun & Profit. Jayson Street talks about Hugs, SE Village, Security Awareness, and DEF CON itself. Full Show Notes: https://wiki.securityweekly.com/Episode621 Visit https://www.securityweekly.com/psw for all the latest episodes!

In the Security News, how an iOS 13 flaw could provide access to contacts with passcode, Equifax demands more information before making payouts, confidential data of 24.3 million patients were discovered online, and a SIM Flaw that lets hackers hijack any phone by sending SMS! Full Show Notes: https://wiki.securityweekly.com/Episode620 Visit https://www.securityweekly.com/psw for all the latest episodes!

Wes Widner is the Cloud Engineering Manager at CrowdStrike. Wes will be talking about personal voice assistants are the wave of the future. So naturally we should wonder about the unique attack vectors they pose. I'd like to discuss my research into this field and share a few tips on how you can keep yourself safe around voice assistants. Full Show Notes: https://wiki.securityweekly.com/Episode620 Visit https://www.securityweekly.com/psw for all the latest episodes!

Jason Lang is the Sr. Security Consultant of TrustedSec. Modern day red teaming against some of the largest company's in the US. Current passion is Ansible for red teamers (i.e. fast infrastructure buildout). To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec Full Show Notes: https://wiki.securityweekly.com/Episode620 Visit https://www.securityweekly.com/psw for all the latest episodes!

At DEF CON 2019, we interview Chris Kirsch on Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers Cold reading is a technique to make others believe that you have psychic powers. Then we interview Micah Zenko on the rationale and practice of non-cyber red teaming. Full Show Notes: https://wiki.securityweekly.com/Episode619 Visit https://www.securityweekly.com/psw for all the latest episodes!

Peter Smith is the Founder & CEO of Edgewise. Peter will be covering the Capital One breach and the AWS metadata service with request forgery. He will explain how to solve this problem with Edgewise. To learn more about Edgewise, visit: https://securityweekly.com/edgewise Full Show Notes: https://wiki.securityweekly.com/Episode619 Visit https://www.securityweekly.com/psw for all the latest episodes!

This week, we present the Security News, to discuss New ransomware grows 118% as cybercriminals adopt fresh tactics and code innovations, Period Tracker Apps share data with Facebook, U.S. Cyber Command trolls North Korea with Malware Release, and a lot more! Full Show Notes: https://wiki.securityweekly.com/Episode619 Visit https://www.securityweekly.com/psw for all the latest episodes!

Christopher Hadnagy is the Chief Human Hacker of Social-Engineer, LLC. Chris will be giving an overview of inaugural SEVillage Orlando 2020. Brief description of the training workshops provided. Mission and information on non-profit Innocent Lives Foundation. Full Show Notes: https://wiki.securityweekly.com/Episode618 Visit https://www.securityweekly.com/psw for all the latest episodes!

Corey Thuen is the Co-Founder at Gravwell. Security analytics using the new Sysmon DNS logging and Sysmon DNS logging dropped this week. Full Show Notes: https://wiki.securityweekly.com/Episode618 Visit https://www.securityweekly.com/psw for all the latest episodes!

In the news, we discuss how AT&T employees took bribes to plant malware on the company's network, how hackers could decrypt your GSM calls, 80 suspects charged with massive BEC scam, and how the passports and licenses of 300 people were leaked in New Zealand! Full Show Notes: https://wiki.securityweekly.com/Episode618 Visit https://www.securityweekly.com/psw for all the latest episodes!

Waiting to deploy critical patches makes you a bigger target - Cybercriminals Have Seven-Day Advantage to Weaponize Vulnerabilities, According to New Research from Tenable- Cyber Criminals have seven day advantage to weaponize vulnerabilities according to new research from tenable. To learn more about Automox, visit: https://securityweekly.com/automox Full Show Notes: https://wiki.securityweekly.com/Episode617 Visit https://www.securityweekly.com/psw for all the latest episodes!

We interview Roman Sannikov, the Director and Analyst on Demand at Recorded Future. We also interview Ray DeMeo, the Chief Operating Officer at Virsec. Full Show Notes: https://wiki.securityweekly.com/Episode617 Visit https://www.securityweekly.com/psw for all the latest episodes!

Paul gives a technical segment on deobfuscating JavaScript to investigate phishing domains. To learn more about DomainTools, visit: https://securityweekly.com/domaintools Full Show Notes: https://wiki.securityweekly.com/Episode617 Visit https://www.securityweekly.com/psw for all the latest episodes!

In this segment, we interview O'Shea Bowens from Null Hat Security and Tyler Robinson from Nisos, Inc., from the Blue Team Village. Then we interview Aaran Leyland in the Social Engineering Village. Full Show Notes: https://wiki.securityweekly.com/Episode616 Visit https://www.securityweekly.com/psw for all the latest episodes!

The Huawei shenanigans get deeper and more broad. - This is why I have issues with supply chain, CapitalOne hacker may have stolen from 30 more companies, New Data Breach Has Exposed Millions Of Fingerprint And Facial Recognition Records, Malware lingers in SMBs for an average of 800 days before discovery, and more! Full Show Notes: https://wiki.securityweekly.com/Episode616 Visit https://www.securityweekly.com/psw for all the latest episodes!

Tony Punturiero is the Community Manager at Offensive Security. Discussing about my adventure transferring from being on the blue side to becoming a pentester/red teamer full time. Created an infosec community to help each people in the infosec field come together to learn from one another. Full Show Notes: https://wiki.securityweekly.com/Episode616 Visit https://www.securityweekly.com/psw for all the latest episodes!

During this discussion, Joshua and Paul will speak about the threats facing organizations today and how they are evolving. Josh will also discuss how IT and security teams need to understand the threats their organizations face and how leveraging actionable threat intelligence can help them build the most effective and efficient defense strategy. →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Paul, Larry, Doug, and Gabe talk about Software Development: Security Do's & Don'ts. →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Gabriel Gumbs is the VP of Product Management at Spirion where his focus is on the strategy and technology propelling Spirion's rapidly-growing security platform. →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

In the Security News, the US government issues a light aircraft cyber alert, thieves steal a laptop with 30 years of Data from University of Western Australia, RCE is possible by exploiting flaws in Vxworks, and the alleged Capital One hacker is barely bothered to hide! Full Show Notes: https://wiki.securityweekly.com/Episode614 Visit https://www.securityweekly.com/psw for all the latest episodes!

Talk about the way Signal Sciences is implemented, especially in the container world. Where we sit in the stack for protection of the web apps in those containers and common first things identified after install (Attack Scanners, Injection Attacks, actionable anomalies like 404 or 500 errors). Finally do a short demo walking through installing Signal Sciences in a Kubernetes environment and the Signal Sciences dashboard. To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences Full Show Notes: https://wiki.securityweekly.com/Episode614 Visit https://www.securityweekly.com/psw for all the latest episodes!

Sam Straka is the Technical Product Manager at LogRhythm, and he will be talking about the movement of their market to the Cloud, how LogRhythm is innovating in that area, and why total cost of ownership is important when looking at a SIEM platform. To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm Full Show Notes: https://wiki.securityweekly.com/Episode614 Visit https://www.securityweekly.com/psw for all the latest episodes!