Paul's Security Weekly (Video)

Fear of AI attacks, the FDA releases cybersecurity guidance, watch hackers steal a Tesla, serious D-Link router security flaw may never be patched, and California addresses default passwords! All that and more, on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode580 Follow us on Twitter: https://www.twitter.com/securityweekly

Yossi Sassi is the Co-Founder and Cybersecurity Researcher at CyberArtSecurity.com. Yossi joins us for a tech segment to talk about using windows powershell, discussing DCSync, DCShadow, creative Event Log manipulation & thoughts about persistence. To learn more about Javelin Networks, Go To: www.javelin-networks.com Full Show Notes: https://wiki.securityweekly.com/Episode580 Follow us on Twitter: https://www.twitter.com/securityweekly

Veronica Schmitt is the Sr. Digital Forensic Scientist for DFIRLABS. Veronica explains what SRUM is in WIndows 10. She explains how SRUM can be a valuable tool in Digital Forensics. Full Show Notes: https://wiki.securityweekly.com/Episode580 Follow us on Twitter: https://www.twitter.com/securityweekly

How to use the Shodan search engine to secure an enterprise's internet presence, Apache access vulnerability could affect thousands of applications, vulnerable controllers could allow attackers to manipulate marine diesel engines, & ICS Security Plagued with Basic, and avoidable mistakes! Full Show Notes: https://wiki.securityweekly.com/Episode579 Follow us on Twitter: https://www.twitter.com/securityweekly

John Walsh the DevOps Evangelist for CyberArk joins us on the show. John talks about the articles he wrote for CyberArk about Kubernetes, DevSecOps, and how to strengthen your container authentication with CyberArk. Sponsor Landing Page: https://www.conjur.org/asw Full Show Notes: https://wiki.securityweekly.com/Episode579 Follow us on Twitter: https://www.twitter.com/securityweekly

Mark Dufresne explains why MITRE created their tool and what the MITRE attack framework is. Full Show Notes: https://wiki.securityweekly.com/Episode579 Follow us on Twitter: https://www.twitter.com/securityweekly

New Apple and Microsoft security flaws at Black Hat Europe, CCTV makers leaves at least 9 million cameras public, upset Google+ users are sueing Google, US weapons systems apparently can be easily hacked, not all multifactor authentication is created equal, and Kanye's '000000' password makes iPhone security great again! Full Show Notes: https://wiki.securityweekly.com/Episode578 Follow us on Twitter: https://www.twitter.com/securityweekly

Omer is End-Point team lead at Javelin Networks. The team focuses on methods to covertly manipulate OS internals. Before Javelin Networks, he was a malware researcher at IBM Trusteer for two years focusing on financial malware families and lectured about his research on Virus Bulletin and Zero Nights conferences. Full Show Notes: https://wiki.securityweekly.com/Episode578 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Lee Neely is a senior IT and security professional at LLNL with over 25 years of extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions. Full Show Notes: https://wiki.securityweekly.com/Episode578 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

In the security news, Russian Hackers use Malware that can survive OS reinstalls, Facebook's 2-Factor authentication With a phone number isn't only for security, it's used for ads ,FBI warns companies about hackers increasingly abusing RDP connections, NSA employee who brought hacking tools home sentenced to 66 months in prison, new Linux Kernel Bug affects Red Hat, CentOS, and Debian Distributions, and Baddies just need one email account with clout to unleash phishing hell, and more! Full Show Notes: https://wiki.securityweekly.com/Episode577 Visit https://www.securityweekly.com/psw for all the latest episodes!

Carlos Perez delivers the Technical Segment on How to Operate Offensively Against Sysmon. He talks about how SysMon allows him to create rules, and track specific types of tradecraft, around process creation and process termination. He dives into network connection, driver loading, image loading, creation of remote threats, and more! Full Show Notes: https://wiki.securityweekly.com/Episode577 Visit https://www.securityweekly.com/psw for all the latest episodes!

Mike Nichols is the VP of Product Management at Endgame, and he manages the Endgame endpoint protection platform. Keith McCammon is the Chief Security Officer and Co-Founder of Red Canary, and he runs Red Canary's Security Operation Center. Shawn Smith is the IT Security Manager at Panhandle Educators Federal Credit Union. They discuss the problems Shawn had that led him to choose Red Canary and Endgame as his solution, skill shortages in vendors, what he did to convince his management to approve of this solution, and what his process for testing the effectiveness of these solutions was. Full Show Notes: https://wiki.securityweekly.com/Episode577 Visit https://www.securityweekly.com/psw for all the latest episodes!

Senate can't protect senators staff from Cyber Attacks, Equifax fined by ICO over data breach that hit Britons, US Military given the power to hack back and defend forward,and AmazonBasics Microwave works with Alexa! Full Show Notes: https://wiki.securityweekly.com/Episode576 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Apollo Clark goes through inventory management, access management, config management, patch management, automated remediation, logging and monitoring, and deployment tools. Full Show Notes: https://wiki.securityweekly.com/Episode576 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Mike Ahmadi oversees IoT security solutions and technical implementations for DigiCert customers across various verticals that include industrial, transportation, smart city, consumer devices and healthcare. Full Show Notes: https://wiki.securityweekly.com/Episode576 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Microsoft accidentally lets encrypted Windows 10 out the the world, Kernel exploit discovered in macOS, PowerShell obfuscation ups the anty on anti virus, Google outlines incident response process, BombGar buys BeyondTrust, and Neil DeGrasse Tyson speaks on Elon Musk saying: Let the man Get High! All that and more, on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode575 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Eyal Neemany describes how to bypass Linux Pluggable Authentication Modules provide dynamic authentication support for applications and services in a Linux or GNU/kFreeBSD system. Eyal Neemany is the Senior Security Researcher for Javelin Networks. →Full Show Notes: https://wiki.securityweekly.com/Episode575 →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Brian Coulson is a Senior Security Research Engineer in the Threat Research Group of LogRhythm Labs in Boulder, CO. His primary focus is the Threat Detection Modules such as UEBA, and NTBA. →Full Show Notes: https://wiki.securityweekly.com/Episode575 →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

In the security news, Spanish driver tests positive for every drug test, vulnerabilities found in the remote management interface of Supermicro servers, Apache Struts 2 flaw in the wild, HTTPS crypto-shame, and how to manipulate Apple's podcast charts! Full Show Notes: https://wiki.securityweekly.com/Episode574 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Beacon analysis is an integral part of threat hunting. If you are not looking for beacons you take the chance of missing compromised IoT devices or anything that does not have a threat mitigation agent installed. I'll talk about what makes beacon hunting so hard, and how the open source tool RITA can simplify the process. ***Powerpoint Slides in Full Show Notes*** Full Show Notes: https://wiki.securityweekly.com/Episode574 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Wim Remes from Wire Security bvba comes on the show to talk about pentesting, SDLC, the state of security, life of a (virtual) CISO, and certifications. Full Show Notes: https://wiki.securityweekly.com/Episode574 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News this week, Zero-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million. Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. Prior to joining DFLabs John worked for a global security services provider, performing a wide variety of incident response consulting services. Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects. Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artificial Whiskey is coming, and one company is betting you'll drink up. Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He comes on the show to discuss PHP Type Juggling Vulnerabilities. Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Tod Beardsley is the Director of Research at Rapid7. Paul talks to Tod about his recent projects Sonar and Heisenberg. They also discuss Tod's Under the Hoodie pentest report. Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Paul and Matt Alderman had the chance at DEF CON to sit down and talk about Cigars and Security. In our very first episode, Paul asks Matt questions on how he got started in Security, who some of his biggest influencers were, and how he feels about the Security world today. Matt asks Paul questions about Cigars, their origin, and what the difference is between different tobaccos grown all around the world. Full Show Notes: https://wiki.securityweekly.com/Episode571 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Our very own Larry Pesce delivers the Technical Segment this week on Spoofing GPS with a hackRF. Full Show Notes: https://wiki.securityweekly.com/Episode571 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News this week, Hacking Police Bodycams, Adobe fixes critical code execution flaws in latest patch update, Researchers develop device to aid in hunt for stealthy ATM card skimmers, Australians who wont unlock their phones could face 10 years in jail, overcoming 'Security as a Silo' with Orchestration and Automation, and more! Full Show Notes: https://wiki.securityweekly.com/Episode571 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Reddit breached after hackers bypass 2FA, Yale University discloses old school data breach, and 5 steps to fight unauthorized cryptomining. All that and more, here on security weekly! Full Show Notes: https://wiki.securityweekly.com/Episode570 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

An introduction to FL2K: Software Defined Radio is all the rage for detecting unknown signals and transmitters. We'll show you how to set up and use a surreptitious transmitter to start your journey. Full Show Notes: https://wiki.securityweekly.com/Episode570 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Josh is a key member of the technical execution team. In this capacity, he is responsible for leading, directing, and executing client-facing engagements that include Praetorian's tactical and strategic service offerings. Full Show Notes: https://wiki.securityweekly.com/Episode570 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and GhostPack. Full Show Notes: https://wiki.securityweekly.com/Episode569 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Chris Dale is the Head of the Penetration Testing & Incident Handling groups at Netsecurity, a mid-sized company based out of Norway. Along with significant security expertise, Chris has a background in System Development, IT-Operations and Security Management. Full Show Notes: https://wiki.securityweekly.com/Episode569 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Dean Coclin is the Senior Director of Business Development at DigiCert. Dean brings more than 30 years of business development and product management experience in software, security, and telecommunications to the company. Full Show Notes: https://wiki.securityweekly.com/Episode569 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News this week, the evolutionary waves of the penetration testing, the SIM Hijackers, Roblox blames virtual "gang rape" on hack, thousands of Mega logins dumped online, Facebook refuses to remove fake news but demote it, alleged Russian Hackers mined Bitcoin to fund their operation, and more! Full Show Notes: https://wiki.securityweekly.com/Episode568 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Chris 'Lopi' Spehn is a consultant on Mandiant's red team. Chris was formerly a penetration tester for major credit card companies and retailers. Chris is also the founder of Illinois State University's first information security club, participated in CCDC for three years, and received first place in National Cyber League 2012. Full Show Notes: https://wiki.securityweekly.com/Episode568 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Davi Ottenheimer is a strategist and author focused on cultural disruptions and defense ethics in emerging data platforms and intelligent machines; for more than twenty years' he has led global teams developing and managing secure systems. Full Show Notes: https://wiki.securityweekly.com/Episode568 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News this week, Hackers put Airport Security system Access on the Dark Web, Arch Linux PDF reader package poisoned,Chrome defends Spectre, & Cisco patches bug in VoIP phones. Full Show Notes: https://wiki.securityweekly.com/Episode567 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Limor is an entrepreneur, product evangelist, security expert, and a business development executive. She is the Founder of Peerlyst, the largest community of security professionals, serving more than half a million security experts in 191 countries. Full Show Notes: https://wiki.securityweekly.com/Episode567 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. Prior to Signal Sciences, Zane was the Director of Security Engineering at Etsy and a Senior Security Consultant at iSEC Partners. Full Show Notes: https://wiki.securityweekly.com/Episode567 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Terrible passwords outlawed in Microsoft's new Azure tool, Ticketmaster suffers security breach in personal and payment data, stop wiping your butt so hard, Toronto cops in big trouble for eating weed edibles, and WiFi's tougher WPA3 security is read. All that and more, here on Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode566 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Ever wonder how to get started pen testing Android Apps? This tech segment will demonstrate a few basic techniques and tools to give you a taste of mobile app assessments with the Android platform. Full Show Notes: https://wiki.securityweekly.com/Episode566 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Tom Brennan from Proactive Risk and Gary Berman from Cyberman Security, come on the show and talk about their journey up till their comic. They give us the inside scoop on their comic book, "The CyberHero Adventures". Full Show Notes: https://wiki.securityweekly.com/Episode566 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the Security News this week, shutting down the Internet to prevent cheating, Yubico claims a bug bounty and upsets researchers, patching MRI scanners, getting your money back after being scammed, and a couple is caught selling golden tickets to heaven. Full Show Notes: https://wiki.securityweekly.com/Episode565 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Jason Wood delivers this technical segment on NMAP. Everyone loves using Nmap and the Nmap Scripting Engine. We don't always write NSE scripts though. Writing scripts for can be a bit intimidating at first, but they aren't too bad to get started on. In this tech segment, we will talk a bit about LUA, writing NSE scripts, and then write a couple of simple scripts to interact with Wordpress. Full Show Notes: https://wiki.securityweekly.com/Episode565 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Founder of Microsoft Azure Sphere, Galen Hunt is a Distinguished Engineer at Microsoft. Azure Sphere provides an end-to-end solution that enables any device manufacturer to create highly-secured devices; devices possessing all 7 Properties of Highly-Secured Devices. He is part of the launch team for Microsoft Research New Experiences and Technologies organization (MSR NExT). Full Show Notes: https://wiki.securityweekly.com/Episode565 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

In the Security News this week, Smart lock can be hacked in seconds, librarian sues Equifax over 2017 data breach wins $600, Neighbors of Cold War Air Force deserter knew him as 'Tim'. In the random and potentially interesting stories, a defecating Pennsylvania driver and researchers studied 160 million memes. Full Show Notes: https://wiki.securityweekly.com/Episode564 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Keith will be talking through some of the tools, techniques, and procedures he uses to perform recon, identify targets of interest, and report findings faster and easier. Full Show Notes: https://wiki.securityweekly.com/Episode564 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly