Paul's Security Weekly (Video)

Mike Assante is the Director of Critical Infrastructure and ICS for the SANS Institute. He clears up the confusion of Dragonfly 2.0 and explains control systems and how those attacks work. Full Show Notes: https://wiki.securityweekly.com/Episode530 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Ted Demopoulos is a Senior SANS Instructor, a recipient of the Department of Defense Award of Excellence, and the author of Infosec Rock Star: How to Accelerate Your Career Because Geek Will Only Get You So Far. Full Show Notes: https://wiki.securityweekly.com/Episode530 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

The nightmare that is patching IoT devices, essential bug bounty programs, controlling voice assistants, flaws in Apache Struts2, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode529

Chris Crowley is a SANS instructor and independent consultant based in the Washington, D.C. area. Mr. Crowley overviews his approach to keeping mobile applications secure in this technical segment! Full Show Notes: https://wiki.securityweekly.com/Episode529 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Michele Jordan is the Founder and Principal Consultant of Under the Oak Consulting. She has worked in IT and network security for over 35 years. Michele delves into her background in security, her trials and tribulations running the Radar Page, and more! Full Show Notes: https://wiki.securityweekly.com/Episode529 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Are you sick of The Fappening yet? We're not! Larry and Dave have fun with boarding passes, hacking pacemakers, the FCC hosting your memes, and more information security news! Full Show Notes: https://wiki.securityweekly.com/Episode528 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Larry and Dave discuss the upcoming DerbyCon conference, shenanigans from past cons, and reiterate the mission that DerbyCon was founded around in the first place! Full Show Notes: https://wiki.securityweekly.com/Episode528 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Kyle Wilhoit is a Senior Security Researcher at DomainTools; he focuses on research DNS-related exploits, investigate current cyber threats, and exploration of attack origins and threat actors. Kyle joins us to discuss the merit and concept of pivoting off domain information! Full Show Notes: https://wiki.securityweekly.com/Episode528 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Larry had a technical problem that he needed to solve. Larry demonstrates a new capture-the-flag scenario. Larry explains how to capture a particular wireless packet in the middle of all this noise. Full Show Notes: https://wiki.securityweekly.com/Episode527 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Richard Moulds is the General Manager of Whitewood Security. Whitewood aims to help its customers to take control of the generation of random numbers across their application infrastructure. Full Show Notes: https://wiki.securityweekly.com/Episode527 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

More Celebrity Nude Photos Hacked and Leaked Online, A Company Offers $500,000 For Secure Messaging Apps Zero-Day Exploits, Beware of Windows/MacOS/Linux Virus Spreading Through Facebook Messenger, Open AWS S3 Bucket Leaked Hotel Booking Service Data, 98% of Companies Favor Integrating Security with DevOps, and a Racist Television company? Full Show Notes: https://wiki.securityweekly.com/Episode527 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

More Chrome extensions have been compromised, disabling safety features in cars, being targeted via AirDrop, USB is less secure (go figure), and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode526 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Your WAF is not safe! Sven Morgenroth, a Security Researcher at Netsparker, blows Paul's mind with his ninja-esque input filter bypass skills in this technical segment! Full Show Notes: https://wiki.securityweekly.com/Episode526 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Bryson Bort is the Founder and CEO of GRIMM, a Washington, D.C. based security engineering and consulting services company. Bryson delves in-depth into his entrepreneurship journey, the problems GRIMM aims to solve, and the current state of pen testing, malware analysis, and more! Full Show Notes: https://wiki.securityweekly.com/Episode526 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Printer attacks have been around for some time. Paul describes some of the latest techniques and research into printer hacking, including capturing print jobs, manipulating print jobs and other attacks. These are useful on penetration tests (believe it or not). Defenders take note, printers must be on your radar. Full Show Notes: https://wiki.securityweekly.com/Episode525 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Mystery bug bounties, Marcus Hutchins pleads not guilty, a password guru regrets past advice, Dropbox and offline two-factor authentication, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode525 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Aram is the Founder and CEO of BeSafe (formerly Skycryptor), an encrypted cloud company that uses proxy re-encryption techniques to protect user data. He provides a demo on his techniques to ensure user data security! Full Show Notes: https://wiki.securityweekly.com/Episode525 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

WannaCry's killswitch domain registrant is arrested, making infosec more inclusive, hacking 113-year-old subway signs, security standards for smart devices, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode524 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Larry and his intern, Galen Alderson, present a demo of their Vaportrail project! Galen shows us how to exfiltrate data from networks using broadcast FM radio and other inexpensive materials. Full Show Notes: https://wiki.securityweekly.com/Episode524 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Danny Miller, the Director of Product Marketing at Ericom Software, joins us to discuss how enterprises can protect themselves by utilizing isolated browsing and other techniques! Full Show Notes: https://wiki.securityweekly.com/Episode524 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Exploiting SambaCry, a warning from the FBI, hacks versus hurricanes, hacking segways, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode523 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Sven Morgenroth of Netsparker joins us to expound upon an original blog post on bypassing corporate firewalls and vulnerable web applications in this technical segment! Full Show Notes: https://wiki.securityweekly.com/Episode523 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Almog Ohayon of Javelin Networks pits Javelin ADProtect against Microsoft ATA in an epic threat analytics showdown! Full Show Notes: https://wiki.securityweekly.com/Episode523 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Russians on PornHub, dirty songs on the radio, Windows security protocol vulnerabilities, tomato plant security, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode522 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

This is a random technical segment on implementing random number generators in Linux. Don shows us the ins and outs of the entropy pool, the different between /dev/random and /dev/urandom, and some awesome hardware that can increase entropy. Full Show Notes: https://wiki.securityweekly.com/Episode522 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Learn about "fileless" malware, threat actors, evading detection on the endpoint and more! Joe Desimone is a Malware Researcher at Endgame. He focuses on tracking and countering APTs, reverse engineering malware, and developing novel techniques and tools to empower hunt teams. Full Show Notes: https://wiki.securityweekly.com/Episode522 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Tim Helming joins us to talk about all things related to domains, including luxury domain abuses, the security value of the whois database and more! Full Show Notes: https://wiki.securityweekly.com/Episode521 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Paul Ewing from Endgame talks about the different types of threat hunting (network, host and logs) and the pros and cons of each! Full Show Notes: https://wiki.securityweekly.com/Episode521 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

How to hire infosec professionals, patching automation code, hijacked Android devices, Bitdefender support for Mac, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode521 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Separating the hacked and the paranoid, remote Linux hacking, Petya goes postal at FedEx, today's mainstream hacktivism tools, and why choosing Windows should get you fired! Full Show Notes: https://wiki.securityweekly.com/Episode520 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Guy came on the show and gave a live demo on how to become Domain Admin in an Active Directory environment, and keep those privileges for 20+ years. Guys shows us how to abuse service accounts to get yourself a golden ticket. Then shows how the Javelin Networks technology can be used to detect, prevent and monitor for this type of attack and the exposures inside Active Directory that hand over the keys, er tickets, to the kingdom. Full Show Notes: https://wiki.securityweekly.com/Episode520 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Moses returns to the show to discuss his background in technology and security (which is eerily similar to Paul's!). The crew then got into a deep discussion of the history of many different technologies (Solaris Firewalls, IDS, Java and more!). Moses talked at length about serialization bugs in both PHP and Java. Then we dove right into JavaScript. It was a nerdfest, not to be missed! Full Show Notes: https://wiki.securityweekly.com/Episode520 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Why Firefox is superior, spies in Mexico, WannaCry shuts down a car plant, Cisco patches critical vulnerabilities, hacking air-gapped networks, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode519 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Learn how to use Windows Event Logs to catch attackers in your network, including domain admin group enumeration and mimikatz attacks! Justin Henderson (@SecurityMapper) categorizes these techniques as "reverse attack analysis for detection" and shows us how to do it in this technical segment! References to Mark Baggett's work on freq.py are made as well (https://isc.sans.edu/forums/diary/Detecting+Random+Finding+Algorithmically+chosen+DNS+names+DGA/19893/) Full Show Notes: https://wiki.securityweekly.com/Episode519 Security Weekly Web Site: http://securityweekly.com Follow us on Twitter: @securityweekly

Eric Conrad comes into the studio to talk about a groundbreaking new CTF aimed at the defenders and how to become a SANS instructor. A healthy dose of UNIX/Linux nerd talk and how to give effective presentations is included! Eric Conrad is a SANS Senior Instructor, author, and infosec consultant. He also serves as the CTO of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. Full Show Notes: https://wiki.securityweekly.com/Episode519 Security Weekly Web Site: http://securityweekly.com Follow us on Twitter: @securityweekly

One MILLION endpoints, WannaCry is linked to North Korea, IoT is broken (what's new?),inside a porn-pimping spam botnet, fixing Windows Defender, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode518 Visit Our Website: https://securityweekly.com

Carrie Roberts of Black Hills Information Security joins us to show hot to use Burp and ProxyCannon to Prevent IP blacklisting while password spraying in this technical segment! Full Show Notes: https://wiki.securityweekly.com/Episode518 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Trey Forgety is the Director of Government Affairs and Information Security Issues at the National Emergency Number Association. He worked with the White House to develop policy for a nationwide LTE network for public safety, known as FirstNet. Trey Joins us to discuss emergency response systems and the future of crisis communications in this interview! Full Show Notes: https://wiki.securityweekly.com/Episode518 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

• FBI Arrests NSA Contractor for Leaking Secrets • getsploit: Search & Download Exploits! • Some non-lessons from WannaCry • IDG Contributor Network: Top 5 InfoSec concerns for 2017 • VMware Patches Critical Vulnerabilities in vSphere Data • Protection OneLogin Security Chief Reveals New Details Of Data Breach • Authentication Bypass, Potential Backdoors Plague Old WiMAX Routers • Linux Malware Enslaves Raspberry Pi To Mine Cryptocurrency • Internet Cameras Have Hard-Coded Passwords You Can't Change • Will Deception as a Defense Become Mainstream? • How a few yellow dots burned the Intercepts NSA leaker • TV Hack Sparks Middle East's Diplomatic Crisis • 53 Percent of Enterprise Flash Installs are Outdated • Healthcare Industry Cybersecurity Task Force report Full Show Notes: https://wiki.securityweekly.com/Episode517 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

byt3bl33d3r recently released "DeathStar", which use Powershell Empire's API to automatically obtain Domain Admin privileges in an Active Directory environment with the Click of a button. Some may ask "How do i detect and prevent this attack?". Tune in to this segment to find out how to use products available from Javelin Networks to do just that! Full Show Notes: https://wiki.securityweekly.com/Episode517 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Graham Cluley is an award-winning security blogger, researcher and public speaker. In this interview, we discuss ransomware, stealing content, the motivations of attackers, IoT, and more! Graham has been a well-known figure in the computer security industry since the early 1990s when he worked as a programmer, writing the first ever version of Dr. Solomon's Anti-Virus Toolkit for windows. Since then, he has been employed in senior roles by companies such as Sophos and Mcafee, and now runs his own security news website and podcast. Full Show Notes: https://wiki.securityweekly.com/Episode517 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Chipotle and OneLogin suffer breaches, Windows XP Too Unstable To Spread WannaCry, Patches Available for Linux Sudo Vulnerability, Cisco, Netgear Readying Patches For Samba Vulnerability, oAuth nightmares, Attack and Defense, Jay Beale style, Decoding DECT with an RTL-SDR, and who are the Shadow Brokers? Full Show Notes: https://wiki.securityweekly.com/Episode516 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

I know what you're thinking, Node.js is server-side right? Not exactly. It turns out many client-side applications have embedded Node.js. And its not always updated to the latest version. And, its vulnerable to attacks! Moses Hernandez is a Consulting Systems Engineer for Cisco Systems and an Instructor for pen testing courses at the SANS Institute. Moses shows us how to find Node.js on a system, locate the different versions, and exploit to bypass UAC! Full Show Notes: https://wiki.securityweekly.com/Episode516 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Don Pezet from ITPro.TV joins us on the show to help us identify security challenges and solutions for small business/mid-market. Backups are key, as are ease of use and support. The most important thing? Awareness and education! Tune-in for the full discussion. Full Show Notes: https://wiki.securityweekly.com/Episode516 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Gravityscan is keeping WordPress sites safe, WiFi to see through walls, Dodged a bullet and stepped in front of another one, Twitter Flaw Allowed You To Tweet From Any Account, and Latest Cb Defense UX Features Intuitive Design, Easy Access to Answers from Carbon Black! Full Show Notes: https://wiki.securityweekly.com/Episode515 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Almog Ohayon from Javelin Networks gives a demo on how compromises happen and counteract them. Full Show Notes: https://wiki.securityweekly.com/Episode515 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Dr. Branden R. Williams has twenty years of experience in business, technology, and information security as a consultant, leader, and an executive. Branden has world for well known Information Security companies as well as founded two. He's an author, blogger, pilot, and lover of bourbon. Full Show Notes: https://wiki.securityweekly.com/Episode515 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

WordPress announces a bug bounty program, stealing voice prints, hacking Mar-a-Lago, XP PCs dodge WannaCry's ransom, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode514 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Microsoft has advised that customers disable SMBv1. This tech segment walks you through the steps required to do so on all Windows platforms, the pitfalls, and scanning for non-domain computers running SMBv1. Full Show Notes: https://wiki.securityweekly.com/Episode514 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Widely recognized as Co-Author of the Hacking Exposed book series, Joel has worked/consulted for companies like Foundstone (co-founder), Microsoft, Amazon, Costco, Softcard, and Ernst & Young. Joel came on the show to talk about how he got started in security, the changes in vulnerability management, cloud security and IoT. Joel currently is a Technical Director at NCC Group. Full Show Notes: https://wiki.securityweekly.com/Episode514 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly