This week, we welcome back Marcello Salvati, Security Analyst at our sponsor Black Hills Information Security, to give some updates on his Post Exploitation Tool SILENTTRINITY! In the second interview, we welcome Steve Brown, Keynote Speaker at SecureWorld Boston 2019 to discuss his talk about Building Your Strategic Roadmap for the Next Wave of Digital Transformation! In the Security News, password managers leaking data in memory, security analysts are only human, Splunk changes position of Rus...
Feb 23, 2019•2 hr 49 min
This week, we welcome Harry Sverdlove, Chief Technology Officer of Edgewise for an interview, to talk about The Future of Firewalls! In the Technical Segment, we discuss some Enterprise-ish Network Security hardware and software that we've incorporated here in our Security Weekly Studio! In the Security News, why it's way too easy to sell counterfeit goods on Amazon, how to defend against the runC container vulnerability, creating a dream team for the new age of cyber security, how you can get a...
Feb 16, 2019•2 hr 35 min
This week, we welcome Chris Long, Security Engineer at Palantir for our Technical Segment to talk about DetectionLab, a collection of Vagrant and Packer scripts that allow you to automate the creation of networks! In the Security News, 5G networks must be secured from hackers and bad actors, Zero-Day vulnerability highlights the responsible disclosure dilemma, a flaw in multiple airline systems exposes passenger data, security bugs in video chat tools enable remote attackers, and an original Wor...
Feb 09, 2019•2 hr 23 min
This week, we welcome Benjamin Daniel Mussler, Senior Security Researcher at Acunetix to talk about Web App Scanning with Authentication! In our second segment, the Security Weekly hosts will discuss the Future of Security, such as major changes, evolving threats, and security culture! In the Security News, 5 tips for access control from an ethical hacker, Japan is to hunt down citizens insecure IoT devices, kid tracking watches allow attackers to monitor real time location data, and Imperva mit...
Feb 02, 2019•2 hr 42 min
This week, we welcome Chris Morales, the Head of Security Analytics at Vectra for an interview to talk about Machine Learning! In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs! In the Security News, cellular carriers are implementing services to identify cell scam leveraging, new Android malware uses motion sensor to avoid detection, Linux malware disables secu...
Jan 26, 2019•2 hr 33 min
This week, we welcome Dr. Eric Cole, the Founder and CEO of Secure Anchor Consulting for an interview! In the Technical segment, our very own Joff Thyer will be demonstrating some syntax with PowerShell useful for transferring data into a network while pen testing! In the Security News, two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for Zero-Day Exploits are rising, new attacks target recent PHP Framework Vulnerability, Microsoft launches a...
Jan 19, 2019•2 hr 47 min
This week, we welcome Bryson Bort, the Founder and CEO of SCYTHE to talk about Attack Simulation! In the Technical Segment, Kory Findley will be presenting a tool he created entitled “pktrecon”, for internal network segment reconnaissance using broadcast and service discovery protocol traffic! In the Security News, why Hyatt Is launching a public bug bounty program, Amazon Key partners with myQ, web vulnerabilities up, IoT flaws down, enterprise iPhones will soon be able to use security dongles,...
Jan 12, 2019•2 hr 21 min
This week, we welcome back Dameon Welch-Abernathy, or “Phoneboy”, a Cyber Security Evangelist at Check Point Software Technologies for an interview! Dameon joins us to discuss how to help people in the security community, a topic near and dear to our hearts! In the Technical Segment, the Security Weekly crew accompanied by Dameon holds a discussion on Breaches, Privacy, Compliance, and more! In the Security News, the worst hacks of 2018, hijacking smart TV's to promote PewDiePie, hackers attempt...
Jan 05, 2019•2 hr 47 min
This week, we welcome Vaughn Adams, Enterprise Sales Engineer at LogRhythm! Vaughn will be talking about using freely available tools and logs you are already collecting to detect attacker behavior! In our second segment, we have a Round Table discussion entitled "What the Heck Are Security Basics?", to talk about what should organizations be doing to meet the basic security requirements, and much more! In our final segment, we air a pre-recorded interview with Mandy Logan on "Hacking the Brains...
Dec 22, 2018•3 hr 21 min
This week, how Taylor Swift used Facial Recognition to thwart stalkers, unlocking Android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, to Hell with it, just patch your stuff already! In our first interview, we welcome back Ed Skoudis, Founder of the Counter Hack Challenge and Kringle Con 2018! Ed joins us on the show to talk about this years challenge and what's in store! In our final interview, we welcome back Don Murdoch, the ...
Dec 17, 2018•2 hr 3 min
This week, how Docker containers can be exploited to mine for cryptocurrency, WordPress sites attacking other WordPress sites, why the Marriott breach is a valuable IT lesson, malicious Chrome extensions, why hospitals are the next frontier of cybersecurity, and how someone is claiming to sell a Mass Printer Hijacking service! In our first Technical Segment, we welcome Marcello Salvati, Security Consultant at BHIS, to talk about SILENTTRINITY, a post-exploitation agent powered by Python, IronPyt...
Dec 08, 2018•2 hr 21 min
This week, Wietse Venema and Dan Farmer, the Developers of Security Administrator Tool for Analyzing Networks (SATAN) Sven Morgenroth of Netsparker will talk about PHP Object injection vulnerabilities and explain the dangers of PHP's unserialize function, and the crew will wrap the show with the Security News! Full Show Notes: https://wiki.securityweekly.com/Episode584 To learn more about Netsparker, go to: https://www.netsparker.com/securityweekly Follow us on Twitter: https://www.twitter.com/s...
Dec 02, 2018•2 hr 49 min
This week, we welcome Jon Buhagiar, Network+ Review Course Instructor at Sybex for an interview to talk about Network Operations! In the Technical Segment, we welcome back John Moran, Senior Product Manager at DFLabs to talk about IncMan SOAR and how DFLabs Automation & Response platform helps automate, orchestrate, and measure CSIRTs and SOCs! In the Security News this week, 7 new Spectre/Meltdown attacks, Hacking ATM's for free cash is easier than Windows XP, AI can now fake fingerprints f...
Nov 17, 2018•2 hr 45 min
This week, we welcome Corin Imai, Senior Security Advisor for DomainTools! She joins Paul and the crew to talk about DNS, phishing tools, and tease what DomainTools has in store for 2019! In our Technical Segment, we welcome back Eyal Neemany, Senior Security Researcher at Javelin Networks to talk about securing remote administration, remote credentials, why Jump Servers aren’t as good, and he shows that you have to connect to remote machines using AD! In the Security News, Cisco accidentally re...
Nov 10, 2018•2 hr 2 min
This week, we welcome Aleksei Tiurin, Senior Security Researcher at Acunteix for a Technical Segment on Insecure Deserialization in Java/JVM! In our second Technical Segment, we welcome Matt Toussain, Security Analyst at Black Hills Information Security to talk about RAS! In the security news, Bleedingbit Vulnerabilities, Cisco Zero-Day exploited in the wild, Researchers find Flaws in chips used in hospitals, US Governments network infected with Russian Malware, and the Weird Trick that turns yo...
Nov 03, 2018•2 hr 30 min
This week, Paul interviews Mike Nichols of Endgame, Keith McCammon of Red Canary, & Shawn Smith of Panhandle Educators Federal Credit Union! Carlos Perez delivers the Technical Segment on How to Operate Offensively Against SysMon, and the crew will wrap the show with the Security News! Full Show Notes: https://wiki.securityweekly.com/Episode577 Visit https://www.securityweekly.com/psw for all the latest episodes!...
Nov 02, 2018•1 hr 54 min
This week, we welcome Veronica Schmitt, Senior Digital Forensic Scientist for DFIRLABS! Veronica explains what SRUM is in Windows 10, and how SRUM can be a valuable tool in Digital Forensics! In the Technical Segment, we welcome Yossi Sassi, the Co-Founder and Cybersecurity Researcher at CyberArtSecurity.com and Advisory Board member at Javelin Networks! Yossi joins us to discuss using Windows Powershell, discussing DCSync, DCShadow, creative Event Log manipulation & thoughts about persisten...
Oct 26, 2018•2 hr 58 min•Ep. 580
This week, we welcome Mark Dufresne, VP of Threat Research at Endgame for an interview, to talk about how MITRE created their tool and what the MITRE attack framework is! In our second feature interview, we welcome John Walsh, DevOps Evangelist at CyberArk to talk about Kubernetes, DevSecOps, and how to strengthen your container authentication with CyberArk! In the security news, how to use the Shodan search engine to secure an enterprise's internet presence, Apache access vulnerability could af...
Oct 20, 2018•2 hr 15 min•Ep. 579
This week, we welcome Lee Neely, Senior Cyber Analyst at Lawrence Livermore National Lab for an interview! In the Technical Segment, Omer Yair from Javelin Networks brings us through his talk he presented at DerbyCon entitled: “Goodbye Obfuscation, Hello Invisi-Shell”! In the security news, new Apple and Microsoft security flaws at Black Hat Europe, CCTV makers leaves at least 9 million cameras public, upset Google+ users are suing Google, US weapons systems apparently can be easily hacked, Not ...
Oct 13, 2018•2 hr 1 min•Ep. 578
This week, Paul interviews Mike Ahmadi, Global Director of IoT Security Solutions at DigiCert! Apollo Clark delivers the Technical Segment on Threat Hunting in the Cloud! In the Security News this week, Senate can't protect senators staff from Cyber Attacks, Equifax fined by ICO over data breach that hit Britons, US judge allows e-voting despite hack fears, Zero Day in Internet connected cameras, US Military given the power to hack back and defend forward, and AmazonBasics Microwave works with A...
Sep 22, 2018•2 hr 17 min•Ep. 576
This week, Paul interviews Brian Coulson, Sr. Threat Research Engineer at LogRhythm! Eyal Neemany, Sr. Cyber Security Researcher at Javelin Networks delivers the Technical Segment on Bypassing PAM! In the Security News, Microsoft accidentally let encrypted Windows 10 out into the world, Kernel exploit discovered in macOS Webroot SecureAnywhere antivirus software, PowerShell obfuscation ups the ante on antivirus, Bomgar Buys BeyondTrust, and a low cost rubber ducky! Full Show Notes: https://wiki....
Sep 14, 2018•2 hr 37 min•Ep. 575
This week, Paul and the crew sit down with Wim Remes, Founder and Principal Consultant at Wire Security! In our Technical Segment, we welcome back Chris Brenton, Chief Operating Officer for Active Countermeasures, in which he explains why Beacon Analysis in an integral part of threat hunting! In the Security News this week, Vulnerabilities found in remote management interface of Supermicro servers, Google fixes Chrome issue that allowed theft of WiFi logins, U.S. to charge North Korean spy over ...
Sep 08, 2018•2 hr 9 min•Ep. 574
This week, Paul and the crew sit down with Jayson Street, VP of Infosec at SphereNY for an interview! John Moran, Senior Project Manager of DFLabs delivers the Technical Segment on a new No-Script Automation Tool! In the Security News this week, 0-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million! All that and more on this episode of Paul’s Security Weekly! Full Show Not...
Sep 01, 2018•2 hr 18 min•Ep. 573
This week, Paul and the crew sit down with Tod Beardsley, Director of Research at Rapid7 for an interview! Sven Morgenroth, Security Researcher at Netsparker delivers the Technical Segment on PHP Type Juggling Vulnerabilities! In the Security News this week, The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artificial Whiskey is coming, and one company is betti...
Aug 25, 2018•2 hr 38 min•Ep. 572
This week, our very own Larry Pesce delivers the Technical Segment on Spoofing GPS with a hackRF! In the Security News, Hacking Police Bodycams, Adobe execution flaws, Google expands to Bug Bounty Program, and if you live in Australia, you could face ten years in jail if you don't unlock your phone! In our final segment, we air our pre-recorded interview with Paul and Matt Alderman from DEF CON on Cigars and Security! Full Show Notes: https://wiki.securityweekly.com/Episode571 Visit https://www....
Aug 18, 2018•3 hr 13 min•Ep. 571
This week, Paul interviews Josh Abraham, Staff Engineer at Praetorian! In the Technical Segment, our very own Larry Pesce gives an introduction to FL2K! In the Security News,Microsoft Edge flaws, Ransomware attacks, Yale university data breaches, Reddit data breaches, Linux kernels, and in our Funny story of the week, why people are rubbing toothpaste on their breasts to make them larger, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode...
Aug 04, 2018•2 hr 50 min•Ep. 570
This week, Paul interviews Dean Coclin, Senior Director of Business Development at DigiCert! In our second feature interview, we welcome Chris Dale, Head of the Penetration Testing and Incident Handling at Netsecurity! In the Security News, Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.s...
Jul 28, 2018•2 hr 55 min•Ep. 569
This week, Paul interviews Davi Ottenheimer, Product Strategy at MongoDB! In our second feature interview, we welcome Chris Spehn, Consultant at Mandiant’s Red Team! In the Security News, Pentesting, SIM Hijackers, Thousands of Mega logins dumped online, the Russians who allegedly hacked the DNC mined Bitcoin for funds, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode568 Visit https://www.securityweekly.com/psw for all the latest episod...
Jul 21, 2018•2 hr 30 min•Ep. 568
This week, Paul interviews Zane Lackey, Founder and CSO of SIgnal Sciences! In our second feature interview, Paul talks with Limor Elbaz, Founder of Peerlyst! In the Security News, Arch Linux PDF reader package poisoned, WPA3, Two news Spectre-class CPU flaws cause $100k bounty, Average cost of a data reach exceeds $3.8 million, ,and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode567 Visit https://www.securityweekly.com/psw for all the lat...
Jul 13, 2018•2 hr 16 min•Ep. 567
This week, Paul interviews Tom Brennan, Founder of Proactive Risk, and Gary Berman, CEO of Cyberman Security! Our very own Joff Thyer delivers the Technical Segment this week entitled "Fun with Android APK's"! Paul and the crew will then wrap up the show with the Security News, and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode566 Visit https://www.securityweekly.com/psw for all the latest episodes! →Visit https://www.activecountermeasure...
Jun 30, 2018•2 hr 17 min•Ep. 566
