WannaCry's killswitch domain registrant is arrested, making infosec more inclusive, hacking 113-year-old subway signs, security standards for smart devices, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode524 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Aug 08, 2017•1 hr 5 min
Larry and his intern, Galen Alderson, present a demo of their Vaportrail project! Galen shows us how to exfiltrate data from networks using broadcast FM radio and other inexpensive materials. Full Show Notes: https://wiki.securityweekly.com/Episode524 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Aug 07, 2017•38 min
Danny Miller, the Director of Product Marketing at Ericom Software, joins us to discuss how enterprises can protect themselves by utilizing isolated browsing and other techniques! Full Show Notes: https://wiki.securityweekly.com/Episode524 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Aug 06, 2017•40 min
Exploiting SambaCry, a warning from the FBI, hacks versus hurricanes, hacking segways, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode523 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jul 24, 2017•53 min
Sven Morgenroth of Netsparker joins us to expound upon an original blog post on bypassing corporate firewalls and vulnerable web applications in this technical segment! Full Show Notes: https://wiki.securityweekly.com/Episode523 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jul 23, 2017•49 min
Almog Ohayon of Javelin Networks pits Javelin ADProtect against Microsoft ATA in an epic threat analytics showdown! Full Show Notes: https://wiki.securityweekly.com/Episode523 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jul 22, 2017•44 min
Russians on PornHub, dirty songs on the radio, Windows security protocol vulnerabilities, tomato plant security, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode522 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jul 17, 2017•55 min
This is a random technical segment on implementing random number generators in Linux. Don shows us the ins and outs of the entropy pool, the different between /dev/random and /dev/urandom, and some awesome hardware that can increase entropy. Full Show Notes: https://wiki.securityweekly.com/Episode522 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jul 16, 2017•29 min
Learn about "fileless" malware, threat actors, evading detection on the endpoint and more! Joe Desimone is a Malware Researcher at Endgame. He focuses on tracking and countering APTs, reverse engineering malware, and developing novel techniques and tools to empower hunt teams. Full Show Notes: https://wiki.securityweekly.com/Episode522 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @s...
Jul 15, 2017•46 min
Tim Helming joins us to talk about all things related to domains, including luxury domain abuses, the security value of the whois database and more! Full Show Notes: https://wiki.securityweekly.com/Episode521 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jul 11, 2017•55 min
Paul Ewing from Endgame talks about the different types of threat hunting (network, host and logs) and the pros and cons of each! Full Show Notes: https://wiki.securityweekly.com/Episode521 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jul 10, 2017•33 min
How to hire infosec professionals, patching automation code, hijacked Android devices, Bitdefender support for Mac, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode521 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jul 10, 2017•1 hr 3 min
Separating the hacked and the paranoid, remote Linux hacking, Petya goes postal at FedEx, today’s mainstream hacktivism tools, and why choosing Windows should get you fired! Full Show Notes: https://wiki.securityweekly.com/Episode520 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jul 03, 2017•43 min
Guy came on the show and gave a live demo on how to become Domain Admin in an Active Directory environment, and keep those privileges for 20+ years. Guys shows us how to abuse service accounts to get yourself a golden ticket. Then shows how the Javelin Networks technology can be used to detect, prevent and monitor for this type of attack and the exposures inside Active Directory that hand over the keys, er tickets, to the kingdom. Full Show Notes: https://wiki.securityweekly.com/Episode520 Subsc...
Jul 02, 2017•37 min
Moses returns to the show to discuss his background in technology and security (which is eerily similar to Paul's!). The crew then got into a deep discussion of the history of many different technologies (Solaris Firewalls, IDS, Java and more!). Moses talked at length about serialization bugs in both PHP and Java. Then we dove right into JavaScript. It was a nerdfest, not to be missed! Full Show Notes: https://wiki.securityweekly.com/Episode520 Subscribe to YouTube Channel: https://www.youtube.c...
Jul 01, 2017•54 min
Why Firefox is superior, spies in Mexico, WannaCry shuts down a car plant, Cisco patches critical vulnerabilities, hacking air-gapped networks, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode519 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jun 26, 2017•1 hr 6 min
Learn how to use Windows Event Logs to catch attackers in your network, including domain admin group enumeration and mimikatz attacks! Justin Henderson (@SecurityMapper) categorizes these techniques as "reverse attack analysis for detection" and shows us how to do it in this technical segment! References to Mark Baggett's work on freq.py are made as well (https://isc.sans.edu/forums/diary/Detecting+Random+Finding+Algorithmically+chosen+DNS+names+DGA/19893/) Full Show Notes: https://wiki.security...
Jun 25, 2017•36 min
Eric Conrad comes into the studio to talk about a groundbreaking new CTF aimed at the defenders and how to become a SANS instructor. A healthy dose of UNIX/Linux nerd talk and how to give effective presentations is included! Eric Conrad is a SANS Senior Instructor, author, and infosec consultant. He also serves as the CTO of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. Full Show Notes: https://wiki.securityweekly.c...
Jun 24, 2017•53 min
One MILLION endpoints, WannaCry is linked to North Korea, IoT is broken (what's new?),inside a porn-pimping spam botnet, fixing Windows Defender, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode518 Visit Our Website: https://securityweekly.com
Jun 19, 2017•1 hr 5 min
Carrie Roberts of Black Hills Information Security joins us to show hot to use Burp and ProxyCannon to Prevent IP blacklisting while password spraying in this technical segment! Full Show Notes: https://wiki.securityweekly.com/Episode518 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jun 17, 2017•21 min
Trey Forgety is the Director of Government Affairs and Information Security Issues at the National Emergency Number Association. He worked with the White House to develop policy for a nationwide LTE network for public safety, known as FirstNet. Trey Joins us to discuss emergency response systems and the future of crisis communications in this interview! Full Show Notes: https://wiki.securityweekly.com/Episode518 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPi...
Jun 16, 2017•38 min
• FBI Arrests NSA Contractor for Leaking Secrets • getsploit: Search & Download Exploits! • Some non-lessons from WannaCry • IDG Contributor Network: Top 5 InfoSec concerns for 2017 • VMware Patches Critical Vulnerabilities in vSphere Data • Protection OneLogin Security Chief Reveals New Details Of Data Breach • Authentication Bypass, Potential Backdoors Plague Old WiMAX Routers • Linux Malware Enslaves Raspberry Pi To Mine Cryptocurrency • Internet Cameras Have Hard-Coded Passwords You Can'...
Jun 13, 2017•47 min
byt3bl33d3r recently released "DeathStar", which use Powershell Empire's API to automatically obtain Domain Admin privileges in an Active Directory environment with the Click of a button. Some may ask "How do i detect and prevent this attack?". Tune in to this segment to find out how to use products available from Javelin Networks to do just that! Full Show Notes: https://wiki.securityweekly.com/Episode517 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Sec...
Jun 12, 2017•32 min
Graham Cluley is an award-winning security blogger, researcher and public speaker. In this interview, we discuss ransomware, stealing content, the motivations of attackers, IoT, and more! Graham has been a well-known figure in the computer security industry since the early 1990s when he worked as a programmer, writing the first ever version of Dr. Solomon's Anti-Virus Toolkit for windows. Since then, he has been employed in senior roles by companies such as Sophos and Mcafee, and now runs his ow...
Jun 12, 2017•56 min
Chipotle and OneLogin suffer breaches, Windows XP Too Unstable To Spread WannaCry, Patches Available for Linux Sudo Vulnerability, Cisco, Netgear Readying Patches For Samba Vulnerability, oAuth nightmares, Attack and Defense, Jay Beale style, Decoding DECT with an RTL-SDR, and who are the Shadow Brokers? Full Show Notes: https://wiki.securityweekly.com/Episode516 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly....
Jun 05, 2017•1 hr 10 min
I know what you're thinking, Node.js is server-side right? Not exactly. It turns out many client-side applications have embedded Node.js. And its not always updated to the latest version. And, its vulnerable to attacks! Moses Hernandez is a Consulting Systems Engineer for Cisco Systems and an Instructor for pen testing courses at the SANS Institute. Moses shows us how to find Node.js on a system, locate the different versions, and exploit to bypass UAC! Full Show Notes: https://wiki.securityweek...
Jun 04, 2017•22 min
Don Pezet from ITPro.TV joins us on the show to help us identify security challenges and solutions for small business/mid-market. Backups are key, as are ease of use and support. The most important thing? Awareness and education! Tune-in for the full discussion. Full Show Notes: https://wiki.securityweekly.com/Episode516 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
Jun 03, 2017•58 min
Gravityscan is keeping WordPress sites safe, WiFi to see through walls, Dodged a bullet and stepped in front of another one, Twitter Flaw Allowed You To Tweet From Any Account, and Latest Cb Defense UX Features Intuitive Design, Easy Access to Answers from Carbon Black! Full Show Notes: https://wiki.securityweekly.com/Episode515 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @security...
May 31, 2017•43 min
Almog Ohayon from Javelin Networks gives a demo on how compromises happen and counteract them. Full Show Notes: https://wiki.securityweekly.com/Episode515 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly...
May 30, 2017•38 min
Dr. Branden R. Williams has twenty years of experience in business, technology, and information security as a consultant, leader, and an executive. Branden has world for well known Information Security companies as well as founded two. He's an author, blogger, pilot, and lover of bourbon. Full Show Notes: https://wiki.securityweekly.com/Episode515 Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on...
May 27, 2017•48 min
