Marcello Salvati, Security Analyst at our sponsor Black Hills Information Security, to give some updates on his Post Exploitation Tool SILENTRINITY! Sign up for the BHIS Mailing List to receive updates about upcoming webcasts, blogs, and open-source tools from our testers at: https://securityweekly.com/bhis Full Show Notes: https://wiki.securityweekly.com/Episode595 Follow us on Twitter: https://www.twitter.com/securityweekly...
Feb 23, 2019•48 min
Why it's way too easy to sell counterfeit goods on amazon, how to defend against the runC container vulnerability, creating a dream team for the new age of cyber security, how you can get a windows 95 emulator for Windows 10, Linux, or MAC, DEF CON goes to Washington, and InfoSec institutes top podcasts that take your computer skills to the next level! Full Show Notes: https://wiki.securityweekly.com/Episode594 Follow us on Twitter: https://www.twitter.com/securityweekly...
Feb 18, 2019•1 hr
There are quite a few choices for selecting open-source and inexpensive hardware to build your network and provide tools to monitor for security events. In this segment we'll discuss some of the options, the pros and cons of each, limitations, and really cool features! Includes coverage of Qotom hardware, how to procure enterprise-grade switches, the right cabling, and OPNSense and pfSense. Full Show Notes: https://wiki.securityweekly.com/Episode594 Follow us on Twitter: https://www.twitter.com/...
Feb 17, 2019•39 min
Harry Sverdlove, Chief Technology Officer of Edgewise for an interview, to talk about The Future of Firewalls! To learn more about Edgewise, visit: https://www.securityweekly.com/edgewise Full Show Notes: https://wiki.securityweekly.com/Episode594 Follow us on Twitter: https://www.twitter.com/securityweekly
Feb 16, 2019•56 min
Connie Mastovich is the Sr. Security Compliance Analyst at Reclamere and she will be speaking at InfoSec World 2019. Connie's talk will be about "The Dark Web 2.0: How It Is Evolving, and How Can We Protect Ourselves?" Connie teases her talk and explains how to protect ourselves, our clients, and the information that we handle daily. Full Show Notes: https://wiki.securityweekly.com/Episode593 Follow us on Twitter: https://www.twitter.com/securityweekly...
Feb 11, 2019•34 min
DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logging best practices with a single command. It's cross-platform and the only requirements to bring up the lab are are Virtualbox / VMware and Vagrant. Full Show Notes: https://wiki.securityweekly.com/Episode593 Follow us on Twitter: https://www.twitter.com/securityweekly...
Feb 10, 2019•33 min
5G networks must be secured from hackers and bad actors, zero-day vulnerability highlights the responsible disclosure dilemma, a flaw in multiple airline systems exposes passenger data, security bugs in video chat tools enable remote attackers, and an original World War 2 German message decrypts to go on display at the National Museum of Computing! Full Show Notes: https://wiki.securityweekly.com/Episode593 Follow us on Twitter: https://www.twitter.com/securityweekly...
Feb 10, 2019•1 hr 16 min
In the Security News, 5 tips for access control from an ethical hacker, Japan is to hunt down Citizens insecure IoT devices, kid tracking watches allow attackers to monitor real time location data, and Imperva mitigate a DDoS attack generated 500 million packets per second! Full Show Notes: https://wiki.securityweekly.com/Episode592 Follow us on Twitter: https://www.twitter.com/securityweekly...
Feb 04, 2019•1 hr 17 min
In our second segment, the Security Weekly hosts will discuss the Future of Security, such as major changes, evolving threats, and security culture! Full Show notes: https://wiki.securityweekly.com/Episode592 Follow us on Twitter: https://www.twitter.com/securityweekly
Feb 03, 2019•56 min
Benjamin Daniel Mussleris the Senior Security Researcher at Acunetix. Benjamin will come on the show to talk about Web App Scanning with authentication. Full Show Notes: https://wiki.securityweekly.com/Episode592 Follow us on Twitter: https://www.twitter.com/securityweekly
Feb 02, 2019•29 min
Two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for zero-day exploits are rising, new attacks target recent PHP framework vulnerability, and Microsoft launches a new Azure DevOps Bug Bounty program! Full Show Notes: https://wiki.securityweekly.com/Episode590 Follow us on Twitter: https://www.twitter.com/securityweekly...
Jan 21, 2019•1 hr 22 min
Joff will demonstrate some syntax with PowerShell useful for transferring data into a network while pen testing. The technical segment assumes that the pen testing is able to directly use PowerShell from the console itself, although the techniques can be adapted for different purposes. To learn more about BHIS, visit: https://securityweekly.com/bhis Full Show Notes: https://wiki.securityweekly.com/Episode590 Follow us on Twitter: https://www.twitter.com/securityweekly...
Jan 20, 2019•30 min
Dr. Eric Cole is the leading cybersecurity expert in the world, known as the go-to for major political and business power players. Full Show Notes: https://wiki.securityweekly.com/Episode590 Follow us on Twitter: https://www.twitter.com/securityweekly
Jan 19, 2019•55 min
Why Hyatt Is Launching a Public Bug Bounty Program, Amazon Key partners with myQ, Web vulnerabilities up, IoT flaws down, enterprise iPhones will soon be able to use security dongles, and how El Chapo's IT manager cracked his encrypted chats and brought him down! Full Show Notes: https://wiki.securityweekly.com/Episode589 Follow us on Twitter: https://www.twitter.com/securityweekly...
Jan 14, 2019•1 hr 4 min
Kory Findley talks about his Github project pktrecon. Internal network segment reconnaissance using packets captured from broadcast and service discovery protocol traffic. pktrecon is a tool for internal network segment reconnaissance using broadcast and service discovery protocol traffic. Individual pieces of data collected from these protocols include hostnames, IPv4 and IPv6 addresses, router addresses, gateways and firewalls, Windows OS fingerprints, and much more. This data is correlated an...
Jan 13, 2019•26 min
Bryson is the Founder and CEO of SCYTHE and Founder of GRIMM. He comes on the show to talk about Attack Simulation. To learn more about SCYTHE.io, go to: https://www.scythe.io/securityweekly Full Show Notes: https://wiki.securityweekly.com/Episode589 Follow us on Twitter: https://www.twitter.com/securityweekly
Jan 12, 2019•51 min
Cellular carriers are implementing services to identify cell scam leveraging, New Android Malware uses motion sensor to avoid detection, Linux Malware disables security software to mine cryptocurrency, and how a Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert! Full Show Notes: https://wiki.securityweekly.com/Episode591 Follow us on Twitter: https://www.twitter.com/securityweekly...
Jan 08, 2019•52 min
Hijacking smart TV's to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, turning your house into a DOOM level with a Roomba, and hopefully you're over that New Year's hangover, because there's an Adobe PDF app patch to install! Full Show Notes: https://wiki.securityweekly.com/Episode588 Follow us on Twitter: https://www.twitter.com/securityweekly
Jan 07, 2019•51 min
The Security Weekly crew has a lively topic discussion on the following: Security Breaches, Privacy, Vulnerability Disclosure, Evaluating Security Solutions, and Compliance. Full Show Notes: https://wiki.securityweekly.com/Episode588 Follow us on Twitter: https://www.twitter.com/securityweekly
Jan 06, 2019•1 hr 12 min
In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs! Full Show Notes: https://wiki.securityweekly.com/Episode591 Follow us on Twitter: https://www.twitter.com/securityweekly
Jan 06, 2019•57 min
Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes. Full Show Notes: https://wiki.securityweekly.com/Episode591 Follow us on Twitter: https://www.twitter.com/securityweekly...
Jan 05, 2019•43 min
"Phoneboy" has been helping the security community for over 15 years. We fondly remember Phoneboy as a resource that helped us configure our Check Point firewalls back in the day! Phoneboy comes on the show to discuss how to help people in the security community, a topic near and dear to our hearts. Full Show Notes: https://wiki.securityweekly.com/Episode588 Follow us on Twitter: https://www.twitter.com/securityweekly...
Jan 05, 2019•44 min
Following a series of 5 strokes and major head injuries, Mandy is no longer in the construction engineering industry. Instead, she is pursuing all things InfoSec with an emphasis on Incident Response, Neuro Integration, Artificial General Intelligence, sustainable, ethical neuro tech, and improving the lives and community of InfoSec professionals and Neurodiverse professionals. She enjoys art, requires loads of rest still, and hopes to be half the person her service dog, Trevor, is. Support Mand...
Dec 24, 2018•1 hr 7 min
The question comes up quite often, what should organizations be doing to meet the basic security requirements? We often hear the terms "Security Basics", "Minimum Security Standards" or dear lord "Security Hygiene". But what does all this mean? Is it the same for everyone? People will point to different resources that attempt to define the security basics, but do they really work? Does compliance play into this picture? Full Show Notes: https://wiki.securityweekly.com/Episode587 Follow us on Twi...
Dec 23, 2018•1 hr 49 min
Vaughn will discuss using freely available tools and logs you are already collecting to detect attacker behavior. Vaughn has a cookbook that will allow you to configure and analyze logs to detect attacks in your environment. You don't need anything fancy to detect attacks, use what you have along with freely available tools and techniques! To get involved with LogRhythm, go to: https://www.securityweekly.com/logrhythm Full Show Notes: https://wiki.securityweekly.com/Episode587 Follow us on Twitt...
Dec 22, 2018•25 min
How Taylor Swift used Facial Recognition to Thwart Stalkers, unlocking android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, To Hell with it, Just patch your stuff already! Full Show Notes: https://wiki.securityweekly.com/Episode586 Follow us on Twitter: https://www.twitter.com/securityweekly
Dec 17, 2018•48 min
Don Murdoch is the Assistant Director at Regent University Cyber Range. Don discusses his book "Blue Team Handbook Incident Response Edition". Full Show Notes: https://wiki.securityweekly.com/Episode586 Follow us on Twitter: https://www.twitter.com/securityweekly
Dec 15, 2018•41 min
Ed Skoudis, Founder of the Counter Hack Challenge and Kringle Con 2018, joins us on the show to talk about this years challenge and what's in store! "Welcome to Counter Hack Challenges, an organization devoted to creating educational, interactive challenges and competitions to help identify people with information security interest, potential, skills, and experience. We design and operate a variety of capture-the-flag and quiz-oriented challenges for the SANS Institute, Cyber Aces, US Cyber Chal...
Dec 14, 2018•34 min
This week, how Docker containers can be exploited to mine for cryptocurrency, WordPress sites attacking other WordPress sites, why the Marriott Breach is a valuable IT lesson, malicious Chrome extensions, why hospitals are the next frontier of cybersecurity, and how someone is claiming to sell a Mass Printer Hijacking service! Full Show Notes: https://wiki.securityweekly.com/Episode585 Follow us on Twitter: https://www.twitter.com/securityweekly...
Dec 10, 2018•41 min
Marcello Salvati is a security consultant at BHIS, and is giving a technical segment on SilentTrinity. Marcello will solve the red team tradecraft problem of gaining dynamic access to the .net api without going through powershell. To learn more about Black Hills Information Security, go to: https://www.blackhillsinfosec.com/PSW Full Show Notes: https://wiki.securityweekly.com/Episode585 Follow us on Twitter: https://www.twitter.com/securityweekly...
Dec 09, 2018•34 min
