Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: August, 2021
Aug 17, 2021

This week in the AppSec News: Bug bounty report that cleverly manipulates a hash for profit, Allstar GitHub app to enforce security policies, choosing a programming language, what an app should log, adding security to DevOps, & manipulating natural-language models!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw162

 

Aug 16, 2021

DevSecOps is an aspirational vision for many teams. With a number of macro changes occurring in modern application development, this segment will explore what tangible, practical things can be done today by security teams that add immediate value.

This segment is sponsored by DisruptOps. Visit https://securityweekly.com/disruptops to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw162

Aug 15, 2021

This week in the Security News: Accenture gets Lockbit, $600 million in cryptocurrency is stolen, and they've started returning it, Lee and Jeff's data is leaked (among other senior citizens), authentication bypass via path traversal, downgrade attacks, Apple's backdoor, super duper secure mode, re-defining end-to-end encryption and how that doesn't work out, pen testers file suit against Dallas County Sherriff's department, Fingerprinting Windows, double secret quadruple extortion, & more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw706

Aug 14, 2021

Mythic is an open-source, multi-platform framework for conducting red team engagements. This talk will cover the automated deployment of a Mythic server, developing new "wrappers" to extend the framework, and modifying public payload types to evade signature-based detections.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw706

Aug 14, 2021

Joe will discuss his upcoming Book, "Practical Social Engineering" in addition to OSINT. He is primarily passionate about OSINT and adjacent forms of Intelligence, but will need to discuss some social engineering (conducting it or defenses). He will also mention the Trace Labs OSINT Search Party competitions (he won his 2nd one last weekend at DEFCON).

Segment Resources:

https://www.theosintion.com

https://wiki.theosintion.com

http://discord.theosintion.com

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw706

Aug 13, 2021

The reason our founder started Detectify is that they wanted to automate hacker knowledge and make it scalable. This is very different from how most hackers work today and what we believe will revolutionize hacking.

This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!

 

Tony "TJ Null" from Offensive Security will discuss the role of the community in learning infosec, particularly pentesting, and also in continuing education. Additionally, he will offer some practical tips on learning pentesting with help from the community.

This segment is sponsored by Offensive Security. Visit https://securityweekly.com/offSec to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw238

Aug 13, 2021

This week in the Enterprise News: Latent AI, Optiv Security Launches Next-Gen Managed XDR, An Intriguing Update to Mandiant Advantage, ReversingLabs raises $56M to combat software supply chain, Morphisec Announces New Incident Response Services, & more!

 

Show Notes: https://securityweekly.com/esw238

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 12, 2021

As we dig into vulnerability management we uncover both old and new challenges. We still struggle with developing and maintaining an accurate asset inventory. We also, still, struggle to prioritize and execute remediation. There are many new approaches to solving these problems, from ad-hoc scanning to automation of all the things. Get our take on vulnerability management in this segment!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw238

Aug 12, 2021

Protecting digital communication and collaboration is critical to both our military and private sector industries in driving mission success. Our ability to secure the local and remote systems we rely on to share and operationalize sensitive and confidential information to and from even the most remote location is vital to national security and our economy. Unfortunately, our adversaries know this and are dedicated to infiltrating, exfiltrating, and disrupting this flow of information. They are highly motivated, well-funded, trained, and equipped, and work relentlessly to find exploitable technical or human vulnerabilities. Join Matt Erickson, VP of Solutions for SpiderOak Mission Systems to discuss the looming threats to federal and private sector communication and collaboration systems, the consequences of failure, and how emerging technologies such as Zero-Trust and Distributed Ledger can harden our defenses and protect our most valuable data.

 

This segment is sponsored by SpiderOak. Visit https://securityweekly.com/spideroak to learn more about them!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw82

Aug 11, 2021

Protecting digital communication and collaboration is critical to both our military and private sector industries in driving mission success. Our ability to secure the local and remote systems we rely on to share and operationalize sensitive and confidential information to and from even the most remote location is vital to national security and our economy. Unfortunately, our adversaries know this and are dedicated to infiltrating, exfiltrating, and disrupting this flow of information. They are highly motivated, well-funded, trained, and equipped, and work relentlessly to find exploitable technical or human vulnerabilities. Join Matt Erickson, VP of Solutions for SpiderOak Mission Systems to discuss the looming threats to federal and private sector communication and collaboration systems, the consequences of failure, and how emerging technologies such as Zero-Trust and Distributed Ledger can harden our defenses and protect our most valuable data.

 

This segment is sponsored by SpiderOak. Visit https://securityweekly.com/spideroak to learn more about them!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw82

Aug 11, 2021

In the Leadership and Communications section for this week, A Chief Executive Officer's Guide to Cybersecurity, Zoom Settlement: An $85M Business Case for Security Investment, CISOs: Do you know what's in your company’s products?, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw227

 

Aug 10, 2021

Listen in for a discussion with Jim Routh, former CISO at Aetna, CVS Healthcare, and Mass Mutual, to discuss the 3 mistakes all first time CISOs make. Jim will share the lessons he learned throughout his career and how CISOs can avoid these 3 mistakes, including:

1. Setting Expectations

2. Hiring Talent

3. Retaining Employees

Visit https://www.securityweekly.com/bsw for all the latest episodes!a

Show Notes: https://securityweekly.com/bsw227

Aug 10, 2021

This week in the AppSec News: Hardware hacking for authn bypass and analyzing IoT RNG, Request Smuggling in HTTP/2, Kindle Fuzzing, Kubernetes Hardening, Countering Dependency Confusion, ATO Checklist, & more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw161

Aug 9, 2021

The use of web apps, SPAs, and APIs are growing steadily and traditional scanning methods don't provide enough coverage. The appsec tools need to innovate and become smarter and more contextual in order to test modern apps and APIs at scale. Tom Hudson, Security Research Team Lead at Detectify, will give a peek into how Detectify is innovating to help solve these modern app and API developer challenges.

Segment Resources:

- Sign up for updates and be the first to know about Detectify API scanning open beta: https://www.detectify.com/api

- Blog post announcing Detectify's plans to expand scanner to fuzz public-facing APIs: https://blog.detectify.com/2021/08/03/detectify-fuzzing-public-facing-apis/

This segment is sponsored by Detectify.

Visit https://securityweekly.com/detectify to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw161

 

Aug 8, 2021

This week in the Security News: PwnedPiper and vulnerabilities that suck, assless chaps, how non-techy people use ARP, how to and how not to explain the history of crypto, they are still calling about your car warranty, master faces, things that will always be true with IoT vulnerabilities, DNS loopholes, and a toilet that turns human feces into cryptocurrency!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw705

Aug 7, 2021

With Eclypsium researchers' discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of computing at the firmware level. A feature meant to make updating and protecting the firmware easier for users (BIOSConnect) ends up exposing the BIOS to being bricked or implanted with malicious code operating at the highest privilege. Yet another example of the significant vulnerabilities that exist at the firmware level that attackers have been eyeing of late.

Segment Resources:

https://defcon.org/html/defcon-29/dc-29-speakers.html#shkatov

https://eclypsium.com/2021/06/24/biosdisconnect/

https://eclypsium.com/2021/04/14/boothole-how-it-started-how-its-going/

https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/

 

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw705

Aug 7, 2021

The RF Hackers Sanctuary is a group of experts in the areas of Information, Wifi, and Radio Frequency Security with the common purpose to teach the exploration of these technologies with a focus on security. We focus on teaching classes on Wifi and Software Defined Radio, presenting guest speakers and panels, and providing the very best in Wireless Capture the Flag games to promote learning.

Segment Resources:

https://rfhackers.com/

info@rfhackers.com

https://discordapp.com/invite/JjPQhKy

https://rfhackers.com/blog

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw705

Aug 7, 2021

In the Enterprise News, Armis Identifies Nine Vulnerabilities in pneumatic tubes, Corelight Introduces Smart PCAPs, SolarWinds disputes lawsuit, Code42 and Rapid7 Partner, and more news from this week at BlackHat 2021!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw237

Aug 6, 2021

Ransomware is flourishing and our endpoints are scattered outside the corporate network. Visibility is a challenge in this age of decentralized corporate assets. Our discussion today will explore the problem from two sides. On the endpoint, where much of the battle against ransomware tends to be fought, is prevention a lost battle? Regardless of hopes for better prevention, it is clear that the ability to detect and respond is as important as ever, so we'll discuss how security operations should be positioning themselves.

This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw237

Aug 6, 2021

Exfiltrate. Encrypt. Exploit. In 2021, ransomware attackers moved beyond exfiltrating and encrypting data to extract a ransom, working to compromise the victim’s build server to introduce an exploit through which to launch large scale attacks. VP of Cloud Security Matt Cauthorn joins Security Weekly to walk through the lateral movements these attackers use to pull off the Cyber Hat Trick.

 

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw237

Aug 5, 2021

In the Leadership and Communications section for this week: 10 security tools all remote employees should have, 1 in 4 security teams report to CIOs, but would benefit from CISO leadership, state of cybersecurity survey results, destigmatizing reporting security vulnerabilities and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw226

Aug 3, 2021

The IT and operational technologies of critical infrastructure are under attack. The "general expectation" from the public and lawmakers is "fix it already" but we will discuss why this expectation is yet to be fully met.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw226

Aug 3, 2021

This week in the AppSec News: PunkSpider coming to DEF CON, Google matures its VRP, $50K bounty for an access token, RCE in PyPI, kernel vuln via eBPF, top vulns reported by CISA, & the importance of testing!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw160

Aug 2, 2021

Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security.

Segment Resources:

- https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/

- https://www.helpnetsecurity.com/2020/09/28/hardware-security-challenges/

- https://darkreading.com/application-security/4-open-source-tools-to-add-to-your-security-arsenal

- https://chipsec.github.io

Hardware Hacking created by Maggie: https://securityweekly.com/wp-content/uploads/2021/08/eArt-2.png

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw160

Aug 1, 2021

This week in the Security News: From a stolen laptop to inside the company network, the essential tool for hackers called "Discord", fixin' your highs, hacking DEF CON, an 11-year-old can show you how to get an RTX 30 series, broadcasting your password, to fuzz or not to fuzz, a real shooting war, evil aerobics instructors, the return of the PunkSpider, No Root for you, & more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw704

« Previous 1 2