John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. John Moran talks about IncMan SOAR and how DFLabs Automation & Response platform helps automate, orchestrate, and measure CSIRTs and SOCs.
To learn more about DFLabs, go to: www.dflabs.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/Episode583
Follow us on Twitter: https://www.twitter.com/securityweekly
Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks. Eyal will be discussing securing remote administration, remote credentials, explains that Jump Servers aren’t as good, and show you have to connect to remote machines using AD.
Full Show Notes: https://wiki.securityweekly.com/Episode582
Follow us on Twitter: https://www.twitter.com/securityweekly
Matt Toussain a Security Analyst at Black Hills Information Security, will be giving a tech segment on remote access tools (RAS).
To learn more about BHIS, go to: https://www.blackhillsinfosec.com/PSW
Full Show Notes: https://wiki.securityweekly.com/Episode581
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Aleksei Tiurin is the Senior Security Researcher for Acunetix. Aleksei is giving a technical segment on insecure deserialization in Java/JVM and explains what polymorphism is. Aleksei Tiurin is a security researcher and pentester with over 8 years of experience in penetration testing and with a particular focus on ERP and banking systems and Windows-networks.
To learn more about Acunetix, go to: https://www.acunetix.com/securityweekly
Full Show Notes: https://wiki.securityweekly.com/Episode581
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly
Yossi Sassi is the Co-Founder and Cybersecurity Researcher at CyberArtSecurity.com. Yossi joins us for a tech segment to talk about using windows powershell, discussing DCSync, DCShadow, creative Event Log manipulation & thoughts about persistence.
To learn more about Javelin Networks, Go To: www.javelin-networks.com
Full Show Notes: https://wiki.securityweekly.com/Episode580
Follow us on Twitter: https://www.twitter.com/securityweekly
Veronica Schmitt is the Sr. Digital Forensic Scientist for DFIRLABS. Veronica explains what SRUM is in WIndows 10. She explains how SRUM can be a valuable tool in Digital Forensics.
Full Show Notes: https://wiki.securityweekly.com/Episode580
Follow us on Twitter: https://www.twitter.com/securityweekly
John Walsh the DevOps Evangelist for CyberArk joins us on the show. John talks about the articles he wrote for CyberArk about Kubernetes, DevSecOps, and how to strengthen your container authentication with CyberArk.
Sponsor Landing Page: https://www.conjur.org/asw
Full Show Notes: https://wiki.securityweekly.com/Episode579
Follow us on Twitter: https://www.twitter.com/securityweekly
Omer is End-Point team lead at Javelin Networks. The team focuses on methods to covertly manipulate OS internals. Before Javelin Networks, he was a malware researcher at IBM Trusteer for two years focusing on financial malware families and lectured about his research on Virus Bulletin and Zero Nights conferences.
Full Show Notes: https://wiki.securityweekly.com/Episode578
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Carlos Perez delivers the Technical Segment on How to Operate Offensively Against Sysmon. He talks about how SysMon allows him to create rules, and track specific types of tradecraft, around process creation and process termination. He dives into network connection, driver loading, image loading, creation of remote threats, and more!
Full Show Notes: https://wiki.securityweekly.com/Episode577
Visit https://www.securityweekly.com/psw for all the latest episodes!
Apollo Clark goes through inventory management, access management, config management, patch management, automated remediation, logging and monitoring, and deployment tools.
Full Show Notes: https://wiki.securityweekly.com/Episode576
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. Prior to joining DFLabs John worked for a global security services provider, performing a wide variety of incident response consulting services.
Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He comes on the show to discuss PHP Type Juggling Vulnerabilities.
Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Our very own Larry Pesce delivers the Technical Segment this week on Spoofing GPS with a hackRF.
Full Show Notes: https://wiki.securityweekly.com/Episode571 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
An introduction to FL2K: Software Defined Radio is all the rage for detecting unknown signals and transmitters. We'll show you how to set up and use a surreptitious transmitter to start your journey.
Full Show Notes: https://wiki.securityweekly.com/Episode570 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Chris Dale is the Head of the Penetration Testing & Incident Handling groups at Netsecurity, a mid-sized company based out of Norway. Along with significant security expertise, Chris has a background in System Development, IT-Operations and Security Management.
Full Show Notes: https://wiki.securityweekly.com/Episode569 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly
Chris 'Lopi' Spehn is a consultant on Mandiant's red team. Chris was formerly a penetration tester for major credit card companies and retailers. Chris is also the founder of Illinois State University's first information security club, participated in CCDC for three years, and received first place in National Cyber League 2012.
Full Show Notes: https://wiki.securityweekly.com/Episode568 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.com/securityweekly
Ever wonder how to get started pen testing Android Apps? This tech segment will demonstrate a few basic techniques and tools to give you a taste of mobile app assessments with the Android platform.
Full Show Notes: https://wiki.securityweekly.com/Episode566 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.comsecurityweekly
Jason Wood delivers this technical segment on NMAP. Everyone loves using Nmap and the Nmap Scripting Engine. We don't always write NSE scripts though. Writing scripts for can be a bit intimidating at first, but they aren't too bad to get started on. In this tech segment, we will talk a bit about LUA, writing NSE scripts, and then write a couple of simple scripts to interact with Wordpress.
Full Show Notes: https://wiki.securityweekly.com/Episode565 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.comsecurityweekly
Keith will be talking through some of the tools, techniques, and procedures he uses to perform recon, identify targets of interest, and report findings faster and easier.
Full Show Notes: https://wiki.securityweekly.com/Episode564 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.comsecurityweekly
Chris is a full time husband, father of four, and pen tester; he's a part time Army officer, an aspiring SANS instructor, and the back-up church bass player. Lee Ford spent 2yrs in Information security as the DCOE Assnt Team Chief. Was the lead Project Officer for the stand up of the MA Cyber Battalion.
Full Show Notes: https://wiki.securityweekly.com/Episode562 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.comsecurityweekly
Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog. Why it’s dangerous to put sensitive information to your javascript files. Way developers hide secret variables.
Full Show Notes: https://wiki.securityweekly.com/Episode561 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.comsecurityweekly
Sometimes you just need a router handy when traveling. This allows you to connect multiple devices, use a VPN for all of them, and allow you to connect to a network via Wifi, Ethernet or USB 4G modem/Tether. All this for just $32 and a little configuration time! Learn how in this technical segment.
Full Show Notes: https://wiki.securityweekly.com/Episode560 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.comsecurityweekly
Paul delivers the Technical Segment this week entitled "Docker Security Incident: Lessons Learned"!
Full Show Notes: https://wiki.securityweekly.com/Episode559 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.comsecurityweekly
This week in the Topic Segment, our very own Jeff Man gives us a recap on the 2018 RSA Conference! He discusses HackerOne CEO talking Bug Bounty programs, DevSecOps day at RSA demonstrates how the thinking around secure software has evolved, if it’s time to kill the Pen Test, and more!
Full Show Notes: https://wiki.securityweekly.com/Episode557 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.comsecurityweekly
We've spent time defining the value of penetration testing, how we can do them better and how organizations can make the most out of this activity. The question today is, "Do we still need penetration tests?". If you are conducting penetration testing today or in the market for some testing, this segment is for you!
Full Show Notes: https://wiki.securityweekly.com/Episode556 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly
Visit our website: http://securityweekly.com
Follow us on Twitter: https://www.twitter.comsecurityweekly