Beacon analysis is an integral part of threat hunting. If you are not looking for beacons you take the chance of missing compromised IoT devices or anything that does not have a threat mitigation agent installed. I'll talk about what makes beacon hunting so hard, and how the open source tool RITA can simplify the process.

***Powerpoint Slides in Full Show Notes***

Full Show Notes: https://wiki.securityweekly.com/Episode574

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Wim Remes from Wire Security bvba comes on the show to talk about pentesting, SDLC, the state of security, life of a (virtual) CISO, and certifications.

Full Show Notes: https://wiki.securityweekly.com/Episode574

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Paul talks with Bret Settle, the CEO of ThreatX about shifting the focus to the hacker. Check out this interview and learn about innovative endpoint defenses and how attackers use covert signaling technologies (such as pulsing cooling fans!) to exfiltrate data.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

Paul interviews Marc French the SVP Chief Trust Officer of Mimecast. He also interviews Ofer Maor the Director of Solutions for Synopsys. Ofer talks about the problem Synopsys solves, the deployment for the static analysis tool, and about the open source libraries from Synopsys.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

How the Department of Defense is using Open Source, BitSight launches forecasting capability, SentinelOne teams up with Sumo Logic, Swimlane supports McAfee's advanced security operation, Fortinet releases new IoT security controller, and Secureworks opens up proprietary UEBA through partner programme.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

In the Security News this week, Zero-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. Prior to joining DFLabs John worked for a global security services provider, performing a wide variety of incident response consulting services.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

In the Enterprise News this week, VMWare launches Blockchain project, lacework raises new funds to extend Cloud Security capabilites, Minerva Labs achieves certified integration with McAfee ePO, CrowdStrike helps advance malware searches on hybrid analysis portal, Atos named a leader in IoT services by global analyst firm NelsonHall, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode104

Visit http://securityweekly.com/esw for all the latest episodes!

John Strand delivers the Technical Segment this week on Office 365 User Behavior Analytics. The idea is if you have a user account simultaneously logged in to multiple computer systems, that may be abnormal.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode104

Visit http://securityweekly.com/esw for all the latest episodes!

In the Application security news, 'Fortnite' developer had sharp words for Google after an Exploit was discovered, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, hacking Black Hat, Burp Suite 2.0 Beta released, Windows 95 running in Electron, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly

Rick Holland has more than 15 years' experience working in information security. Paul and John talk to Rick about vulnerability management, WAFs, and advice to enterprise marketing.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode104

Visit http://securityweekly.com/esw for all the latest episodes!

Join Paul, Doug White, and Todd to talk about Security Innovation that includes: AlienVault, Cloudera, Splunk, Fortinet, CA and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode97

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Keith Hoodlet and Paul Asadoorian talk about The Apache Struts2 RCE Vulnerability. They cover:

- CVE-2018-11776

- How the 3 Ways of DevOps can guide us toward better security practices

- Shared Version Control

- Test Environments

- Shared Ticketing

- ChatOps

- Buying

Time Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30

Follow us on Twitter: https://www.twitter.com/securityweekly

The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artificial Whiskey is coming, and one company is betting you'll drink up.

Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Todd talks about his journey in the security industry. Todd also explains what Bandura Systems does for the security industry and how they sell their solution to companies.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode97

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He comes on the show to discuss PHP Type Juggling Vulnerabilities.

Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Tod Beardsley is the Director of Research at Rapid7. Paul talks to Tod about his recent projects Sonar and Heisenberg. They also discuss Tod's Under the Hoodie pentest report.

Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Mike leads the Product Management, Product Marketing, UX, and Business Development efforts at DomainTools. He brings over 20 years of experience in the security industry, and has a real passion for building products that customers love and driving significant growth for the product lines he leads.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode103

Visit http://securityweekly.com/esw for all the latest episodes!

Paul Asadoorian and Matt Alderman compare and contrast the enterprise security vendors that were at Black Hat and DEF CON 2018.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode103

Visit http://securityweekly.com/esw for all the latest episodes!

Matt Alderman and Paul sat down at DEF CON to talk all of the AppSec vendors that they held briefings with at our Pool Cabana. They sat down with companies like Synopsis, Signal Sciences, and discussed how their products influence the AppSec world.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode29 Follow us on Twitter: https://www.twitter.com/securityweekly

Paul Asadoorian and Matt Alderman talk about and discuss the enterprise security vendors that attended DEF CON 2018.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode103

Visit http://securityweekly.com/esw for all the latest episodes!

Matt Alderman sits down with Paul this year at DEF CON to talk about the processes that they go through to hold briefings. Founders, CEO’s, and Business Execs of many different companies sat down to discuss what their product was, how they fit into the marketplace, and who their competition is, all while sitting aside Security Weekly’s Pool Cabana in the Las Vegas sun.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode96

Visit http://securityweekly.com/category/ssw for all the latest episodes!

!

Tom is the founder of ServerlessOps (https://www.serverlessops.io/) and an experienced operations engineer. He started ServerlessOps after he asked the question, what would he do if servers went away? At a loss for an answer and interested in the future of his profession, he decided to pursue the answer. Tom is actively engaged in promoting serverless infrastructure and engaging with the community to learn more about their thoughts, wants, and concerns are around the topic.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode29 Follow us on Twitter: https://www.twitter.com/securityweekly

Paul and Matt Alderman had the chance at DEF CON to sit down and talk about Cigars and Security. In our very first episode, Paul asks Matt questions on how he got started in Security, who some of his biggest influencers were, and how he feels about the Security world today. Matt asks Paul questions about Cigars, their origin, and what the difference is between different tobaccos grown all around the world.

Full Show Notes: https://wiki.securityweekly.com/Episode571 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly