Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2019
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: Paul's Security Weekly, Tech Segment
Feb 18, 2019

There are quite a few choices for selecting open-source and inexpensive hardware to build your network and provide tools to monitor for security events. In this segment we'll discuss some of the options, the pros and cons of each, limitations, and really cool features! Includes coverage of Qotom hardware, how to procure enterprise-grade switches, the right cabling, and OPNSense and pfSense.

Full Show Notes: https://wiki.securityweekly.com/Episode594

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 10, 2019

DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logging best practices with a single command. It's cross-platform and the only requirements to bring up the lab are are Virtualbox / VMware and Vagrant.

Full Show Notes: https://wiki.securityweekly.com/Episode593

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 21, 2019

Joff will demonstrate some syntax with PowerShell useful for transferring data into a network while pen testing. The technical segment assumes that the pen testing is able to directly use PowerShell from the console itself, although the techniques can be adapted for different purposes.

To learn more about BHIS, visit: https://securityweekly.com/bhis

Full Show Notes: https://wiki.securityweekly.com/Episode590

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 13, 2019

Kory Findley talks about his Github project pktrecon. Internal network segment reconnaissance using packets captured from broadcast and service discovery protocol traffic. pktrecon is a tool for internal network segment reconnaissance using broadcast and service discovery protocol traffic. Individual pieces of data collected from these protocols include hostnames, IPv4 and IPv6 addresses, router addresses, gateways and firewalls, Windows OS fingerprints, and much more. This data is correlated and normalized with attackers in mind, and provides an effective method of initiating an engagement and obtaining as much target data as possible before resorting to more active methods.

Full Show Notes: https://wiki.securityweekly.com/Episode589

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 6, 2019

The Security Weekly crew has a lively topic discussion on the following: Security Breaches, Privacy, Vulnerability Disclosure, Evaluating Security Solutions, and Compliance.

Full Show Notes: https://wiki.securityweekly.com/Episode588

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 22, 2018

Vaughn will discuss using freely available tools and logs you are already collecting to detect attacker behavior. Vaughn has a cookbook that will allow you to configure and analyze logs to detect attacks in your environment. You don't need anything fancy to detect attacks, use what you have along with freely available tools and techniques!

To get involved with LogRhythm, go to: https://securityweekly.com/logrhythm

Full Show Notes: https://wiki.securityweekly.com/Episode587

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 9, 2018

Marcello Salvati is a security consultant at BHIS, and is giving a technical segment on SilentTrinity. Marcello will solve the red team tradecraft problem of gaining dynamic access to the .net api without going through powershell.

To learn more about Black Hills Information Security, go to: https://www.blackhillsinfosec.com/PSW

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 8, 2018

Lenny Zeltser the VP of Products at Minerva, will be giving a technical segment on Evasion Tactics in Malware from the Inside Out. He will explain the tactics malware authors use to evade detection and analysis and find out how analysts examine these aspects of malicious code with a disassembler and a debugger.

To learn more about Minerva Labs, go to: https://l.minerva-labs.com/security-weekly

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 1, 2018

Sven will talk about PHP Object injection vulnerabilities and explain the dangers of PHP's unserialize function. He will show the format of serialized PHP Objects, explain PHP's magic methods and how to write an exploit for a PHP Object Injection vulnerability during his technical demo.

Full Show Notes: https://wiki.securityweekly.com/Episode584

To learn more about Netsparker, go to: https://www.netsparker.com/securityweekly

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 18, 2018

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. John Moran talks about IncMan SOAR and how DFLabs Automation & Response platform helps automate, orchestrate, and measure CSIRTs and SOCs.

To learn more about DFLabs, go to: www.dflabs.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/Episode583

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 12, 2018

Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks. Eyal will be discussing securing remote administration, remote credentials, explains that Jump Servers aren’t as good, and show you have to connect to remote machines using AD.

Full Show Notes: https://wiki.securityweekly.com/Episode582

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 5, 2018

Matt Toussain a Security Analyst at Black Hills Information Security, will be giving a tech segment on remote access tools (RAS).

To learn more about BHIS, go to: https://www.blackhillsinfosec.com/PSW
Full Show Notes: https://wiki.securityweekly.com/Episode581

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Nov 4, 2018

Aleksei Tiurin is the Senior Security Researcher for Acunetix. Aleksei is giving a technical segment on insecure deserialization in Java/JVM and explains what polymorphism is. Aleksei Tiurin is a security researcher and pentester with over 8 years of experience in penetration testing and with a particular focus on ERP and banking systems and Windows-networks.

To learn more about Acunetix, go to: https://www.acunetix.com/securityweekly

Full Show Notes: https://wiki.securityweekly.com/Episode581

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Oct 28, 2018

Yossi Sassi is the Co-Founder and Cybersecurity Researcher at CyberArtSecurity.com. Yossi joins us for a tech segment to talk about using windows powershell, discussing DCSync, DCShadow, creative Event Log manipulation & thoughts about persistence.

To learn more about Javelin Networks, Go To: www.javelin-networks.com

Full Show Notes: https://wiki.securityweekly.com/Episode580

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 27, 2018

Veronica Schmitt is the Sr. Digital Forensic Scientist for DFIRLABS. Veronica explains what SRUM is in WIndows 10. She explains how SRUM can be a valuable tool in Digital Forensics.

Full Show Notes: https://wiki.securityweekly.com/Episode580

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 21, 2018

John Walsh the DevOps Evangelist for CyberArk joins us on the show. John talks about the articles he wrote for CyberArk about Kubernetes, DevSecOps, and how to strengthen your container authentication with CyberArk.

Sponsor Landing Page: https://www.conjur.org/asw

Full Show Notes: https://wiki.securityweekly.com/Episode579

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 13, 2018

Omer is End-Point team lead at Javelin Networks. The team focuses on methods to covertly manipulate OS internals. Before Javelin Networks, he was a malware researcher at IBM Trusteer for two years focusing on financial malware families and lectured about his research on Virus Bulletin and Zero Nights conferences.

Full Show Notes: https://wiki.securityweekly.com/Episode578

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 30, 2018

Carlos Perez delivers the Technical Segment on How to Operate Offensively Against Sysmon. He talks about how SysMon allows him to create rules, and track specific types of tradecraft, around process creation and process termination. He dives into network connection, driver loading, image loading, creation of remote threats, and more!

Full Show Notes: https://wiki.securityweekly.com/Episode577

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Sep 24, 2018

Apollo Clark goes through inventory management, access management, config management, patch management, automated remediation, logging and monitoring, and deployment tools.

Full Show Notes: https://wiki.securityweekly.com/Episode576

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 3, 2018

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. Prior to joining DFLabs John worked for a global security services provider, performing a wide variety of incident response consulting services.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 27, 2018

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He comes on the show to discuss PHP Type Juggling Vulnerabilities.

Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 20, 2018

Our very own Larry Pesce delivers the Technical Segment this week on Spoofing GPS with a hackRF.

Full Show Notes: https://wiki.securityweekly.com/Episode571 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 6, 2018

An introduction to FL2K: Software Defined Radio is all the rage for detecting unknown signals and transmitters. We'll show you how to set up and use a surreptitious transmitter to start your journey.

Full Show Notes: https://wiki.securityweekly.com/Episode570 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 30, 2018

Chris Dale is the Head of the Penetration Testing & Incident Handling groups at Netsecurity, a mid-sized company based out of Norway. Along with significant security expertise, Chris has a background in System Development, IT-Operations and Security Management.

Full Show Notes: https://wiki.securityweekly.com/Episode569 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 23, 2018

Chris 'Lopi' Spehn is a consultant on Mandiant's red team. Chris was formerly a penetration tester for major credit card companies and retailers. Chris is also the founder of Illinois State University's first information security club, participated in CCDC for three years, and received first place in National Cyber League 2012.

Full Show Notes: https://wiki.securityweekly.com/Episode568 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

1 2 Next »