Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: Paul's Security Weekly, Tech Segment
Sep 15, 2019

Peter Smith is the Founder & CEO of Edgewise. Peter will be covering the Capital One breach and the AWS metadata service with request forgery. He will explain how to solve this problem with Edgewise.

To learn more about Edgewise, visit: https://securityweekly.com/edgewise

Full Show Notes: https://wiki.securityweekly.com/Episode619

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 31, 2019

Corey Thuen is the Co-Founder at Gravwell. Security analytics using the new Sysmon DNS logging and Sysmon DNS logging dropped this week.

Full Show Notes: https://wiki.securityweekly.com/Episode618

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 23, 2019

Paul gives a technical segment on deobfuscating JavaScript to investigate phishing domains.

To learn more about DomainTools, visit: https://securityweekly.com/domaintools

Full Show Notes: https://wiki.securityweekly.com/Episode617

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 14, 2019

Paul, Larry, Doug, and Gabe talk about Software Development: Security Do's & Don'ts.

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Aug 4, 2019

Talk about the way Signal Sciences is implemented, especially in the container world. Where we sit in the stack for protection of the web apps in those containers and common first things identified after install (Attack Scanners, Injection Attacks, actionable anomalies like 404 or 500 errors). Finally do a short demo walking through installing Signal Sciences in a Kubernetes environment and the Signal Sciences dashboard.

To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences

Full Show Notes: https://wiki.securityweekly.com/Episode614

Visit https://www.securityweekly.com/psw for all the latest episodes!

Jun 30, 2019

Kathleen Smith is the CMO at CyberSecJobs.Com/ClearedJobs.Net. We all have cool tools, but not necessarily the best ones for career search or professional development. Why is it so hard? Many of the resources are at our fingertips, we just are using them or are too scared to reach for them.

Slides: https://www.slideshare.net/CyberSecJobs/cyber-security-community-volunteering-survey-results-2018
Links to more slides here: https://wiki.securityweekly.com/Episode610


→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Jun 23, 2019

We welcome back Bryson Bort, who is the Founder/CEO of GRIMM. Bryson will be talking about Purple Teaming, Top Attack Simulation Scenarios, and Testing Command & Control Channels.

To learn more about SCYTHE, visit: https://securityweekly.com/scythe
Full Show Notes: https://wiki.securityweekly.com/Episode609

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 17, 2019

We welcome back Corey Thuen, Founder and CEO of Gravwell, to talk about security analytics using the new Sysmon DNS logging that dropped this week!

To get involved with Gravwell, visit: https://securityweekly.com/gravwell

Full Show Notes: https://wiki.securityweekly.com/Episode608

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 1, 2019

Paul Asadoorian and Robert Graham from Errata Security show you how to search for the BlueKeep vulnerability, or CVE-2019-0708, that has been affecting hundreds of thousands of systems!

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

May 25, 2019

We welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training!

Full Show Notes: https://wiki.securityweekly.com/Episode605

Follow us on Twitter: https://www.twitter.com/securityweekly

May 19, 2019

Federico Simonetti is the CTO of Xiid Corporation. Federico comes on the show to discuss How To Fix Identity & Access Management.

Full Show Notes: https://wiki.securityweekly.com/Episode604

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 28, 2019

Guru Pandurangi is the CEO and Founder of Cloudneeti, to talk about how their SaaS product is delivering continuous cloud security and compliance assurance to businesses migrating or using cloud providers such as Azure, AWS, Office365, to develop and host their applications!

To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti
Full Show Notes: https://wiki.securityweekly.com/Episode601

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 31, 2019

In the Technical Segment, we welcome back our friend Chris Brenton, Chief Operating Officer at Active Countermeasures, to discuss why threat hunting is the missing link between our protection tools and our response tools, and will take a deep dive into the AI Hunter!

To learn more about Active Countermeasures and to get the slides for the Technical Segment today, visit: https://securityweekly.com/acm Full Show Notes: https://wiki.securityweekly.com/Episode599

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 25, 2019

In this segment, we run a Technical Demo with our sponsor DomainTools, all about Domain Investigation with DomainTools Iris!

To learn more about DomainTools, visit: https://securityweekly.com/domaintools

Full Show Notes: https://wiki.securityweekly.com/Episode598

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 16, 2019

We welcome Peter Smith, Founder and CEO of Edgewise to talk about the evolution of Zero Trust! Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter brings a security practitioner’s perspective to Edgewise with more than ten years of expertise as an infrastructure and security architect of data centers.

To learn more about Edgwise, visit: https://securityweekly.com/edgewise/

Full Show Notes: https://wiki.securityweekly.com/Episode597

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 23, 2019

Marcello Salvati, Security Analyst at our sponsor Black Hills Information Security, to give some updates on his Post Exploitation Tool SILENTRINITY! Sign up for the BHIS Mailing List to receive updates about upcoming webcasts, blogs, and open-source tools from our testers at: https://securityweekly.com/bhis

Full Show Notes: https://wiki.securityweekly.com/Episode595

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 18, 2019

There are quite a few choices for selecting open-source and inexpensive hardware to build your network and provide tools to monitor for security events. In this segment we'll discuss some of the options, the pros and cons of each, limitations, and really cool features! Includes coverage of Qotom hardware, how to procure enterprise-grade switches, the right cabling, and OPNSense and pfSense.

Full Show Notes: https://wiki.securityweekly.com/Episode594

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 10, 2019

DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logging best practices with a single command. It's cross-platform and the only requirements to bring up the lab are are Virtualbox / VMware and Vagrant.

Full Show Notes: https://wiki.securityweekly.com/Episode593

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 21, 2019

Joff will demonstrate some syntax with PowerShell useful for transferring data into a network while pen testing. The technical segment assumes that the pen testing is able to directly use PowerShell from the console itself, although the techniques can be adapted for different purposes.

To learn more about BHIS, visit: https://securityweekly.com/bhis

Full Show Notes: https://wiki.securityweekly.com/Episode590

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 13, 2019

Kory Findley talks about his Github project pktrecon. Internal network segment reconnaissance using packets captured from broadcast and service discovery protocol traffic. pktrecon is a tool for internal network segment reconnaissance using broadcast and service discovery protocol traffic. Individual pieces of data collected from these protocols include hostnames, IPv4 and IPv6 addresses, router addresses, gateways and firewalls, Windows OS fingerprints, and much more. This data is correlated and normalized with attackers in mind, and provides an effective method of initiating an engagement and obtaining as much target data as possible before resorting to more active methods.

Full Show Notes: https://wiki.securityweekly.com/Episode589

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 6, 2019

The Security Weekly crew has a lively topic discussion on the following: Security Breaches, Privacy, Vulnerability Disclosure, Evaluating Security Solutions, and Compliance.

Full Show Notes: https://wiki.securityweekly.com/Episode588

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 22, 2018

Vaughn will discuss using freely available tools and logs you are already collecting to detect attacker behavior. Vaughn has a cookbook that will allow you to configure and analyze logs to detect attacks in your environment. You don't need anything fancy to detect attacks, use what you have along with freely available tools and techniques!

To get involved with LogRhythm, go to: https://securityweekly.com/logrhythm

Full Show Notes: https://wiki.securityweekly.com/Episode587

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 9, 2018

Marcello Salvati is a security consultant at BHIS, and is giving a technical segment on SilentTrinity. Marcello will solve the red team tradecraft problem of gaining dynamic access to the .net api without going through powershell.

To learn more about Black Hills Information Security, go to: https://www.blackhillsinfosec.com/PSW

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 8, 2018

Lenny Zeltser the VP of Products at Minerva, will be giving a technical segment on Evasion Tactics in Malware from the Inside Out. He will explain the tactics malware authors use to evade detection and analysis and find out how analysts examine these aspects of malicious code with a disassembler and a debugger.

To learn more about Minerva Labs, go to: https://l.minerva-labs.com/security-weekly

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 1, 2018

Sven will talk about PHP Object injection vulnerabilities and explain the dangers of PHP's unserialize function. He will show the format of serialized PHP Objects, explain PHP's magic methods and how to write an exploit for a PHP Object Injection vulnerability during his technical demo.

Full Show Notes: https://wiki.securityweekly.com/Episode584

To learn more about Netsparker, go to: https://www.netsparker.com/securityweekly

Follow us on Twitter: https://www.twitter.com/securityweekly

1 2 3 Next »