For the latest in computer security news, hacking, and research! We sit around, drink beer, and talk security. Our show will feature technical segments that show you how to use the latest tools and techniques. Special guests appear on the show to enlighten us and change your perspective on information security. Note: This is only Paul's Security Weekly, a 2-hour show recorded once per week.
…
continue reading
Want to learn about all of the latest security tools and techniques? This is the show for you! We show you how to install, configure and use a wide variety of security tools for both offense and defense. Whether you are a penetration tester or defending enterprise networks, this show will help you!
…
continue reading
1
Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820
2:48:36
2:48:36
Play later
Play later
Lists
Like
Liked
2:48:36
Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-meas…
…
continue reading
1
Facing the Reality of Risk Prioritization - Bianca Lewis (BiaSciLab), Dan DeCloss - PSW #819
3:05:15
3:05:15
Play later
Play later
Lists
Like
Liked
3:05:15
Public information about exploits and vulnerabilities alone is not enough to inform prioritization, especially with the growing rate and variety of CVEs. Dan DeCloss, founder and CTO of PlexTrac, joins the show to discuss solving the challenges of risk prioritization to drive faster, more strategic assessment cycles. Spoiler: The key is adding cont…
…
continue reading
1
Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818
2:53:31
2:53:31
Play later
Play later
Lists
Like
Liked
2:53:31
Jayson joins us to discuss how he is using, and social engineering, AI to help with his security engagements. We also talk about the low-tech tools he employs to get the job done, some tech tools that are in play, and the most important part of any security testing: Talking to people, creating awareness, and great reporting. The latest attacks agai…
…
continue reading
1
Illuminating Cybersecurity Wisdom: Insights from a Thought Leader - Wendy Nather - PSW Vault
1:05:54
1:05:54
Play later
Play later
Lists
Like
Liked
1:05:54
Join us in this illuminating podcast episode as we sit down with Wendy Nather, a distinguished thought leader and cybersecurity strategist, who has left an indelible mark on the ever-evolving landscape of digital security. Wendy's journey in cybersecurity is a narrative woven with expertise, innovation, and a deep understanding of the intersection …
…
continue reading
1
Physical Security and Social Engineering - Hacker Heroes: Toby Miller - PSW #817
2:03:07
2:03:07
Play later
Play later
Lists
Like
Liked
2:03:07
In this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementing effective security measures. The discussion highlights the importance of understanding the relationship between physical security and social engineering. The panel emphasizes the need for a comprehe…
…
continue reading
1
You Can’t Defend What You Can’t Define - Sergey Bratus - PSW #816
3:01:54
3:01:54
Play later
Play later
Lists
Like
Liked
3:01:54
As a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use. His fascination with computer security started for real in the 1990s …
…
continue reading
1
Identifying Bad By Defining Good - Danny Jenkins - PSW #815
2:57:21
2:57:21
Play later
Play later
Lists
Like
Liked
2:57:21
When an RCE really isn’t, your kernel is vulnerable, calling all Windows 3.11 experts, back to Ebay, Turkish websites and credentials, 10 public exploits for the same vulnerability, hacking Bitcoin ATMs, another vulnerability disclosure timeline gone wrong, Flipper Zero tips and how you should not use it to change traffic lights, Windows 11 S mode,…
…
continue reading
1
What Smart CISOs and Mature Orgs Get That Others Don’t About Cyber Compliance - Matt Coose - PSW #814
3:15:35
3:15:35
Play later
Play later
Lists
Like
Liked
3:15:35
Matt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber Security Division of the (DHS). CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Says Coose, best-of-breed is better described as best-to-bleed-the-b…
…
continue reading
1
K-12 Cybersecurity - Brian Stephens - PSW #813
2:51:29
2:51:29
Play later
Play later
Lists
Like
Liked
2:51:29
With a recent increase in government attention on K–12 cybersecurity, there is a pressing need to shed light on the challenges school districts face in implementing necessary security measures. Why? Budgeting constraints pose significant obstacles in meeting recommended cybersecurity standards. Brian Stephens of Funds For Learning will discuss: The…
…
continue reading
1
The Evolution of Purple Teaming - Jared Atkinson - PSW #812
2:52:33
2:52:33
Play later
Play later
Lists
Like
Liked
2:52:33
Jared would like to discuss the evolution of purple teaming. Put bluntly, he believes traditional purple team approaches don’t test enough variations of attack techniques, delivering a false sense of detection coverage. He would like to talk about: The shortcomings of red team assessments and why most purple team assessments are too limited. How th…
…
continue reading
1
Hacker Heroes - Casey Ellis - PSW Vault
1:15:40
1:15:40
Play later
Play later
Lists
Like
Liked
1:15:40
Unleashing the Power of Crowdsourced Cybersecurity: A Conversation with Casey Ellis, Founder of Bugcrowd ️Meet Casey Ellis, the visionary entrepreneur who has redefined the landscape of cybersecurity through the groundbreaking platform he built – Bugcrowd. As the Founder and Chief Technology Officer of Bugcrowd, Casey Ellis has not only revolutioni…
…
continue reading
1
Interview with Dr. Whitfield Diffie - PSW Vault
43:52
43:52
Play later
Play later
Lists
Like
Liked
43:52
Dr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of "Privacy on the Line: The Politics of Wiretapping and Encryption". Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: ht…
…
continue reading
1
Supply Chain & Firmware Security - Xeno Kovah - PSW #811
1:52:15
1:52:15
Play later
Play later
Lists
Like
Liked
1:52:15
AI generated description fun: "As the glasses are filled and the mood lightens, our veteran guests, each with a legendary tale or two tucked under their virtual belts, embark on a journey through the complex landscape of supply chain security. These old dogs share war stories, anecdotes, and hard-earned wisdom about the evolving challenges and thre…
…
continue reading
1
Embracing AI - Alex Sharpe - PSW #810
2:56:55
2:56:55
Play later
Play later
Lists
Like
Liked
2:56:55
Mr. Sharpe is a long-time (+30 years) Cybersecurity, Governance, and Digital Transformation expert with real-world operational experience. Mr. Sharpe has run business units and has influenced national policy. He has spent much of his career helping corporations and government agencies create value while mitigating cyber risk. This gives him a pragm…
…
continue reading
1
Holiday Extravaganza - Supply Chain, Hardware Hacking, Vulnerabilities, News - PSW #809
3:07:27
3:07:27
Play later
Play later
Lists
Like
Liked
3:07:27
Join the Security Weekly crew in a riveting podcast episode where they delve into the fascinating realm of hardware hacking. Picture a dimly lit room resonating with the nostalgic hum of vintage computers, as our hosts explore the latest techniques using hardware, software, and firmware. Whether you're attempting to hack a specific device or crafti…
…
continue reading
1
AI & LLMs - Josh More, Matthew Carpenter - PSW #808
2:58:31
2:58:31
Play later
Play later
Lists
Like
Liked
2:58:31
What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems t…
…
continue reading
1
Interview with Brian Snow - PSW Vault
1:01:04
1:01:04
Play later
Play later
Lists
Like
Liked
1:01:04
Brian Snow spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span a range from nuclear command and control to tactical radios for the ba…
…
continue reading
1
3 Layers of App Security to Keep Hackers Out, Let Customers In - Aviad Mizrachi - PSW #807
2:50:50
2:50:50
Play later
Play later
Lists
Like
Liked
2:50:50
Attackers pursue the shortest path to achieve their goals in your app. With a tri-layered security architecture, you can force hackers to crawl through a triathlon in your app. What’s in the three layers, to detect attacks sooner, slow attackers down, and stop them fast? Let’s take a journey across the three layers and discuss how to gain control o…
…
continue reading
1
Testing AI Before It Comes To Get You - Austin Carson - PSW #806
2:57:07
2:57:07
Play later
Play later
Lists
Like
Liked
2:57:07
Austin spends the majority of his time thinking about ways to abuse LLMs, the impact of the attacks, and the effects on society. He brings a truly unique perspective to the way to use, attack, and verify output from AI LLM models. Whether you are just learning the ins and outs of LLMs or you were an early adopter, this segment is for you! In the se…
…
continue reading
1
Trustworthy AI for National Security - Kathleen Fisher - PSW #805
3:06:09
3:06:09
Play later
Play later
Lists
Like
Liked
3:06:09
AI/ML is providing significant benefits in a wide range of application domains but also provides adversaries with a new attack surface. Learn about DARPA's efforts to help evaluate AI/ML and work towards a trust model that will allow us to use these valuable tools safely. Segment Resources: Identifying and Mitigating the Security Risks of Generativ…
…
continue reading
1
VSCode Vulnerabilities - Thomas Chauchefoin, Paul Gerste - PSW #804
2:57:53
2:57:53
Play later
Play later
Lists
Like
Liked
2:57:53
For the Security News, we officially welcome Bill Swearingen to our expert panel of PSW hosts, and discuss the news including hacking shenanigans, QNAP, recovering crypto currency, Android malware, and more! Then in a pre-recorded segment: Sonar Vulnerability Researchers Thomas Chauchefoin and Paul Gerste conducted research on the security of Visua…
…
continue reading
1
Meet the Cyber Mercenary Who Can Overthrow a Government - Chris Rock - PSW #803
2:47:53
2:47:53
Play later
Play later
Lists
Like
Liked
2:47:53
Chris Rock is a Cyber Mercenary who has worked in the Middle East, US and Asia for the last 30 years working for both government and private organizations. ˇHe is the Chief Information Security Officer and co-founder of SIEMonster. Chris has presented three times at the largest hacking conference in the world, DEFCON in Las Vegas on controversial v…
…
continue reading
1
Getting Started With Reverse Engineering Hardware - PSW #802
3:09:03
3:09:03
Play later
Play later
Lists
Like
Liked
3:09:03
In our first segment: the PSW hosts drop valuable insight on how to start your own journey into reverse engineering hardware! Resources we mentioned: The Hardware Hackers Handbook is a great start Do a badge challenge: https://www.cyberark.com/resources/threat-research-blog/an-introduction-to-hardware-hacking Take some classes Do some Arduino stuff…
…
continue reading
1
Malware Trends - Anuj Soni - PSW #801
2:57:40
2:57:40
Play later
Play later
Lists
Like
Liked
2:57:40
Anuj joins us to discuss recent trends in malware. What are the malware authors up to lately? What are the latest techniques for reverse engineering malware? Learn about the latest tools and techniques from Anuj! Anuj is a Principal Threat Researcher at Blackberry, where he performs malware research and reverse engineering. He has more than 15 year…
…
continue reading
1
The Right Skills For The Job - Kayla Williams - PSW #800
2:50:17
2:50:17
Play later
Play later
Lists
Like
Liked
2:50:17
This week, First up its the Security News: libwebp or die: we unravel some of the details behind the webp vulnerability first fixed by Apple and Google, then, hopefully by everyone else, attackers can steal your pixels using your GPU, someone cough China cough has been hacking Cisco routers, Kia boys are still a problem, How the Cult of the Dead Co…
…
continue reading