Content Plan for Security Weekly
In order to assist with content ideas across Security Weekly, we have published a list of topics.
These are higher-level suggestions. Choose a topic, tool. and/or technique in the area described (or a different tool that does the same thing), and present on it.
Please submit your information via our online form if you are interested in covering one of these topics https://securityweekly.com/guests/.
If you work for a security vendor, please see our appearance guidelines.
Virtual Training Topics of Interest
Virtual training sessions are 60 minutes long and include a deep-dive and how-to on a specific topic. These can be sponsored or not.
| Hardware Hacking 101 | Wireless (In)Security | Pen Testing The Cloud |
| Penetration Testing Tactics and Techniques That Actually Work |
Making The Most Out Of Open-Source Threat Intelligence |
Hack The Human: Social Engineering Tactics For Your Next Pen Test |
| Reverse Engineering Malware | OSINT For Fun and Profit | Kali Linux Not-So-Secrets |
| Embedded & IoT Hacking Tips & Tricks |
Bypassing Endpoint Protection(s) | Web App Scanning in DevOps Processes |
| Breach and Attack Simulation | Securing & Protecting Applications in AWS | Building An Open-Source SIEM |
| How To Threat Model For Better Security | Forensic Investigations For The Rest Of Us | Threat Hunting By Living Off The Land |
| Building Effective Security Programs: Compliance, Process and Procedures |
How To Test Your Environment Against The Mitre Att&ck Framework |
How To Build an Incident Response Program with Practically No Budget |
| Docker Deployments, Security & You | ||
Paul’s Security Weekly (PSW) Topics of Interest
Topics can be covered as a technical segment (45 minute how-to guide on how to accomplish something that will help people learn and apply skills) or an interview with the author of the tool or someone who is considered a subject matter expert (SME) in that area. These can be sponsored or not.
| Building Secure-By-Default Containers | Storing Secrets In A Vault With Docker | Scraping The Web With Python |
|---|---|---|
| MS Office Macro Payload(s) | Tracking Security News and Research | Open-Source Attack Surface Management |
| Encrypting Linux Volumes | Windows Local Privilege Escalation Example | Cool C2 Channels By Example |
| Bypassing 2FA | Software Defined Radio | Metasploit |
| Bloodhound (For Attack and Defense) | Python Tips and Techniques for Pen Testers | Linux Privilege Escalation Through Containers |
| Web App Pentesting Tool | YARA | Threat Hunting (JA3, RITA) |
| Flan Scan | Evilgrade | Scapy |
| Nmap | OSQuery | RFID Hacking |
In addition to the topics above, these are red team/offensive specific tools of interest. These can be sponsored or not.
| Privilege Escalation | Bloodhound | SpiderLabs Responder |
|---|---|---|
| DeathStar | Domain Password Spray | CredKing |
| Chrome BackDoor | PowerShell Without PowerShell | Sneaky-Creeper |
| The Havester | AD Explorer | FireProx |
Enterprise Security Weekly (ESW) Topics of Interest
Topics can be covered as a technical segment (30 minute how-to guide on how to accomplish something that will help people learn and apply skills) or an interview with the author of the tool or someone who is considered a subject matter expert (SME) in that area. These can be sponsored or not.
| Tools For Dealing with CVE Data | Runtime Application Protection | Evaluating Endpoint Security |
|---|---|---|
| Recommending The Best Secrets Manager | The Security Awareness Program Cheat Sheet | Microsoft ATP (Advanced Threat Protection) |
| Amazon Elastic Beanstalk for Security Testing | Group Policies For Security That Work | Powershell For Enterprise Defenders (DeepBlueCLI) |
| Analyzing Email Phishing Campaigns | AWS Security Services | GuardiCore, Infection Monkey |
| Threat Intelligence | MITRE Att&ck Matrix | Up and Running On Elk |
| Vulnerability Management | Identity Management | Log Analysis for IoCs |
| Cuckoo Sandbox | Nagios (Or Alternatives) | The Security Onion |
| Securing O365 | ||
In addition to the topics above, these are blue team/defensive specific tools (or at least could be used by the blue team) of interest. These can be sponsored or not.
| Logon Tracer | Sysdig Inspect | CredDefense |
|---|---|---|
| MISP Project | TheHive Project | Volatility |
| Salt Project | Renovate | CrackMapExec |
| Awesome Incident Response | ||