Content Plan for Security Weekly
In order to assist with content ideas across Security Weekly, we have published a list of topics.
These are higher-level suggestions. Choose a topic, tool. and/or technique in the area described (or a different tool that does the same thing), and present on it.
Please submit your information via our online form if you are interested in covering one of these topics https://securityweekly.com/guests/.
If you work for a security vendor, please see our appearance guidelines.
Virtual Training Topics of Interest
Virtual training sessions are 60 minutes long and include a deep-dive and how-to on a specific topic. These can be sponsored or not.
|Hardware Hacking 101||Wireless (In)Security||Pen Testing The Cloud|
|Penetration Testing Tactics and
Techniques That Actually Work
|Making The Most Out Of
Open-Source Threat Intelligence
|Hack The Human: Social Engineering
Tactics For Your Next Pen Test
|Reverse Engineering Malware||OSINT For Fun and Profit||Kali Linux Not-So-Secrets|
|Embedded & IoT Hacking Tips &
|Bypassing Endpoint Protection(s)||Web App Scanning in DevOps Processes|
|Breach and Attack Simulation||Securing & Protecting Applications in AWS||Building An Open-Source SIEM|
|How To Threat Model For Better Security||Forensic Investigations For The Rest Of Us||Threat Hunting By Living Off The Land|
|Building Effective Security Programs:
Process and Procedures
|How To Test Your Environment
Against The Mitre Att&ck Framework
|How To Build an Incident Response
Program with Practically No Budget
|Docker Deployments, Security & You|
Paul’s Security Weekly (PSW) Topics of Interest
Topics can be covered as a technical segment (45 minute how-to guide on how to accomplish something that will help people learn and apply skills) or an interview with the author of the tool or someone who is considered a subject matter expert (SME) in that area. These can be sponsored or not.
|Building Secure-By-Default Containers||Storing Secrets In A Vault With Docker||Scraping The Web With Python|
|MS Office Macro Payload(s)||Tracking Security News and Research||Open-Source Attack Surface Management|
|Encrypting Linux Volumes||Windows Local Privilege Escalation Example||Cool C2 Channels By Example|
|Bypassing 2FA||Software Defined Radio||Metasploit|
|Bloodhound (For Attack and Defense)||Python Tips and Techniques for Pen Testers||Linux Privilege Escalation Through Containers|
|Web App Pentesting Tool||YARA||Threat Hunting (JA3, RITA)|
In addition to the topics above, these are red team/offensive specific tools of interest. These can be sponsored or not.
|Privilege Escalation||Bloodhound||SpiderLabs Responder|
|DeathStar||Domain Password Spray||CredKing|
|Chrome BackDoor||PowerShell Without PowerShell||Sneaky-Creeper|
|The Havester||AD Explorer||FireProx|
Enterprise Security Weekly (ESW) Topics of Interest
Topics can be covered as a technical segment (30 minute how-to guide on how to accomplish something that will help people learn and apply skills) or an interview with the author of the tool or someone who is considered a subject matter expert (SME) in that area. These can be sponsored or not.
|Tools For Dealing with CVE Data||Runtime Application Protection||Evaluating Endpoint Security|
|Recommending The Best Secrets Manager||The Security Awareness Program Cheat Sheet||Microsoft ATP (Advanced Threat Protection)|
|Amazon Elastic Beanstalk for Security Testing||Group Policies For Security That Work||Powershell For Enterprise Defenders (DeepBlueCLI)|
|Analyzing Email Phishing Campaigns||AWS Security Services||GuardiCore, Infection Monkey|
|Threat Intelligence||MITRE Att&ck Matrix||Up and Running On Elk|
|Vulnerability Management||Identity Management||Log Analysis for IoCs|
|Cuckoo Sandbox||Nagios (Or Alternatives)||The Security Onion|
In addition to the topics above, these are blue team/defensive specific tools (or at least could be used by the blue team) of interest. These can be sponsored or not.
|Logon Tracer||Sysdig Inspect||CredDefense|
|MISP Project||TheHive Project||Volatility|
|Awesome Incident Response|