PSW #631
Each year the team at Counterhack Challenges makes available the Holiday Hack Challenge. Led by Ed Skoudis, and created by some of the most talented security professionals in the industry, it is not to be missed. Tune in to hear the details, or at least some information, about this year’s Holiday Hack Challenge!
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about our sponsors visit: The Security Weekly Sponsor’s Page
Holiday Hack Challenge
Hosts
 Doug White – Professor |
 Jeff Man – Sr. InfoSec Consultant |
 Joff Thyer – Security Analyst |
 Lee Neely – Senior Cyber Analyst |
 Matt Alderman – CEO |
 Paul Asadoorian – Founder & CTO |
Guests
 Ed Skoudis – Faculty Fellow |
Penetration testing has evolved quite a bit in the past year. As defenses shift, and in some cases get much better, attack techniques and landscapes have changed as well.
– What has changed in the past year with regards to penetration testing?
– What is adversary simulation? What are the benefits? Is the offering and consumption of this service an indication that organizations are getting better at building effective security programs?
– How has the increased popularity of breach and attack simulation tools impacted penetration testing?
– Has the MITRE attack framework impacted penetration testing? If so, how?
– Many advanced penetration testers seem to be keeping their tools private as to avoid detection by endpoint security products. Is this happening, and if so what is the impact? Should we share more? Less?
– With so many tools available today for penetration testing, what can blue teams and internal red teams do to prep for an external penetration test?
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about our sponsors visit: The Security Weekly Sponsor’s Page
The State of Penetration Testing
Hosts
 Jason Albuquerque – CIO & CSO |
 Jeff Man – Sr. InfoSec Consultant |
 Joff Thyer – Security Analyst |
 Larry Pesce – Senior Managing Consultant and Director of Research |
 Patrick Laverty – Security Consultant |
 Paul Asadoorian – Founder & CTO |
 Tyler Robinson – Managing Director of Network Operations |
Guests
 Christopher Hadnagy – Chief Human Hacker |
 David Kennedy – Co-Founder/CTO |
 Ed Skoudis – Faculty Fellow |
 Joe Gray – Senior OSINT Specialist |
 Tom Liston – Lead Instructor |
 Ira Winkler – Lead Security Principal |
It’s often said that attackers need only to get it right once, where defenders have to be right all of the time. Those of us who have worked in a security role as a defender know we don’t always get it right, in fact, there are often many exposures in our defenses. This segment will aim to help defenders learn tactics and techniques that are effective and try to answer some of the following questions:
– How do you prioritize your defensive efforts?
– How do you best detect attacks?
– How do you best protect against attacks?
– We always say “patch your stuff” but how often should you patch? Which systems should you patch?
– What techniques work best to defend against email phishing?
– How do you provide a “good enough” level of security for your Active Directory?
– What are the fundamentals of defense? How do they differ per environment and organization?
– How do you get management to buy-in to your security plans and spending?
Visit https://www.securityweekly.com/psw for all the latest episodes!
To learn more about our sponsors visit: The Security Weekly Sponsor’s Page
Blue Team Tactics and Techniques
Hosts
 April Wright – Preventative Security Specialist |
 Larry Pesce – Senior Managing Consultant and Director of Research |
 Lee Neely – Senior Cyber Analyst |
 Matt Alderman – CEO |
 Paul Asadoorian – Founder & CTO |
 Tyler Robinson – Managing Director of Network Operations |
Guests
 Bill Swearingen – Cyber Strategist |
 Chris Kubecka – CEO |
 Jason Nester – CISO |
 Jim Nitterauer – Senior Security Engineer |
 Michael Gough – Malware Archaeologist |
 Ron Gula – President |
 Trent Lo – Cyber Security Principal |