PSW #677 | SC Media
Active Directory, Pen testing, Attack surface mgmt, Attack simulation, Security research, Blue team

PSW #677

December 11, 2020

Sponsored By

sponsor
Visit https://securityweekly.com/coresecurity for more information!

Join us for a lively discussion surrounding the topic of penetration testing. Sure, we’ve called out differences between vulnerability scanning and penetration testing. Moving past this particular issue, we’ll explore how to effectively use penetration testing in your environments.

This segment is sponsored by Core Security, A Help Systems Company.

Visit https://securityweekly.com/coresecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

The State Of Penetration Testing Panel

We openly debate penetration testing on a regular basis throughout the year on Security Weekly shows. Many debate aspects of penetration testing within their own organizations. This segment will draw on the experiences of the panelists to help our audience understand penetration testing. This segment will include topics such as:

– How do you get the most out of penetration tests?
– How has penetration testing evolved over the last year?
– What are some of the types of penetration tests?
– What are the pros and cons of different types of penetration tests?
– When are you ready for your first penetration test?
– When are you ready to have your own internal team for penetration testing?
– How do you manage penetration testing from both external and internal teams?
– How can you integrate attack surface management or adversary simulation solutions into your penetration testing regime?
– What can you do to prepare for a penetration test?
– What’s next in the evolution of penetration testing?

Hosts

Doug White

Doug White – Professor

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Diego Sor

Diego Sor – Security Consulting Services, Director

Ed Skoudis

Ed Skoudis – Faculty Fellow

Travis Smith

Travis Smith – Director, Malware Threat Research

Sponsored By

sponsor
Visit https://securityweekly.com/risksense for more information!

We often hear that offensive security techniques are “sexier” than defensive blue team techniques. In this panel discussion, we attempt to level the playing field (on so many levels…) between attackers and defenders. Keeping the evil attackers out of our networks and systems is a daunting task that requires creative thinking and creative solutions.

This segment is sponsored by RiskSense.

Visit https://securityweekly.com/risksense to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Innovative Blue Team Techniques Panel

The panel will discuss what works, and what doesn’t work when it comes to defending systems in the real world. Topics include:

– How does patching play into the strategy given you can’t patch everything and 0days exist?
– If most organizations will fall to a carefully crafted email phishing attack and some lateral movement to Domain Admin, what can we do to protect the most common attack paths?
– How do we keep our workforce safe while working from home? What are the successful pivots organizations have made to prevent successful attacks in this environment?
– What can we do to encourage teamwork that will lead to an effective cybersecurity program?
– Given the security of many organizations is vulnerable, what types of solutions work best to prevent, detect, and/or stop attacks?
– Do we need more innovative solutions?
– Do we need to use more of what we already have?
– How do we push forward to using immutable infrastructure and DevOps outside of creating and deploying our own software?

Hosts

Doug White

Doug White – Professor

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Brian Donohue

Brian Donohue – Intelligence Analyst

Chris Abella

Chris Abella – Principal SE

David Kennedy

David Kennedy – Co-Founder/CTO

Doug Burks

Doug Burks – CEO

Srinivas Mukkamala

Srinivas Mukkamala – Chief Executive Officer and Co-Founder

Sponsored By

sponsor
Visit https://securityweekly.com/ilf for more information!

Hacking matters. The term hacking has gotten away from us over the years. I believe we’ve reclaimed it, to a certain extent. The goal of this panel is to discuss all things hacking culture. What does it mean to be a hacker and how do we preserve the hacking ideology?

This segment is sponsored by Innocent Lives Foundation.

Visit https://securityweekly.com/ilf to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Hacking Matters Panel

A play on words for sure, this panel will discuss “Hacking Matters”. We will address why hacking matters, to our community, and to society as a whole. It’s difficult to imagine a world without hackers. Which brings us to the second aspect of our panel, to address the matters of hacking. Specifically, we will aim to address the following:

– How do hackers help society today and into the future?
– How do we preserve the hacking spirit?
– How do we recognize the hacker in ourselves and in other people?
– How do we protect hackers from those creating and enforcing laws?
– What are some of the qualities of a hacker? Persistence? Creativity?
– How do we guide the youth of today to become ethical hackers? (Not so much in the penetration testing sense, but related to morals and ethics).
– Hackers love to explore, what advice do we have for those who explore technology to find vulnerabilities and are met with lawyers rather than open arms?
– What are some of the best examples of hacking in his-tory and popular culture?
– Can we teach someone to be a hacker? Or is hacking something you are born with and we can help you unlock it?
– How do we deal with this ethical dilemma: You’ve discovered a way to “break” a system, if you expose it good people will know about it (and hopefully fix it), but the evil attackers now also know about it and could abuse it?

Hosts

Doug White

Doug White – Professor

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Bill Swearingen

Bill Swearingen – Sr Cyber Strategist

Chloé Messdaghi

Chloé Messdaghi – VP of Strategy

Cyndi Gula

Cyndi Gula – Partner

John Loucaides

John Loucaides – VP of Research & Development

Ron Gula

Ron Gula – President

Shane McCombs

Shane McCombs – COO

prestitial ad