PSW #673 | SC Media
Remote access, Pen testing, SOC

PSW #673

November 6, 2020

Sponsored By

sponsor
Visit https://securityweekly.com/netsparker for more information!

Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers!

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Abusing JWT (JSON Web Tokens)

Link to view Sven’s slide deck: https://securityweekly.com/psw-673-json-web-token-security-sven-morgenroth-netsparker/

Hosts

Doug White

Doug White – Professor

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Sven Morgenroth

Sven Morgenroth – Security Researcher

Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

Sponsored By

sponsor
Visit https://securityweekly.com/plextrac for more information!

Runbooks can be a game changer when it comes to executing proactive security assessments and tabletop exercises. This segment will highlight how to use runbooks to enhance your proactive security assessment program and highlight their different use cases.

This segment is sponsored by PlexTrac.

Visit https://securityweekly.com/plextrac to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Proactive Security Using Runbooks

None

Hosts

Doug White

Doug White – Professor

Joff Thyer

Joff Thyer – Security Analyst

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Dan DeCloss

Dan DeCloss – President / CEO

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, Windows 10 zero-day could allow hackers to seize control of your computer, A Nameless Hiker and the Case the Internet Can’t Crack, New Chrome Zero-Day Under Active Attacks, PornHub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet!
Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Multiple iOS 0-Days, Intel Malware Defense, & Windows 0-Day Under Attack

None

Hosts

Doug White

Doug White – Professor

Joff Thyer

Joff Thyer – Security Analyst

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • In our upcoming webcasts & technical trainings, you will learn why you should stop trying to discover & classify data, how to thwart attackers using deception & how to build a risk-based vulnerability management program! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

prestitial ad