Remote access, IOT, Hardware Security, Patch Management, SIEM

PSW #671

October 23, 2020

Sponsored By

sponsor
Visit https://securityweekly.com/gravwell for more information!

Sysmon is a free endpoint monitoring tool published by Microsoft in their sysinternals suite. It generates process creations, network connections, file creations, DNS, and now clipboard monitoring with v12. We’ll discuss what’s in the events and how to easily visualize and search them with Gravwell’s new Sysmon Kit.

This segment is sponsored by Gravwell.

Visit https://securityweekly.com/gravwell to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Sysmon Endpoint Monitoring, Now w/ Clipboard Voyeurism

None

Hosts

Doug White

Doug White – Professor

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Corey Thuen

Corey Thuen – Co-Founder

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

Sponsored By

sponsor
Visit https://securityweekly.com/eclypsium for more information!

In 2020 attackers are increasingly targeting firmware and hardware – going below the operating system to hide from traditional security solutions and gain persistence. Both nation state actors and criminals are exploiting vulnerable, exposed firmware on network and VPN devices, and recently a new UEFI rootkit dubbed #MosaicRegressor was found in the wild. We’ll discuss how and why attackers are targeting firmware and hardware, and the steps security professionals can take to gain visibility into this attack surface and protect enterprise devices.

This segment is sponsored by Eclypsium.

Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Hackers Hitting Below The Belt

None

Hosts

Doug White

Doug White – Professor

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Scott Scheferman

Scott Scheferman – Principal Cyber Strategist

Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

In the Security News, Testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a WordPress plugin aimed at protecting WordPress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, 8 new hot, steamy, moist cybersecurity certifications, and 5 things you can do to secure your home office without hiring an expert! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Discord Vulnerabilities, Chrome 0-Day, & Severe WordPress Flaw

#[https://www.instapaper.com/read/1354318368 Donald Trumps says “nobody gets hacked”

Hosts

Doug White

Doug White – Professor

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Learn how to build an integrated security platform in our webcast on October 28th! On November 5th, we’ll show you how to build proper metrics and KPIs! Learn why you should stop trying to discover and classify data in our webcast on November 12th! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

prestitial ad