Paul's Security Weekly Subscribe

Special Treats – PSW #620

September 20, 2019

This week, we welcome Jason Lang, Sr. Security Consultant at TrustedSec, to talk about modern-day Red Teaming against some of the largest companies in the U.S.! In our second segment, we welcome Wes Widner, Cloud Engineering Manager at CrowdStrike, to talk about Audio Security, and why personal voice assistants are the wave of the future! In the Security News, how an iOS 13 flaw could provide access to contacts with a passcode, Equifax demands more information before making payouts, confidential data of 24.3 million patients were discovered online, and a SIM Flaw that lets hackers hijack any phone by sending SMS!

To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec Full Show Notes: https://wiki.securityweekly.com/Episode620

View Show Index

Full Audio

Segments

1. Anything Red/Purple Teaming – Jason Lang – PSW #620

Jason Lang is the Sr. Security Consultant of TrustedSec. Modern day red teaming against some of the largest company's in the US. Current passion is Ansible for red teamers (i.e. fast infrastructure buildout).

To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec

Full Show Notes: https://wiki.securityweekly.com/Episode620

Guest

Jason Lang

Jason Lang

Sr Security Consultant at TrustedSec

worked on TrustedSec’s Adversary Emulation and Threat Research team. His job is red teaming, purple teaming, pentesting. Jason has been in Infosec for 10+ years, with over 5 years in offensive security / pentesting. He has a background in enterprise. He enjoys coding in C#, Powershell, python – DerbyCon speaker/trainer – “Amish Hacker”. He lives in the middle of nowhere. Jason enjoys woodworking, fly fishing, and beekeeping.

Hosts

Paul Asadoorian

Paul Asadoorian

Founder at Security Weekly

https://securityweekly.com

Joff Thyer

Joff Thyer

Security Analyst at Black Hills Information Security

https://www.blackhillsinfosec.com/team/joff-thyer/

Larry Pesce

Larry Pesce

Product Security Research and Analysis Director at Finite State

https://www.finitestate.io/

Lee Neely

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory

2. Audio Security – PSW #620

Wes Widner is the Cloud Engineering Manager at CrowdStrike. Wes will be talking about personal voice assistants are the wave of the future. So naturally we should wonder about the unique attack vectors they pose. I'd like to discuss my research into this field and share a few tips on how you can keep yourself safe around voice assistants.

Full Show Notes: https://wiki.securityweekly.com/Episode620

Guest

Wes Widner

Wes Widner

Cloud Engineering Manager at CrowdStrike

engineers clouds with Crowdstrike. Large-scale distributed threat intelligence systems that span a range of threat vectors are his bread and butter. His work history includes data engineering with McAfee Labs’s Global Threat Intelligence department and malware pipelining with Norse Corporation. In his ample spare time, Wes also enjoys teaching children how to hack, ethically of course.

Hosts

Paul Asadoorian

Paul Asadoorian

Founder at Security Weekly

https://securityweekly.com

Joff Thyer

Joff Thyer

Security Analyst at Black Hills Information Security

https://www.blackhillsinfosec.com/team/joff-thyer/

Larry Pesce

Larry Pesce

Product Security Research and Analysis Director at Finite State

https://www.finitestate.io/

Lee Neely

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory

3. iOS, Equifax Is Back, & phpMyAdmin CSRF Zero-Day – PSW #620

In the Security News, how an iOS 13 flaw could provide access to contacts with passcode, Equifax demands more information before making payouts, confidential data of 24.3 million patients were discovered online, and a SIM Flaw that lets hackers hijack any phone by sending SMS!

Full Show Notes: https://wiki.securityweekly.com/Episode620

Hosts

Paul Asadoorian

Paul Asadoorian

Founder at Security Weekly

https://securityweekly.com

Joff Thyer

Joff Thyer

Security Analyst at Black Hills Information Security

https://www.blackhillsinfosec.com/team/joff-thyer/

Larry Pesce

Larry Pesce

Product Security Research and Analysis Director at Finite State

https://www.finitestate.io/

Lee Neely

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory

Related

Security’s Role in Edge Computing Today – Theresa Lanowitz, Chris Goettl – ESW #333

September 28, 2023

The concept of Edge computing has evolved over the years and now has a distinct role alongside public cloud. Theresa Lanowitz, from AT&T Cybersecurity, and Chris Goettl from Ivanti join us to discuss what edge computing means for the market and for cybersecurity. Specifically, we'll discuss how: Strong use cases in the market today for edge c...

Vulnerability Management

Snowden Revelations, Cult of The Dead Cow Saves The Internet, & Stealing Your Pixels – PSW #800

September 27, 2023

This week, First up its the Security News: libwebp or die: we unravel some of the details behind the webp vulnerability first fixed by Apple and Google, then, hopefully by everyone else, attackers can steal your pixels using your GPU, someone cough China cough has been hacking Cisco routers, Kia boys are still a problem, How the Cult of the Dead Co...

The Right Skills For The Job – Kayla Williams – PSW #800

September 27, 2023

Just what are the right skills to have or acquire to work in cybersecurity today? Kayla and the Security Weekly crew talk about it in this segment. We also touch on why we get burnt out and how to avoid it, all in anticipation for SOC Analyst Appreciation Day! This segment is sponsored by Devo . Visit https://securityweekly.com/devo to learn more ...