Special Treats – PSW #620

This week, we welcome Jason Lang, Sr. Security Consultant at TrustedSec, to talk about modern-day Red Teaming against some of the largest companies in the U.S.! In our second segment, we welcome Wes Widner, Cloud Engineering Manager at CrowdStrike, to talk about Audio Security, and why personal voice assistants are the wave of the future! In the Security News, how an iOS 13 flaw could provide access to contacts with a passcode, Equifax demands more information before making payouts, confidential data of 24.3 million patients were discovered online, and a SIM Flaw that lets hackers hijack any phone by sending SMS!

To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec

Full Show Notes: https://wiki.securityweekly.com/Episode620

View Show Index

Full Audio

Segments

1. Anything Red/Purple Teaming – Jason Lang – PSW #620

Jason Lang is the Sr. Security Consultant of TrustedSec. Modern day red teaming against some of the largest company's in the US. Current passion is Ansible for red teamers (i.e. fast infrastructure buildout).

To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec

Full Show Notes: https://wiki.securityweekly.com/Episode620

Guest

Jason Lang
Jason Lang
Sr Security Consultant at TrustedSec

worked on TrustedSec’s Adversary Emulation and Threat Research team. His job is red teaming, purple teaming, pentesting. Jason has been in Infosec for 10+ years, with over 5 years in offensive security / pentesting. He has a background in enterprise. He enjoys coding in C#, Powershell, python – DerbyCon speaker/trainer – “Amish Hacker”. He lives in the middle of nowhere. Jason enjoys woodworking, fly fishing, and beekeeping.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
Larry Pesce
Larry Pesce
Principal Managing Consultant and Director of Research & Development at InGuardians
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory

2. Audio Security – PSW #620

Wes Widner is the Cloud Engineering Manager at CrowdStrike. Wes will be talking about personal voice assistants are the wave of the future. So naturally we should wonder about the unique attack vectors they pose. I'd like to discuss my research into this field and share a few tips on how you can keep yourself safe around voice assistants.

Full Show Notes: https://wiki.securityweekly.com/Episode620

Guest

Wes Widner
Wes Widner
Cloud Engineering Manager at CrowdStrike

engineers clouds with Crowdstrike. Large-scale distributed threat intelligence systems that span a range of threat vectors are his bread and butter. His work history includes data engineering with McAfee Labs’s Global Threat Intelligence department and malware pipelining with Norse Corporation. In his ample spare time, Wes also enjoys teaching children how to hack, ethically of course.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
Larry Pesce
Larry Pesce
Principal Managing Consultant and Director of Research & Development at InGuardians
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory

3. iOS, Equifax Is Back, & phpMyAdmin CSRF Zero-Day – PSW #620

In the Security News, how an iOS 13 flaw could provide access to contacts with passcode, Equifax demands more information before making payouts, confidential data of 24.3 million patients were discovered online, and a SIM Flaw that lets hackers hijack any phone by sending SMS!

Full Show Notes: https://wiki.securityweekly.com/Episode620

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Joff Thyer
Joff Thyer
Security Analyst at Black Hills Information Security
Larry Pesce
Larry Pesce
Principal Managing Consultant and Director of Research & Development at InGuardians
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
prestitial ad