CVE-2020-0601, Netscaler RCE, npm – PSW #635

January 16, 2020

We discuss the details and impact of the latest flaw, disclosed by NSA, in Windows 10 that allows attackers to pass off malware as signed applications and so much more. The Citric Netscaler vulnerability is a rare remote-easy-to-exploit opportunity for attackers. The crew also talks about book recommendations, backdoors in crypto (and why its bad), conspiracy theories and more!

Full episode and show notes

Hosts

Paul Asadoorian

Founder at Security Weekly

0offset

https://securityweekly.com

Jeff Man

Information Security Evangelist at Online Business Systems

http://obsglobal.com/

Larry Pesce

Principal Managing Consultant and Director of Research & Development at InGuardians

https://www.inguardians.com/

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory

https://www.omp.net/

Tyler Robinson

Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

TRob#6466

http://darkelement.io/

Ransomware

OnlyFans, Paul, Windows vs. Linux, Conti, CISA, Zeppelin, & NHS – Wrap Up – SWN #231

August 12, 2022

This week Dr. Doug talks: OnlyFans strikes back, Paul's new post, Windows vs. Linux, Conti, CISA, Zeppelin, NHS, and show wrap-ups on the Security Weekly News!

Incident response

Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack – Joseph Carson – ESW #284

August 11, 2022

Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker’s techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Rans...

Data security

Modern Threat Hunting with your SIEM on a $0 Budget – Ryan Fried – ESW #284