PSW #767 – Holiday Extravaganza
Full Audio
View Show IndexSegments
1. Is Penetration Testing Dead? – PSW #767
While we most likely do not believe that penetration testing is dead it continues to evolve over time. What do penetration tests look like today? Have they become more or less specialized? What is the continuing value of penetration testing? With development and IT moving so fast, how have penetration tests adapted? This discussion will dive into the details of penetration testing today and provide you with a guide to make the most of this activity.
Hosts
2. How To Get Started in Information Security – PSW #767
Without question, we need more people working in cybersecurity today. Our culture has come a long way to be more open and inviting to new folks, but we still have a lot of work to do. What can you do if you want to break into the field of cybersecurity today? While there is no shortage of resources our experienced hosts will offer their thoughts, opinions, and advice on how you can become the next cybersecurity pro!
Hosts
3. Hacker Trivia – PSW #767
How well do you know your hacker history and trivia? See how you compare to our hosts as we tackle hacker trivia live on the air! Categories will include hacker movies, hacker history, and hacker tools.
Hosts
4. Holiday Security News & The Holiday Hack Challenge 2022! – PSW #767
This week, we round out the Holiday Special 2022 with a special guest appearance by Ed Skoudis, where he joins to fill us in on the Holiday Hack Challenge! Then, an utterly chaotic session of security news to close out 2022!
Guest
Ed Skoudis is a Faculty member at IANS Research and the founder of Counter Hack, a company focused on conducting ultra high-quality penetration tests and red team engagements to help organizations better manage their cyber risks. Ed is a SANS Fellow, author, and instructor who has trained over 20,000 cyber security professionals in the art of penetration testing and incident response. Ed is an expert witness who is often called in to analyze large-scale breaches.
Hosts
- 1. Antivirus and EDR solutions tricked into acting as data wipers
Hence, by implementing the following five-step process, Yair could delete files in a directory he didn't have modification privileges.
Create a special path with the malicious file at C:tempWindowsSystem32driversndis.sys Hold its handle and force the EDR or AV to postpone the deletion until after the next reboot Delete the C:temp directory Create a junction C:temp → C: Reboot when prompted.
- 2. Are home video surveillance systems safe?
Having installed a Eufy video doorbell, Paul logged in to the device’s web interface, where he analyzed the source code in the browser and showed that the camera sends a picture to the vendor’s server every time someone appears in the frame. This means that at least one of Eufy’s guarantees (“no clouds”) isn’t true.
Moore then tweeted several more times about some far more serious data protection issues. Apparently, Eufy’s “reliable” encryption uses a fixed key identical for all users. Worse, this key actually appeared in Eufy code posted by the company itself on GitHub. Later, the tech website The Verge, with reference to Moore and another security expert, confirmed the worst-case scenario: anyone online, it seems, can view the video stream simply by connecting to a unique address of the device.
- 3. New Python malware backdoors VMware ESXi servers for remote access
A previously undocumented Python backdoor targeting VMware ESXi servers has been spotted, enabling hackers to execute commands remotely on a compromised system.
- 4. EMBA
- 5. NETGEAR Router Network Misconfiguration
- 6. Desktop OpenSolaris fork OpenIndiana releases Hipster
- 7. A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
- 8. FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked – Krebs on Security
- 9. Vulnerability Prioritisation – PwnDefend
