bh201

BH2020 Episode #1 – August 03, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Pentesting Results Paint A Biased Picture – 11:00 AM-11:15 AM

Sponsored By

sponsor
Visit https://securityweekly.com/vicarius for more information!

Description

Pentesting is littered with politics, bias reporting, and human error. So how do you clean up the trash? A former IDF engineer shares how his stint as a pentester changed the way he thinks about it – and ultimately led to the development of a new technology.

This segment is sponsored by Vicarius.

Visit https://securityweekly.com/vicarius to learn more about them!

Start your free trial today, visit: https://www.vicarius.io/sign/up

Guest(s)

Roi Cohen
Roi Cohen – Co-Founder & VP Sales

Hosts

MattAlderman
MattAlderman – CEO

2. Why Secure Remote Access Is Like The Emperors New Clothes – 11:45 AM-12:00 PM

Description

Our research for Black Hat demonstrates that the Secure Remote Access or so-called ‘VPN’ technologies typically used by enterprises to facilitate access to their networks for remote employees are poorly understood, improperly configured and don’t provide the full level of protection typically expected of them. This isn’t because of bugs in the technology, but rather due to a ubiquitous scenario in which the remote worker is connected to Wi-Fi that is is untrusted, insecure or compromised. We demonstrate that in this common use-case ‘VPN’ technologies do not act as we expect them to and therefore expose several opportunities to an attack with control over the Wi-Fi access point.

To get access to the most recent results from our studies, updates, additional demos and other resources on our research, visit: https://orangecyberdefense.com/global/insecure-remote-access/.

Guest(s)

Charl van der Walt
Charl van der Walt – Global Head of Security Research
Wicus Ross
Wicus Ross – Senior Security Researcher

Hosts

PaulAsadoorian
PaulAsadoorian – Founder & CTO

3. Purple Teaming With PlexTrac – 12:30 PM-12:45 PM

Sponsored By

sponsor
Visit https://securityweekly.com/plextrac for more information!

Description

The concept of purple teaming needs to be expanded to incorporate a culture of collaboration across all proactive and reactive activities within enterprise cybersecurity programs.

Learn how PlexTrac can aid in all thing purple teaming and drive to the security posture forward for all.

Key questions to cover:
What is purple teaming?
Who’s on the purple team?
How does the purple team relate to the CISO?
Where does PlexTrac fit in this process?

This segment is sponsored by PlexTrac.

Visit https://securityweekly.com/plextrac to learn more about them!

To get one month free, visit: https://securityweekly.com/plextrac

Guest(s)

Dan DeCloss
Dan DeCloss – President / CEO

Hosts

PaulAsadoorian
PaulAsadoorian – Founder & CTO

4. Protecting Data That Egresses From Cloud Services & SaaS Applications – 01:15 PM-01:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/securecircle for more information!

Description

For a true Zero-Trust environment, it isn’t enough to think about data in cloud services and SaaS applications, we also must protect, control and audit data that egresses form these services onto endpoints.

– How do you protect data that egresses from your cloud services (i.e., Github, Workday, SalesForce, Box, OneDrive)?
– Do you control access to your data after it egresses from your cloud services?

This segment is sponsored by SecureCircle.

Visit https://securityweekly.com/securecircle to learn more about them!

Demo and 30-day free trial: https://www.securecircle.com/

Guest(s)

Jeff Capone
Jeff Capone – CEO, Co-founder

Hosts

MattAlderman
MattAlderman – CEO

5. Are You Effectively Addressing API Security? – 02:00 PM-02:15 PM

Sponsored By

sponsor
Visit https://securityweekly.com/synopsys for more information!

Description

All applications use APIs—they’re nothing new to the development world. But are organizations factoring API security into their broader security strategy effectively?

We’ve seen high-profile breaches at well-known companies stemming from their exposure or use of insecure API endpoints. This raises the question of how your software security initiative addresses the controls you need to ensure the APIs you use and produce are secure.

Within this segment, Michael Borohovski will discuss key considerations when designing APIs, along with security controls and security testing that could make or break your software.

This segment is sponsored by Synopsys.

Visit https://securityweekly.com/synopsys to learn more about them!

Learn more about API security, visit: https://www.synopsys.com/software

Guest(s)

Michael Borohovski
Michael Borohovski – Director of Software Engineering

Hosts

MattAlderman
MattAlderman – CEO

6. Protecting Ethical Hackers – 02:45 PM-03:00 PM

Description

Arrests in Iowa and a Good Samaritan law for Cyber security. The mistake Iowa has made allowing politicians to pass sweeping reforms on a subject they knew nothing about based on politics and who owned what, versus what was best for the citizens of Iowa.

Help protect ethical hackers: https://www.coalfire.com/ethicalhackerprotection

Guest(s)

Gary De Mercurio
Gary De Mercurio – Senior Manager
Justin Wynn
Justin Wynn – Senior Security Consultant

Hosts

PaulAsadoorian
PaulAsadoorian – Founder & CTO

7. Satellite Broadband Security – 03:30 PM-03:45 PM

Description

In my upcoming Blackhat and DEFCON briefings, I will be presenting the result of several experiments looking at real-world security and privacy in satellite broadband communications. We find that it is possible for attackers using cheap home-television equipment to eavesdrop on the internet traffic of people who are thousands of miles away. In the briefing, we show how this effects individuals and organizations ranging from home internet customers, to oil companies, to airlines.

Guest(s)

James Pavur
James Pavur – DPhil Student

Hosts

MattAlderman
MattAlderman – CEO

8. What’s Going On With TikTok? – 04:15 PM-04:30 PM

Description

What’s the latest with TikTok? Will the application be banned? Can you actually ban it? Doug White and Matt Alderman discuss the latest news on TikTok.

https://lacrossetribune.com/lifestyles/technology/security-analyst-explains-2-major-concerns-with-tik-tok/video_bd30645d-0eb5-5bbb-8673-3bc33675f9e7.html

https://thehill.com/homenews/administration/510223-trump-putting-tiktok-ban-on-hold-for-45-days-report

https://www.cnbc.com/2020/08/03/microsoft-confirms-talks-to-buy-tiktok-in-us.html

Hosts

DougWhite
DougWhite – Professor
MattAlderman
MattAlderman – CEO
  1. Security analyst explains 2 major concerns with Tik Tok
  2. Trump putting TikTok ban on hold for 45 days: report
  3. Microsoft confirms talks to buy TikTok in U.S., aims to finish deal by Sept. 15

9. How Did The Twitter Hackers Get Caught? – 05:00 PM-05:15 PM

Description

The FBI tracked down the Twitter hackers, but how? What mistake did they make? Doug White and Matt Alderman discuss the latest news on the Twitter hack.

https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/

https://www.wired.com/story/how-alleged-twitter-hackers-got-caught-bitcoin/

https://siliconangle.com/2020/08/02/twitter-hackers-caught-sending-bitcoin-verified-coinbase-accounts/

Hosts

DougWhite
DougWhite – Professor
MattAlderman
MattAlderman – CEO
  1. How the FBI tracked down the Twitter hackers
  2. How the Alleged Twitter Hackers Got Caught
  3. Twitter hackers were caught after sending bitcoin to verified Coinbase accounts