Content Plan for Security Weekly

In order to assist with content ideas across Security Weekly, we have published a list of topics.  These are higher-level suggestions.  Choose a topic, tool. and/or technique in the area described (or a different tool that does the same thing), and present on it.  Please submit your information via our online form if you are interested in covering one of these topicshttps://securityweekly.com/guests.

If you work for a security vendor, please see our appearance guidelines. 

Virtual Training Topics of Interest

Virtual training sessions are 60 minutes long and include a deep-dive and how-to on a specific topic. These can be sponsored or not. 

Hardware Hacking 101 Wireless (In)Security Pen Testing The Cloud
Penetration Testing Tactics and
Techniques That Actually Work
Making The Most Out Of
Open-Source Threat Intelligence
Hack The Human: Social Engineering
Tactics For Your Next Pen Test
Reverse Engineering Malware OSINT For Fun and Profit Kali Linux Not-So-Secrets
Embedded & IoT Hacking Tips & Tricks Bypassing Endpoint Protection(s) Web App Scanning in DevOps Processes
Breach and Attack Simulation Securing & Protecting Applications in AWS Building An Open-Source SIEM
How To Threat Model For Better Security Forensic Investigations For The Rest Of Us Threat Hunting By Living Off The Land
Building Effective Security Programs:
Compliance, Process and Procedures
How To Test Your Environment
Against The Mitre Att&ck Framework
How To Build an Incident Response
Program with Practically No Budget
Docker Deployments, Security & You

Paul's Security Weekly (PSW) Topics of Interest

Topics can be covered as a technical segment (45 minute how-to guide on how to accomplish something that will help people learn and apply skills) or an interview with the author of the tool or someone who is considered a subject matter expert (SME) in that area. These can be sponsored or not. 

Building Secure-By-Default Containers Storing Secrets In A Vault With Docker Scraping The Web With Python
MS Office Macro Payload(s) Tracking Security News and Research Open-Source Attack Surface Management
Encrypting Linux Volumes Windows Local Privilege Escalation Example Cool C2 Channels By Example
Bypassing 2FA Software Defined Radio Metasploit
Bloodhound (For Attack and Defense) Python Tips and Techniques for Pen Testers Linux Privilege Escalation Through Containers
Web App Pentesting Tool YARA Threat Hunting (JA3, RITA)
Flan Scan Evilgrade Scapy
Nmap OSQuery RFID Hacking

In addition to the topics above, these are red team/offensive specific tools of interest. These can be sponsored or not. 

Privilege Escalation Bloodhound SpiderLabs Responder
DeathStar Domain Password Spray CredKing
Chrome BackDoor PowerShell Without PowerShell Sneaky-Creeper
The Havester AD Explorer FireProx

Enterprise Security Weekly (ESW) Topics of Interest

Topics can be covered as a technical segment (30 minute how-to guide on how to accomplish something that will help people learn and apply skills) or an interview with the author of the tool or someone who is considered a subject matter expert (SME) in that area. These can be sponsored or not. 

Tools For Dealing with CVE Data Runtime Application Protection Evaluating Endpoint Security
Recommending The Best Secrets Manager The Security Awareness Program Cheat Sheet Microsoft ATP (Advanced Threat Protection)
Amazon Elastic Beanstalk for Security Testing Group Policies For Security That Work Powershell For Enterprise Defenders (DeepBlueCLI)
Analyzing Email Phishing Campaigns AWS Security Services GuardiCore, Infection Monkey
Threat Intelligence MITRE Att&ck Matrix Up and Running On Elk
Vulnerability Management Identity Management Log Analysis for IoCs
Cuckoo Sandbox Nagios (Or Alternatives) The Security Onion
Securing O365

In addition to the topics above, these are blue team/defensive specific tools (or at least could be used by the blue team) of interest. These can be sponsored or not. 

Logon Tracer Sysdig Inspect CredDefense
MISP Project TheHive Project Volatility
Salt Project Renovate CrackMapExec
Awesome Incident Response