Do you want the latest information about problems we face today in information security and the best solutions? If so, then you’ve come to the right place. All of your favorites podcast hosts here at Security Weekly also contribute their vast knowledge and experience to our webcast program. If you’ve been busy, like we all are, then you may have missed a webcast (or 3) over the past year. No worries, we are now archiving select webcasts so you can register and learn how to solve real problems faced by information security professionals today.
Check back, this page will be updated constantly with new webcasts! We are planning an entire series for the upcoming year, topics will include penetration testing, training and education, endpoint detection and response, web application security and more!
Lenny Zeltser, Mike Nichols, Mike Scutt, & Paul Asadoorian
The State of EDR (Endpoint Detection and Response)
Confused by all of the endpoint security options? You are not alone! Join our experienced hosts and talented individuals from our partners in an informative discussion about endpoint security. We cover the options available today for endpoint security, how to evaluate endpoint products, develop requirements and use endpoint security products effectively. If you are involved at any level with endpoint security in your organization this one is not to be missed!
John Strand and Paul Asadoorian
The State of Penetration - BlackHillsInfoSec
Are you asking the right questions to get a great penetration test? Knowing what to ask and how to assess the answers is your key to getting the best results and most value. Paul Asadoorian sat down with John Strand to uncover better questions and some surprising insights to make sure you get what you need.
Adam Gordon, Doug White, and Paul Asadoorian
The State of Security Training and Education
Do you know what questions you should be asking to find the best training and education solutions for your field of work? Are you lost in the vast sea of certifications and degrees available in the cybersecurity field? There is an overabundance of training solutions flooding the market today, which can make the decision-making process that much harder. Paul Asadoorian sits down with Dr. Doug White, Director of the Cyber Security Program at Roger Williams University, and Adam Gordon, Edutainer and SME at ITProTV to dive into the problems they are solving and why their solutions are unique at solving these problems.
RWU Link to Admissions Page: https://www.rwu.edu/cyber
ITProTV Link to signup for 7 days free: http://get.itpro.tv/hack-naked
Gabriel Gumbs, Clayton Fields, and Paul Asadoorian
The State of Active Directory
Enterprises using Active Directory (AD) are known to have significant gaps in security. When speaking to companies who are testing security infrastructure, we find that they have solutions they believe are protecting AD, but in reality they are still vulnerable.
On Thursday, July 26th we presented a Webcast to discuss the security issues with AD and hand-picked solutions that actually work to fill the security gaps in AD. You’re invited to watch Sponsors, Clayton Fields, VP of Javelin Networks and Gabriel Gumbs, VP Product Strategy - STEALTHbits Technologies, talk with Paul Asadoorian, Security Weekly. We cover the security challenges facing AD. This revealing webcast provides up-to-date real-world scenarios and discussions around AD vulnerabilities and gives advice on remediation for your organisation, with the best approaches on building security programs for AD.
They explain methods penetration testers and adversaries alike use to pray on AD. Learn how to check your controls often and stay away from “too good to be true” and “silver bullet” solutions and adopt solutions raising the cost to the attacker.
Discussions of AD attacks will include:
2) Preventing Pass-The-Hash Attacks
Keith Hoodlet, Paul Asadoorian, Garrett Gross, Reid Tatoris, & James Wickett
The State of Application Security
Garrett Gross received his first modem at age six and has been plugged in ever since. Today, Garrett is a Senior Solutions Engineer with a specialization in application security at Rapid7. He serves as an escalation layer to the applied engineering department, provides technical enablement, and facilitates cross-departmental functionality. He has served in various information technology roles in a myriad of environments, ranging from systems administration in higher education to applied engineering at security startups. Garrett has been a hacker and technophile his entire life, loving nothing more than discovering new ways to make and break things.
Signal Sciences protects the web presence of the world’s leading brands. In this presentation, we'll discuss how our patented approach to WAF and RASP helps companies like Duo Security, Chef, Datadog, Etsy, and more defend their journey to the cloud and DevOps with a practical and proven approach
Reid Tatoris is VP Product Outreach and Marketing at Distil Networks. Reid was previously the co-founder of Are You A Human, a Detroit-based company that analyzes how real humans interact with the Internet. Prior to starting Are You a Human, Reid was a technology consulting working in strategic roles and leading development teams. Reid holds both an Engineering Degree and an MBA from the University of Michigan and is a mentor for Techstars Mobility.
Myke Lyons, Michael Gordover, Michael Clark, and Paul Asadoorian
The State of: Indicators of Compromise & Incident Response
Paul discusses The State of IoC and IR with Michael Gordover from ObserveIT, Myke Lyons from Servicenow, and Michael Clark from Rapid7. Indicator of compromise (IOC), in computer forensics, is an artifact observed on a network or in an operating system that with high confidence indicates a computer intrusion. Typical IOCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs or domain names of botnet command and control servers.
Zane Lackey, Larry Pesce, and Paul Asadoorian
Which way should you shift testing in the SDLC?
Successful DevSecOps is not just shifting security left in the SDLC. Instead, it's a combination of shifting security left and right by providing key visibility and feedback into the live systems development and operations teams are building and operating so they better prioritize development and make more informed decisions.
Tarik Saleh, Keith Hoodlet, and Paul Asadoorian
Clayton Fields, Eyal Neemany, Joff Thyer, & Paul Asadoorian
Register Now: Zero Detect Cyber Resilience: How to get Attackers to Contain Themselves
Security Weekly is hosting Javelin Networks on our next webcast to discuss a zero detect cyber resiliency concept; titled “How to Get Attackers to Contain Themselves” by increasing true positive signals to the incident process and allowing for automated containment.
Join us as we discuss how to turn Active Directory into an Intrusion Prevention System, to prevent AD reconnaissance, credential theft, and lateral movement while empowering incident response teams with near-real-time containment and threat intelligence on previously unidentified tradecraft.
Containment, powered by attackers giving themselves away, of course, helps incident responders move at code speed!
Steve Kaufman and Paul Asadoorian
Tips & Tricks for Defending the Enterprise Using Open Source Tools
Learn which aspects of your security program can benefit the most from these tools, and how to configure and use them. (Free beer will NOT be provided during this webcast, however, you are encouraged to bring your own, as the presenter’s jokes may be funnier if you are enjoying an adult beverage.)
– Lightweight threat intelligence: pi-hole in the cloud (+TacyonNet)
– Vulnerability profiling: Integration with vFeed
– Patching your systems with Ansible
– Network monitoring with Bro
– High-performance firewalls with OpnSense
– The best free training resources
Braden Preston, Matt Alderman, Paul Asadoorian
Register Now: Phishing: There's a Sucker Born Every Minute!
Join Braden Preston, Matt Alderman, and Paul Asadoorian talk about Phishing. Don’t miss your chance to learn and ask questions about this single autonomous endpoint protection agent that eliminates the need for AV, NGAV, EDR, incident response tools and scripts, and now adds malicious macro phishing prevention.
Tim Helming, Keith Hoodlet, Paul Asadoorian
Register Now: Detecting Malicious Domains with DomainTools Webcast!
Join Keith Hoodlet and Paul Asadoorian on our next Security Weekly webcast as they cover some basic tools and techniques to prime your organization for detecting malicious domains and the larger campaigns and actor groups behind them. Tim Helming of DomainTools joins them to show you how to interpret each of the many data points related to a domain. He will show you why they are relevant and what characteristics are indicative of an attacker’s infrastructure.
Paul Asadoorian, Joff Thyer and Zane Lackey
Defending Modern Web Applications
The standard approach for web application security over the last decade has focused heavily on slow gatekeeping controls like static analysis and dynamic scanning. However, these controls were originally designed in a world of Waterfall development and their heavyweight nature often causes more problems than they solve in today’s world of agile, DevOps, and CI/CD.
Join Paul Asadoorian of Offensive Countermeasures, Joff Thyer of Black Hills Information Security, and Zane Lackey of Signal Sciences for this web app security-based webcast! Zane will share practical lessons learned during his tenure at Etsy on the most effective application security techniques in today’s increasingly rapid world of application creation and delivery.
Jonathan Sander, Doug White and Paul Asadoorian
File Systems Analysis
Figuring out what has happened on a compromised system is no easy task. A large part of forensic investigations, or even just figuring out malware intent, is file system analysis.
Industry veteran Doug White will show us how file systems are analyzed. Doug’s been performing file system analysis for a long time, back when they used rudimentary tools like anvils. We will continue the tools discussion with Jonathan Sander from STEALTHBits, who will talk about how you can automate all those boring file system analysis tasks, and use your anvil for more productive things, like making swords.