OnDemand

Do you want the latest information about problems we face today in information security and the best solutions? If so, then you’ve come to the right place. All of your favorites podcast hosts here at Security Weekly also contribute their vast knowledge and experience to our webcast program. If you’ve been busy, like we all are, then you may have missed a webcast (or 3) over the past year. No worries, we are now archiving select webcasts so you can register and learn how to solve real problems faced by information security professionals today.

Check back, this page will be updated constantly with new webcasts! We are planning an entire series for the upcoming year, topics will include penetration testing, training and education, endpoint detection and response, web application security and more!

Lenny Zeltser, Mike Nichols, Mike Scutt, & Paul Asadoorian

  • The State of EDR (Endpoint Detection and Response)

    Confused by all of the endpoint security options? You are not alone! Join our experienced hosts and talented individuals from our partners in an informative discussion about endpoint security. We cover the options available today for endpoint security, how to evaluate endpoint products, develop requirements and use endpoint security products effectively. If you are involved at any level with endpoint security in your organization this one is not to be missed!

    Register and watch this webcast now!

John Strand and Paul Asadoorian

  • The State of Penetration - BlackHillsInfoSec

     

    Are you asking the right questions to get a great penetration test? Knowing what to ask and how to assess the answers is your key to getting the best results and most value. Paul Asadoorian sat down with John Strand to uncover better questions and some surprising insights to make sure you get what you need.

    Register for this webcast to hear John Strand and Paul Asadoorian discuss the real problem and value of a penetration test!

    Register and watch this webcast now!

Adam Gordon, Doug White, and Paul Asadoorian

  • The State of Security Training and Education

    Do you know what questions you should be asking to find the best training and education solutions for your field of work? Are you lost in the vast sea of certifications and degrees available in the cybersecurity field? There is an overabundance of training solutions flooding the market today, which can make the decision-making process that much harder. Paul Asadoorian sits down with Dr. Doug White, Director of the Cyber Security Program at Roger Williams University, and Adam Gordon, Edutainer and SME at ITProTV to dive into the problems they are solving and why their solutions are unique at solving these problems.

     

    RWU Link to Admissions Page: https://www.rwu.edu/cyber

    ITProTV Link to signup for 7 days free: http://get.itpro.tv/hack-naked/

    Register and watch this webcast now!

Gabriel Gumbs, Clayton Fields, and Paul Asadoorian

  • The State of Active Directory

    Enterprises using Active Directory (AD) are known to have significant gaps in security. When speaking to companies who are testing security infrastructure, we find that they have solutions they believe are protecting AD, but in reality they are still vulnerable.

    On Thursday, July 26th we presented a Webcast to discuss the security issues with AD and hand-picked solutions that actually work to fill the security gaps in AD. You’re invited to watch Sponsors, Clayton Fields, VP of Javelin Networks and Gabriel Gumbs, VP Product Strategy - STEALTHbits Technologies, talk with Paul Asadoorian, Security Weekly. We cover the security challenges facing AD. This revealing webcast provides up-to-date real-world scenarios and discussions around AD vulnerabilities and gives advice on remediation for your organisation, with the best approaches on building security programs for AD.

    They explain methods penetration testers and adversaries alike use to pray on AD. Learn how to check your controls often and stay away from “too good to be true” and “silver bullet” solutions and adopt solutions raising the cost to the attacker.

    Discussions of AD attacks will include:

    1) Discontinued use of LM

    2) Preventing Pass-The-Hash Attacks

    - Link 1, Link 2, Link 3

    3) Managing High Privileged Credentials
    - Link1
    4) Creating a WPAD entry and disable NBNS and LLMNR
    - Link 1, Link 2

    5) Preventing Password hashes from being stored in memory
    - Link 1, Link 2

    6) Creating HoneyPot Tokens/Accounts
    - Link 1, Link 2
    7) Implementing Micro-Segmentation
    - Link 1, Link 2

    Register and watch this webcast now!

Keith Hoodlet, Paul Asadoorian, Garrett Gross, Reid Tatoris, & James Wickett

  • The State of Application Security

    Rapid7:

    Garrett Gross received his first modem at age six and has been plugged in ever since. Today, Garrett is a Senior Solutions Engineer with a specialization in application security at Rapid7. He serves as an escalation layer to the applied engineering department, provides technical enablement, and facilitates cross-departmental functionality. He has served in various information technology roles in a myriad of environments, ranging from systems administration in higher education to applied engineering at security startups. Garrett has been a hacker and technophile his entire life, loving nothing more than discovering new ways to make and break things.

    Signal Sciences:

    Signal Sciences protects the web presence of the world’s leading brands. In this presentation, we'll discuss how our patented approach to WAF and RASP helps companies like Duo Security, Chef, Datadog, Etsy, and more defend their journey to the cloud and DevOps with a practical and proven approach

    Distil Networks:

    Reid Tatoris is VP Product Outreach and Marketing at Distil Networks. Reid was previously the co-founder of Are You A Human, a Detroit-based company that analyzes how real humans interact with the Internet. Prior to starting Are You a Human, Reid was a technology consulting working in strategic roles and leading development teams. Reid holds both an Engineering Degree and an MBA from the University of Michigan and is a mentor for Techstars Mobility.

    Register and watch this webcast now!

Myke Lyons, Michael Gordover, Michael Clark, and Paul Asadoorian

  • The State of: Indicators of Compromise & Incident Response

    Paul discusses The State of IoC and IR with Michael Gordover from ObserveIT, Myke Lyons from Servicenow, and Michael Clark from Rapid7. Indicator of compromise (IOC),  in computer forensics, is an artifact observed on a network or in an operating system that with high confidence indicates a computer intrusion. Typical IOCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs or domain names of botnet command and control servers.

    Register and watch this webcast now!

Zane Lackey, Larry Pesce, and Paul Asadoorian

  • Which way should you shift testing in the SDLC?

    Successful DevSecOps is not just shifting security left in the SDLC. Instead, it's a combination of shifting security left and right by providing key visibility and feedback into the live systems development and operations teams are building and operating so they better prioritize development and make more informed decisions.

    Register and watch this webcast now!

Tarik Saleh, Keith Hoodlet, and Paul Asadoorian

  • How to Analyze & Investigate Malicious JavaScript

    We’ll discuss locating and extracting suspicious code, de-obfuscation, and observing the payloads executing in a safe environment. You can gain valuable information from JavaScript that can then feed other investigation outputs such as YARA rules, openIOC, and other signatures.  The emphasis must be on outputs for continual detection purposes and expanding your investigation scope. We’ll help you answer the next logical question during an investigation: “Has anyone else on my network been affected?”

    Register and watch this webcast now!

Clayton Fields, Eyal Neemany, Joff Thyer, & Paul Asadoorian

  • Register Now: Zero Detect Cyber Resilience: How to get Attackers to Contain Themselves

     

    Security Weekly is hosting Javelin Networks on our next webcast to discuss a zero detect cyber resiliency concept; titled “How to Get Attackers to Contain Themselves” by increasing true positive signals to the incident process and allowing for automated containment.

    Join us as we discuss how to turn Active Directory into an Intrusion Prevention System, to prevent AD reconnaissance, credential theft, and lateral movement while empowering incident response teams with near-real-time containment and threat intelligence on previously unidentified tradecraft.

    Containment, powered by attackers giving themselves away, of course, helps incident responders move at code speed!

    Register and watch this webcast now!

Steve Kaufman and Paul Asadoorian

  • Tips & Tricks for Defending the Enterprise Using Open Source Tools

    Learn which aspects of your security program can benefit the most from these tools, and how to configure and use them. (Free beer will NOT be provided during this webcast, however, you are encouraged to bring your own, as the presenter’s jokes may be funnier if you are enjoying an adult beverage.)

    Outline:
    – Lightweight threat intelligence: pi-hole in the cloud (+TacyonNet)
    – Vulnerability profiling: Integration with vFeed
    – Patching your systems with Ansible
    – Network monitoring with Bro
    – High-performance firewalls with OpnSense
    – The best free training resources

    Register and watch this webcast now!

Braden Preston, Matt Alderman, Paul Asadoorian

  • Register Now: Phishing: There's a Sucker Born Every Minute!

     

    Join Braden Preston, Matt Alderman, and Paul Asadoorian talk about Phishing. Don’t miss your chance to learn and ask questions about this single autonomous endpoint protection agent that eliminates the need for AV, NGAV, EDR, incident response tools and scripts, and now adds malicious macro phishing prevention.

    Register and watch this webcast now!

Tim Helming, Keith Hoodlet, Paul Asadoorian

  • Register Now: Detecting Malicious Domains with DomainTools Webcast!

    Join Keith Hoodlet and Paul Asadoorian on our next Security Weekly webcast as they cover some basic tools and techniques to prime your organization for detecting malicious domains and the larger campaigns and actor groups behind them. Tim Helming of DomainTools joins them to show you how to interpret each of the many data points related to a domain. He will show you why they are relevant and what characteristics are indicative of an attacker’s infrastructure.

    Register and watch this webcast now!

Paul Asadoorian, Joff Thyer and Zane Lackey 

  • Defending Modern Web Applications

    The standard approach for web application security over the last decade has focused heavily on slow gatekeeping controls like static analysis and dynamic scanning. However, these controls were originally designed in a world of Waterfall development and their heavyweight nature often causes more problems than they solve in today’s world of agile, DevOps, and CI/CD.

    Join Paul Asadoorian of Offensive Countermeasures, Joff Thyer of Black Hills Information Security, and Zane Lackey of Signal Sciences for this web app security-based webcast! Zane will share practical lessons learned during his tenure at Etsy on the most effective application security techniques in today’s increasingly rapid world of application creation and delivery.

    Register and watch this webcast now!

Jonathan Sander, Doug White and Paul Asadoorian

  • File Systems Analysis

    Figuring out what has happened on a compromised system is no easy task. A large part of forensic investigations, or even just figuring out malware intent, is file system analysis.
    Industry veteran Doug White will show us how file systems are analyzed. Doug’s been performing file system analysis for a long time, back when they used rudimentary tools like anvils. We will continue the tools discussion with Jonathan Sander from STEALTHBits, who will talk about how you can automate all those boring file system analysis tasks, and use your anvil for more productive things, like making swords.

    Register and watch this webcast now!