21 Nails: Behind the Scenes Discussion of Qualys Exim Vulnerability Discovery – Wheel – PSW #695



Join Qualys researcher Wheel for a discussion on the team’s recent discovery and disclosure of multiple critical vulnerabilities in the Exim mail server. This includes discussion of the vulnerabilities that can be chained together to obtain full remote unauthenticated code execution and gain root privileges.

Segment Resources:
https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server
Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

21 Nails: Behind the Scenes Discussion of Qualys Exim Vulnerability Discovery – Wheel

Guests

. Wheel

. Wheel – Researcher at Qualys

“Wheel” is a member of the Qualys Research Team responsible for finding zero-days.

Hosts

Lee Neely

Lee Neely – Senior Cyber Analyst at Lawrence Livermore National Laboratory

@lelandneely

Lee Neely is a senior IT and security professional at Lawrence Livermore National Laboratory (LLNL) with over 25 years of experience. He has been involved in many aspects of IT from system integration and quality testing to system and security architecture since 1986. He has had extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions. Lee has worked with securing information systems since he installed his first firewall in 1989.

Matt Alderman

Matt Alderman – Executive Director at CyberRisk Alliance

@maldermania

Strategic Advisor at Automox, security consultant, and wizard of entrepreneurship.

Paul Asadoorian

Paul Asadoorian – Founder at Security Weekly

@securityweekly

Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

Tyler Robinson

Tyler Robinson – Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

@tyler_robinson

As the Managing Director of Offensive Security & Research at Trimarc, Tyler leads a team of high-performance security professionals within the offensive security field by simulating sophisticated adversaries and creating scalable offensive security platforms using the latest techniques as seen in the wild. With over 2 decades of experience, Tyler specializes in Red Teaming, APT threat modeling, blackbox network penetration testing, and Physical/Social-Engineering. Tyler has presented at multiple conferences including BSides, DefCon and Blackhat panels, SANS security events and to multiple branches of the military.

Announcements

  • In our May 27th webcast at 11am ET, we’ll explore the latest attacks against DNS and the latest techniques that make it possible to discover and disrupt attacks. In our June 3 webcast at 11am ET, you will learn about pen testing tools and why every organization should be using them regularly. Then join us June 10 at 11am ET for our webcast on insider risk to learn how to quickly mitigate data exposure risks. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand