Paul's Security Weekly (Audio)
Where security veterans unpack the latest IT security news, vulnerabilities, and research through a historical and technical lens that can cut through even the thickest cigar smoke. Hosted by Paul Asadoorian and Larry Pesce. Co-hosts: Josh Marpet, Jeff Man, Mandy Logan, Tyler Robinson.
info_outline
Threat Actors With A Thousand Names - PSW #856
01/09/2025
Threat Actors With A Thousand Names - PSW #856
DNA sequencer vulnerabilities, threat actor naming conventions, new CNAs and problems, backdoors are not secrets (again), The RP2350 is hacked!, they know where your car is, treasury department hacked, what if someone hacked license plate cameras? Tenable CEO passes away, and very awkwardly, a Nessus plugin update causes problems, who needs fact-checking anyhow (And how people steal stuff and put it on Facebook), when you are breached, make sure you tell the victims how to be more secure, Salt Typhoon - still no real details other than more people were hacked and they are using the word sanctions a lot, Bitlocker bypassed again, Siri recorded you, and Apple pays, and yes, you can't print on Tuesdays! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/34793265
info_outline
Hacker Heroes - Haroon Meer - PSW Vault
12/25/2024
Hacker Heroes - Haroon Meer - PSW Vault
Unraveling Cybersecurity Complexity: A Conversation with Haroon Meer Haroon Meer, an influential figure in the world of cybersecurity, takes center stage in this podcast interview. With a deep reservoir of knowledge and a track record of tackling complex security challenges, Haroon has established himself as a key player in the InfoSec domain. As the founder of Thinkst Applied Research, Haroon brings a wealth of practical experience to the table. Join us as we explore his professional journey, from early forays into cybersecurity to pioneering innovations that have reshaped how organizations approach security. Haroon Meer's insights go beyond the theoretical, offering a pragmatic understanding of cybersecurity issues and solutions. Dive into the intricacies of threat landscapes, security architectures, and the evolving dynamics of cyber threats as Haroon shares his perspectives on the current state of cybersecurity. With a focus on practicality and a knack for simplifying complex concepts, Haroon Meer's interview is a must-listen for anyone interested in the nuances of cybersecurity. Gain a deeper understanding of the challenges faced by security professionals and uncover valuable takeaways that can enhance your approach to securing digital environments. Join us as we explore the mind of a cybersecurity luminary, unraveling the layers of InfoSec intricacies with Haroon Meer in this enlightening podcast episode. Show Notes:
/episode/index/show/pswonly/id/34491200
info_outline
When Public Payphones Become Smart Phones - Inbar Raz - PSW #855
12/19/2024
When Public Payphones Become Smart Phones - Inbar Raz - PSW #855
If you've ever wondered how attackers could go after payphones that are "smart" we got you covered! Inbar has done some amazing research and is here to tell us all about it! Segment Resources: XSS is the number one threat?, fix your bugs faster, hacking VoIP systems, AI and how it may help fuzzing, hacker gift guides, new DMA attacks, hacking InTune, Rhode Island gets hacked, OpenWrt supply chain issues, we are being spied on, Germans take down botnet, Bill and Larry are speaking at Shmoocon!, and TP-Link bans. Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/34534315
info_outline
Navigating Regulations in Supply Chain Security - Eric Greenwald - PSW #854
12/12/2024
Navigating Regulations in Supply Chain Security - Eric Greenwald - PSW #854
Join us for this segment as we discuss government regulations and certifications as they apply to supply chain security and vulnerability management, and how understanding the mumbo jumbo can enable organizations to improve their cyber security. In the security news, the crew, (minus Paul) get to gather to discus hacks causing disruptions, in healthcare, donuts and vodka, router and OpenWRT hacks (and the two are not related), Salt/Volt Typhoon means no more texting and 10 year old vulnerabilities and more! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/34417335
info_outline
Hacker Gadgets - PSW #853
12/04/2024
Hacker Gadgets - PSW #853
The hosts discuss hacker gadgets! We'll cover what we've been hacking on lately and discuss gadgets we want to work on in the future and other gadgets we want to get our hands on. Paul has been working with some M5Stack devices, a guide can be found here: We will cover the Clockwork PI "uConsole" (RPI CM4) - We want the RPI Pico 2 W and the RPI CM5 () Paul upgraded one of his Flipper Zeros with Momentum Firmware () Paul and Larry have the new Crowview Note () Larry's List: Cheap Yellow Display - KV4P HT - Lilygo T-Deck - Helltec LoRa32 NRF52840-DK - NRF52840 Dongle - MakerDialry NRF52840 - Radioberry - Bootkitties and Linux bootkits, Canada realizes banning Flippers is silly, null bytes matter, CVE samples, how dark web marketplaces do security, Perl code from 2014 and vulnerabilities in needrestart, malware in gaming engines, the nearby neighbor attack, this week in security appliances featuring Sonicwall and Fortinet, footguns, and get it off the freakin public Internet! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/34304365
info_outline
Hacker Heroes - Aaron Turner - PSW Vault
11/27/2024
Hacker Heroes - Aaron Turner - PSW Vault
In this Hacker Heroes episode, we sit down with Aaron Turner, a highly respected figure in the realm of cybersecurity. With a career spanning decades, Aaron has established himself as a thought leader and authority on various aspects of information security. As a seasoned cybersecurity professional, Aaron has navigated the evolving landscape of digital threats, contributing significantly to the development of strategies and solutions for protecting sensitive information. With a comprehensive understanding of the intricacies of cybersecurity, he brings a wealth of knowledge to our discussion. Join us as we explore Aaron's journey in the field, from the early stages of his career to his current role as a distinguished cybersecurity expert. Throughout the conversation, Aaron sheds light on the challenges faced by professionals in the industry and shares valuable insights into the dynamic nature of cyber threats. Aaron's expertise spans a range of cybersecurity domains, including risk management, incident response, and security policy development. Our discussion delves into the strategies and methodologies he employs to address the ever-changing landscape of cyber threats and secure digital infrastructures. For professionals in the cybersecurity space and those keen on understanding the intricacies of digital security, this podcast episode offers a unique opportunity to gain insights from Aaron Turner's wealth of experience. Tune in to explore the multifaceted world of cybersecurity and discover the strategies that have defined Aaron's impactful career. Show Notes:
/episode/index/show/pswonly/id/34159515
info_outline
Confessions of a Cyber Criminal Stalker - Ken Westin - PSW #852
11/21/2024
Confessions of a Cyber Criminal Stalker - Ken Westin - PSW #852
Black Hats & White Collars: We know criminal hacking is big business because we've spied on them! Ken comes on the show to talk about chasing and stalking criminals, even if it means sacrificing some of your own personal safety. Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and Fortinet, the first zoom call, and one person's trash is another person's gaming PC! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/34079761
info_outline
No CVE and No Accountability - Ed Skoudis - PSW #851
11/14/2024
No CVE and No Accountability - Ed Skoudis - PSW #851
Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memories of the TV-B-Gone. But the real kicker was our discussion on end-of-life software and the whole CVE numbering authority mess. Avanti's refusal to issue a CVE for their end-of-life product sparked a heated debate about cybersecurity accountability and conflicts of interest. Ed Skoudis joins us to announce this year's Holiday Hack Challenge! Segment Resources: Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/33932437
info_outline
Cybersecurity For Schools - Kayne McGladrey - PSW #850
11/07/2024
Cybersecurity For Schools - Kayne McGladrey - PSW #850
We chatted with Kayne about education systems security, funding for cyber tools and services, and what the future of education might look like to fill more cyber roles. In the news: Pacific Rim, Linux on Windows for attackers, one of the worst cases of a former employee's retaliation, Zery-Day FOMO, we predicted that, hacking for fun, working hard for no PoC, an LLM that discovers software vulnerabilities, absurd fines, long usernames and Okta, and paying a ransom with dough! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/33831132
info_outline
Shadow IT and Security Debt - Dave Lewis - PSW #849
10/31/2024
Shadow IT and Security Debt - Dave Lewis - PSW #849
We had the pleasure of finally having Dave Lewis on the show to discuss shadow IT and security debt. Dave shared some fascinating insights from his long career in cybersecurity, emphasizing the importance of addressing fundamental security issues and the human aspect of security. We delved into the challenges of managing shadow IT, the complexities of security debt, and the need for organizations to prioritize security practices. Overall, it was a great conversation that highlighted the ongoing struggles in our industry and the importance of learning from past mistakes to build a more secure future. Google's cookie encryption drama, Microsoft accusing Google of shady antitrust tactics, AI shenanigans, the rejected Defcon talk and hacking traffic lights, vulnerabilities in Realtek SD card readers, the never-ending debate on quantum computing vs. cryptography, backdoors are not secrets and where we are pushing attackers, firmware leakage, more on Windows Downgrade (and UEFI locks), super nerdy Linux things, EDR is dead, well not really but more on how to make it not phone home, bypassing memory scanners, couple of Bluetooth hacking things, and a really awesome article about an IoT 0-Day that is no longer on the Internet. Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/33707177
info_outline
Secure By Default - How do we get there? - Andy Syrewicze - PSW #848
10/24/2024
Secure By Default - How do we get there? - Andy Syrewicze - PSW #848
Andy drops some Microsoft Windows and 365 knowledge as we discuss the details on how we get to secure by default in our Windows and cloud environments. This week: The USB Army Knife that won't break the budget, I don't want to say EDR is useless (but there I said it), Paul's list of excellent hacking tips, FortiJump - an RCE that took a while to become public, do malware care if it's on a hypervisor?, MicroPython for fun and not for hacking?, an unspecified vulnerability, can you exploit speculative execution bugs?, scanning the Internet and creating a botnet by accident. Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/33600952
info_outline
Effective Operational Outcomes - Ken Dunham - PSW #847
10/17/2024
Effective Operational Outcomes - Ken Dunham - PSW #847
New security and vulnerability research is published every day. How can security teams get ahead of the curve and build architecture to combat modern threats and threat actors? Tune-in to a lively discussion about the threat landscape and tips on how to stay ahead of the curve. Segment Resources: Air gaps are still not air gapped, making old exploits new again, chaining exploits for full compromise, patching is overrated, SBOMs are overrated, VPNs are overrated, getting root with a cigarette lighter, you can be any user you want to be, in-memory Linux malware, the Internet Archive is back, we still don't know who created Bitcoin, unhackable phones, and There's No Security Backdoor That's Only For The "Good Guys" ! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/33502252
info_outline
The Code of Honor: Embracing Ethics in Cybersecurity - Ed Skoudis - PSW #846
10/10/2024
The Code of Honor: Embracing Ethics in Cybersecurity - Ed Skoudis - PSW #846
"Code of Honor: Embracing Ethics in Cybersecurity" by Ed Skoudis is a book that explores the ethical challenges faced by cybersecurity professionals in today's digital landscape. The book delves into the complex moral dilemmas that arise in the field of cybersecurity, offering guidance on how to navigate these issues while maintaining integrity. The authors provide practical advice and real-world examples to help readers develop a strong ethical framework for decision-making in their cybersecurity careers. Segment Resources: Code of Honor: Purchase Ed's book here: Get ready for a wild ride in this week's podcast episode, where we dive into the latest security shenanigans! Default Credentials Gone Wild: We’ll kick things off with a look at how default credential scanners are like that friend who shows up to the party but never brings snacks. They're everywhere, but good luck finding one that actually works! Critical Vulnerabilities in Tank Gauges: Next, we’ll discuss how automated tank gauges are now the new playground for hackers. With vulnerabilities that could lead to environmental disasters, it’s like giving a toddler a box of matches—what could possibly go wrong? Cisco Routers: The Forgotten Gear: Cisco's small business routers are like that old car in your driveway—still running but definitely not roadworthy. We’ll explore why you should check your network before it becomes a digital junkyard. Firmware Updates: A Love Story: Richard Hughes has dropped some juicy updates on fwupd 2.0.0, making firmware updates as easy as ordering takeout. But let’s be real, how many of us actually do it? Stealthy Linux Malware: We’ll also uncover Perfctl, the stealthy malware that’s been creeping around Linux systems since 2021. It’s like that one relative who overstays their welcome—hard to get rid of and always looking to borrow money! PrintNightmare Continues: And yes, the PrintNightmare saga is still haunting Windows users. It’s like a horror movie that just won’t end—grab your popcorn! Cyber Shenanigans at Comcast and Truist: We'll wrap up with a juicy breach involving Comcast and Truist Bank that compromised data for millions. Spoiler alert: they didn’t have a great plan for cleaning up the mess. Tune in for all this and more as we navigate the wild world of security news with a wink and a nudge! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/33405657
info_outline
Analyzing Malware at Scale - John Hammond - PSW #845
10/02/2024
Analyzing Malware at Scale - John Hammond - PSW #845
This episode of Paul Security Weekly features John Hammond, a senior security researcher from Huntress, discussing malware analysis. Hammond dives into the analysis of Ocean Lotus attacks, highlighting the use of stealthy techniques like alternate data streams and DLL side-loading. The conversation also touches on the challenges of combating attackers who leverage ‘bring your own vulnerable driver’ techniques to gain kernel-level privileges. The hosts discuss the need for secure-by-default configurations and the ongoing struggle to combat attackers who exploit vulnerabilities. The episode concludes with a discussion on how to improve the security of the industry. Segment Resources: Automated tank gauges are leaking more than just fuel, while CUPS is serving up a steaming hot brew of vulnerabilities. Meanwhile, Supermicro's BMC firmware is giving away root access like it's going out of style. If you thought your Kia was safe, think again - all it takes is a license plate and 30 seconds to turn your car into a hacker's joyride. China's been busy building a massive IoT botnet called Raptor Train. It's been chugging along undetected for four years. NIST has decided that your password doesn't need to be a cryptographic masterpiece anymore. No more special characters or arbitrary changes - just make it long and don't use "password123". A Texas hospital is playing a game of "hot potato" with ambulances thanks to a ransomware attack. More thoughts on known exploited vulnerabilities, firmware unpacking tools lowdown, Aruba, Bahama, come-on command injection, and kids changing the name of their school! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/33323067
info_outline
AI in Cyber & Addressing Analyst Burnout - Kayla Williams - PSW #844
09/26/2024
AI in Cyber & Addressing Analyst Burnout - Kayla Williams - PSW #844
This week in the security news, Dr. Doug and Larry explore various technological advancements and their implications with a healthy dose of nostalgia, particularly focusing on health monitoring through Wi-Fi signals, the misconceptions surrounding 5G connectivity, the importance of understanding internet speed needs, and the cybersecurity threats facing water systems. They also discuss the potential chaos that could arise from infrastructure failures and the vulnerabilities present in automated tank gauges, emphasizing the need for better asset management and security measures. Kayla Williams, Chief Security Information Officer at Devo, discussed the role of AI in cybersecurity and the ongoing issue of burnout for SOC analysts. Working with Wakefield Research, Devo discovered that 83% of IT professionals feel burnt out due to stress, lack of sleep, and anxiety. Many also report that their burnout leads to breaches. This segment is sponsored by Devo . Visit to learn more about them! Segment Resources: SOC Analyst Appreciation Day: Kayla's LinkedIn: Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/33221242
info_outline
Exploding Pagers - Tod Beardsley - PSW #843
09/19/2024
Exploding Pagers - Tod Beardsley - PSW #843
Apple drops a lawsuit to avoid exposing secrets, what does it mean for the security industry if MS locks down the kernel?, exploding pagers, more things from the past: Adobe Flash exploits, robots get rid of your data, PKFail is still a thing, Android TV malware is back: now with conspiracy theories, DMA attacks, gamers are not nation-state attackers, the story of a .MOBI Whois server, a better bettercap, and when not to trust video baby monitors. Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley, in this episode of Below the Surface. Learn how KEV was created, where the data comes from, and how you should use it in your environment. This segment is sponsored by Eclypsium. Visit to learn more about them! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/33124112
info_outline
Recent Cyber Security Laws & Regulations - Lee Kim - PSW #842
09/12/2024
Recent Cyber Security Laws & Regulations - Lee Kim - PSW #842
Lee comes on the show to discuss: EU CRA - - its impact on bringing products to market and the challenges of enforcing such laws that require products to be "Secure" Recent legislation on disputes for federal agency fines - Chevron deference rule - supreme court decision, uncertainty, more or less clarity - proven in the first court case? opens to more litigation - Breach disclosure laws - mandatory disclosure rules from the SEC - Defcon cease and desist - “Copyright Act, the Defend Trade Secret Acts, the Computer Fraud and Abuse Act, and the Digital Millennium Copyright Act” - Don't tell the FCC there is a new Flipper firmware release, unpatchable?, argv[0] and sneaking past defenses, protect your registries, someone solved my UART RX problem, PKFail update, legal threats against security researchers documented, EDR bypass whack-a-mole continues, emulating PIs, VScode moonlights as a spy, Want to clone a YubiKey? All you need is $11,000, some fancy gear, and awkwardly close proximity to your victim, and Telegram’s encryption: it’s kinda like putting a 'Keep Out' sign but leaving the door unlocked. Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/33023252
info_outline
Hacker Heroes - Mark Loveless - PSW Vault
09/04/2024
Hacker Heroes - Mark Loveless - PSW Vault
Exploring the Hacking Landscape with Mark Loveless, AKA SimpleNomad Dive into the intricate world of cybersecurity with our featured guest, Mark Loveless, widely known by his handle SimpleNomad. With a rich history in the realm of information security, Mark is a seasoned professional, researcher, and thought leader. Mark's journey spans decades, marked by a commitment to uncovering vulnerabilities and understanding the ever-changing threat landscape. As a prominent figure in the cybersecurity community, he has contributed significantly to the field, sharing insights, research findings, and expertise. Join us in this podcast interview as Mark reflects on his experiences, discusses the evolution of cybersecurity challenges, and shares his perspectives on emerging trends. With a deep understanding of both offensive and defensive security, Mark brings a unique perspective to the conversation, offering valuable insights into the strategies and tactics employed by cybersecurity professionals. As a respected voice in the industry, Mark Loveless has not only witnessed the evolution of cybersecurity but has actively shaped its trajectory through his contributions to research, writing, and speaking engagements. This episode provides a rare opportunity to gain knowledge from a cybersecurity veteran and explore the nuances of an ever-expanding digital landscape. Tune in to discover the wisdom and experiences that have defined Mark Loveless's career and gain a deeper understanding of the complexities and challenges inherent in the world of cybersecurity. Show Notes:
/episode/index/show/pswonly/id/32762747
info_outline
Building AI BOMs - Helen Oakley - PSW #841
08/30/2024
Building AI BOMs - Helen Oakley - PSW #841
Larry and Helen walk us through the AI supply chain landscape. Learn what goes into building and using AI models and the dangers that could lurk within. Segment Resources: Community efforts on AIBOM topic: This week: I want all the firmware, its not just TP-Link, CVEs for malware, BLE and your health, faking your own death, serial ports, stealthy Linux malware, call this number, finding all the Wordpress plugin vulnerabilities! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/32810397
info_outline
How do we patch the right things? - Josh Bressers - PSW #840
08/22/2024
How do we patch the right things? - Josh Bressers - PSW #840
Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in some way. But how? And more importantly, which ones? Some tools we have to help us are actually not all that helpful at time, such as: Mitre Att&ck - Don't get me wrong, this is a great project and Adam and team is doing a great job. However, its not a complete picture as we can't possibly know about every attack vector (or can we?). People seem to think if they cover everything in the framework they will be secure. You can't cover everything in the framework because each technique can be utilized by an attack in a hundred different ways. CVSS - Anyone can apply a score, but who is correct? Good that we have a way to score things, but then people will just use this as a basis for what they patch and what they do not. Also, chaining vulnerabilities is a thing, but we seem to lack any way to assign a score to multiple vulnerabilities at once (different from a technique). Also, some things don't get a CVE, how are you tracking, assessing risk, and patching these? CISA KEV - Again, love the project and Tod is doing amazing work. However, what about things that do not get a CVE? Also, how do you track every incident of an attacker doing something in the wild? Also, there is frequency, just because something got exploited once, does that mean you need to patch it right away? How are we tracking how often something is exploited as it is not just a binary "yes, its exploited" or "no, it is not". EPSS - I do like the concept and Wade and Jay are doing amazing work. However, there seems to be a "gut reaction" thing going on where we do see things being exploited, but the EPSS score is low. How can we get better at predicting? We certainly have enough data, but are we collecting the right data to support a model that can tell us what the attackers will do next? This week: YAVD: Yet Another Vulnerable Driver, why bring your own when one already exists, backdoors in MIFARE Classic, wireless hacking tips, AMD sinkclose vulnerability will keep running, you down with SLDP yea you know me, Phrack!, IoTGoats, Pixel vulnerabilities, leaking variables, a DEF CON talk that was not cancelled, Telnet is still a thing, More CNAs, and the last thing Flint Michigan needed was a ransomware attack! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/32694452
info_outline
Cybersecurity Myths - Eugene Spafford - PSW #839
08/15/2024
Cybersecurity Myths - Eugene Spafford - PSW #839
Early on in his career Spaf was working with microcode and continued to work on technical projects. As time went on he realized that focusing on the non-technical work, such as policies and shaping our thinking, would help move the needle. Borrowing concepts from his book on the subject, we will delve into some cybersecurity myths such as: Are users really the weakest link? Are cybersecurity vendors truly incentivized to provide better security? Do we agree on what cybersecurity really means? - Do not miss this segment! This week: Option ROMS are a novel way to compromise a system at the lowest level, Sinkclose opens AMD processors up to attacks, at home in your firmware exploiting SMM complete with examples, Sonos speakers get hacked and enable attackers to listen in on your conversations, DEF CON badges use new chips and are not without controversy, lasers that can steal your passwords, it was a regex, Larry updates us on some IoT research, attackers have your SSN, and more updates from last week's hacker summer camp! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/32589892
info_outline
Downgrades and Attacking Security Things & Things Not to Miss at BH/DC - Trent Lo - PSW #838
08/08/2024
Downgrades and Attacking Security Things & Things Not to Miss at BH/DC - Trent Lo - PSW #838
This week, Downgrade attacks, bootloader fun, check your firmware before you wreck your firmware, you've got mail server issues, Ivanti is the new Rhianna, you should update your BIOS, Openwrt dominates, and attacking the security tools for fun and profit! Learn what is most interesting at hacker summer camp this year! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/32500737
info_outline
PK Fail - John Loucaides - PSW #837
08/01/2024
PK Fail - John Loucaides - PSW #837
John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a key? It's one of the things that keeps me up at night. Well, now my nightmare scenario has come true as a key has been leaked. Learn how and why and what you can do about it in this segment! Hacking traffic lights (for real this time), the Docker API strikes again, access Github deleted data, using EDR to elevate privileges on Windows, computers I need in my life, failed experiments and Raspberry PI access points, sitting ducks and TuDoor - its always DNS times 2, null sessions and a blast from the past, chaining UEFI vulnerabilities, pirates exposed, revoking SSL certificates, and using AI to analyze your brain: Multimodal Automated Interpretability Agent! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/32385187
info_outline
MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836
07/25/2024
MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836
Doug and the Security Weekly crew talk about vulnerabilities, are we patching the right things? This is the burning question. We will try to answer it. Segment Resources: Segment description coming soon!The Crowdstrike incident: what happened and what we can do better, people forget what 0-Day really means, shutting off the heat in January, honeypot evasion and non-functional exploits, what not to use to read eMMC, what if we don't patch DoS related vulnerabilities, a CVSS 10 deserves its own category, port shadow attacks, IPC and DBUS and a very informative and entertaining article, container breakouts, when you are bored on an airplane, Linksys security violations, fake IT workers, Telegram 0-day, and how to be more resilient on the same technology stack! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/32289952
info_outline
3D Printing For Hackers - David Johnson - PSW #835
07/18/2024
3D Printing For Hackers - David Johnson - PSW #835
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: Major 3D Printer Websites: Major 3D File libraries: (Prusa) (Bambu Labs) Youtube Channels: Uncle Jessy CnC Kitchen The Edge of Tech Makers Muse Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use drivers to attack EDR, the saga continues! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/32203262
info_outline
RFID hacking & More Vulnerability Shenanigans - Iceman - PSW #834
07/11/2024
RFID hacking & More Vulnerability Shenanigans - Iceman - PSW #834
Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, New Intel CPU non-attacks, Blast Radius, Flipper Zero alternatives, will OpenSSH be exploited, emergency Juniper patches, and the D-Link botnet grows. Iceman comes on the show to talk about RFID and NFC hacking including the tools, techniques, and hardware. We'll also talk about the ethics behind the disclosure of vulnerabilities and weaknesses in these systems that are used in everything from building access to cars. Segment Resources: Youtube channel - Proxmark3 forums - Proxmark3 Repository - Awesome RFID talks - Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/32102362
info_outline
Hacker Heroes - Joe Grand - PSW Vault
07/03/2024
Hacker Heroes - Joe Grand - PSW Vault
Exploring the Hardware Hacking Realm with Joe Grand, AKA Kingpin Joe Grand, also known by his hacker pseudonym "Kingpin," stands as a prominent figure in the cybersecurity landscape. With an extensive background in hardware hacking, reverse engineering, and embedded systems, Joe has carved a niche for himself as a respected authority in the field. As a seasoned security professional, Joe has contributed significantly to the cybersecurity community through his expertise and innovation. With a career spanning decades, he has become a go-to resource for insights into the intricacies of hardware security, emphasizing the critical intersection between hardware and software vulnerabilities. In our podcast interview, we delve into Joe's journey – from his early forays into hacking to his current role as a thought leader in cybersecurity. Gain a unique perspective on the evolving challenges faced by security professionals, especially in the context of hardware-based threats. Joe's expertise extends beyond theoretical knowledge, as he has been actively involved in hands-on research and development. As a co-founder of Grand Idea Studio, he has played a pivotal role in developing cutting-edge hardware security tools, contributing to the arsenal of cybersecurity professionals worldwide. Join us as we explore the world of hardware hacking, reverse engineering, and the broader cybersecurity landscape with Joe Grand. Whether you're an aspiring hacker, a seasoned security professional, or simply curious about the intricacies of cybersecurity, this podcast episode promises deep insights into the mind of a true cybersecurity luminary. Show Notes:
/episode/index/show/pswonly/id/31961762
info_outline
Do We Need Penetration Testing and Vulnerability Scanning? - Josh Bressers, Adrian Sanabria - PSW #833
06/27/2024
Do We Need Penetration Testing and Vulnerability Scanning? - Josh Bressers, Adrian Sanabria - PSW #833
This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities. Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/31913137
info_outline
Hacker Heroes - Dave Aitel - PSW Vault
06/19/2024
Hacker Heroes - Dave Aitel - PSW Vault
Exploring the Strategic Minds in Cybersecurity: A Conversation with Dave Aitel Welcome to an enlightening episode of our podcast, where we sit down with Dave Aitel, a prominent figure in the cybersecurity landscape. With a robust background in offensive security and an extensive career spanning various facets of the industry, Dave brings a wealth of knowledge and strategic insights to our discussion. As the Founder and CEO of Immunity Inc., a leading cybersecurity company, Dave has played a pivotal role in shaping the cybersecurity landscape. Join us as we delve into his journey, from his early experiences in cybersecurity to the strategic decisions that have defined his role as a thought leader in the field. In this episode, we explore Dave's perspectives on the ever-evolving threat landscape, offensive security strategies, and the intricate balance between security and privacy. Gain valuable insights into the methodologies and philosophies that underpin his approach to addressing the challenges posed by cyber threats. Dave Aitel's expertise extends beyond technical domains; he is also recognized for his contributions to policy discussions on cybersecurity. Discover how his experiences and viewpoints contribute to the broader discourse on cybersecurity policy, technology, and the future of digital defense. Whether you're a cybersecurity professional, an industry enthusiast, or someone keen on understanding the strategic dimensions of cybersecurity, this podcast episode with Dave Aitel is bound to offer thought-provoking perspectives and strategic insights. Tune in to explore the intersection of technology, security, and strategy with one of the industry's strategic minds, Dave Aitel. Show Notes:
/episode/index/show/pswonly/id/31734867
info_outline
GenAI, Security, and More Lies - Aubrey King - PSW #832
06/12/2024
GenAI, Security, and More Lies - Aubrey King - PSW #832
We will discuss LLM security in general and some of the issues covered in the OWASP Top 10 for LLMs! Segment Resources: Skyrocketing IoT vulnerabilities, bricked computers?, MACBORG!, raw dogging source code, PHP strikes again and again, if you have a Netgear WNR614 replace it now, Arm Mali, new OpenSSH feature, weird headphones, decrypting firmware, and VPNs are still being hacked! Visit for all the latest episodes! Show Notes:
/episode/index/show/pswonly/id/31747882