Paul's Security Weekly (Audio) Airsnitch, Claude, Hacking Firewalls - PSW #916
4 snips
Mar 5, 2026 Wireless client isolation flaws and AirSnitch techniques like ARP spoofing and GTK abuse. Network appliance risks from Linux-based OSes, Cisco SD‑WAN advisories, and limited defender visibility. Large-scale signed Windows driver fuzzing and kernel bug exposure. BLE/TPMS tracking, Claude-assisted detector prototyping, and hacking consumer devices to extend lifespan. Policy debates on banning certain AI models and age verification impacts.
AI Snips
Chapters
Transcript
Episode notes
Attackers Favor Linux-Based Network Appliances
- Cisco SD‑WAN and other network appliances are often Linux-based and have been exploited in the wild since 2023.
- Attackers prefer targeting appliance OSes because they expose familiar Linux services and lower engineering friction than hardened Windows endpoints.
Harden Endpoints To Shift Attacker Focus
- Don't assume Windows is easy; leverage native protections (Secure Boot, Defender, BitLocker) and plan for higher-effort bypasses if targeting desktops.
- For defenders, harden endpoints to force attackers toward less-protected network appliances.
Signed Drivers Are A Stealthy Attack Surface
- Signed drivers remain an attack vector because there's no easy public attestation API to enumerate what Microsoft has signed on endpoints.
- Attackers can target vulnerable signed drivers to gain privileged capabilities that bypass EDRs.