Paul's Security Weekly (Audio)

A tour of internet-scale scanning tools for network edge devices. They compare passive queries with active fast scans and banner grabs. Service fingerprinting, template vulnerability checks, and AI-powered whitebox testing get covered. The conversation also covers orchestration pipelines, firmware analysis, certificate inventorying, and operationalizing regular edge scans.

Sergi Àlvarez (Pancake), creator of the Radare2 reverse engineering framework and NowSecure researcher. He chats about Radare2’s architecture, plugin system, and how it grew from forensics roots. Short takes on decompilation vs disassembly, recovering symbols from stripped binaries, and securing contributions. Also: research into nine IP KVM vulnerabilities and other recent hardware and mobile security stories.

Deep dive into the XZ backdoor and how performance anomalies exposed it. Heated debate on CVE mis-management, KEV, and national cyber strategy shortfalls. Reversing traffic light controllers and IoT firmware using AI tools. Warnings about malvertising, curl-to-bash scams, and lingering legacy device risks. Tales of exploit chains, rapid zero-day weaponization, and privacy issues with Tile tracking.

Wireless client isolation flaws and AirSnitch techniques like ARP spoofing and GTK abuse. Network appliance risks from Linux-based OSes, Cisco SD‑WAN advisories, and limited defender visibility. Large-scale signed Windows driver fuzzing and kernel bug exposure. BLE/TPMS tracking, Claude-assisted detector prototyping, and hacking consumer devices to extend lifespan. Policy debates on banning certain AI models and age verification impacts.

A dive into new Linux scripts and tutorials for building secure labs and supply-chain checks. A big focus on AI risks like prompt-injection, agent-assisted attacks, and why AI-generated passwords fail. Coverage of BLE detection trends, a robot vacuum auth flaw, Samsung TV research, and broader hardware hacking stories. Lots of practical tooling and security news highlights.

A deep dive into firmware backdoors hiding in Android tablets and kernel-level compromises on embedded devices. They cover a fresh remote code flaw in privileged access tools and the risks of preinstalled vendor software expanding attack surface. The conversation touches on leaked AI assistant secrets in repos, mass internet scanning, and long-lived vulnerabilities in HPC and networking gear.

They dig into AI-powered vulnerability scanning and the risks of prompt and agent injection. Discussion covers Claude Opus 4.6 finding zero-days and whether AI can replace human pentesting. Lots of home-lab talk: cheap hardware, MITM gateways, firmware research, and self-hosted backups. Also explored are exposed IoT instances, Shelly garage-door Wi‑Fi flaws, Arista command injection, and DKnife edge implants.

Coverage of rampant residential proxy abuse and massive scanning campaigns. A Notepad++ update hijack and broader supply-chain compromises are unpacked. Risks around signed Windows drivers and EDR bypasses get attention. Insecure AI agents and exposed LLM endpoints raise alarm. Discussions also touch on attacks against VPNs, NAS, and national cyber policy shifts.

Mandy Logan, a security practitioner who advises on regulatory and practical security, helps 'de-curmudgeon' the panel. Conversation jumps from ADS-B spoofing and how trackers render fake aircraft to federal cybersecurity policy, FedRAMP and software attestation rollbacks. They also cover Fortinet SSO compromises, patched Microsoft Office OLE issues, and hacking defunct e-scooters.

Rob Allen, Chief Product Officer at ThreatLocker, explains why default allow is dangerous and how default deny can be practical. He discusses permit-by-exception, app definitions vs behavioral profiling, ringfencing, agent integrity, and using configuration checks to harden setups. Quick-paced conversation about managing thousands of apps, AI risks, and making controls complement detection.