Paul's Security Weekly (Audio)

Rob Allen, Chief Product Officer at ThreatLocker, explains why default allow is dangerous and how default deny can be practical. He discusses permit-by-exception, app definitions vs behavioral profiling, ringfencing, agent integrity, and using configuration checks to harden setups. Quick-paced conversation about managing thousands of apps, AI risks, and making controls complement detection.

Aaron Leland, recurring security contributor versed in hardware and supply-chain risks, joins the panel. They dig into KVM and remote-access hazards. Conversations cover supply-chain backdoors, e-scooter and e-bike safety, LLM privacy and HIPAA tradeoffs, and platform security failures like Instagram password resets.

They debate bans on Flipper Zero and Raspberry Pi at cons and how attendees might work around them. They cover pre-infected Android TV boxes spreading malware across local networks. Leaked PS5 boot keys and hardware exploits get attention. Dangerous counterfeit Haribo power banks and battery safety are investigated. Old Unix code fixes, KVM hardening, and a keystroke-lag insider detection story round out the show.

A lively breakdown of how to start a career in cybersecurity and which roles actually exist. Panelists map personality types to paths like compliance, forensics, and research. They highlight nontechnical routes, community involvement, and practical projects that get you noticed. Practical pathways include military, volunteering, conferences, and continuous hands-on learning.

Tyler Robinson, a security practitioner who advises on lab builds and virtualization, walks through modern lab choices. He compares Proxmox, KVM and other virtualization, recommends practical hardware from Raspberry Pi to reclaimed servers, and highlights must-have hardware hacking tools. He also covers automation, remote access options, and when physical gear is essential.

They dig into smart TV privacy, firmware and ad tracking concerns and whether cheap hardware spies on you. Network controls, Pi-hole and safer streaming alternatives are debated. There is a deep look at Linux process injection and privilege tricks. They explore local AI models automating exploit workflows and browser extensions that leak AI chats. IoT camera compromises and car modem attack surfaces round out the conversation.

This week in our technical segment, you will learn how to build a MITM proxy device using Kali Linux, some custom scripts, and a Raspberry PI! In the security news: Hacking Smart BBQ Probes China uses us as a proxy LOLPROX and living off the Hypervisor Are we overreating to React4Shell? Prolific Spyware vendors EDR evaluations and tin foil hats Compiling to Bash! How e-waste became a conference badge Overflows via underflows and reporting to CERT Users are using AI to complete mandatory infosec training! AI in your IDE is not a good idea Cybercrime is on the rise, and its the kids AI can replace humans in power plants Will AI prompt injection ever go away? To use a VPN or to not use a VPN, that is the question Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-904

This week we welcome Ed Skoudis to talk about the holiday hack challenge (https://sans.org/HolidayHack). In the security news: Oh Asus Dashcam botnets Weird CVEs being issued CodeRED, but not the worm Free IP checking Internet space junk and IoT Decade old Linux kernel vulnerabilities Breaking out of Claude code Malicious LLMs Hacker on a plan gets 7 years Putting passwords into random websites NPM supply chains strike again LLMs will never be intelligent Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-903

Dive into the intriguing world of vibe coding, where Claude helps build a Python Flask app with some ups and downs. Learn about prompting strategies, logic errors from AI, and the importance of manual code intervention. Paul shares insights on using SQLite for exploit data and how caching tackles API rate limits. Discover the future of AI in development, emphasizing precise pre-prompts and collaboration across models. A fascinating mix of innovation and security awaits!

In the security news: Cloudflare was down, it was not good Logitech breached The largest data breach in history? Fortinet Fortiweb - the saga continues Hacking Linux through your malware scanner, oh the irony I never stopped hating systemd The ASUS exploit that never existed If iRobot fails, can we deploy our own hacker bot army? Firmware encryption is a bitch Threat actors deply Claude Code Remembering the Viasat hack and why we can't have nice things Hacking re-entry sensors Sending signals in the wrong direction A File Format Uncracked for 20 Years And 2026 is the year of the Linux desktop! Then, high school junior Bryce Owen joins us to discuss how he created the "Space Badge"! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-901