![Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280 Image](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcLzlcXFwvMVxcXC84XFxcL2ZcXFwvOTE4ZmU0NDkwZDk2NTkyNWU1YmJjMDkzMjA3YTI2MTlcXFwvQVNXXzI4MF9TRUdfMV9QT0RfN2ZhNzcxMDktZmQ4Yy00MjAyLWI5NDEtZmViM2U2M2MwNWE5LmpwZ1wiLFwid2lkdGhcIjoyODAsXCJoZWlnaHRcIjoyODAsXCJkZWZhdWx0XCI6XCJodHRwczpcXFwvXFxcL3d3dy5nb2xvdWRub3cuY29tXFxcL2ltYWdlc1xcXC9sb2dvLnN2Z1wiLFwib3B0aW9uc1wiOltdfSIsImhhc2giOiJlYmYzNDE5ZjczYjk1M2QzOGM1NWQ0OTM4ZDhkNTkzZjZhMDhjMDk3In0=/lessons-that-the-xz-utils-backdoor-spells-out-farshad-abasi-asw-280.jpg)
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280
9 April - 1 hourWe look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software.
It's an exciting topic partially because so much other appsec is boring. And that boring stuff is important to get right first. We also talk about what parts of this that orgs should be worried about and what types of threats they should be prioritizing...
![Generative AI (as used by defenders AND attackers) will Drive SOC Evolution - Greg Notch, Edward Wu - ESW #369](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcLzBcXFwvMlxcXC8zXFxcLzZcXFwvMDIzNjNhOGI3NTBmZDZmYzI3YTIzMjI4MTNiMzkzZWVcXFwvRVNXXzM2OV9QT0RfVEhVTUJOQUlMX1RFTVBMQVRFX2NvcHlfM2JjYjQ3ZTEtMTZkMS00ZTJkLWI3ZTUtYWZiMDY3YjI3YWU5LmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiMjAxZTVmOGQ4NWM5YzE4NGI4MWEwMDE4YWU5NTQzNzFhNjFhNzVjNCJ9/generative-ai-as-used-by-defenders-and-attackers-will-drive-soc-evolution-greg-notch-edward-wu-esw-369.jpg)
Generative AI (as used by defenders AND attackers) will Drive SOC Evolution - Greg Notch, Edward Wu - ESW #369
1 hour 58 mins
26 July Finished
![Twitter, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland... - SWN #401](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcL2VcXFwvYVxcXC9hXFxcLzdcXFwvZWFhN2U1M2IxMzQ3OTQ4ZjI3YTIzMjI4MTNiMzkzZWVcXFwvU1dOXzQwMV9wb2RfNDgwYzU1MzMtZTE4YS00ZTM3LWE0NWYtMWU2N2UwYzY0NzVkLmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiM2RjNzY5NTU0ZjUwNjJiYmM0Y2YyMzQ1MTZjOTVhNTE3YTg5NTA5YiJ9/twitter-the-doj-darkseoul-fake-employees-plugx-stargazer-ghost-aaran-leyland-swn-401.jpg)
Twitter, the DOJ, DarkSeoul, Fake Employees, PlugX, Stargazer Ghost, Aaran Leyland... - SWN #401
31 mins
26 July Finished
![MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcL2FcXFwvZlxcXC9jXFxcL2ZcXFwvYWZjZjE3YmIxY2RhYjU3NjI3YTIzMjI4MTNiMzkzZWVcXFwvUFNXXzgzNl9zZWdfMV9QT0RfYWI2MTljNWEtYTEzMC00ODE5LTgwZjItOTBmZGNkOGJhYmMyLmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiODUyZWQ2ZWMzMzQyNWEwM2NiNzI1NWE2MWVmZWQ5M2ExZDViMWNiNSJ9/ms-patch-tuesday-which-vulnerabilities-really-need-prioritizing-douglas-mckee-psw-836.jpg)
MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. - Douglas McKee - PSW #836
3 hours 4 mins
25 July Finished
![Killer Robots, Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet and More - SWN #400](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcL2NcXFwvY1xcXC8xXFxcLzBcXFwvY2MxMDQ1YTMwZTVhOGVhMjI3YTIzMjI4MTNiMzkzZWVcXFwvU1dOXzQwMF9QT0RfMDdiNTUzNzAtMjk0Yy00MzliLWE3MWEtNWU3NzIzOTQ1MzA5LmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiMWExYjU1MTJjNjJmNDA5YTAzM2ZhNjJjMDFiZjY1YzQ4ZDg5YjYyOCJ9/killer-robots-crowdstrike-southwest-play-frostygoop-josh-marpet-and-more-swn-400.jpg)
Killer Robots, Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet and More - SWN #400
34 mins
23 July Finished
![Where Generative AI Can Actually Help Security (And Where It Doesn't) - Farshad Abasi, Allie Mellen - ASW #292](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcL2JcXFwvNFxcXC9kXFxcLzZcXFwvYjRkNmI1Yzc1MWE0ZjBhNmU1NWUzYzEwMGRjZTc2MDVcXFwvQVNXXzI5Ml9zZWdfMV9QT0RfYjA5YWY4ZjQtMzVmNi00M2JkLThiYWMtM2U4OGYwNDVkYjQ5LmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiNTI1MTYwZWJjOTk0OWQ5MDhjMmUyZTVhMjM0NzdlNzViNjIwMWQ3YSJ9/where-generative-ai-can-actually-help-security-and-where-it-doesn-t-farshad-abasi-allie-mellen-asw-292.jpg)
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Farshad Abasi, Allie Mellen - ASW #292
1 hour 5 mins
23 July Finished
![Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar, Jeff Recor - BSW #357](https://img.resized.co/shuffle/eyJkYXRhIjoie1widXJsXCI6XCJodHRwczpcXFwvXFxcL3N0YXRpYy5saWJzeW4uY29tXFxcL3BcXFwvYXNzZXRzXFxcLzlcXFwvN1xcXC8wXFxcLzVcXFwvOTcwNTBkYzc2YmYzN2RmMGU1NWUzYzEwMGRjZTc2MDVcXFwvQlNXXzM1Ny4yX1BPRF9USFVNQk5BSUxfVEVNUExBVEVfMzkzZDhiMjktNjIwNy00ZDUyLTkwODQtNzM3YzA4MTZlNjBhLmpwZ1wiLFwid2lkdGhcIjo4MCxcImhlaWdodFwiOjgwLFwiZGVmYXVsdFwiOlwiaHR0cHM6XFxcL1xcXC93d3cuZ29sb3Vkbm93LmNvbVxcXC9pbWFnZXNcXFwvbG9nby5zdmdcIixcIm9wdGlvbnNcIjpbXX0iLCJoYXNoIjoiNTE0MWE1ZWZkOTJkYTk1ZjMxY2VmYTk1ZWI0M2I3OTA4N2IyMzI1ZSJ9/closing-ciso-ceo-communication-gap-requires-a-common-business-language-sumedh-thakar-jeff-recor-bsw-357.jpg)
Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar, Jeff Recor - BSW #357
1 hour 11 mins
23 July Finished