Paul's Security Weekly (Audio)

In this segment, we will explore some pretty awesome tools for scanning the Internet, with a focus on network edge devices. We'll bring it all together with Claude Code and look at some sample results. Tools include:
Shodan | Passive recon — query existing scan data for exposed devices, services, and vulns | Passive (API) | Instant (no packets sent)
ZMap | Host discovery — find live hosts with open ports | L4 (TCP SYN, UDP, ICMP) | Millions of packets/sec
ZGrab2 | Application-layer handshakes — grab banners, certs, headers | L7 (30+ protocol modules) | Thousands of hosts/sec
Nerva | Service fingerprinting — identify 140+ protocols with metadata, CPEs, technology stacks | L7 (TCP, UDP, SCTP) | Fast, concurrent
Nuclei | Template-based vulnerability scanning — default creds, exposed panels, known CVEs | L7 (HTTP, network) | Hundreds of targets/min
Shannon | Vulnerability exploitation — AI-powered whitebox pentesting of web apps | Application | ~1-1.5 hrs per target
edgescan.py | Automated pipeline — orchestrates all tools above into a single command | Orchestration | End-to-end
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-919

In this episode, we sit down with the Radare community leader, Pancake, the creator of the Radare2 reverse engineering framework. Whether you've never heard of Radare, already use it daily, or are thinking about contributing to its development, this conversation will demystify what makes Radare unique, why thousands of engineers rely on it, and how you can step into the community.
This segment is sponsored by NowSecure. Discover how AI-powered mobile app security testing finds hidden vulns and leaks at https://securityweekly.com/nowsecure.
In the security news:
The US national cyber strategy
in the category of dumb laws and 3d printing guns
Iranian threat analysis
ESP32 Bus Pirate gets some amazing updates
I can reset the admin password
Rick-rolling yourself
Chrome 0days
Re-purposing those old Ubiquiti cloud keys
The new TLS certificate lifecycle
A Flipper Zero add-on and news on the FlipperOne
glassword malware
Do you care about exploits or patching?
attacking nuclear research centers
how we uncovered 9 vulnerabilities in IP KVMs
and hacking your laundry card with Claude
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-918

In the security news this week:
The XZ backdoor documentary
Zero days - the clock isn't ticking
Vulnerability Mis-Management
Reversing traffic light controllers
Reversing with Claude
Don't curl to bash!
Reading CVEs makes my head hurt
Dumping browser secrets
I open-sourced a new(ish) tool
D-LINK exploits
There is no password
I control the building
When old vulnerabilities become new
Tile is for stalkers
Hacking AI
Iran War: What cybersecurity needs to know
National cyber strategy
Coruna
I got phished and I want a refund
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-917

In the security news this week:
Remembering "FX"
Finding and analyzing Windows drivers
Network monitoring with Gibson
the backdoor in your PAM
The edge is fraying - and attackers have the advantage
Age verification for Linux?
Banning AI
TPMS tracking
BLE tracking
weird strings
Airsnitch
RESURGE in and on Ivanti
Attackers using Claude
Government iPhone hacking kits
Cisco SD-WAN, Linux, and 2023
Leakbase leaks
and Bro, upgrade your solar panel!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-916

First up is a technical segment called "Paul's Linux Hacks". I finally got around to releasing a bunch of scripts and tutorials for Linux that I've created over the years. We'll go over scripts that can give you a supply chain security report and help you update your Arch-based Linux systems and the tutorial for using Linux KVM/Qemu/Libvirt. Repo is here: https://github.com/pasadoorian/Linux_Hacks
Next up is the security news:
Controlling 7,000 robot vacuums
Curl finds not all AI is bad
Palo Alto says "These are not the ties to China you were looking for"
Bloomberg writes an article that sheds light on Ivanti
Looking for BLE is a trend
Don't use AI to generate you passwords
New research on hacking Samsung TVs
Its not all about gadgets
Ring's new bug bounty
Paul will be voted in as Prime Minister of Denmark?
Hacking AI, AI does some hacking, and hackers are talking about AI
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-915