Information Security, InfoSec, CyberSec, Cyber, Security, whatever you call it, we talk about it! From mobiles and desktops to data centers and the cloud, Purple Squad Security is here to help and give back to our community of information security professionals.
Episode Notes Here's the first episode of my new podcast, EliteCast! This is intended to be a less technical podcast aimed at business leaders and decision-makers to help explain the importance of information security (or cybersecurity as it's normally called by the target audience). I'm a bit rusty, but I'll get there. Apparently, a 9-month hiatus does that to a man. I hope you enjoy it and you choose to subscribe. It should be live on the usual podcast sites, but if you want the RSS link, check out: https://pinecast.com/feed/elitecast Thanks, and take care! EliteSec's Website: https://elitesec.io Want to get in touch? info@elitesec.io Find out more at http://purplesquadsec.com
Heath "The Cyber Mentor" Adams stops by to have a nice casual chat about how he got into infosec, what he's currently working on, and how he's giving back to the community in a rather novel way. Definitely someone I respect as a great up-and-comer in the industry, this was a fantastic discussion for sure.Some links of interest: Website - https://www.thecybermentor.com/ Company - https://tcm-sec.com/ Discord - https://discord.gg/REfpPJB Twitter - https://twitter.com/thecybermentor YouTube - https://www.youtube.com/c/thecybermentor Twitch - https://www.twitch.tv/thecybermentor Udemy - https://www.udemy.com/course/practical-ethical-hacking/ Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Kat Sweet (@TheSweetKat) sits down to chat about incident response and security operations, all while sipping tea with me.Some links of interest: Kat's Twitter - @TheSweetKat Kat's Blog - thesweetkat.com Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
John sits down to talk solo about the show and what's in store for 2020.Some links of interest: EliteSec Website - https://elitesec.io EliteSec Twitter - @EliteSec_io Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Circuit Swan stops by the show to talk all things Diana Initiative. If you're going to Hacker Summer Camp 2020, you may want to consider adding the Diana Initiative to your list of cons to attend.Some links of interest: Circuit Swan's Twitter: @CircuitSwan Diana Initiative Twitter: @DianaInitiative Website - https://www.dianainitiative.org Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Snow stops by during the winter months to share with us the true origin of her hacker handle, stories from some physical penetration testing, a quick note on her Kringlecon talk, and so much more! A great way to round out the year!Some links of interest: Snow's Twitter: @_sn0ww Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Adrian Cheek stops by the show this week to have a nice fireside chat with me. We talk about passive DNS, which Adrian first introduced to me a few years ago, and then move on to threat hunting. Adrian has a very interesting history and it was a joy to speak with him.Some links of interest: Adrian's Twitter: @Outkast_TI Farsight Passive DNS - https://www.farsightsecurity.com/solutions/dnsdb/ Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
I'm trying a slightly different format for the next few episodes, and I'd appreciate any feedback you may have. In this episode I sit down with The Gibson, mayor of hackers.town, to talk about a variety of things from the Fediverse, working with the under-serviced SMB market, old school technologies, and the Infosec community as a whole. We're all over the place, but it's a good thing. Just a nice casual conversation talking about things that interest us.Some links of interest: Gibson's Mastodon: @TheGibson@hackers.town Hacker's Town: https://hackers.town Gibson's Twitter: @gibsonmainframe BlackFire Security: https://blackfiresec.com/ Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
I'm trying a slightly different format for the next few episodes, and I'd appreciate any feedback you may have. In this episode I sit down with the amazing Tanya Janca for a fireside chat about her new company, Security Sidekick. They seem to have some pretty ambitious goals, and I couldn't think of anyone better to help make those a reality.Some links of interest: For Tanya: Tanya's Twitter: https://twitter.com/shehackspurple Tanya's Dev.to Profile: https://dev.to/shehackspurple Tanya's Blog: https://medium.com/@shehackspurple Tanya's YouTube Profile: https://www.youtube.com/shehackspurple Tanya's Twitch Channel: https://www.twitch.tv/shehackspurple Tanya's LinkedIn Profile: https://www.linkedin.com/in/tanya-janca For Security Sidekick: Website: https://securitysidekick.dev Twitter: https://twitter.com/SecSidekick YouTube Channel: https://www.youtube.com/channel/UC3KyuI83jt0l14q8xyffC2A Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Oh what I treat I have for you today! John Strand, former SANS instructor, long time co-host on Enterprise Security Weekly, Founder of Black Hills Information Security, and a whole lot more has taken time out of his busy schedule to stop by and talk about Backdoors & Breaches, the new IR card game from BHIS. Naturally we talk about more than just the game, but it was all as amazing as I had hoped. I trust you will enjoy listening to this one about as much as I enjoyed recording it.Some links of interest: Backdoors & Breaches Site - http://backdoorsandbreaches.com/ John's Email - john 'at' blackhillsinfosec.com John's Twitter - @strandjs BHIS Website - https://www.blackhillsinfosec.com Events where BHIS will be - https://www.blackhillsinfosec.com/events/ Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
It's been long enough, and it's time for Tracy "InfoSecSherpa" to return for another #ginfosec episode! This time around we're going to talk about Empathy as a Service, a talk that she recently did at DerbyCon. Soft skills will get you everywhere, and Tracy has some great advice to share about a topic she's very passionate about.Some links of interest: Tracy's Talk - https://www.youtube.com/watch?v=KILlp4KMIPA Tracy's OSINT-y Goodness Blog - medium.com/@InfoSecSherpa Tracy's Twitter - https://twitter.com/InfoSecSherpa Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Ah, I love anniversaries. This is an anniversary episode celebrating 2 years of Purple Squad Security! Just a few personal rants and discussions for those interested in a bit of a behind the scenes view of things here at the show. No guests, just me blathering on about stuff. Enjoy!Some links of interest: Cyber City Website Twitter Podcast Store: https://purplesquadsec.com/store Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
The hiatus is over! Welcome back everyone to the latest episode of the Purple Squad Security podcast! In this episode we have Ken Johnson and Seth Law from the Absolute AppSec Podcast joining me for the latest session of Tabletop D&D. Enjoy!Some links of interest: Absolute AppSec Website Twitter Seth's Twitter Account: @sethlaw Ken's Twitter Account: @cktricky Want to hear about a new Infosec con? If you're in and around the Waterloo region area in October, why not check out Cyber City! This is Waterloo region's premier information security conference. Tickets are on sale now! Cyber City Conference: https://www.cybercityconf.io/ We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:https://purplesquadsec.com/storeWant to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Often times in information security, we look upon penetration testing and red teaming with awe and view those professions as the "sexy" side of security. Truth be told, the defensive side has a lot of exciting opportunities as well! Kyle Andrus joins me this week to talk about malware analysis, which I think is definitely one of the sexier sides of defense. Some links of interest: Practical Malware Analysis Book - https://nostarch.com/malware Cuckoo Sandbox - https://cuckoosandbox.org/ CyberChef - https://gchq.github.io/CyberChef/ Leny Zeltser's Blog - https://zeltser.com/blog/ Journey Into Incident Response - http://journeyintoir.blogspot.com/ Malware Unicorn's Reverse Engineering Workshop - https://malwareunicorn.org/#/workshops MiSec - https://www.misec.us/ Kyle's Twitter Account: @chaoticflaws Want to hear about a new Infosec con? If you're in and around the Waterloo region area in October, why not check out Cyber City! This is Waterloo region's premier information security conference. Tickets are on sale now and the CFP is open until July 31st, 2019. Don't wait, and come participate today! Cyber City Conference: https://www.cybercityconf.io/ Cyber City Conference CFP: https://www.papercall.io/cybercityconf We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:https://purplesquadsec.com/storeWant to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
There were more than a few of you who were anxiously awaiting his return, and he's back! Tinker joins me once again to share some stories from his adventures in hackerland. In addition, I have given Tinker free reign to speak as he chooses, and naturally I participate as well. Fair warning, this is not safe for work or sensitive ears. I do ask that you try not to be offended, as his stories and reflections on those events makes for one excellent episode.Some links of interest: Tinker's Fediverse Account: @tinker@infosec.exchange Tinker's Twitter Account: @TinkerSec Tinker's Blog: https://tinker.sh SecLists: https://github.com/danielmiessler/SecLists Cyber City Conference: https://www.cybercityconf.io/ Cyber City Conference CFP: https://www.papercall.io/cybercityconf We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:https://purplesquadsec.com/storeWant to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
A few weeks ago, Sam King on Twitter mentioned me in a tweet that included a link to a Medium post, but not just any Medium post. Tim MalcomVetter had posted up an "Choose Your Own Red Team Adventure", which I thought was just amazing! I used to read a lot of choose your own adventure books as a kid, so I was naturally excited! For this episode, I will be going through the story the first time, reading aloud as I try my hand at red teaming against a customer. I hope you enjoy!Some links of interest: Choose Your Own Red Team Adventure - https://medium.com/@malcomvetter/choose-your-own-red-team-adventure-f87d6a3b0b76 Tim MalcomVetter's Twitter - @malcomvetter We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:https://purplesquadsec.com/storeWant to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
CORRECTION: Early in this episode I mentioned that Amazon would ask for your email password when signing up for a new account. I meant to say Facebook, not Amazon. The practice has since been discontinued, but I wanted to make it clear that this was a Facebook practice, not Amazon. Amazon has not, to the best of my knowledge, ever done something like this. Sorry for the mixup. For most security professionals, we view the CIA triad as our grail. No, not the US government agency that works around the world doing a lot of questionable things, but rather the more tame version of Confidentiality, Integrity, and Availability. For today's episode, Matt Beland joins me to explain privacy and how it's not all about Confidentiality as I, and I'm sure a few of you, may have thought.Some links of interest: Smooth Sailing Solutions: smoothsailingsolutions.com Matt's Twitter: @Beland_Matt International Association of Privacy Professionals: https://iapp.org CIPP / CIPM / CIPT Certifications: https://iapp.org/certify/programs/ Ethical Data and Information Management: Concepts, Tools and Methods: https://www.amazon.com/Ethical-Data-Information-Management-Concepts/dp/0749482044 We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:https://purplesquadsec.com/storeWant to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Tribe of Hackers is a recently released book by Marcus Carey and Jennifer Jin that is a collection of stories from member of our community, or tribe as Marcus describes it. This was a great and insightful interview, and definitely one you will want to listen to if you haven't read the book yet. Some links of interest: Tribe of Hackers: https://www.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189/ Tribe of Mentors (inspiration for Tribe of Hackers): https://www.amazon.com/Tribe-Mentors-Short-Advice-World/dp/1328994961/ The 4 Agreements - https://www.amazon.com/Four-Agreements-Practical-Personal-Freedom/dp/1878424319/ Marcus's Twitter: @marcusjcarey Jennifer Jin's Twitter: @jen_jin Tribe of Hackers Twitter: @TribeOfHackers Tribe of Hackers Summit - May 2, 2019: https://www.eventbrite.com/e/tribe-of-hackers-summit-registration-59074697009 We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:https://purplesquadsec.com/storeWant to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Once again I am pleased to share a #ginfosec episode with the woman who helps guide others through the mountains of infosec, Tracy InfoSecSherpa Maleeff! In this extended episode Tracy and I speak about conferences from the attendee point of view; what to expect, what to bring, how to go, and what you should aim to get from the con. Enjoy! Some links of interest: Tracy's Twitter: @InfoSecSherpa Sign up for Tracy's Nuzzle Newsletter: https://nuzzel.com/InfoSecSherpa Study on different note taking techniques: https://www.scientificamerican.com/article/a-learning-secret-don-t-take-notes-with-a-laptop/ Tracy's Unusual Journey into Infosec: https://www.secjuice.com/infosecsherpa-unusual-journeys/ Tracy's Talk at BSides NoVa - Networking with Humans: https://www.youtube.com/watch?v=bbfyXTZCVC0 We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:https://purplesquadsec.com/storeWant to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
This week John goes solo and decides to talk about a recent threat he spun up about on Twitter, naming himself as a generalist within Information Security and discussing what that means to him. Some links of interest: John's Twitter Thread We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:https://purplesquadsec.com/storeWant to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Chris Foulon stops by for a fireside chat to talk about breaking into Infosec. For those unfamiliar with the fireside chat series, this is where we come in with a topic but no other real agenda. It's a casual conversation where I just have a casual conversation with my guest, similar to what would happen in hallway con. I hope you enjoy! Some links of interest: Chris' LinkedIn: https://www.linkedin.com/in/christophefoulon/ Chris' Twitter: @chris_foulon We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:https://purplesquadsec.com/storeWant to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
It's that time again! Yes, another Tabletop D&D episode is upon us! This time I asked Timothy de Block from the Exploring Information Security podcast to join me, along with a few interesting characters. Let's just say this particular episode is not for the faint of heart, and we have a few swears thrown in to keep with the atmosphere. Enjoy! Some links of interest: Exploring Information Security Podcast: https://www.timothydeblock.com/eis/ Tactical Edge: https://tacticaledge.co/index_en.html Tactical Edge Twitter: @Tactical3dge Kyle's Twitter: @chaoticflaws Ed's Twitter: @edgarr0jas Daniel's Twitter: @notdanielebbutt Tim's Twitter: @timothydeblock Tabletop Scenarios Twitter: @badthingsdaily We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:https://purplesquadsec.com/storeWant to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
What is a red team? How does it differ from a penetration tester's day-to-day? How do red teams stay sharp? How do they stay motivated? These are a few of the questions I seek to have answered by Curtis Brazzell, a managing Security Consultant at Pondurance. It's a great interview and sheds light on the difference between red teaming and penetration testing.Some links of interest: Curtis' Twitter: https://twitter.com/CurtBraz Curtis' LinkedIn Profile: https://www.linkedin.com/in/curtisbrazzell/ Pondurance Website - https://www.pondurance.com/ We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:https://purplesquadsec.com/storeWant to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Magecart - a web-based credit card skimming kit used by various groups to grab ahold of online shoppers credit cards. Interesting? You bet! On this episode of the Purple Squad Security podcast I have Yonathan Klijnsma, Head Researcher at RiskIQ, joining me to discuss their research on Magecart.Some links of interest: Inside Magecart Report - https://cdn.riskiq.com/wp-content/uploads/2018/11/RiskIQ-Flashpoint-Inside-MageCart-Report.pdf Ticketmaster breach - https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/ British Airways breach - https://www.riskiq.com/blog/labs/magecart-british-airways-breach/ Newegg breach - https://www.riskiq.com/blog/labs/magecart-newegg/ Vision Direct with admin skimming - https://www.riskiq.com/blog/labs/magecart-vision-direct/ Other Magecart Articles - https://www.riskiq.com/blog/category/magecart/ RiskIQ Website - https://www.riskiq.com/ Krebs on Security Skimming Article - https://krebsonsecurity.com/all-about-skimmers/ Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Welcome to 2019! John goes solo in this episode and talks about his personal goals for 2019, plus some updates for the show that should make things a bit more structured and hopefully more interesting for the listeners.Some links of interest: EliteSec Website: https://elitesec.io/ Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Continuing our storytime theme for the holidays, on this week's show we have a special guest, Jayson E. Street! For those who follow Jayson online, his hacker adventures bring him to all sorts of interesting places. Jayson shares a story of one of those places, in which he robs the wrong bank. Some of you may know this story, but he also provides us with an epilogue to this story that few have heard! Thanks Jayson!Some links of interest: Jayson's Website: http://jaysonestreet.com/ Jayson's Twitter: @jaysonstreet Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Hey everyone, this is a re-release of episode 45 with Tinker, but this one is WITHOUT the background music. I hope this makes up for the snafu in an otherwise great interview! Happy December everyone! Whatever holiday you may be celebrating this season, may it be enjoyable. I've decided for the month of December to treat myself, by having a bunch of people I hold in high regard to join me in sharing of their tales, similar to the fireside chats I've had in the past. We have no set agenda, we have no set time, but we do plan on sharing some fun stories that hopefully you will enjoy. So consider this a holiday gift my dear listener, and I hope you find it as enjoyable as I do.This episode we are going to have a man whom I honestly believe should write as many books as possible, and provide audiobook versions as well, the one and only Tinker!Some links of interest: Tinker's Website: https://www.tinker.sh/ Dallas Hackers - https://dallashackers.com/ Popular Mechanics Article - https://www.popularmechanics.com/technology/a24676415/dallas-hackers/ Tinker's Twitter: @tinkersec Tinker's Mastodon - @tinker Infosec Mastodon - https://infosec.exchange/auth/sign_up Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
So, a very popular season is coming up shortly. I'm not talking about Thanksgiving (for my US listeners) and I'm not talking about Christmas for my Christian listeners. No, I'm talking about the season that all good little hackers look forward to - the time when the SANS Holiday Hack Challenge is released!This is probably one of the most ambitious CTFs I have ever known about, and I am lucky enough to get one of the main drivers behind it to join me for today's episode! Ed Skoudis joins me to talk all about the SANS Holiday Hack Challenge, what it is, what goes into it, and why you should give it a try.Some links of interest: KringleCon: https://kringlecon.com/ Holiday Hack Challenge Website: https://www.holidayhackchallenge.com/2018/ Ed's Twitter: @edskoudis Infosec Mastodon - https://infosec.exchange/auth/sign_up Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening! And as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you're on. For some, it's a thing of pride, and hopefully a monetary reward! For others, it's a punch to the gut, fear inducing, "Oh crap!" moment because someone has shown you a flaw you weren't aware of.But what if the disclosure isn't actually a valid vulnerability? That's the topic for this episode discussion, and thankfully I have someone who knows about exactly that! Tanya Janca joins me to discuss when a vulnerability is not a vulnerability!Some links of interest: When is a vulnerability not a vulnerability?- https://medium.com/microsoftazure/when-is-a-vulnerability-not-a-vulnerability-41ff9c880adf Microsoft bug bounty: https://www.microsoft.com/en-us/msrc/bounty Cyber ladies: Twitter: @Cyber_ladies Meetup: https://www.meetup.com/find/events/?allMeetups=false&keywords=cyber+ladies&radius=Infinity Devslop show: Live Sundays at 1:00 pm EDT https://aka.ms/DevSlop-Mixer Recorded episodes: https://aka.ms/DevSlopShow Blog: https://medium.com/@shehackspurple Open bug bounty: https://www.openbugbounty.org Twitter: @shehackspurple Infosec Mastodon - https://infosec.exchange/auth/sign_up Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Defending is hard. The adage of "an attacker only has to be right once" is a bit played out, but it does have a hint of truth in that trying to defend everything is a monumental task. Defenders are often short on budgets, short on time, and short on patience for silly sayings like these.This week I'm happy to have Patrick Kelley on to talk about some very interesting work he has done on coming up with defensive techniques for freight trains using a Raspberry Pi! If you want to hear about unique ways to defend unique environments, you will not want to miss this episode.Some links of interest: Bro: https://www.bro.org/ Suricata: https://suricata-ids.org/ Critical Path Security GitHub: https://github.com/CriticalPathSecurity Patrick's Twitter: @pkelley2600 Patrick's LinkedIn: https://www.linkedin.com/in/pmkelley/ Infosec Mastodon - https://infosec.exchange/auth/sign_up Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
October is Cyber Security Awareness Month, and with that who better to help share some ideas on how to give back to the community than our own InfoSecSherpa! Tracy Maleeff joins me to talk about Cyber Security Awareness Month, #ginfosec and #inforum. This will be one of the most relaxed Infosec podcasts you'll hear this year.... Some links of interest: GetCyberSafe (Canada) - https://www.getcybersafe.gc.ca/cnt/rsrcs/csam/thms-en.aspx StaySafeOnline (US) - https://staysafeonline.org/ncsam/themes/ Tracy's Twitter - https://twitter.com/InfoSecSherpa Infosec Mastodon - https://infosec.exchange/auth/sign_up Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
It's that time again! With milestone episode 40, we have another Tabletop D&D episode for you to enjoy! This time around we are joined by a few members of the Rally Security podcast to face some scenarios and see how they fare. Let's just say this was a rather impressive episode for a number of reasons. Some links of interest: Rally Security Homepage - http://rallysecurity.com/ Rally Security Twitch - https://www.twitch.tv/rallysecurity Rally Security Twitter - https://twitter.com/RallySecurity Ben's Twitter - https://twitter.com/benheise Jake's Twitter - https://twitter.com/MalwareJake AJediDay's Twitter - https://twitter.com/Ajediday Tony's Twitter - https://twitter.com/da_667 Cubicles and Consequences - https://www.blackhillsinfosec.com/dungeons-dragons-meet-cubicles-compromises/ Infosec Mastodon - https://infosec.exchange/auth/sign_up Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Over the past few months, John has been working on obtaining his OSCP certification. Recently he attempted and successfully passed the exam! In this episode he goes over his journey, what he learned as well as a few tips to help those attempting this rather difficult certification.Some links of interest: Penetration Testing - A Hands On Introduction to Hacking - https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 Web Application Hacker's Handbook 2nd Edition - https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 OSCP Prep: https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob https://github.com/burntmybagel/OSCP-Prep http://niiconsulting.com/checkmate/2017/06/a-detail-guide-on-oscp-preparation-from-newbie-to-oscp/ https://medium.com/@andr3w_hilton/oscp-training-vms-hosted-on-vulnhub-com-22fa061bf6a1 https://tulpa-security.com/2016/09/19/prep-guide-for-offsecs-pwk/ VulnHub - https://www.vulnhub.com/ HackTheBox - https://www.hackthebox.eu/ Infosec Mastodon - https://infosec.exchange/auth/sign_up Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
The cyber kill chain. For some, it's a nice framework to help build your defenses and help during an incident. For others, it is an over hyped and rigid list that no real attacker follows anymore. However you view the cyber kill chain, it is a strong pillar within Infosec, especially when it comes to defending your network. Amanda Berlin joins me today to talk about the cyber kill chain, what it is and how to disrupt attacks using it! Some links of interest: Amanda's Disrupting The Kill Chain Training - https://www.youtube.com/playlist?list=PL-giMT7sGCVKIWHVZ-N4A_eJhu6BzH4WM Amanda's Cyber Kill Chain Implementation Spreadsheet - https://docs.google.com/spreadsheets/d/1J0swcA1Phb4mh-Pj8eR9ZEAIm5GEtz0UklP9YhVUbEY/edit#gid=0 Official Cyber Kill Chain Site - https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html SANS Suspicious Domains Lists - https://isc.sans.edu/suspicious_domains.html HaveIBeenPwned.com - https://haveibeenpwned.com Brakeing Down Security Podcast - https://www.brakeingsecurity.com/ Amanda's Twitter - https://twitter.com/InfoSystir Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Living off the land is a term well understood by both offensive and defensive teams. For offensive teams, it's meant by using the technologies already present on the system, such as Powershell, Python, and even Perl for those who like a challenge (or are facing an older Unix system). On the defensive side, enhanced logging and locked down configurations are put in place to detect and prevent the use of these tools by malicious actors to either catch or prevent these actors from doing harm. Nathan Kirk (@sekirkity) joins me this week to talk about the concept behind "Bring Your Own Land". Some links of interest: BYOL Article - https://www.fireeye.com/blog/threat-research/2018/06/bring-your-own-land-novel-red-teaming-technique.html SpecterOps - https://specterops.io/ Ghostpack - https://www.harmj0y.net/blog/redteaming/ghostpack/ SharpView - https://github.com/tevora-threat/SharpView Nathan's Twitter - https://twitter.com/sekirkity Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Capture The Flag games, or CTFs, are a popular way for infosec pros to brush up on the offensive skills. From VulnHub to HackTheBox, there are a few different ways to quote "get your hack on"! Derek Rook (@_r00k_) joins me today to talk about CTFs and how they can assist in your Infosec journey, regardless of your role. Some links of interest: Derek's YouTube Channel - https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA Derek's Twitch Stream - https://www.twitch.tv/r00k_infosec ippsec's YouTube Channel - https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA LiveOverflow YouTube Channel - https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w Mub1x's Twitch Stream - https://www.twitch.tv/mub1x CCDC (US) - http://www.nationalccdc.org/ CCDC (Canada) - https://www.cyberdefencechallenge.ca/ SANS Holiday Hack Challenge - https://holidayhackchallenge.com/past-challenges/ Open2All CTF team - https://www.reddit.com/r/OpenToAllCTFteam/ CTF Time - https://ctftime.org/ Derek's Twitter - https://twitter.com/_r00k_ Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
From jails to virtual machines, process isolation is the "holy grail" of security. Lately, containers have been the go-to for modern organizations in order to scale and implement things like microservices. Jay Beale of InGuardians fame joins me to talk all about container security! Some links of interest: Securing Applications with Linux Containers (Webinar by Jay Beale) Docker security - Using containers safely in production (Article by Adrian Mouat) Clair (Container Scanner) - https://github.com/coreos/clair InGuardians Website - https://www.inguardians.com/ InGuardians Blog - https://www.inguardians.com/labs/ InGuardians Twitter - https://twitter.com/inguardians Jay's Twitter - https://twitter.com/jaybeale Jess Frazelle's Twitter - https://twitter.com/jessfraz Want to reach out to the show? There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Living off the land is pretty standard fare for pen testers. On Linux systems, the go-to is usually Python, but on Windows it's all about Powershell. This week I'm fortunate enough to sit down with Mick Douglas to talk all things Powershell! Some links of interest: Powercat - https://github.com/besimorhino/powercat Mick wants to give a special shout out to Luke Baggett for all the great work he's done on this project! Kansa - Dave Hall was the original author - https://github.com/davehull/Kansa Mick's Public Projects - https://github.com/besimorhino?tab=repositories Invoke-IR - https://github.com/Invoke-IR Bye-FePhishia - https://github.com/jcjohnson34/Bye-FePhishia OverworkedAdmin.com - https://overworkedadmin.com/category/scripting-languages/powershell/ Microsoft TechNet Blog - "Hey Scripting Guy!" - https://blogs.technet.microsoft.com/heyscriptingguy/ InfosecInovations.com - https://www.infosecinnovations.com/ Powershell Basics - https://www.darkoperator.com/powershellbasics/ Powershell Cheatsheet - https://github.com/PrateekKumarSingh/CheatSheets/tree/master/Powershell Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
In this episode John goes at it alone and discusses his own experiences with starting up a security program at different organizations by focusing in on what he views are the 3 key pillars for a new security program. Some links of interest: CIS Critical Security Controls - https://www.cisecurity.org/controls/ Malware Archeology - Logging Cheat Sheets - https://www.malwarearchaeology.com/cheat-sheets/ Linux Security Incident Log Review Checklist - https://zeltser.com/security-incident-log-review-checklist/ SANS Log Management In-Depth - https://www.sans.org/brochure/course/log-management-in-depth/6 OWASP Logging Cheat Sheet - https://www.owasp.org/index.php/Logging_Cheat_Sheet Defensive Security Handbook - http://shop.oreilly.com/product/0636920051671.do Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Continuing on with my fireside chat series, where I bring on a guest to just have a casual chat and see where the conversation takes us, my guest this time is Deviant Ollam. Well known for his work with TOOOL and the locksport community, we take a different path and talk about physical penetration testing as well as hear some great stories from the road.Some links of interest: Deviant's Twitter: @deviantollam The CORE Group: https://enterthecore.net/ And for fun: Check Box Secure: http://www.checkboxsecure.com/ Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
The penetration test, or pen test as it's commonly referred to, is one of the great necessary evils in Infosec today. My guest for this episode is Adrian Sanabria, who has an interesting thought - let's kill the pen test! Adrian has been in the industry for quite some time in quite a variety of roles, so he has some great experience and insights to share. Let's see what his replacement for a pen test entitles! Some links of interest: Adrian's Twitter: @sawaba Savage Security: https://www.savagesec.com/ BSides Knoxville: https://bsidesknoxville.com/ Penetration Testing Execution Standard (PTES): http://www.pentest-standard.org/index.php/Main_Page Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
It's that time again! We're doing another Infosec tabletop in a D&D style, this time with the fine gentlemen from the Defensive Security podcast! Jerry and Andrew join me for another infosec tabletop with all new scenarios, pitfalls, and approaches. Special thanks to Ryan McGeehan and his Tabletop Scenarios twitter account for providing the ideas behind this episodes "challenges". Some links of interest: The Defensive Security Podcast: https://defensivesecurity.org/ Jerry's Twitter: @maliciouslink Andrew's Twitter: @lerg Tabletop Scenarios Twitter: @badthingsdaily Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
The idea of "community" is an important one, especially if you talk about a group of people who want to help improve their skills by sharing their ideas, experiences, etc, with like minded individuals. The Infosec community is no exception to this. In fact I would argue that it is one of the strongest communities I have encountered yet! Joining me this week is Cheryl "3ncr1pt3d" Biswas to talk about the Infosec community, what makes it special, and the importance of it. In addition we will be talking about one of Cheryl's many contributions to the community in the form of the Diana Initiative. Some links of interest: Diana Initiative Website: https://www.dianainitiative.org/ Diana Initiative's Twitter: @DianaInitiative Cheryl's Twitter: @3ncr1pt3d Cheryl's Website: whitehatcheryl.wordpress.com Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
With no guest this week, John decides to share his own story about how he got into #infosec and some other thoughts he's had about the journey and why it's a never ending adventure to learn new things. Some links of interest: MeetUp.com OSSEC Wazuh (OSSEC Alternative) Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
Stress. Depression. Anxiety. Fear. Uncertainty. Doubt. All of these symptoms and conditions are well known to anyone who has spent a few years in security. This can be a heavy topic, but it's one that we should discuss openly and often. Danny Akacki joins me on this episode to talk about his own mental health, what are some of the things that has helped him, and he also gives us some insight on his contributions back to the community through the creation of infosanity.org, a website dedicated to helping those in the hacking community who may be struggling and aren't sure where to go. Please remember, if you have a serious concern about your mental health, please, PLEASE seek professional help. Some links of interest: Worldwide Crisis Line Phone Numbers Infosanity.org @DAkacki @InfoSanityOrg Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
From the crowd to the cloud, we shift focus this episode to a topic that may be holding back some infosec professionals from embracing the cloud - namely what to do when you're attacked? Digital Forensics and Incident Response (DFIR) is a topic we've covered in the past, but that was from a more traditional view. I'm fortunate enough to have Jonathon Poling (@JPoForenso) join me again to revisit DFIR, but this time from a cloud perspective. What's easier, what's harder, and what's different? Have a listen to find out! Some links of interest: Margarita Shotgun AWS to Azure Mapping AWS to GCP Mapping Azure to GCP Mapping Duo Labs GitHub StreamAlert Netflix GitHub RepoKid NCC Group Scout2 Ponder The Bits - https://ponderthebits.com/ @JPoForenso Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and as always, I will talk with you all again next time.Find out more at http://purplesquadsec.com
The crowd. Recently gaining attention again due to some news events that were much ado about nothing, there is still a bit of a mystery with crowdsourcing and how best to secure it. Organizations like Bug Crowd and HackerOne have shown it can be used for specific security tasks, but what about in general? Nicolas Valcarcel joins me on this episode to share his thoughts and experience with security the crowd and what organizations should be aware of when considering using the crowd for their own purposes. Some links of interest: Crowd Security Whitepaper - https://github.com/nxvl/crowd-security How to Make the Most of Mechanical Turk How We Maintain a Trustworthy Rainforest Tester Network The Pros and Cons of Using Crowdsourced Work How We Train Rainforest Testers AWS re:Invent: Managing Crowdsourced Testing Work with Amazon Mechanical Turk Virtual Machine Security: The Key Steps We Take to Keep Rainforest VMs Secure @nxvl Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you all again next time.Find out more at http://purplesquadsec.com
In the first of a new format, I sit down with Joe Gray with only a handful of questions and just chat. We cover things from Through The Hacking Glass, upcoming talks that Joe will be doing, to the various conferences that Joe will be attending. Lots of great information and stories were shared, and if you'd like to provide feedback, please reach out and let me know! Also, make sure you listen for a special easter egg that Joe has for those who are in the Atlanta area in September for entry to a conference at no cost! Some links of interest: Through The Hacking Glass @hackingglass - https://twitter.com/hackingglass Facebook - https://www.facebook.com/hackingglass/ Peerlyst - https://www.peerlyst.com/posts/announcing-through-the-hacking-glass-a-peerlyst-mentorship-experience-joe-gray RSA Conference USA - https://www.rsaconference.com/events/us18 Hacker Halted - https://www.hackerhalted.com/ Free Admission to conference code: HH18JGCON 25% off training code: HH18JJTRN Hack NYC - https://q22018.hacknyc.com/en/ Coupon code: STORMNYCJJ @c_3pjoe @advpersistsec Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you all again next time.Find out more at http://purplesquadsec.com
Continuing with the theme of soft skills that any infosec professional should have, this episode will focus on developers. I sit down with James Jardine from the DevelopSec podcast to talk about how best to communicate with developers. Just like executives, developers have a different language and approach that is needed in order to communicate effectively. Trying to avoid the all-to-common animosity between developers and security, James and I discuss some strategies to help build bridges between the groups and not burn them to the ground. Some links of interest: www.jardinesoftware.com www.developsec.com podcast.developsec.com podcast.wh1t3rabbit.net DevleopSec YouTube Channel @developsec @jardinesoftware Email James: james@jardinesoftware.com Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you all again next time.Find out more at http://purplesquadsec.com
Nothing helps out security more than information. Heck, it's the first part of our professions name! In Infosec, knowledge is key and sometimes we need to roll up our sleeves to get the information we need from various open source outlets. I'm fortunate to have as a guest on this episode the man who literally wrote the book on OSINT techniques, Michael Bazzell. We discuss OSINT techniques as well as his recently updated book. Have yourself a listen and hear the advice Michael has for starting your own OSINT adventures. Some links of interest: https://inteltechniques.com/ Open Source Intelligence Techniques, 6th Edition Buscador - OSINT OS https://michaelbazzell.com/forum.html Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you all again next time.Find out more at http://purplesquadsec.com
I love purple teams. Purple teaming is something that I was hoping to share with more people and more organizations! It's part of the reason I named this podcast after them. So why don't I think that a purple teamer exists? It's an interesting stance, but it's one that makes sense. Joining me this week is Haydn "Doctor Purple" Johnson to discuss all things purple. Some links of interest: Red Teamers Can Learn Secrets by Purple Teaming Purple Teaming: Red & Blue Living Together, Mass Hysteria Red Team v. Blue Team? They Are In Fact One – The Purple Team Top 4 Tips for Purple Team Exercises Purple Teaming - Lessons Learned & Ruxcon Slides BSidesTO 2015 - Haydn Johnson & Laura Rafferty - Purple View Hackfest 2016 - Chris Nickerson : Adversarial Simulation: Why your defenders are the Fighter Pilots Haydn's Slideshares @haydnjohnson Want to reach out to the show? There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you all again next time.Find out more at http://purplesquadsec.com