POPULARITY
Proverbs 18 is about friendship its benefits and its obligations. Verses 1-8 outlines wise thinking and the words which the wise speak – words which bring blessings to those who heed what was said. By contrast verses 6-7 tell us that a fool's mouth is an invitation to strife and his words continually bring trouble upon his head. Gossip is the way of the fool and those associated with him will experience total disaster. Verses 9-19 speaks about the need for diligence in order to be successful. These are contrasted with the true protection, which never fails, the name of Yahweh is a fortress (v10). Those who trust in the LORD are imperishable. They are indestructible. The life of the faithful is in the hand of their Maker. They need have no fear of men, because of their reverence for the Almighty – Matthew 10:16-33. Read aloud slowly. Contemplate this message for how you will live your life before your Sovereign and as a witness to your community. The wise men speaks of pride preceding a fall (v12). We are told to listen before speaking (v13). Generosity paves the way for acceptance (v16). Don't win an argument via persistence – be prepared to agree through a lot, ie it doesn't matter if you never win. If you simply win through aggression, or because you won't stop arguing you have lost a friend and a great deal more (v18). Verse 19 tells us that if your insistence creates a rift then it can only be healed via great efforts and immense sufferings. Verses 20-24 tell us, yet once again to be diligent in order to live adequately. What a great lesson verse 21 teaches – your tongue can save another person, or destroy them. A Godly companion in life is an aid and blessing in our walk towards the kingdom of God (v22). Be a close friend rather than a ruinous babbler (v24).According to Acts 28 Paul spent two years under house arrest in Rome (AD62-64). During this time Philippians, and Philemon were written. Acts 16 provided the background to the gospel arriving in Philippi. Philippians is called Paul's letter of joy and its theme is, “Rejoice in the Lord always, and again I say rejoice.” In chapter 1 of the letter the Apostle described his constant thanksgiving for the love of the believers in that city – colony which was heavily Roman in every way. He told them of the advance of the gospel in Rome and that even members of the Praetorian guard had become faithful believers. Unfortunately, not all ‘brethren' were happy – there was a group of false believers (known as Judaisers) whose motives for preaching were to see Paul persecuted. Paul, indeed would have been happy to die for the faith, nonetheless he felt that continued living would be for the benefit of the believers. In chapter 2 we have wonderful exhortations of Christ's mindset, as always being to honour and exalt his Father and for the benefit of others. Let that, said Paul, be the attitude of every believer. As God's Son our Lord had a status higher than anyone; yet he suffered as a servant the death of the cross. Now he is exalted at the Father's right hand with the name of Yahweh Himself (Isaiah 45). Believers bare the responsibility of shining as lights among this twisted world. He showed that Timothy and Epaphroditus both demonstrated Christ-like love for the believers in Philippi. Their own lives were put behind the course and purpose of the gospel.
Numbers 26 tells of the census that was taken of the new generation – those who were above 20 years of age, when 38 years earlier God had destined their fathers to die in the desert because of their failure to believe God could give them the Land He had promised to Abraham.This generation would be stedfast in the ways of the LORD. It would be that way for at least one and a half generations – see Joshua 24:31. Some of the more numerous tribes declined in number during their wasting away in the wilderness. There is almost a direct relationship between the rebellions started by certain tribes and their significant reduction in population prior to the entry into the Promised Land. These numbers were used together with a distribution by lot to determine the size of the land each tribe would inherit. There was no census for the Levites as Yahweh was their portion. The other salutary lesson from this chapter is the inheritance that would be given to faithful Caleb and Joshua, who wholly followed Yahweh with their heart; at the time that the bull of the nation were consigned to perishing in the wilderness because they yielded to their evil hearts of unbelief; and failed to trust in “the Living God”. Proverbs 18 is about friendship its benefits and its obligations. Verses 1-8 outlines wise thinking and the words which the wise speak – words which bring blessings to those who heed what was said. By contrast verses 6-7 tell us that a fool's mouth is an invitation to strife and his words continually bring trouble upon his head. Gossip is the way of the fool and those associated with him will experience total disaster. Verses 9-19 speaks about the need for diligence in order to be successful. These are contrasted with the true protection, which never fails, the name of Yahweh is a fortress (v10). Those who trust in the LORD are imperishable. They are indestructible. The life of the faithful is in the hand of their Maker. They need have no fear of men, because of their reverence for the Almighty – Matthew 10:16-33. Read aloud slowly. Contemplate this message for how you will live your life before your Sovereign and as a witness to your community. The wise men speaks of pride preceding a fall (v12). We are told to listen before speaking (v13). Generosity paves the way for acceptance (v16). Don't win an argument via persistence – be prepared to agree through a lot, ie it doesn't matter if you never win. If you simply win through aggression, or because you won't stop arguing you have lost a friend and a great deal more (v18). Verse 19 tells us that if your insistence creates a rift then it can only be healed via great efforts and immense sufferings. Verses 20-24 tell us, yet once again to be diligent in order to live adequately. What a great lesson verse 21 teaches – your tongue can save another person, or destroy them. A Godly companion in life is an aid and blessing in our walk towards the kingdom of God (v22). Be a close friend rather than a ruinous babbler (v24). According to Acts 28 Paul spent two years under house arrest in Rome (AD62-64). During this time Philippians, and Philemon were written. Acts 16 provided the background to the gospel arriving in Philippi. Philippians is called Paul's letter of joy and its theme is, “Rejoice in the Lord always, and again I say rejoice.” In chapter 1 of the letter the Apostle described his constant thanksgiving for the love of the believers in that city – colony which was heavily Roman in every way. He told them of the advance of the gospel in Rome and that even members of the Praetorian guard had become faithful believers. Unfortunately, not all ‘brethren' were happy – there was a group of false believers (known as Judaisers) whose motives for preaching were to see Paul persecuted. Paul, indeed would have been happy to die for the faith, nonetheless he felt that continued living would be for the benefit of the believers. In chapter 2 we have wonderful exhortations of Christ's mindset, as always being to honour and exalt his Father and for the benefit of others. Let that, said Paul, be the attitude of every believer. As God's Son our Lord had a status higher than anyone; yet he suffered as a servant the death of the cross. Now he is exalted at the Father's right hand with the name of Yahweh Himself (Isaiah 45). Believers bare the responsibility of shining as lights among this twisted world. He showed that Timothy and Epaphroditus both demonstrated Christ-like love for the believers in Philippi. Their own lives were put behind the course and purpose of the gospel.
Dr. Kanjana Thepboriruk sits down with Dr. Paul Chambers and Dr. Napisa Waitoolkiat to discuss Paul Chambers's new book “Praetorian Kingdom: A History of Military Ascendancy in Thailand.” Together they discuss the history of the military in the Thai government and its continued dominance in Thai politics. Chambers examine the rotating roster of pollical players in regimes past and present, and their relationship with loci of power. Dr. Paul Chambers is a lecturer and researcher. He serves as a lecturer and special advisor at the Centre ASEAN Community Studies at Naresuan University. Dr. Napisa Waitoolkiat serves as the Dean of the Facuilty of social sciences at Naresuan University.
Building on three promising and acclaimed EPs, the menacing Hertfordshire quartet that is Praetorian return with their debut full length album ‘Pylon Cult'. Out on January 31st, 2025, through APF Records. Produced and engineered by Wayne Adams (Petbrick, Big Lad, Wasted Death) at London's Bear Bites Horse Studio (home to Green Lung, TORPOR, Vacuous, Shooting Daggers and many more). Take sludge, doom, black, death, hardcore, thrash, and speed, blend it together until you get a brownish, sticky paste that smells as bad as it looks. Yet, it's so appealing because you know it's going to feel so good when it slides down your throat. Say hello to Praetorian and their obnoxious, but lovable, debut album, Pylon Cult. You can read our full review of the album here: https://www.gbhbl.com/album-review-praetorian-pylon-cult-apf-records/ We spoke to guitarist Mark and vocalist Tom, getting the lowdown on the new album and all the work that went into it. We discuss experimentation, challenges, having fun, and so much more. Find out more here: https://linktr.ee/praetorianmetal Website: https://gbhbl.com/ LinkTree: https://linktr.ee/gbhbl Ko-Fi (Buy us a coffee): https://ko-fi.com/gbhbl Facebook: https://www.facebook.com/GBHBL Instagram: https://www.instagram.com/gbhbl/ Bluesky: https://bsky.app/profile/gbhbl.com Threads: https://www.threads.net/@gbhbl Twitter: https://twitter.com/GBHBL_Official Contact: gbhblofficial@gmail.com Soundcloud: https://soundcloud.com/gbhbl Spotify: https://open.spotify.com/show/5A4toGR0qap5zfoR4cIIBo Apple Podcasts: https://podcasts.apple.com/hr/podcast/the-gbhbl-podcasts/id1350465865 Intro/Outro music created by HexedRiffsStudios YouTube: https://www.youtube.com/channel/UCKSpZ6roX36WaFWwQ73Cbbg Instagram: https://www.instagram.com/hexedriffsstudio
We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community. We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian. The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few. References: Check out the Where the Warlocks Stay Up Late website and subscribe to get notified of each episode as it is released Check out the anthropological hacker map and relive your misspent youth! In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode's acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding. A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight. We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-389
We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community. We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian. The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few. References: Check out the Where the Warlocks Stay Up Late website and subscribe to get notified of each episode as it is released Check out the anthropological hacker map and relive your misspent youth! In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode's acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding. A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight. We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-389
We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community. We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian. The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few. References: Check out the Where the Warlocks Stay Up Late website and subscribe to get notified of each episode as it is released Check out the anthropological hacker map and relive your misspent youth! Show Notes: https://securityweekly.com/esw-389
We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community. We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian. The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few. References: Check out the Where the Warlocks Stay Up Late website and subscribe to get notified of each episode as it is released Check out the anthropological hacker map and relive your misspent youth! Show Notes: https://securityweekly.com/esw-389
Listeners react to Denver mayor Mike Johnston's Machiavellian fever dream of calling upon Denver Police as his own Praetorian Guard against ICE federal agents seeking to apprehend criminal aliens in the upcoming Trump administration.
The true nexus of power in the Roman Empire wasn't in the Emperor's box but in the shadowy ranks of the Praetorian Guard. First established in 27 BCE by Caesar Augustus, the first Emperor of Rome, they acted as his personal army and security escort. But it didn't take long for their influence in Rome to become more insidious … they became kingmakers and power brokers with the ability to topple a dynasty at the drop of a hat. They were the ones who decided who lived and who died.Dan and Dr Simon Elliot, a leading voice in Roman History, walk the streets of Rome where Praetorian conspiracies and assassinations spilt imperial blood on the stones of the eternal city… This is episode 4 of 4 in our mini-series 'Gladiators'.Produced by Mariana Des Forges and edited by Dougal PatmoreSign up to History Hit for hundreds of hours of original documentaries, with a new release every week and ad-free podcasts. Sign up at https://www.historyhit.com/subscribe.
#501 Off Road Buses & Chinese EVs. Alex drives the go-anywhere Torsus Terrastorm & Praetorian, and Mr Bean's MINI. How good are the latest car brands from the people's Republic? Plus Elon's new robots and Renault's “affordable” EV.
Welcome back to the People's Guild. In this episode, we welcome PJ, Splinterlands CTO, to the show.In one of his only public Praetorian appearances thus far, we get to know PJ as we make our way through a whole slew of topics; including Wes Anderson, validators, Hive, the SPSDAO and much more.Here's to the first of many!Enjoy the show.************************************************************************* Follow us elsewhere: Peakd: https://peakd.com/@thepeoplesguild Patreon: https://patreon.com/thepeoplesguild Twitter: https://twitter.com/thepeoplesguild General: https://linktr.ee/thepeoplesguild Check out the official sponsor of the People's Guild, the People's Market over at Aqualis: splinterlands.aqualis.io
The Mad Max Saga comes to a close (for now) with FURIOSA, the highly anticipated action epic that serves as a prequel and world-building expansion to 2015's FURY ROAD. Does it live up to its predecessor or fall short of expectations? Does it add much to the Mad Max universe or is it merely Fury Road DLC? How does it stack up to the sickest of all Dr. Miller's works, LORENZO'S OIL? All these questions and more will be answered in this podcast, broadcast straight from the Wasteland of Toronto, Ontario. "Praetorian" Chantel joins us again for a deep dive into the post-apocalyptic Australian outback. The first hour has us reviewing the Neil Young show and talking about some recent movies we've seen. The back half is all Furiosa talk.Join us next week as we pay tribute to a fallen soldier of documentary filmmaking: Immorgan Spurlock. We'll be watching his seminal SUPER SIZE ME and its sequel.Follow us @thefranchisees on Instagram and Twitter and email us at thefranchiseespod@gmail.com
Welcome back to the People's Guild. We cruise into North Thailand for a pitstop in Chiang Mai as we sit down with developer, Web3 believer and fellow Praetorian, @gamesontheblock.We talk through the whole lot - international travels, expat-life, Thailand, Web3, DAO, Splinterlands, the Sylar hire, the future.... - you name it! Enjoy the episode, folks!*************************************************************************Follow us elsewhere:Peakd: https://peakd.com/@thepeoplesguildPatreon: https://patreon.com/thepeoplesguildTwitter: https://twitter.com/thepeoplesguildGeneral: https://linktr.ee/thepeoplesguildCheck out the official sponsor of the People's Guild, the People's Market over at Aqualis: splinterlands.aqualis.io
Star Wars the Last Jedi has revealed the reviews of many fans, dividing opinions entirely, however, one thing that has been brought to many's attention, including my own online through a tweet, is what is discussed in this episode regarding the Snoke throne room fight. Do you think Snoke made it all up? Or was this a really bad movie mistake where Rey fights the Praetorian guard with Kylo Ren? Learn more about your ad choices. Visit megaphone.fm/adchoices
Today on The Prather Point LIVE at 4 pm ET / 1 pm PT on RUMBLEhttps://rumble.com/v48tpjq-praetorian-fbi-protects-g-pedos-pimps-and-pushers.htmlDHS HACKED GEORGIA FOR CHINA!CHINA STOCKS COLLAPSE SHORTS SUSPENDED!NEW SPY COURT SUPPORTS DEA'S SECRET SOD! FBI WHISTLEBLOWER VETERAN GARRETT O'BOYLE GUESTS!
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Richard Ford, CTO, Praetorian. In this episode: When did we all agree that red teaming was about validating security? Does it seem like increasingly red teaming is a catch all term for a whole lot of testing that isn't clearly defined? Is this making it hard to see its value? Can moving red teaming upstream be more valuable to your organization? Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.
On this episode of The Cybersecurity Defenders Podcast we speak with Adnan Khan, Lead Security Engineer at Praetorian, about a supply chain attack that was successful in poisoning Gihub's runner images.Adnan is an Offensive Security Engineer and Security Researcher with a strong development background and passion for CI/CD and supply chain security. Adnan's research can be found here.The Github Attack TOolkit can be found here.And Adnan can be found on LinkedIn here.
Welcome back to the People's Guild. This week TPG has a general state of the union discussion on all things Praetoria. We cover the recent development releases from Land 1.5 and Rebellion and all that has come alongside these.Enjoy the show!************************************************************************* Follow us elsewhere:Peakd: https://peakd.com/@thepeoplesguild Twitter: https://twitter.com/thepeoplesguild General: https://linktr.ee/thepeoplesguild Check out the official sponsor of the People's Guild, the People's Market over at Aqualis: splinterlands.aqualis.io
Adnan Khan, Lead Security Engineer at Praetorian, joins Corey on Screaming in the Cloud to discuss software bill of materials and supply chain attacks. Adnan describes how simple pull requests can lead to major security breaches, and how to best avoid those vulnerabilities. Adnan and Corey also discuss the rapid innovation at Github Actions, and the pros and cons of having new features added so quickly when it comes to security. Adnan also discusses his view on the state of AI and its impact on cloud security. About AdnanAdnan is a Lead Security Engineer at Praetorian. He is responsible for executing on Red-Team Engagements as well as developing novel attack tooling in order to meet and exceed engagement objectives and provide maximum value for clients.His past experience as a software engineer gives him a deep understanding of where developers are likely to make mistakes, and has applied this knowledge to become an expert in attacks on organization's CI/CD systems.Links Referenced: Praetorian: https://www.praetorian.com/ Twitter: https://twitter.com/adnanthekhan Praetorian blog posts: https://www.praetorian.com/author/adnan-khan/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Are you navigating the complex web of API management, microservices, and Kubernetes in your organization? Solo.io is here to be your guide to connectivity in the cloud-native universe!Solo.io, the powerhouse behind Istio, is revolutionizing cloud-native application networking. They brought you Gloo Gateway, the lightweight and ultra-fast gateway built for modern API management, and Gloo Mesh Core, a necessary step to secure, support, and operate your Istio environment.Why struggle with the nuts and bolts of infrastructure when you can focus on what truly matters - your application. Solo.io's got your back with networking for applications, not infrastructure. Embrace zero trust security, GitOps automation, and seamless multi-cloud networking, all with Solo.io.And here's the real game-changer: a common interface for every connection, in every direction, all with one API. It's the future of connectivity, and it's called Gloo by Solo.io.DevOps and Platform Engineers, your journey to a seamless cloud-native experience starts here. Visit solo.io/screaminginthecloud today and level up your networking game.Corey: As hybrid cloud computing becomes more pervasive, IT organizations need an automation platform that spans networks, clouds, and services—while helping deliver on key business objectives. Red Hat Ansible Automation Platform provides smart, scalable, sharable automation that can take you from zero to automation in minutes. Find it in the AWS Marketplace.Corey: Welcome to Screaming in the Cloud, I'm Corey Quinn. I've been studiously ignoring a number of buzzword, hype-y topics, and it's probably time that I addressed some of them. One that I've been largely ignoring, mostly because of its prevalence at Expo Hall booths at RSA and other places, has been software bill of materials and supply chain attacks. Finally, I figured I would indulge the topic. Today I'm speaking with Adnan Khan, lead security engineer at Praetorian. Adnan, thank you for joining me.Adnan: Thank you so much for having me.Corey: So, I'm trying to understand, on some level, where the idea of these SBOM or bill-of-material attacks have—where they start and where they stop. I've seen it as far as upstream dependencies have a vulnerability. Great. I've seen misconfigurations in how companies wind up configuring their open-source presences. There have been a bunch of different, it feels almost like orthogonal concepts to my mind, lumped together as this is a big scary thing because if we have a big single scary thing we can point at, that unlocks budget. Am I being overly cynical on this or is there more to it?Adnan: I'd say there's a lot more to it. And there's a couple of components here. So first, you have the SBOM-type approach to security where organizations are looking at which packages are incorporated into their builds. And vulnerabilities can come out in a number of ways. So, you could have software actually have bugs or you could have malicious actors actually insert backdoors into software.I want to talk more about that second point. How do malicious actors actually insert backdoors? Sometimes it's compromising a developer. Sometimes it's compromising credentials to push packages to a repository, but other times, it could be as simple as just making a pull request on GitHub. And that's somewhere where I've spent a bit of time doing research, building off of techniques that other people have documented, and also trying out some attacks for myself against two Microsoft repositories and several others that have reported over the last few months that would have been able to allow an attacker to slip a backdoor into code and expand the number of projects that they are able to attack beyond that.Corey: I think one of the areas that we've seen a lot of this coming from has been the GitHub Action space. And I'll confess that I wasn't aware of a few edge-case behaviors around this. Most of my experience with client-side Git configuration in the .git repository—pre-commit hooks being a great example—intentionally and by design from a security perspective, do not convey when you check that code in and push it somewhere, or grab someone else's, which is probably for the best because otherwise, it's, “Oh yeah, just go ahead and copy your password hash file and email that to something else via a series of arcane shell script stuff.” The vector is there. I was unpleasantly surprised somewhat recently to discover that when I cloned a public project and started running it locally and then adding it to my own fork, that it would attempt to invoke a whole bunch of GitHub Actions flows that I'd never, you know, allowed it to do. That was… let's say, eye-opening.Adnan: [laugh]. Yeah. So, on the particular topic of GitHub Actions, the pull request as an attack vector, like, there's a lot of different forms that an attack can take. So, one of the more common ones—and this is something that's been around for just about as long as GitHub Actions has been around—and this is a certain trigger called ‘pull request target.' What this means is that when someone makes a pull request against the base repository, maybe a branch within the base repository such as main, that will be the workflow trigger.And from a security's perspective, when it runs on that trigger, it does not require approval at all. And that's something that a lot of people don't really realize when they're configuring their workflows. Because normally, when you have a pull request trigger, the maintainer can check a box that says, “Oh, require approval for all external pull requests.” And they think, “Great, everything needs to be approved.” If someone tries to add malicious code to run that's on the pull request target trigger, then they can look at the code before it runs and they're fine.But in a pull request target trigger, there is no approval and there's no way to require an approval, except for configuring the workflow securely. So, in this case, what happens is, and in one particular case against the Microsoft repository, this was a Microsoft reusable GitHub Action called GPT Review. It was vulnerable because it checked out code from my branch—so if I made a pull request, it checked out code from my branch, and you could find this by looking at the workflow—and then it ran tests on my branch, so it's running my code. So, by modifying the entry points, I could run code that runs in the context of that base branch and steal secrets from it, and use those to perform malicious Actions.Corey: Got you. It feels like historically, one of the big threat models around things like this is al—[and when 00:06:02] you have any sort of CI/CD exploit—is either falls down one of two branches: it's either the getting secret access so you can leverage those credentials to pivot into other things—I've seen a lot of that in the AWS space—or more boringly, and more commonly in many cases, it seems to be oh, how do I get it to run this crypto miner nonsense thing, with the somewhat large-scale collapse of crypto across the board, it's been convenient to see that be less prevalent, but still there. Just because you're not making as much money means that you'll still just have to do more of it when it's all in someone else's account. So, I guess it's easier to see and detect a lot of the exploits that require a whole bunch of compute power. The, oh by the way, we stole your secrets and now we're going to use that to lateral into an organization seem like it's something far more… I guess, dangerous and also sneaky.Adnan: Yeah, absolutely. And you hit the nail on the head there with sneaky because when I first demonstrated this, I made a test account, I created a PR, I made a couple of Actions such as I modified the name of the release for the repository, I just put a little tag on it, and didn't do any other changes. And then I also created a feature branch in one of Microsoft's repositories. I don't have permission to do that. That just sat there for about almost two weeks and then someone else exploited it and then they responded to it.So, sneaky is exactly the word you could describe something like this. And another reason why it's concerning is, beyond the secret disclosure for—and in this case, the repository only had an OpenAI API key, so… okay, you can talk to ChatGPT for free. But this was itself a Github Action and it was used by another Microsoft machine-learning project that had a lot more users, called SynapseML, I believe was the name of the other project. So, what someone could do is backdoor this Action by creating a commit in a feature branch, which they can do by stealing the built-in GitHub token—and this is something that all Github Action runs have; the permissions for it vary, but in this case, it had the right permissions—attacker could create a new branch, modify code in that branch, and then modify the tag, which in Git, tags are mutable, so you can just change the commit the tag points to, and now, every time that other Microsoft repository runs GPT Review to review a pull request, it's running attacker-controlled code, and then that could potentially backdoor that other repository, steal secrets from that repository.So that's, you know, one of the scary parts of, in particular backdooring a Github Action. And I believe there was a very informative Blackhat talk this year, that someone from—I'm forgetting the name of the author, but it was a very good watch about how Actions vulnerabilities can be vulnerable, and this is kind of an example of—it just happened to be that this was an Action as well.Corey: That feels like this is an area of exploit that is becoming increasingly common. I tie it almost directly to the rise of GitHub Actions as the default CI/CD system that a lot of folks have been using. For the longest time, it seemed like a poorly configured Jenkins box hanging out somewhere in your environment that was the exception to the Infrastructure as Code rule because everyone has access to it, configures it by hand, and invariably it has access to production was the way that people would exploit things. For a while, you had CircleCI and Travis-CI, before Travis imploded and Circle did a bunch of layoffs. Who knows where they're at these days?But it does seem that the common point now has been GitHub Actions, and a .github folder within that Git repo with a workflows YAML file effectively means that a whole bunch of stuff can happen that you might not be fully aware of when you're cloning or following along with someone's tutorial somewhere. That has caught me out in a couple of strange ways, but nothing disastrous because I do believe in realistic security boundaries. I just worry how much of this is the emerging factor of having a de facto standard around this versus something that Microsoft has actively gotten wrong. What's your take on it?Adnan: Yeah. So, my take here is that Github could absolutely be doing a lot more to help prevent users from shooting themselves in the foot. Because their documentation is very clear and quite frankly, very good, but people aren't warned when they make certain configuration settings in their workflows. I mean, GitHub will happily take the settings and, you know, they hit commit, and now the workflow could be vulnerable. There's no automatic linting of workflows, or a little suggestion box popping up like, “Hey, are you sure you want to configure it this way?”The technology to detect that is there. There's a lot of third-party utilities that will lint Actions workflows. Heck, for looking for a lot of these pull request target-type vulnerabilities, I use a Github code search query. It's just a regular expression. So, having something that at least nudges users to not make that mistake would go really far in helping people not make these mista—you know, adding vulnerabilities to their projects.Corey: It seems like there's also been issues around the GitHub Actions integration approach where OICD has not been scoped correctly a bunch of times. I've seen a number of articles come across my desk in that context and fortunately, when I wound up passing out the ability for one of my workflows to deploy to my AWS account, I got it right because I had no idea what I was doing and carefully followed the instructions. But I can totally see overlooking that one additional parameter that leaves things just wide open for disaster.Adnan: Yeah, absolutely. That's one where I haven't spent too much time actually looking for that myself, but I've definitely read those articles that you mentioned, and yeah, it's very easy for someone to make that mistake, just like, it's easy for someone to just misconfigure their Action in general. Because in some of the cases where I found vulnerabilities, there would actually be a commit saying, “Hey, I'm making this change because the Action needs access to these certain secrets. And oh, by the way, I need to update the checkout steps so it actually checks out the PR head so that it's [testing 00:12:14] that PR code.” Like, people are actively making a decision to make it vulnerable because they don't realize the implication of what they've just done.And in the second Microsoft repository that I found the bug in, was called Microsoft Confidential Sidecar Containers. That repository, the developer a week prior to me identifying the bug made a commit saying that we're making a change and it's okay because it requires approval. Well, it doesn't because it's a pull request target.Corey: Part of me wonders how much of this is endemic to open-source as envisioned through enterprises versus my world of open-source, which is just eh, I've got this weird side project in my spare time, and it seemed like it might be useful to someone else, so I'll go ahead and throw it up there. I understand that there's been an awful lot of commercialization of open-source in recent years; I'm not blind to that fact, but it also seems like there's a lot of companies playing very fast and loose with things that they probably shouldn't be since they, you know, have more of a security apparatus than any random contributors standing up a clone of something somewhere will.Adnan: Yeah, we're definitely seeing this a lot in the machine-learning space because of companies that are trying to move so quickly with trying to build things because OpenAI AI has blown up quite a bit recently, everyone's trying to get a piece of that machine learning pie, so to speak. And another thing of what you're seeing is, people are deploying self-hosted runners with Nvidia, what is it, the A100, or—it's some graphics card that's, like, $40,000 apiece attached to runners for running integration tests on machine-learning workflows. And someone could, via a pull request, also just run code on those and mine crypto.Corey: I kind of miss the days when exploiting computers is basically just a way for people to prove how clever they were or once in a blue moon come up with something innovative. Now, it's like, well, we've gone all around the mulberry bush just so we can basically make computers solve a sudoku form, and in return, turn that into money down the road. It's frustrating, to put it gently.Adnan: [laugh].Corey: When you take a look across the board at what companies are doing and how they're embracing the emerging capabilities inherent to these technologies, how do you avoid becoming a cautionary tale in the space?Adnan: So, on the flip side of companies having vulnerable workflows, I've also seen a lot of very elegant ways of writing secure workflows. And some of the repositories are using deployment environments—which is the GitHub Actions feature—to enforce approval checks. So, workflows that do need to run on pull request target because of the need to access secrets for pull requests will have a step that requires a deployment environment to complete, and that deployment environment is just an approval and it doesn't do anything. So essentially, someone who has permissions to the repository will go in, approve that environment check, and only then will the workflow continue. So, that adds mandatory approvals to pull requests where otherwise they would just run without approval.And this is on, particularly, the pull request target trigger. Another approach is making it so the trigger is only running on the label event and then having a maintainer add a label so the tests can run and then remove the label. So, that's another approach where companies are figuring out ways to write secure workflows and not leave their repositories vulnerable.Corey: It feels like every time I turn around, Github Actions has gotten more capable. And I'm not trying to disparage the product; it's kind of the idea of what we want. But it also means that there's certainly not an awareness in the larger community of how these things can go awry that has kept up with the pace of feature innovation. How do you balance this without becoming the Department of No?Adnan: [laugh]. Yeah, so it's a complex issue. I think GitHub has evolved a lot over the years. Actions, it's—despite some of the security issues that happen because people don't configure them properly—is a very powerful product. For a CI/CD system to work at the scale it does and allow so many repositories to work and integrate with everything else, it's really easy to use. So, it's definitely something you don't want to take away or have an organization move away from something like that because they are worried about the security risks.When you have features coming in so quickly, I think it's important to have a base, kind of like, a mandatory reading. Like, if you're a developer that writes and maintains an open-source software, go read through this document so you can understand the do's and don'ts instead of it being a patchwork where some people, they take a good security approach and write secure workflows and some people just kind of stumble through Stack Overflow, find what works, messes around with it until their deployment is working and their CI/CD is working and they get the green checkmark, and then they move on to their never-ending list of tasks that—because they're always working on a deadline.Corey: Reminds me of a project I saw a few years ago when it came out that Volkswagen had been lying to regulators. It was a framework someone built called ‘Volkswagen' that would detect if it was running inside of a CI/CD environment, and if so, it would automatically make all the tests pass. I have a certain affinity for projects like that. Another one was a tool that would intentionally degrade the performance of a network connection so you could simulate having a latent or stuttering connection with packet loss, and they call that ‘Comcast.' Same story. I just thought that it's fun seeing people get clever on things like that.Adnan: Yeah, absolutely.Corey: When you take a look now at the larger stories that are emerging in the space right now, I see an awful lot of discussion coming up that ties to SBOMs and understanding where all of the components of your software come from. But I chased some stuff down for fun once, and I gave up after 12 dependency leaps from just random open-source frameworks. I mean, I see the Dependabot problem that this causes as well, where whenever I put something on GitHub and then don't touch it for a couple of months—because that's how I roll—I come back and there's a whole bunch of terrifyingly critical updates that it's warning me about, but given the nature of how these things get used, it's never going to impact anything that I'm currently running. So, I've learned to tune it out and just ignore it when it comes in, which is probably the worst of all possible approaches. Now, if I worked at a bank, I should probably take a different perspective on this, but I don't.Adnan: Mm-hm. Yeah. And that's kind of a problem you see, not just with SBOMs. It's just security alerting in general, where anytime you have some sort of signal and people who are supposed to respond to it are getting too much of it, you just start to tune all of it out. It's like that human element that applies to so much in cybersecurity.And I think for the particular SBOM problem, where, yeah, you're correct, like, a lot of it… you don't have reachability because you're using a library for one particular function and that's it. And this is somewhere where I'm not that much of an expert in where doing more static source analysis and reachability testing, but I'm certain there are products and tools that offer that feature to actually prioritize SBOM-based alerts based on actual reachability versus just having an as a dependency or not.[midroll 00:20:00]Corey: I feel like, on some level, wanting people to be more cautious about what they're doing is almost shouting into the void because I'm one of the only folks I found that has made the assertion that oh yeah, companies don't actually care about security. Yes, they email you all the time after they failed to protect your security, telling you how much they care about security, but when you look at where they invest, feature velocity always seems to outpace investment in security approaches. And take a look right now at the hype we're seeing across the board when it comes to generative AI. People are excited about the capabilities and security is a distant afterthought around an awful lot of these things. I don't know how you drive a broader awareness of this in a way that sticks, but clearly, we haven't collectively found it yet.Adnan: Yeah, it's definitely a concern. When you see things on—like for example, you can look at Github's roadmap, and there's, like, a feature there that's, oh, automatic AI-based pull request handling. Okay, so does that mean one day, you'll have a GitHub-powered LLM just approve PRs based on whether it determines that it's a good improvement or not? Like, obviously, that's not something that's the case now, but looking forward to maybe five, six years in the future, in the pursuit of that ever-increasing velocity, could you ever have a situation where actual code contributions are reviewed fully by AI and then approved and merged? Like yeah, that's scary because now you have a threat actor that could potentially specifically tailor contributions to trick the AI into thinking they're great, but then it could turn around and be a backdoor that's being added to the code.Obviously, that's very far in the future and I'm sure a lot of things will happen before that, but it starts to make you wonder, like, if things are heading that way. Or will people realize that you need to look at security at every step of the way instead of just thinking that these newer AI systems can just handle everything?Corey: Let's pivot a little bit and talk about your day job. You're a lead security engineer at what I believe to be a security-focused consultancy. Or—Adnan: Yeah.Corey: If you're not a SaaS product. Everything seems to become a SaaS product in the fullness of time. What's your day job look like?Adnan: Yeah, so I'm a security engineer on Praetorian's red team. And my day-to-day, I'll kind of switch between application security and red-teaming. And that kind of gives me the opportunity to, kind of, test out newer things out in the field, but then also go and do more traditional application security assessments and code reviews, and reverse engineering to kind of break up the pace of work. Because red-teaming can be very fast and fast-paced and exciting, but sometimes, you know, that can lead to some pretty late nights. But that's just the nature of being on a red team [laugh].Corey: It feels like as soon as I get into the security space and start talking to cloud companies, they get a lot more defensive than when I'm making fun of, you know, bad service naming or APIs that don't make a whole lot of sense. It feels like companies have a certain sensitivity around the security space that applies to almost nothing else. Do you find, as a result, that a lot of the times when you're having conversations with companies and they figure out that, oh, you're a red team for a security researcher, oh, suddenly, we're not going to talk to you the way we otherwise might. We thought you were a customer, but nope, you can just go away now.Adnan: [laugh]. I personally haven't had that experience with cloud companies. I don't know if I've really tried to buy a lot. You know, I'm… if I ever buy some infrastructure from cloud companies as an individual, I just kind of sign up and put in my credit card. And, you know, they just, like, oh—you know, they just take my money. So, I don't really think I haven't really, personally run into anything like that yet [laugh].Corey: Yeah, I'm curious to know how that winds up playing out in some of these, I guess, more strategic, larger company environments. I don't get to see that because I'm basically a tiny company that dabbles in security whenever I stumble across something, but it's not my primary function. I just worry on some level one of these days, I'm going to wind up accidentally dropping a zero-day on Twitter or something like that, and suddenly, everyone's going to come after me with the knives. I feel like [laugh] at some point, it's just going to be a matter of time.Adnan: Yeah. I think when it comes to disclosing things and talking about techniques, the key thing here is that a lot of the things that I'm talking about, a lot of the things that I'll be talking about in some blog posts that have coming out, this is stuff that these companies are seeing themselves. Like, they recognize that these are security issues that people are introducing into code. They encourage people to not make these mistakes, but when it's buried in four links deep of documentation and developers are tight on time and aren't digging through their security documentation, they're just looking at what works, getting it to work and moving on, that's where the issue is. So, you know, from a perspective of raising awareness, I don't feel bad if I'm talking about something that the company itself agrees is a problem. It's just a lot of the times, their own engineers don't follow their own recommendations.Corey: Yeah, I have opinions on these things and unfortunately, it feels like I tend to learn them in some of the more unfortunate ways of, oh, yeah, I really shouldn't care about this thing, but I only learned what the norm is after I've already done something. This is, I think, the problem inherent to being small and independent the way that I tend to be. We don't have enough people here for there to be a dedicated red team and research environment, for example. Like, I tend to bleed over a little bit into a whole bunch of different things. We'll find out. So far, I've managed to avoid getting it too terribly wrong, but I'm sure it's just a matter of time.So, one area that I think seems to be a way that people try to avoid cloud issues is oh, I read about that in the last in-flight magazine that I had in front of me, and the cloud is super insecure, so we're going to get around all that by running our own infrastructure ourselves, from either a CI/CD perspective or something else. Does that work when it comes to this sort of problem?Adnan: Yeah, glad you asked about that. So, we've also seen open-s—companies that have large open-source presence on GitHub just opt to have self-hosted Github Actions runners, and that opens up a whole different Pandora's box of attacks that an attacker could take advantage of, and it's only there because they're using that kind of runner. So, the default GitHub Actions runner, it's just an agent that runs on a machine, it checks in with GitHub Actions, it pulls down builds, runs them, and then it waits for another build. So, these are—the default state is a non-ephemeral runner with the ability to fork off tasks that can run in the background. So, when you have a public repository that has a self-hosted runner attached to it, it could be at the organization level or it could be at the repository level.What an attacker can just do is create a pull request, modify the pull request to run on a self-hosted runner, write whatever they want in the pull request workflow, create a pull request, and now as long as they were a previous contributor, meaning you fixed a typo, you… that could be a such a, you know, a single character typo change could even cause that, or made a small contribution, now they create the pull request. The arbitrary job that they wrote is now picked up by that self-hosted runner. They can fork off it, process it to run in the background, and then that just continues to run, the job finishes, their pull request, they'll just—they close it. Business as usual, but now they've got an implant on the self-hosted runner. And if the runners are non-ephemeral, it's very hard to completely lock that down.And that's something that I've seen, there's quite a bit of that on GitHub where—and you can identify it just by looking at the run logs. And that's kind of comes from people saying, “Oh, let's just self-host our runners,” but they also don't configure that properly. And that opens them up to not only tampering with their repositories, stealing secrets, but now depending on where your runner is, now you potentially could be giving an attacker a foothold in your cloud environment.Corey: Yeah, that seems like it's generally a bad thing. I found that cloud tends to be more secure than running it yourself in almost every case, with the exception that once someone finds a way to break into it, there's suddenly a lot more eggs in a very large, albeit more secure, basket. So, it feels like it's a consistent trade-off. But as time goes on, it feels like it is less and less defensible, I think, to wind up picking out an on-prem strategy from a pure security point of view. I mean, there are reasons to do it. I'm just not sure.Adnan: Yeah. And I think that distinction to be made there, in particular with CI/CD runners is there's cloud, meaning you let your—there's, like, full cloud meaning you let your CI/CD provider host your infrastructure as well; there's kind of that hybrid approach you mentioned, where you're using a CI/CD provider, but then you're bringing your own cloud infrastructure that you think you could secure better; or you have your runners sitting in vCenter in your own data center. And all of those could end up being—both having a runner in your cloud and in your data center could be equally vulnerable if you're not segmenting builds properly. And that's the core issue that happens when you have a self-hosted runner is if they're not ephemeral, it's very hard to cut off all attack paths. There's always something an attacker can do to tamper with another build that'll have some kind of security impact. You need to just completely isolate your builds and that's essentially what you see in a lot of these newer guidances like the [unintelligible 00:30:04] framework, that's kind of the core recommendation of it is, like, one build, one clean runner.Corey: Yeah, that seems to be the common wisdom. I've been doing a lot of work with my own self-hosted runners that run inside of Lambda. Definitionally those are, of course, ephemeral. And there's a state machine that winds up handling that and screams bloody murder if there's a problem with it. So far, crossing fingers hoping it works out well.And I have a bounded to a very limited series of role permissions, and of course, its own account of constraint blast radius. But there's still—there are no guarantees in this. The reason I build it the way I do is that, all right, worst case someone can get access to this. The only thing they're going to have the ability to do is, frankly, run up my AWS bill, which is an area I have some small amount of experience with.Adnan: [laugh]. Yeah, yeah, that's always kind of the core thing where if you get into someone's cloud, like, well, just sit there and use their compute resources [laugh].Corey: Exactly. I kind of miss when that was the worst failure mode you had for these things.Adnan: [laugh].Corey: I really want to thank you for taking the time to speak with me today. If people want to learn more, where's the best place for them to find you?Adnan: I do have a Twitter account. Well, I guess you can call it Twitter anymore, but, uh—Corey: Watch me. Sure I can.Adnan: [laugh]. Yeah, so I'm on Twitter, and it's @adnanthekhan. So, it's like my first name with ‘the' and then K-H-A-N because, you know, my full name probably got taken up, like, years before I ever made a Twitter account. So, occasionally I tweet about GitHub Actions there.And on Praetorian's website, I've got a couple of blog posts. I have one—the one that really goes in-depth talking about the two Microsoft repository pull request attacks, and a couple other ones that are disclosed, will hopefully drop on the twenty—what is that, Tuesday? That's going to be the… that's the 26th. So, it should be airing on the Praetorian blog then. So, if you—Corey: Excellent. It should be out by the time this is published, so we will, of course, put a link to that in the [show notes 00:32:01]. Thank you so much for taking the time to speak with me today. I appreciate it.Adnan: Likewise. Thank you so much, Corey.Corey: Adnan Khan, lead security engineer at Praetorian. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an insulting comment that's probably going to be because your podcast platform of choice is somehow GitHub Actions.Adnan: [laugh].Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
This is a free preview of a paid episode. To hear more, visit www.racket.newsIn an impressive new low, the White House sends impeachment coverage guidelines up a flagpole, and the press salutes More at www.Racket.news
9/4/23. Five Minutes in the Word scriptures for today: Acts 23:34-35. Governor Felix reads the letter from Commander Lysias and assigns Apostle Paul to the Praetorian to await his accusers. Resources: enduringword.com; biblehub.com; logos.com; Matthew Henry Commentary; and Life Application Study Bible. November 2021 Podchaser list of "60 Best Podcasts to Discover!" Listen, like, follow, share! #MinutesWord; @MinutesWord; #dailydevotional #christianpodcaster Now on Amazon podcasts and Pandora! #prayforukraine #voiceofthemartyrs #prayforTurkey #prayforSyria
In College Football the best way to win is with a strong defense.
Welcome back to the People's Guild. The bus finds itself in the Bay Area, California for this one as we sit down with a long-time staple in the Splinterlands' community. We hope you'll join us in welcoming in Fat Jimmy to the show!Man, oh man. What an episode. We have an absolute blast talking all things music, crypto & Splinterlands with Jimmy in this one. We get things started with the tale of Fat Jimmy Amps (https://fatjimmyamps.com/), Jimmy's livelihood that has found its way from humble beginnings as a Fender repair shop to being at the forefront of musicianship with some of the most recognizable names in the industry. Some great stories here that are not to be missed!We eventually make our way back to Praetoria as we hear Jimmy's entrance into the game following a Nifty Show podcast episode featuring Aggroed back in 2020. Jimmy shares with us his early experiences within Splinterlands, how & why he burrowed in like a tick to this ecosystem and where he believes we, as a community & ecosystem can go from here. Spoiler: bullish!This episode meanders through the Praetorian landscape as we touch on everything from land and Riftwatchers to proposals to future card sets with a metric ton of tangents & rabbit holes along the way.With a seemingly endless range of topics to discuss, this episode tips the scales at nearly 3 hours, so toss on your headphones, buckle up & enjoy the show! See y'all next week!
In Star Wars The Last Jedi, Kylo Ren and Rey both go up against Snoke and his Praetorian guards...after the epic fight, how did Kylo pull on Anakin/Luke's lightsaber, if in The Force Awakens, he failed against Rey? I wish during that scene in ep7, Luke Skywalker was the one to pull the saber, that would have been a cool entrance, as Mark Hamill always said. Learn more about your ad choices. Visit megaphone.fm/adchoices
I wrote a very fan service / fun alternate (loose) ending to the Mandalorian season 3. Hope you smirk at it and LMK what you think! At the end of mando season 2, Grogu leaves with luke skywalker and r2d2...only to return to Din after a couple episodes of him with Luke in the book of boba fett show. I think what would have worked better, was if grogu stayed with luke, and when the time of the mandalorian season finale came, Grogu felt something wrong with Din in the force, once he was captured by Moff Gideon, as the events played out the way they would have basically, just without grogu there, Luke grogu and R2 get in the X-wing and fly over to Mandalore as per Grogu's wishes. He has been training with luke for 2 years now as jon favreau said, so he's much stronger and in tuned with the force, so he feels Din is in trouble. They head to Mandalore, break Din out, until they come across the hall of Clones. It's Din, Grogu, and Luke, as Bo Katan fights the storm troopers in beskar with the other Mandalorians, siege of mandalore style. The clones aren't moff gideon, but rather Clones of Darth Maul, as we find out that Moff Gideon is a Darth Maul loyalist...i mean, if we can't figure it out from the clues all throughout the show, the horns and double bladed staff are a dead giveaway. So all these force sensitive darth mauls come alive, and luke has to fight them. This would be a major nod to George Lucas' original plans for the sequel trilogy he was creating and had written treatments for before Disney did their own thing, thinking they know better. Where he had Luke train new jedi for his jedi order and Darth Maul would return to train his apprentice Darth Talon. While Luke fights Maul, Mando helps Bo Katan fight Moff and Praetorian and it's an all out war while Mandalorians fly overhead with the stormtroopers and newly upgraded dark troopers with them. I'd have loved to see some bounty hunters as well working for the empire flying in there to make it real difficult for the mandalorians. This is where Boba, Fennec and Black Krrsantan show up to blast em in the Slave 1. Dropping seismic charges where applicable and blasting off out of his ship with his jet pack to join the war. While the Mythosaur gets angry at all the seismic charges being dropped and rises to absolutely destroy the area around them. Grogu and Luke use their powers to tame the beast for the moment, and Bo rides it, becoming the supreme ruler of Mandalore as the enemies are defeated. Super fan fictiony. Super fan service, but ultimately, more exciting than what we got. Oh and the dark saber isn't destroyed. Mandalore is back to where it was before the Empire's purge. Grogu back with Din. Luke goes to meet Han and Leia and introduced to Ben Solo, nodding to his journey as we will see him later. Boba in Slave 1 with crew off on an adventure. Bo Katan lights the torch and leads Mandalore Everyone off to their own story, to be met up with again in Dave Filoni's movie (and the Ahsoka show coming up) Learn more about your ad choices. Visit megaphone.fm/adchoices
So this episode was my favourite so far of the whole season, which isn't saying a whole lot since this season has been pretty all over the place and lack lustre, but this one definintely was awesome. I loved seeing the commeradere of the mandalorians, despite their warring tribes they all came together. I believe the spies were of course Elia Kane, but also the armorer and the pirates. There's no way those pirates wouldn't be loyal to Gideon this whole time, roaming the surface and not discovered by Gideon or the Empire. I'm sure the Empire offered them food and help, and them being sick was perhaps a way for the Armorer to get out of there with them. I think Gideon has spies everywhere, and the biggest twist would be if the Armorer was one of his. I have a hard time believing she is, but the fact that we now see his horned helmet along with hers, it just makes me question things. The other possibility is that she is a Zabrak, and the horns are because she can't wear her helmet any other way. As they head towards the Forge, a massive dinosaur blows their ship up, this is NOT they Mythosaur. The Mythosaur is much bigger and more powerful. They escape to a cave and move further down, finally getting to the Forge. They hear jet packs and realize imperials are headed their way. They fly now! These imperials are fitted with white Beskar armour. Axe Woves gets out of there to call for reinforcements, escaping through a small hole in the roof. They all shoot at one another and the Mandos take them out, until they're foolishly lured into a trap. As they notice a massive army of imperial tie fighters and weaponry. They're ambushed and separated by a door that closes. Din fights off the stomtroopers in beskar, tied down, when Moff Gideon lands in his new suit. The next generation of dark trooper suit, this means, it's lightsaber resistant if it's a new phase from the previous dark troopers we saw in season 2's finale with Luke. as the phase 3 dark troopers were lightsaber resistant. Moff Gideon's helmet has horns, so does the armorer's. There are only one group of mandalorians who has horns on their helmets. Darth Maul's loyalists. I believe the armorer is working with Moff Gideon. I believe Moff Gideon is loyal to Darth Maul's leadership as ruler of Mandalore. Gideon talks about the cloners, the jedi, the mandalorians all having something special about them. He plans to aggregate the best of each, and bring order to the galaxy. I think Gideon was trying to create the perfect warrior. A cloned force sensitive wearing mandalorian armor. He sends Din to the debriefing room to be questioned and tortured. He turns to Bo Katan after hearing her voice and demands the dark saber. As she nods to Paz and they all blast the doors as Gideon opens them. Bo runs to the back and qui gon jinn style puts the dark saber through the blast door and cuts a hole for them to escape through. Paz is holding them off with his gattling mini gun blaster and closes the door on himself, telling Bo to go as he takes them all on like a boss. His blaster overheats and he man handles all of them. Until, 3 mandalorian styled praetorian guards appear to defeat him. They slash and stab him at the corners of his armour's weak openings, killing him. He goes out like a boss and I was upset to see him go as I liked his stoic powerful presence in the crew. His son will be very devastated to learn of his father's sacrifice. The praetorian guards have a different helmet than they do in the sequel trilogy, and we see that they have t visor, looking a lot like the shadow guards from legends and the force unleashed. These guys are incredibly powerful and could use the force. The Praetorian guards here look like some mandalorian variation and it makes me wonder if they're different from the sequel trilogy ones or not. Thrawn, praetorian guards, luke skywalker, darth maul loyalists could all be in the next episode and of course moff gideon. Learn more about your ad choices. Visit megaphone.fm/adchoices
Welcome back to the People's Guild. This week we have the privilege of sitting down with yet another team member on the Splinterlands crew. In his first public appearance since 2022, our guest walks us through what's been keeping him going, where his ambitions for this game see us heading and, most importantly, he provides the community with some much appreciated proof of life.Without further ado, we proudly welcome Hardpoint to the show.We get things going with some of our guest's high level views of the future of crypto, web3 and a bit of speculation around both Splinterlands' and gaming's role in the bigger picture of crypto adoption.From there, we take a turn down the massive rabbit hole that is Hardpoint's current passion project - Praetoria. Our guest shares a metric ton of goodness and, we daresay alpha, around the future of land, including the (as of now) imminent introduction of "land surfing". Throughout the episode, we are treated to a whole slew of our guest's aspirations for what's possible within the Praetorian landscape. As we tumble down the rabbit hole with Hardpoint, it becomes abundantly clear that creating moments for our gamers and stakeholders within this ecosystem is a major driving force behind all that is happening behind the scenes. All things considered, and despite all of the salt and negativity, its an exciting time to be here and watch as these stories unfold towards a revival of the game.This conversation proves itself as yet another example of the passion that the leaders over at Steemonsters operate with on a daily basis. Over the last 6 months, the variety of team member guests we've hosted here at TPG have all consistently conveyed their excitement and their dedication for the community, the ecosystem and the future of the game. Inspiring stuff.We have an absolute blast in this episode and its our sincere privilege to present to you our conversation with Hardpoint.Enjoy the episode!
On today's episode of The Cybersecurity Defenders Podcast we are joined by security engineer Adnan Khan to talk about securing the build pipeline and explore some common vulnerabilities in enterprise Github configurations.Organizations using GitHub Actions with self-hosted runners are at risk of attackers gaining an internal network foothold from the Internet if they compromise one developer's personal GitHub access token. Key configuration adjustments can secure these pipelines and limit the damage from a breach.Adnan's talk at BSidesSF: Securing the Pipeline: Protecting Self-Hosted HitHub RunnersThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.
This is the Way. As Bo-Katan leads her people to the surface of their destroyed homeworld, secrets are revealed that lead into a fight to take back their fallen planet once and for all. Join Bella, Ruby, and Ceaira as they take a deeper look into The Mandalorian Chapter 23 “The Spies” and 24 “The Return”, discussing Bo-Katan now leading the Mandalorians without wielding an object of power, Moff Gideon's clones, the death of a fallen comrade, the Praetorian guards vs. Din and Grogu, the Mandalorian painting committee, The Armorer's continued mystery, Din Djarin's shining hour, Grogu's connection to the Mythosaur, and so much more!! Look out next Thursday for our May the 4th special 2023!! Follow Us On Instagram: https://www.instagram.com/starwars_old_republic_radio/ !!SPOILER WARNING!! THE MANDALORIAN SEASON 3 CHAPTER 17 ("The Apostate"), 18 (“The Mines of Mandalore”), 19 (“The Convert”), 20 ("The Foundling"), 21 (“The Pirate”), 22 (“Guns for Hire”), 23 (“The Spies”) AND 24 (“The Return”)!! Being a Star Wars podcast we freely talk about every movie/show including: Every Movie, The Clone Wars, Rebels, The Bad Batch, The Book of Boba Fett, The Mandalorian S1&2, Obi-Wan Kenobi, Tales of the Jedi, and Andor.
On this episode, Dominic, Ben, Chris, and Hannah break down the season finale of The Mandalorian, "The Return". They discuss how the finale tied together the arcs that have been building over the course of the season and whether the payoffs were impactful enough. They also talk about the feeling of the end of the episode and what it signifies about the story so far and where we're headed from here. Plus, life finds a way on Mandalore, the Praetorian guard showdown, and the curious case of Moff Gideon's clones. All this and much more! Join the Star Wars Underworld Network Discord Website: www.starwarsunderworld.com Facebook: www.facebook.com/swunderworld Twitter: @TheSWU Subscribe and Review on Apple PodcastsEmail: swunderworld@gmail.com
On this episode, Dominic, Ben, Chris, and Hannah break down the season finale of The Mandalorian, "The Return". They discuss how the finale tied together the arcs that have been building over the course of the season and whether the payoffs were impactful enough. They also talk about the feeling of the end of the episode and what it signifies about the story so far and where we're headed from here. Plus, life finds a way on Mandalore, the Praetorian guard showdown, and the curious case of Moff Gideon's clones. All this and much more!
CHAPTER 24THE MANDALORIAN“THE RETURN”(Shownotes)1, Bo-Katan and the Mandalorians retreat. Axe gets to the cruise ship and sends reinforcements.2. Mando takes out guards below, working his way through like a boss fight and grabbing higher gear as he goes.3. IG-12 appears! He saves Mando. They run into clones of Gideon. Mando blows them up. (I think)Mando tries to fight Gideon. He calls in the Praetorian guards, but Mando and Grogu/IG-12 defeat them! 4. Epic sky fight, Bo with dark saber, cool moves, Armorer busting helmets5. Bo swoops in and helps Mando out. 6. GIDEON CRUSHES THE DARKSABER?!?! However, Mando saves Bo-Katan. 7. Bo-Katan and Mando manage to survive. Axe pulls a "Holdo" maneuver but, at the last second, jumps out the window. Good job, Axe! 8. The ship blows up, taking Gideon with it. Grogu saves him, Mando and Bo by using the Force to make a shield around them.9. Happy ending! Mando seeks work on Nevarro, the Forge is relit, and Mando and Grogu get to live happily ever after. OUR SOCIALS:Twitter: https://twitter.com/FatherSonGalaxyInstagram: https://www.instagram.com/fathersongalaxyFacebook: https://www.facebook.com/FatherSonGalaxyWebsite: https://fathersongalaxy.com/Media Kit: https://fathersongalaxy.com/media-kit-2/Spreadshop (Merchandise) https://fathersongalaxy.myspreadshop.comPatreon: https://www.patreon.com/fathersongalaxy
Who's the Bossk? - Episode 151: Eat Praetorian Love with Drew Grgich Date: April 15th, 2023 (recorded April 14th) Listen Topics Returning guest Drew Grgich from the "Heroes of the Halcyon" podcast joins "Who's the Bossk?" host Mike Celestino for a discussion of the penultimate episode of The Mandalorian's third season, entitled "Chapter 23 - The Spies." Plus a roundup of Star Wars headlines coming out of Star Wars Celebration 2023 in London and more! Subscribe iTunes Google Spotify
Who's the Bossk? – Episode 151: Eat Praetorian Love with Drew Grgich Date: April 15th, 2023 (recorded April 14th) Listen Topics Returning guest Drew Grgich from the “Heroes of the Halcyon” podcast joins “Who's the Bossk?” host Mike Celestino for a discussion of the penultimate episode of The Mandalorian‘s third season, entitled “Chapter 23 – […] The post Who's the Bossk? – Episode 151: Eat Praetorian Love with Drew Grgich appeared first on LaughingPlace.com.
Sara, Giovanni, and Zach discuss the seventh episode of The Mandalorian season three. They go over Gilad Pallaeon, Brendol Hux, Praetorian guards, the Armorer, Moff Gideon, Grand Admiral Thrawn, Rae Sloane, Bo and Din, and so, so much more! Follow the hosts and let us know what you thought of today's episode! Sara Edwards: @saraedwards380 Giovanni Delgadillo: @GioDelNope Zach Perilstein: @TripleZ_87 Check out Boardwalk Times, the Destination for True Disney Parks Fans Plus Everything Else. Website: https://boardwalktimes.net/ Twitter: https://twitter.com/boardwalktimes Instagram: https://www.instagram.com/boardwalktimes Edited by: Giovanni Delgadillo Credits: Music: "Future Gladiator" Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 4.0 License http://creativecommons.org/licenses/by/4.0/ --- Support this podcast: https://podcasters.spotify.com/pod/show/boardwalktimes/support
Harris Kupperman, Founder & CIO of Praetorian Capital joins Grizzle Media to discuss his outlook on OPEC's surprise output cut, how it will impact the markets & the Fed, and the bull thesis for oil and commodities going forward. Praetorian Capital: https://pracap.com/ Kuppy's Event Driven Monitor: https://kedm.com/ Twitter: https://twitter.com/KEDM_COM | https://twitter.com/hkuppy Follow Grizzle on Twitter: @grizzlemedia @margot_rubin @thomasg_grizzle @scottw_grizzle Grizzle Research & Quant Substack: https://grizzleresearch.substack.com/
Support our podcast, click here: https://www.thereadinesslab.com/dtp-linksOn February 3, 2023, 38 cars from a Norfolk Southern freight train carrying hazardous chemicals derailed in the small town of East Palestine, Ohio near the border with Pennsylvania. Several of the derailed cars burst into flames, releasing the hazardous chemicals such as hydrogen chloride and phosgene into the air. More chemicals were released due to controlled burns.Residents within a 1-mile radius were evacuated, and the emergency response has been handled by agencies from three different states including Ohio, Pennsylvania and West Virginia.In this episode of the Disaster Tough Podcast, Eric Helpenstell of Praetorian reacts to the disaster the response efforts from local response agencies and the Federal Government. Eric is an expert in the field of fire response, particularly Hazmat situations.Together with host, John Scardena, these two Emergency Management professionals and experts break down what exactly happened in this disaster, positive and negative lessons learned from the response efforts that can be applied to future incidents, and compare this incident to others he has seen in his multiple decades of experience in fire and Hazmat response. Major Endorsements: L3Harris and the BeOn PPT App.Learn more about this amazing product here: www.L3Harris.com/ResponderSupport.Instinct Ready Everyday Readiness Kits. Learn more about Instinct Ready's incredible line of readiness products at: www.instinctready.comDoberman Emergency Management provides subject matter experts in planning and training. Learn more here: www.dobermanemg.comThe Readiness Lab Podcast Network: Disaster Tough Podcast is part of The Readiness Lab Podcast Network
Guest: Derya Yavuz, Senior Security Engineer at Praetorian [@praetorianlabs]On LinkedIn | https://www.linkedin.com/in/derya-yavuz/Host: Phillip WylieOn ITSPmagazine
This week we're continuing our Investor Audibles series with Q4 2022 letters from the following investors/funds: Praetorian Capital Gator Capital Management Maran Capital Please let me know what other letters you'd want to hear on future Investor Audible series episodes! Finally, a big thanks to the following sponsors for making the podcast a reality. Mitimco This episode is brought to you by MIT Investment Management Company, also known as MITIMCo, the investment office of MIT. Each year, MITIMCo invests in a handful of new emerging managers who it believes can earn exceptional long-term returns in support of MIT's mission. To help the emerging manager community more broadly, they created emergingmanagers.org, a website for emerging manager stockpickers. For those looking to start a stock-picking fund or just looking to learn about how others have done it, I highly recommend the site. You'll find essays and interviews by successful emerging managers, service providers used by MIT's own managers, essays MITIMCo has written for emerging managers and more! Tegus Tegus has the world's largest collection of instantly available interviews on all the public and private companies you care about. Tegus actually makes primary research fun and effortless, too. Instead of weeks and months, you can learn a new industry or company in hours, and all from those that know it best. I spend nearly all my time reading Tegus calls on existing holdings and new ideas. And I know you will too. So if you're interested, head on over to tegus.co/valuehive for a free trial to see for yourself. TIKR TIKR is THE BEST resource for all stock market data, I use TIKR every day in my process, and I know you will too. Make sure to check them out at TIKR.com/hive. --- Support this podcast: https://anchor.fm/valuehive/support
Guest: Derya Yavuz, Senior Security Engineer at Praetorian [@praetorianlabs]On LinkedIn | https://www.linkedin.com/in/derya-yavuz/Host: Phillip WylieOn ITSPmagazine
Thundering Legion Podcast: Armed Forces Members United In Christ
https://linktr.ee/thunderinglegion Today we have the pleasure of interviewing Joshua Brown, recently retired Marine and now Pastor to the military. He's a pastor with the ministry the Praetorian Project, a ministry which plants pillar churches near military bases. Joshua, welcome to the show. Resources: Praetorian Project Pillar Church of TopSail Episode Notes: Joshua's background and how he ended up joining the military Joshua's testimony and how this played into military service: Secular worldview implosion to faith How Joshua is applying faith in the military and future vision: 20 years in Marine, now a Pastor at Pillar church with Praetorian Project. Pillar Churches are a military focused ministry effort that understands the military lifestyle and seeks to ease transition between duty locations and shorten/eliminate church search. How Joshua applies faith to family, especially with raising multiple teenagers: Being a marine = better father, being a father = better marine, doing them a Christian refines us by absolute truth. Impossible to grow in the same direction as spouse unless growing towards Christ Biggest struggles Joshua experienced while serving as a Christian: Temptation to cover things up while in the artillery career field. How Joshua has seen God working through your successes and failures in his military career: Failures from not being in the word. Successes from working hard to follow Jesus What book of the Bible Joshua goes to in times of difficulty: Psalms and Gospels How Joshua makes spiritual growth a daily priority: Start with scripture Advice to other believers in the military who are struggling Joshua closes us in prayer REFLECT: What does this episode reveal about God's character? How does this episode cause us to see our need for a Savior? How can we apply lessons learned from this episode to our life? Follow Christ for this day! ✝️ “Choose this day whom you will serve...” Joshua 24:15 ✝️ “If you confess with your mouth that Jesus is Lord and believe in your heart that God raised him from the dead, you will be saved.” Romans 10:9 Next steps: SHARE with another armed forces member FOLLOW Instagram, Facebook, Podcast https://linktr.ee/thunderinglegion
Did you ever wonder how much security you can implement with a single vendor? We did and were surprised by how much you can do using the Australian Top Eight as a template. We'll bet you can improve your security by using these tips, tools, and techniques that you might not have even known were there. Special thanks to our sponsor Praetorian for supporting this episode. https://www.praetorian.com/ Full Transcripts: https://docs.google.com/document/d/12HsuOhY9an1QzIw9wOREPMX0pXe5hqkJ Helpful Links Essential 8 https://www.microsoft.com/en-au/business/topic/security/essential-eight Blocking Macros https://ite8.com.au/the-essential-8/office-macros-explained/ Windows Defender Application Control or WDAC (available from Windows 10 or Server 2016 or newer) previously Windows had App Locker (Windows 7 / 8) https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control Windows Group Policies https://techexpert.tips/windows/gpo-block-website-url-google-chrome/ https://chromeenterprise.google/policies/#SafeBrowsingAllowlistDomains https://data.iana.org/TLD/tlds-alpha-by-domain.txt Software Restriction Policies http://woshub.com/how-to-block-viruses-and-ransomware-using-software-restriction-policies/ Blocking websites URL - only allow (.com, .org, .net, edu, .gov, .mil, and the countries you want). Locking down Active Directory https://attack.stealthbits.com/tag/active-directory File Service Resource Management http://woshub.com/using-fsrm-on-windows-file-server-to-prevent-ransomware/ Enable MFA for RDP https://docs.microsoft.com/en-us/azure/active-directory-domain-services/secure-remote-vm-access https://duo.com/docs/rdp Enable MFA for SSH https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/auth-ssh https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux Windows Controlled Folder Access https://support.microsoft.com/en-us/topic/ransomware-protection-in-windows-security-445039d6-537a-488a-ad53-48906f346363 Use Windows File History to create backups to one drive. https://www.ubackup.com/windows-10/file-history-backup-to-onedrive-4348.html Storing your files to One Drive which has ransomware detection https://support.microsoft.com/en-us/office/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f Windows Update Select Start > Settings > Windows Update > Advanced options. Under Active hours, choose to update manually or automatically in Windows 11. https://support.microsoft.com/en-us/windows/keep-your-pc-up-to-date-de79813c-7919-5fed-080f-0871c7bd9bde Microsoft Conditional Policies- https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common Microsoft Authenticator with Number Matching, Geo, & Additional Context https://docs.microsoft.com/en-us/azure/active-directory/authentication/how-to-mfa-additional-context https://websetnet.net/microsoft-rolls-out-new-microsoft-authenticator-features-for-enterprise-users/ Application Approve List- https://www.bleepingcomputer.com/tutorials/create-an-application-whitelist-policy-in-windows/
This episode provides a deep dive into Static Application Security Testing (SAST) tools. Learn how they work, why they don't work as well as you think they will in certain use cases, and find some novel ways apply them to your organization. Special thanks to John Steven for coming on the show to share his expertise. Special thanks to our sponsor Praetorian for supporting this episode. https://www.praetorian.com/ Full Transcript https://docs.google.com/document/d/1zoA70k78IjqyJky-2u7_-i2jlWke8_cb
How do you defend against automated attacks in an era of ChatGPT-formulated malware, coordinated nation-state actors, and a host of disgruntled laid-off security professionals? Want to find your vulnerabilities faster than the bad actors do? Come listen to Richard Ford to learn how to apply best practices in attack surface management and defend your crown jewels. Special thanks to our sponsor Praetorian for supporting this episode. A Full Transcript of this podcast can be found here: https://docs.google.com/document/d/18QyrN-7V91nxOyRQ0KsNeJU0-k-bTlqj
Justin Dolehanty & Taylor Pierce are with Praetorian, a company that specializes in cybersecurtiy. As a collective of highly technical engineers and developers offering deep security expertise, Praetorian solves the toughest challenges faced by today's leading organizations across an ever-evolving digital threat landscape. Our solutions enable clients to find, fix, stop, and ultimately solve cybersecurity problems across their entire enterprise and product portfolios. As trusted advisors, Praetorian helps organizations minimize overall information security risk across digital assets so they can focus on what's important—their core business. Make sure to connect with Justin & Taylor, and follow Praetorian! To learn more about becoming a Freight Agent: https://spi3pl.com/ Ditch your carrier packet, Drive more carrier sales and get better load coverage with seamless digital onboarding, TMS integration, and smart load coverage, visit: https://brokercarrier.com/
About TimTim Gonda is a Cloud Security professional who has spent the last eight years securing and building Cloud workloads for commercial, non-profit, government, and national defense organizations. Tim currently serves as the Technical Director of Cloud at Praetorian, influencing the direction of its offensive-security-focused Cloud Security practice and the Cloud features of Praetorian's flagship product, Chariot. He considers himself lucky to have the privilege of working with the talented cyber operators at Praetorian and considers it the highlight of his career.Tim is highly passionate about helping organizations fix Cloud Security problems, as they are found, the first time, and most importantly, the People/Process/Technology challenges that cause them in the first place. In his spare time, he embarks on adventures with his wife and ensures that their two feline bundles of joy have the best playtime and dining experiences possible.Links Referenced: Praetorian: https://www.praetorian.com/ LinkedIn: https://www.linkedin.com/in/timgondajr/ Praetorian Blog: https://www.praetorian.com/blog/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Thinkst Canary. Most Companies find out way too late that they've been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching 'em giving you the one alert, when it matters. With 0 admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents. Check out what people are saying at canary.love today!Corey: Kentik provides Cloud and NetOps teams with complete visibility into hybrid and multi-cloud networks. Ensure an amazing customer experience, reduce cloud and network costs, and optimize performance at scale — from internet to data center to container to cloud. Learn how you can get control of complex cloud networks at www.kentik.com, and see why companies like Zoom, Twitch, New Relic, Box, Ebay, Viasat, GoDaddy, booking.com, and many, many more choose Kentik as their network observability platform. Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Every once in a while, I like to branch out into new and exciting territory that I've never visited before. But today, no, I'd much rather go back to complaining about cloud security, something that I tend to do an awful lot about. Here to do it with me is Tim Gonda, Technical Director of Cloud at Praetorian. Tim, thank you for joining me on this sojourn down what feels like an increasingly well-worn path.Tim: Thank you, Corey, for having me today.Corey: So, you are the Technical Director of Cloud, which I'm sort of short-handing to okay, everything that happens on the computer is henceforth going to be your fault. How accurate is that in the grand scheme of things?Tim: It's not too far off. But we like to call it Praetorian for nebula. The nebula meaning that it's Schrödinger's problem: it both is and is not the problem. Here's why. We have a couple key focuses at Praetorian, some of them focusing on more traditional pen testing, where we're looking at hardware, hit System A, hit System B, branch out, get to goal.On the other side, we have hitting web applications and [unintelligible 00:01:40]. This insecure app leads to this XYZ vulnerability, or this medical appliance is insecure and therefore we're able to do XYZ item. One of the things that frequently comes up is that more and more organizations are no longer putting their applications or infrastructure on-prem anymore, so therefore, some part of the assessment ends up being in the cloud. And that is the unique rub that I'm in. And that I'm responsible for leading the direction of the cloud security focus group, who may not dive into a specific specialty that some of these other teams might dig into, but may have similar responsibilities or similar engagement style.And in this case, if we discover something in the cloud as an issue, or even in your own organization where you have a cloud security team, you'll have a web application security team, you'll have your core information security team that defends your environment in many different methods, many different means, you'll frequently find that the cloud security team is the hot button for hey, the server was misconfigured at one certain level, however the cloud security team didn't quite know that this web application was vulnerable. We did know that it was exposed to the internet but we can't necessarily turn off all web applications from the internet because that would no longer serve the purpose of a web application. And we also may not know that a particular underlying host's patch is out of date. Because technically, that would be siloed off into another problem.So, what ends up happening is that on almost every single incident that involves a cloud infrastructure item, you might find that cloud security will be right there alongside the incident responders. And yep, this [unintelligible 00:03:20] is here, it's exposed to the internet via here, and it might have the following application on it. And they get cross-exposure with other teams that say, “Hey, your web application is vulnerable. We didn't quite inform the cloud security team about it, otherwise this wouldn't be allowed to go to the public internet,” or on the infrastructure side, “Yeah, we didn't know that there was a patch underneath it, we figured that we would let the team handle it at a later date, and therefore this is also vulnerable.” And what ends up happening sometimes, is that the cloud security team might be the onus or might be the hot button in the room of saying, “Hey, it's broken. This is now your problem. Please fix it with changing cloud configurations or directing a team to make this change on our behalf.”So, in essence, sometimes cloud becomes—it both is and is not your problem when a system is either vulnerable or exposed or at some point, worst case scenario, ends up being breached and you're performing incident response. That's one of the cases why it's important to know—or important to involve others in the cloud security problem, or to be very specific about what the role of a cloud security team is, or where cloud security has to have certain boundaries or has to involve certain extra parties have to be involved in the process. Or when it does its own threat modeling process, say that, okay, we have to take a look at certain cloud findings or findings that's within our security realm and say that these misconfigurations or these items, we have to treat the underlying components as if they are vulnerable, whether or not they are and we have to report on them as if they are vulnerable, even if it means that a certain component of the infrastructure has to already be assumed to either have a vulnerability, have some sort of misconfiguration that allows an outside attacker to execute attacks against whatever the [unintelligible 00:05:06] is. And we have to treat and respond our security posture accordingly.Corey: One of the problems that I keep running into, and I swear it's not intentional, but people would be forgiven for understanding or believing otherwise, is that I will periodically inadvertently point out security problems via Twitter. And that was never my intention because, “Huh, that's funny, this thing isn't working the way that I would expect that it would,” or, “I'm seeing something weird in the logs in my test account. What is that?” And, “Oh, you found a security vulnerability or something akin to one in our environment. Oops. Next time, just reach out to us directly at the security contact form.” That's great. If I'd known I was stumbling blindly into a security approach, but it feels like the discovery of these things is not heralded by an, “Aha, I found it.” But, “Huh, that's funny.”Tim: Of course. Absolutely. And that's where some of the best vulnerabilities come where you accidentally stumble on something that says, “Wait, does this work how—what I think it is?” Click click. Like, “Oh, boy, it does.”Now, I will admit that certain cloud providers are really great about with proactive security reach outs. If you either just file a ticket or file some other form of notification, just even flag your account rep and say, “Hey, when I was working on this particular cloud environment, the following occurred. Does this work the way I think it is? Is this is a problem?” And they usually get back to you with reporting it to their internal team, so on and so forth. But let's say applications are open-source frameworks or even just organizations at large where you might have stumbled upon something, the best thing to do was either look up, do they have a public bug bounty program, do they have a security contact or form reach out that you can email them, or do you know, someone that the organization that you just send a quick email saying, “Hey, I found this.”And through some combination of those is usually the best way to go. And to be able to provide context of the organization being, “Hey, the following exists.” And the most important things to consider when you're sending this sort of information is that they get these sorts of emails almost daily.Corey: One of my favorite genre of tweet is when Tavis Ormandy and Google's Project Zero winds up doing a tweet like, “Hey, do I know anyone over at the security apparatus at insert company here?” It's like, “All right. I'm sure people are shorting stocks now [laugh], based upon whatever he winds up doing that.”Tim: Of course.Corey: It's kind of fun to watch. But there's no cohesive way of getting in touch with companies on these things because as soon as you'd have something like that, it feels like it's subject to abuse, where Comcast hasn't fixed my internet for three days, now I'm going to email their security contact, instead of going through the normal preferred process of wait in the customer queue so they can ignore you.Tim: Of course. And that's something else you want to consider. If you broadcast that a security vulnerability exists without letting the entity or company know, you're also almost causing a green light, where other security researchers are going to go dive in on this and see, like, one, does this work how you described. But that actually is a positive thing at some point, where either you're unable to get the company's attention, or maybe it's an open-source organization, or maybe you're not being fully sure that something is the case. However, when you do submit something to the customer and you want it to take it seriously, here's a couple of key things that you should consider.One, provide evidence that whatever you're talking about has actually occurred, two, provide repeatable steps that the layman's term, even IT support person can attempt to follow in your process, that they can repeat the same vulnerability or repeat the same security condition, and three, most importantly, detail why this matters. Is this something where I can adjust a user's password? Is this something where I can extract data? Is this something where I'm able to extract content from your website I otherwise shouldn't be able to? And that's important for the following reason.You need to inform the business what is the financial value of why leaving this unpatched becomes an issue for them. And if you do that, that's how those security vulnerabilities get prioritized. It's not necessarily because the coolest vulnerability exists, it's because it costs the company money, and therefore the security team is going to immediately jump on it and try to contain it before it costs them any more.Corey: One of my least favorite genres of security report are the ones that I get where I found a vulnerability. It's like, that's interesting. I wasn't aware that I read any public-facing services, but all right, I'm game; what have you got? And it's usually something along the lines of, “You haven't enabled SPF to hard fail an email that doesn't wind up originating explicitly from this list of IP addresses. Bug bounty, please.” And it's, “No genius. That is very much an intentional choice. Thank you for playing.”It comes down to also an idea of whenever I have reported security vulnerabilities in the past, the pattern I always take is, “I'm seeing something that I don't fully understand. I suspect this might have security implications, but I'm also more than willing to be proven wrong.” Because showing up with, “You folks are idiots and have a security problem,” is a terrific invitation to be proven wrong and look like an idiot. Because the first time you get that wrong, no one will take you seriously again.Tim: Of course. And as you'll find that most bug bounty programs are, if you participate in those, the first couple that you might have submitted, the customer might even tell you, “Yeah, we're aware that that vulnerability exists, however, we don't view it as a core issue and it cannot affect the functionality of our site in any meaningful way, therefore we're electing to ignore it.” Fair.Corey: Very fair. But then when people write up about those things, well, they've they decided this is not an issue, so I'm going to do a write-up on it. Like, “You can't do that. The NDA doesn't let you expose that.” “Really? Because you just said it's a non-issue. Which is it?”Tim: And the key to that, I guess, would also be that is there an underlying technology that doesn't necessarily have to be attributed to said organization? Can you also say that, if I provide a write-up or if I put up my own personal blog post—let's say, we go back to some of the OpenSSL vulnerabilities including OpenSSL 3.0, that came out not too long ago, but since that's an open-source project, it's fair game—let's just say that if there was a technology such as that, or maybe there's a wrapper around it that another organization could be using or could be implementing a certain way, you don't necessarily have to call the company up by name, or rather just say, here's the core technology reason, and here's the core technology risk, and here's the way I've demoed exploiting this. And if you publish an open-source blog like that and then you tweet about that, you can actually gain security support around such issue and then fight for the research.An example would be that I know a couple of pen testers who have reported things in the past, and while the first time they reported it, the company was like, “Yeah, we'll fix it eventually.” But later, when another researcher report this exact same finding, the company is like, “We should probably take this seriously and jump on it.” It sometimes it's just getting in front of that and providing frequency or providing enough people around to say that, “Hey, this really is an issue in the security community and we should probably fix this item,” and keep pushing others organizations on it. A lot of times, they just need additional feedback. Because as you said, somebody runs an automated scanner against your email and says that, “Oh, you're not checking SPF as strictly as the scanner would have liked because it's a benchmarking tool.” It's not necessarily a security vulnerability rather than it's just how you've chosen to configure something and if it works for you, it works for you.Corey: How does cloud change this? Because a lot of what we talked about so far could apply to anything. Go back in time to 1995 and a lot of what we're talking about mostly holds true. It feels like cloud acts as a significant level of complexity on top of all of this. How do you view the differentiation there?Tim: So, I think it differentiated two things. One, certain services or certain vulnerability classes that are handled by the shared service model—for the most part—are probably secure better than you might be able to do yourself. Just because there's a lot of research, the team is [experimented 00:13:03] a lot of time on this. An example of if there's a particular, like, spoofing or network interception vulnerability that you might see on a local LAN network, you probably are not going to have the same level access to be able to execute that on a virtual private cloud or VNet, or some other virtual network within cloud environment. Now, something that does change with the paradigm of cloud is the fact that if you accidentally publicly expose something or something that you've created expo—or don't set a setting to be private or only specific to your resources, there is a couple of things that could happen. The vulnerabilities exploitability based on where increases to something that used to be just, “Hey, I left a port open on my own network. Somebody from HR or somebody from it could possibly interact with it.”However, in the cloud, you've now set this up to the entire world with people that might have resources or motivations to go after this product, and using services like Shodan—which are continually mapping the internet for open resources—and they can quickly grab that, say, “Okay, I'm going to attack these targets today,” might continue to poke a little bit further, maybe an internal person that might be bored at work or a pen tester just on one specific engagement. Especially in the case of let's say, what you're working on has sparked the interest of a nation-state and they want to dig into a little bit further, they have the resources to be able to dedicate time, people, and maybe tools and tactics against whatever this vulnerability that you've given previously the example of—maybe there's a specific ID and a URL that just needs to be guessed right to give them access to something—they might spend the time trying to brute force that URL, brute force that value, and eventually try to go after what you have.The main paradigm shift here is that there are certain things that we might consider less of a priority because the cloud has already taken care of them with the shared service model, and rightfully so, and there's other times that we have to take heightened awareness on is, one, we either dispose something to the entire internet or all cloud accounts within creations. And that's actually something that we see commonly. In fact, one thing I would like to say we see very common is, all AWS users, regardless if it's in your account or somewhere else, might have access to your SNS topic or SQS Queue. Which doesn't seem like that big of vulnerability, but I changed the messages, I delete messages, I viewed your messages, but rather what's connected to those? Let's talk database Lambda functions where I've got source code that a developer has written to handle that source code and may not have built in logic to handle—maybe there was a piece of code that could be abused as part of this message that might allow an attacker to send something to your Lambda function and then execute something on that attacker's behalf.You weren't aware of it, you weren't thinking about it, and now you've exposed it to almost the entire internet. And since anyone can go sign up for an AWS account—or Azure or GCP account—and then they're able to start poking at that same piece of code that you might have developed thinking, “Well, this is just for internal use. It's not a big deal. That one static code analysis tool isn't probably too relevant.” Now, it becomes hyper-relevant and something you have to consider with a little more attention and dedicated time to making sure that these things that you've written or deploying, are in fact, safe because misconfigured or mis-exposed, and suddenly the entire world is starts knocking at it, and increases the risk of, it may really well be a problem. The severity of that issue could increase dramatically.Corey: As you take a look across, let's call it the hyperscale clouds, the big three—which presumably I don't need to define out—how do you wind up ranking them in terms of security from top to bottom? I have my own rankings that I like to dole out and basically, this is the, let's offend someone at every one of these companies, no matter how we wind up playing it. Because I will argue with you just on principle on them. How do you view them stacking up against each other?Tim: So, an interesting view on that is based on who's been around longest and who is encountered of the most technical debt. A lot of these security vulnerabilities or security concerns may have had to deal with a decision made long ago that might have made sense at the time and now the company has kind of stuck with that particular technology or decision or framework, and are now having to build or apply security Band-Aids to that process until it gets resolved. I would say, ironically, AWS is actually at the top of having that technical debt, and actually has so many different types of access policies that are very complex to configure and not very user intuitive unless you speak intuitively JSON or YAML or some other markdown language, to be able to tell you whether or not something was actually set up correctly. Now, there are a lot of security experts who make their money based on knowing how to configure or be able to assess whether or not these are actually the issue. I would actually bring them as, by default, by design, between the big three, they're actually on the lower end of certain—based on complexity and easy-to-configure-wise.The next one that would also go into that pile, I would say is probably Microsoft Azure, who [sigh] admittedly, decided to say that, “Okay, let's take something that was very complicated and everyone really loved to use as an identity provider, Active Directory, and try to use that as a model for.” Even though they made it extensively different. It is not the same as on-prem directory, but use that as the framework for how people wanted to configure their identity provider for a new cloud provider. The one that actually I would say, comes out on top, just based on use and based on complexity might be Google Cloud. They came to a lot of these security features first.They're acquiring new companies on a regular basis with the acquisition of Mandiant, the creation of their own security tooling, their own unique security approaches. In fact, they probably wrote the book on Kubernetes Security. Would be on top, I guess, from usability, such as saying that I don't want to have to manage all these different types of policies. Here are some buttons I would like to flip and I'd like my resources, for the most part by default, to be configured correctly. And Google does a pretty good job of that.Also, one of the things they do really well is entity-based role assumption, which inside of AWS, you can provide access keys by default or I have to provide a role ID after—or in Azure, I'm going to say, “Here's a [unintelligible 00:19:34] policy for something specific that I want to grant access to a specific resource.” Google does a pretty good job of saying that okay, everything is treated as an email address. This email address can be associated in a couple of different ways. It can be given the following permissions, it can have access to the following things, but for example, if I want to remove access to something, I just take that email address off of whatever access policy I had somewhere, and then it's taken care of. But they do have some other items such as their design of least privilege is something to be expected when you consider their hierarchy.I'm not going to say that they're not without fault in that area—in case—until they had something more recently, as far as finding certain key pieces of, like say, tags or something within a specific sub-project or in our hierarchy, there were cases where you might have granted access at a higher level and that same level of access came all the way down. And where at least privilege is required to be enforced, otherwise, you break their security model. So, I like them for how simple it is to set up security at times, however, they've also made it unnecessarily complex at other times so they don't have the flexibility that the other cloud service providers have. On the flip side of that, the level of flexibility also leads to complexity at times, which I also view as a problem where customers think they've done something correctly based on their best knowledge, the best of documentation, the best and Medium articles they've been researching, and what they have done is they've inadvertently made assumptions that led to core anti-patterns, like, [unintelligible 00:21:06] what they've deployed.Corey: This episode is sponsored in part by our friends at Uptycs, because they believe that many of you are looking to bolster your security posture with CNAPP and XDR solutions. They offer both cloud and endpoint security in a single UI and data model. Listeners can get Uptycs for up to 1,000 assets through the end of 2023 (that is next year) for $1. But this offer is only available for a limited time on UptycsSecretMenu.com. That's U-P-T-Y-C-S Secret Menu dot com.Corey: I think you're onto something here, specifically in—well, when I've been asked historically and personally to rank security, I have viewed Google Cloud as number one, and AWS is number two. And my reasoning behind that has been from an absolute security of their platform and a pure, let's call it math perspective, it really comes down to which of the two of them had what for breakfast on any given day there, they're so close on there. But in a project that I spin up in Google Cloud, everything inside of it can talk to each other by default and I can scope that down relatively easily, whereas over an AWS land, by default, nothing can talk to anything. And that means that every permission needs to be explicitly granted, which in an absolutist sense and in a vacuum, yeah, that makes sense, but here in reality, people don't do that. We've seen a number of AWS blog posts over the last 15 years—they don't do this anymore—but it started off with, “Oh, yeah, we're just going to grant [* on * 00:22:04] for the purposes of this demo.”“Well, that's horrible. Why would you do that?” “Well, if we wanted to specify the IAM policy, it would take up the first third of the blog post.” How about that? Because customers go through that exact same thing. I'm trying to build something and ship.I mean, the biggest lie in any environment or any codebase ever, is the comment that starts with, “To do.” Yeah, that is load-bearing. You will retire with that to do still exactly where it is. You have to make doing things the right way at least the least frictionful path because no one is ever going to come back and fix this after the fact. It's never going to happen, as much as we wish that it did.Tim: At least until after the week of the breach when it was highlighted by the security team to say that, “Hey, this was the core issue.” Then it will be fixed in short order. Usually. Or a Band-Aid is applied to say that this can no longer be exploited in this specific way again.Corey: My personal favorite thing that, like, I wouldn't say it's a lie. But the favorite thing that I see in all of these announcements right after the, “Your security is very important to us,” right after it very clearly has not been sufficiently important to them, and they say, “We show no signs of this data being accessed.” Well, that can mean a couple different things. It can mean, “We have looked through the audit logs for a service going back to its launch and have verified that nothing has ever done this except the security researcher who found it.” Great. Or it can mean, “What even are logs, exactly? We're just going to close our eyes and assume things are great.” No, no.Tim: So, one thing to consider there is in that communication, that entire communication has probably been vetted by the legal department to make sure that the company is not opening itself up for liability. I can say from personal experience, when that usually has occurred, unless it can be proven that breach was attributable to your user specifically, the default response is, “We have determined that the security response of XYZ item or XYZ organization has determined that your data was not at risk at any point during this incident.” Which might be true—and we're quoting Star Wars on this one—from a certain point of view. And unfortunately, in the case of a post-breach, their security, at least from a regulation standpoint where they might be facing a really large fine, is absolutely probably their top priority at this very moment, but has not come to surface because, for most organizations, until this becomes something that is a financial reason to where they have to act, where their reputation is on the line, they're not necessarily incentivized to fix it. They're incentivized to push more products, push more features, keep the clients happy.And a lot of the time going back and saying, “Hey, we have this piece of technical debt,” it doesn't really excite our user base or doesn't really help us gain a competitive edge in the market is considered an afterthought until the crisis occurs and the information security team rejoices because this is the time they actually get to see their stuff fixed, even though it might be a super painful time for them in the short run because they get to see these things fixed, they get to see it put to bed. And if there's ever a happy medium, where, hey, maybe there was a legacy feature that wasn't being very well taken care of, or maybe this feature was also causing the security team a lot of pain, we get to see both that feature, that item, that service, get better, as well as security teams not have to be woken up on a regular basis because XYZ incident happened, XYZ item keeps coming up in a vulnerability scan. If it finally is put to bed, we consider that a win for all. And one thing to consider in security as well as kind of, like, we talk about the relationship between the developers and security and/or product managers and security is if we can make it a win, win, win situation for all, that's the happy path that we really want to be getting to. If there's a way that we can make sure that experience is better for customers, the security team doesn't have to be broken up on a regular basis because an incident happened, and the developers receive less friction when they want to go implement something, you find that that secure feature, function, whatever tends to be the happy path forward and the path of least resistance for everyone around it. And those are sometimes the happiest stories that can come out of some of these incidents.Corey: It's weird to think of there being any happy stories coming out of these things, but it's definitely one of those areas that there are learnings there to be had if we're willing to examine them. The biggest problem I see so often is that so many companies just try and hide these things. They give the minimum possible amount of information so the rest of us can't learn by it. Honestly, some of the moments where I've gained the most respect for the technical prowess of some of these cloud providers has been after there's been a security issue and they have disclosed either their response or why it was a non-issue because they took a defense-in-depth approach. It's really one of those transformative moments that I think is an opportunity if companies are bold enough to chase them down.Tim: Absolutely. And in a similar vein, when we think of certain cloud providers outages and we're exposed, like, the major core flaw of their design, and if it kept happening—and again, these outages could be similar and analogous to an incident or a security flaw, meaning that it affected us. It was something that actually happened. In the case of let's say, the S3 outage of, I don't know, it was like 2017, 2018, where it turns out that there was a core DNS system that inside of us-east-1, which is actually very close to where I live, apparently was the core crux of, for whatever reason, the system malfunctioned and caused a major outage. Outside of that, in this specific example, they had to look at ways of how do we not have a single point of failure, even if it is a very robust system, to make sure this doesn't happen again.And there was a lot of learnings to be had, a lot of in-depth investigation that happened, probably a lot of development, a lot of research, and sometimes on the outside of an incident, you really get to understand why a system was built a certain way or why a condition exists in the first place. And it sometimes can be fascinating to kind of dig into that very deeper and really understand what the core problem is. And now that we know what's an issue, we can actually really work to address it. And sometimes that's actually one of the best parts about working at Praetorian in some cases is that a lot of the items we find, we get to find them early before it becomes one of these issues, but the most important thing is we get to learn so much about, like, why a particular issue is such a big problem. And you have to really solve the core business problem, or maybe even help inform, “Hey, this is an issue for it like this.”However, this isn't necessarily all bad in that if you make these adjustments of these items, you get to retain this really cool feature, this really cool thing that you built, but also, you have to say like, here's some extra, added benefits to the customers that you weren't really there. And—such as the old adage of, “It's not a bug, it's a feature,” sometimes it's exactly what you pointed out. It's not necessarily all bad in an incident. It's also a learning experience.Corey: Ideally, we can all learn from these things. I want to thank you for being so generous with your time and talking about how you view this increasingly complicated emerging space. If people want to learn more, where's the best place to find you?Tim: You can find me on LinkedIn which will be included in this podcast description. You can also go look at articles that the team is putting together at praetorian.com. Unfortunately, I'm not very big on Twitter.Corey: Oh, well, you must be so happy. My God, what a better decision you're making than the rest of us.Tim: Well, I like to, like, run a little bit under the radar, except on opportunities like this where I can talk about something I'm truly passionate about. But I try not to pollute the airwaves too much, but LinkedIn is a great place to find me. Praetorian blog for stuff the team is building. And if anyone wants to reach out, feel free to hit the contact page up in praetorian.com. That's one of the best places to get my attention.Corey: And we will, of course, put links to that in the [show notes 00:30:19]. Thank you so much for your time. I appreciate it. Tim Gonda, Technical Director of Cloud at Praetorian. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment talking about how no one disagrees with you based upon a careful examination of your logs.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.
GuestNathan SportsmanCEO at Praetorian Labs [@praetorianlabs]On LinkedIn | https://www.linkedin.com/in/nathansportsman/HostPhillip WylieOn ITSPmagazine
Your money is gone, Chaos, Ublerleaks, Esxi, Fortinet, Cloudflare, Praetorian, Jason Wood, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn262
This week we're continuing our Investor Audibles series with three Q3 2022 letters from the following investors/funds: Nordstern Capital Praetorian Capital Maran Capital Please let me know what other letters you'd want to hear on future Investor Audible series episodes! Also, here are some of the links mentioned in the podcast: Value Hive Podcast w/ David Kaye Finally, a big thanks to the following sponsors for making the podcast a reality. Mitimco This episode is brought to you by MIT Investment Management Company, also known as MITIMCo, the investment office of MIT. Each year, MITIMCo invests in a handful of new emerging managers who it believes can earn exceptional long-term returns in support of MIT's mission. To help the emerging manager community more broadly, they created emergingmanagers.org, a website for emerging manager stockpickers. For those looking to start a stock-picking fund or just looking to learn about how others have done it, I highly recommend the site. You'll find essays and interviews by successful emerging managers, service providers used by MIT's own managers, essays MITIMCo has written for emerging managers and more! Tegus Tegus has the world's largest collection of instantly available interviews on all the public and private companies you care about. Tegus actually makes primary research fun and effortless, too. Instead of weeks and months, you can learn a new industry or company in hours, and all from those that know it best. I spend nearly all my time reading Tegus calls on existing holdings and new ideas. And I know you will too. So if you're interested, head on over to tegus.co/valuehive for a free trial to see for yourself. TIKR TIKR is THE BEST resource for all stock market data, I use TIKR every day in my process, and I know you will too. Make sure to check them out at TIKR.com/hive. --- Support this podcast: https://anchor.fm/valuehive/support