Purple Squad Security http://purplesquadsec.com Pinecast (https://pinecast.com) en-USJohn Svazic John Svazic jsvazic@gmail.com no Purple Squad Security http://purplesquadsec.com https://storage.pinecast.net/podcasts/covers/19c82c10-888a-4f20-871b-f4f6c51fb5bd/podcast_cover.png episodic Copyright (c) 2017 - 2019 - John Svazic If you know the enemy and know yourself, you need not fear the result of a hundred battles. Yes Special Episode - EliteCast Episode 1 https://pinecast.com/guid/255e79b1-4c24-4db0-9727-72901946eb16 Tue, 05 Jan 2021 08:35:00 -0000 00:23:19 An introduction to John's newest podcast for your listening pleasure http://purplesquadsec.com/episode/255e79b14c244db0/special-episode-elitecast-episode-1 Episode Notes

Here's the first episode of my new podcast, EliteCast! This is intended to be a less technical podcast aimed at business leaders and decision-makers to help explain the importance of information security (or cybersecurity as it's normally called by the target audience). I'm a bit rusty, but I'll get there. Apparently, a 9-month hiatus does that to a man.

I hope you enjoy it and you choose to subscribe. It should be live on the usual podcast sites, but if you want the RSS link, check out:

https://pinecast.com/feed/elitecast

Thanks, and take care!

Find out more at http://purplesquadsec.com

]]> no 1 Episode 71 - A Casual Conversation with The Cyber Mentor https://pinecast.com/guid/c64d1002-c461-4a86-bca3-8d28cae96448 Sun, 08 Mar 2020 14:13:48 -0000 00:42:52 The Cyber Mentor stops by to chat about business, getting into Infosec, and what he's doing to give back to the community. http://purplesquadsec.com/episode/c64d1002c4614a86/episode-71-a-casual-conversation-with-the-cyber-mentor Heath "The Cyber Mentor" Adams stops by to have a nice casual chat about how he got into infosec, what he's currently working on, and how he's giving back to the community in a rather novel way. Definitely someone I respect as a great up-and-comer in the industry, this was a fantastic discussion for sure.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 1 Episode 70 - Mul-Tea-Factor with Kat Sweet https://pinecast.com/guid/3fd15325-affa-4d66-bb43-5035cfc81588 Sun, 23 Feb 2020 14:35:07 -0000 00:42:59 Kat Sweet comes to chat with me about security as we sip tea! http://purplesquadsec.com/episode/3fd15325affa4d66/episode-70-mul-tea-factor-with-kat-sweet Kat Sweet (@TheSweetKat) sits down to chat about incident response and security operations, all while sipping tea with me.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 1 Episode 69 - 2020 Show Update https://pinecast.com/guid/2690f0b4-aa41-42a5-8781-4cf8cb5a41c6 Sun, 09 Feb 2020 15:10:00 -0000 00:31:46 John talks about the show for 2020 http://purplesquadsec.com/episode/2690f0b4aa4142a5/episode-69-2020-show-update John sits down to talk solo about the show and what's in store for 2020.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 1 Episode 68 - All About The Diana Initiative with Circuit Swan https://pinecast.com/guid/7dfe7f17-4e6b-4ac4-a95a-8d4c8ee21180 Mon, 20 Jan 2020 02:34:27 -0000 00:40:08 Circuit Swan joins me to talk about the Diana Initiative and a few extras they are doing for this years conference http://purplesquadsec.com/episode/7dfe7f174e6b4ac4/episode-68-all-about-the-diana-initiative-with-circuit-swan Circuit Swan stops by the show to talk all things Diana Initiative. If you're going to Hacker Summer Camp 2020, you may want to consider adding the Diana Initiative to your list of cons to attend.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 1 Episode 67 - A casual conversation with Snow https://pinecast.com/guid/e2c3d6a2-5e8f-4dcb-8bfc-1de9b3251148 Sun, 15 Dec 2019 15:31:14 -0000 00:48:00 Snow stops by the show to chat about physical penetration testing, Kringlecon, and a few other topics http://purplesquadsec.com/episode/e2c3d6a25e8f4dcb/episode-67-a-casual-conversation-with-snow Snow stops by during the winter months to share with us the true origin of her hacker handle, stories from some physical penetration testing, a quick note on her Kringlecon talk, and so much more! A great way to round out the year!

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 1 Episode 66 - Fireside Chat with Adrian Cheek https://pinecast.com/guid/2da9c018-12e6-42f4-917a-8019bf6fa71b Sun, 01 Dec 2019 16:35:23 -0000 00:42:05 Adrian Cheek stops by to talk about taking down criminal websites, passive DNS, and threat hunting http://purplesquadsec.com/episode/2da9c01812e642f4/episode-66-fireside-chat-with-adrian-cheek Adrian Cheek stops by the show this week to have a nice fireside chat with me. We talk about passive DNS, which Adrian first introduced to me a few years ago, and then move on to threat hunting. Adrian has a very interesting history and it was a joy to speak with him.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 1 Episode 65 - Fireside Chat with The Gibson https://pinecast.com/guid/106de6dc-d5ed-4c9e-8131-fb8f04fdc50d Sun, 17 Nov 2019 15:21:44 -0000 00:52:38 I sit down with The Gibson to chat about the Fediverse, SMB Security, and life in general http://purplesquadsec.com/episode/106de6dcd5ed4c9e/episode-65-fireside-chat-with-the-gibson I'm trying a slightly different format for the next few episodes, and I'd appreciate any feedback you may have.

In this episode I sit down with The Gibson, mayor of hackers.town, to talk about a variety of things from the Fediverse, working with the under-serviced SMB market, old school technologies, and the Infosec community as a whole. We're all over the place, but it's a good thing. Just a nice casual conversation talking about things that interest us.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 1 Episode 64 - Fireside Chat with Tanya Janca https://pinecast.com/guid/629c0c4f-f2a5-4f58-8803-7be80a6d0bba Sun, 03 Nov 2019 15:16:00 -0000 00:50:50 I sit down with Tanya Janca for a fireside chat about her new company, Security Sidekick http://purplesquadsec.com/episode/629c0c4ff2a54f58/episode-64-fireside-chat-with-tanya-janca I'm trying a slightly different format for the next few episodes, and I'd appreciate any feedback you may have.

In this episode I sit down with the amazing Tanya Janca for a fireside chat about her new company, Security Sidekick. They seem to have some pretty ambitious goals, and I couldn't think of anyone better to help make those a reality.

Some links of interest:

For Tanya:

For Security Sidekick:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 1 Episode 63 - Backdoors & Breaches with John Strand https://pinecast.com/guid/7a0caa7e-c59c-4028-b791-46c123d64e9e Sun, 20 Oct 2019 14:08:05 -0000 00:42:55 John Strand (@strandjs) stops by to chat about physical security assessments, Backdoors & Breaches, and the InfoSec community! http://purplesquadsec.com/episode/7a0caa7ec59c4028/episode-63-backdoors-breaches-with-john-strand Oh what I treat I have for you today! John Strand, former SANS instructor, long time co-host on Enterprise Security Weekly, Founder of Black Hills Information Security, and a whole lot more has taken time out of his busy schedule to stop by and talk about Backdoors & Breaches, the new IR card game from BHIS. Naturally we talk about more than just the game, but it was all as amazing as I had hoped. I trust you will enjoy listening to this one about as much as I enjoyed recording it.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 1 Episode 62 - #ginfosec with InfoSecSherpa - Empathy as a Service https://pinecast.com/guid/d6c9095c-1f20-47d7-8439-57a3b6bbcd51 Sun, 06 Oct 2019 14:52:54 -0000 01:01:44 Tracy "InfoSecSherpa" comes back for another #ginfosec episode to talk about Empathy as a Service http://purplesquadsec.com/episode/d6c9095c1f2047d7/episode-62-ginfosec-with-infosecsherpa-empathy-as-a-service It's been long enough, and it's time for Tracy "InfoSecSherpa" to return for another #ginfosec episode! This time around we're going to talk about Empathy as a Service, a talk that she recently did at DerbyCon. Soft skills will get you everywhere, and Tracy has some great advice to share about a topic she's very passionate about.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 1 Episode 61 – Anniversaries and Updates https://pinecast.com/guid/b01ea05a-a7b5-4ac6-a72a-76b368cc4e9a Sun, 22 Sep 2019 14:43:00 -0000 00:37:20 John talks about the 2 year anniversary of the show as well as other behind-the-scenes details. http://purplesquadsec.com/episode/b01ea05aa7b54ac6/episode-61-anniversaries-and-updates Ah, I love anniversaries. This is an anniversary episode celebrating 2 years of Purple Squad Security! Just a few personal rants and discussions for those interested in a bit of a behind the scenes view of things here at the show. No guests, just me blathering on about stuff. Enjoy!

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 1 Episode 60 – Tabletop D&D with Ken Johnson & Seth Law from Absolute AppSec https://pinecast.com/guid/e2ee738c-0965-49aa-8b53-7ffda0ce2f96 Sun, 01 Sep 2019 13:35:46 -0000 01:08:14 Ken Johnson and Seth Law from the Absoute AppSec Podcast join me for another Tabletop D&D episode! http://purplesquadsec.com/episode/e2ee738c096549aa/episode-60-tabletop-d-d-with-ken-johnson-seth-law-from-absolute-appsec The hiatus is over! Welcome back everyone to the latest episode of the Purple Squad Security podcast! In this episode we have Ken Johnson and Seth Law from the Absolute AppSec Podcast joining me for the latest session of Tabletop D&D. Enjoy!

Some links of interest:

Want to hear about a new Infosec con?  If you're in and around the Waterloo region area in October, why not check out Cyber City!  This is Waterloo region's premier information security conference.  Tickets are on sale now!

We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 58 – Malware Analysis with Kyle Andrus https://purplesquadsec.com/?post_type=podcast&p=362 Sun, 23 Jun 2019 15:12:52 -0000 00:43:52 Kyle Andrus comes back to talk about what malware analysis is and some starting points for getting into it. http://purplesquadsec.com/episode/e00b7b4ac268465f/episode-58-malware-analysis-with-kyle-andrus Often times in information security, we look upon penetration testing and red teaming with awe and view those professions as the "sexy" side of security.  Truth be told, the defensive side has a lot of exciting opportunities as well!  Kyle Andrus joins me this week to talk about malware analysis, which I think is definitely one of the sexier sides of defense. Some links of interest:

Want to hear about a new Infosec con?  If you're in and around the Waterloo region area in October, why not check out Cyber City!  This is Waterloo region's premier information security conference.  Tickets are on sale now and the CFP is open until July 31st, 2019.  Don't wait, and come participate today!  

We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 57 – Tinker After Dark – Tinker Tales by the Fire https://purplesquadsec.com/?post_type=podcast&p=357 Sun, 09 Jun 2019 14:45:47 -0000 01:20:23 Tinkers back! With the green light to speak as he wants, we get some excellent stories and great retrospectives! http://purplesquadsec.com/episode/3c5b25e415b5437b/episode-57-tinker-after-dark-tinker-tales-by-the-fire There were more than a few of you who were anxiously awaiting his return, and he's back!  Tinker joins me once again to share some stories from his adventures in hackerland.  In addition, I have given Tinker free reign to speak as he chooses, and naturally I participate as well.  Fair warning, this is not safe for work or sensitive ears.  I do ask that you try not to be offended, as his stories and reflections on those events makes for one excellent episode.

Some links of interest:

We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 56 – John Reads: Choose Your Own Red Team Adventure https://purplesquadsec.com/?post_type=podcast&p=352 Sun, 26 May 2019 14:10:21 -0000 00:32:16 John reads a Choose Your Own Adventure story that was posted on Medium related to Red Teaming! http://purplesquadsec.com/episode/243a0741cdcb4e77/episode-56-john-reads-choose-your-own-red-team-adventure A few weeks ago, Sam King on Twitter mentioned me in a tweet that included a link to a Medium post, but not just any Medium post.  Tim MalcomVetter had posted up an "Choose Your Own Red Team Adventure", which I thought was just amazing!  I used to read a lot of choose your own adventure books as a kid, so I was naturally excited!  For this episode, I will be going through the story the first time, reading aloud as I try my hand at red teaming against a customer.  I hope you enjoy!

Some links of interest:

We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 55 – Talking Privacy with Matt Beland https://purplesquadsec.com/?post_type=podcast&p=341 Sun, 12 May 2019 14:11:52 -0000 00:49:13 Matt Beland stops by to talk about privacy and what that means for a security professional. http://purplesquadsec.com/episode/10980e4d1d01420c/episode-55-talking-privacy-with-matt-beland CORRECTION: Early in this episode I mentioned that Amazon would ask for your email password when signing up for a new account.  I meant to say Facebook, not Amazon.  The practice has since been discontinued, but I wanted to make it clear that this was a Facebook practice, not Amazon.  Amazon has not, to the best of my knowledge, ever done something like this.  Sorry for the mixup.

For most security professionals, we view the CIA triad as our grail.  No, not the US government agency that works around the world doing a lot of questionable things, but rather the more tame version of Confidentiality, Integrity, and Availability.  For today's episode, Matt Beland joins me to explain privacy and how it's not all about Confidentiality as I, and I'm sure a few of you, may have thought.

Some links of interest:

We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 54 – Tribe of Hackers with Marcus J. Carey https://purplesquadsec.com/?post_type=podcast&p=333 Sun, 28 Apr 2019 13:00:00 -0000 00:29:46 Marcus Carey joins me to talk about his latest book, Tribe of Hackers. http://purplesquadsec.com/episode/2940f0a8e3394945/episode-54-tribe-of-hackers-with-marcus-j-carey Tribe of Hackers is a recently released book by Marcus Carey and Jennifer Jin that is a collection of stories from member of our community, or tribe as Marcus describes it.  This was a great and insightful interview, and definitely one you will want to listen to if you haven't read the book yet. Some links of interest:

We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 53 – #Ginfosec with @InfoSecSherpa – All About Cons! https://purplesquadsec.com/?post_type=podcast&p=331 Sun, 14 Apr 2019 14:57:01 -0000 01:37:23 The @InfoSecSherpa comes back for another #ginfosec episode where we talk about attending conferences http://purplesquadsec.com/episode/df3cd3802bf94d39/episode-53-ginfosec-with-infosecsherpa-all-about-cons- Once again I am pleased to share a #ginfosec episode with the woman who helps guide others through the mountains of infosec, Tracy InfoSecSherpa Maleeff!  In this extended episode Tracy and I speak about conferences from the attendee point of view; what to expect, what to bring, how to go, and what you should aim to get from the con.  Enjoy! Some links of interest:

We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 52 – John The Generalist https://purplesquadsec.com/?post_type=podcast&p=323 Sun, 31 Mar 2019 13:30:06 -0000 00:37:17 John goes solo to talk about him being a generalist in Information Security http://purplesquadsec.com/episode/5232ae2821c848e9/episode-52-john-the-generalist This week John goes solo and decides to talk about a recent threat he spun up about on Twitter, naming himself as a generalist within Information Security and discussing what that means to him. Some links of interest:

We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 51 – Fireside Chat with Chris Foulon https://purplesquadsec.com/?post_type=podcast&p=316 Sun, 10 Mar 2019 14:19:23 -0000 00:39:52 Chris Foulon stops by for a fireside chat about breaking into Information Security. http://purplesquadsec.com/episode/0b5bba0b28974884/episode-51-fireside-chat-with-chris-foulon Chris Foulon stops by for a fireside chat to talk about breaking into Infosec.  For those unfamiliar with the fireside chat series, this is where we come in with a topic but no other real agenda.  It's a casual conversation where I just have a casual conversation with my guest, similar to what would happen in hallway con.  I hope you enjoy! Some links of interest:

We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 50 – Tabletop D&D with Tim De Block, Ed Rojas, Daniel Ebbutt, and Kyle Andrus https://purplesquadsec.com/?post_type=podcast&p=310 Sun, 17 Feb 2019 14:24:39 -0000 01:29:29 Another tabletop D&D episode! Pure mayhem with this one, which is fitting for a bicentennial episode! http://purplesquadsec.com/episode/b1b95222cf9c48fd/episode-50-tabletop-d-d-with-tim-de-block-ed-rojas-daniel-ebbutt-and-kyle-andrus It's that time again!  Yes, another Tabletop D&D episode is upon us!  This time I asked Timothy de Block from the Exploring Information Security podcast to join me, along with a few interesting characters.  Let's just say this particular episode is not for the faint of heart, and we have a few swears thrown in to keep with the atmosphere.  Enjoy! Some links of interest:

We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 49 – The Red Team Life with Curtis Brazzell https://purplesquadsec.com/?post_type=podcast&p=295 Sun, 03 Feb 2019 14:29:34 -0000 00:34:48 Curtis Brazzell from Pondurance joins me to talk about red teaming and managing red teams. http://purplesquadsec.com/episode/8faff0cea17847cd/episode-49-the-red-team-life-with-curtis-brazzell What is a red team?  How does it differ from a penetration tester's day-to-day?  How do red teams stay sharp?  How do they stay motivated?  These are a few of the questions I seek to have answered by Curtis Brazzell, a managing Security Consultant at Pondurance.  It's a great interview and sheds light on the difference between red teaming and penetration testing.

Some links of interest:

We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 48 – All About Magecart with Yonathan Klijnsma https://purplesquadsec.com/?post_type=podcast&p=291 Sun, 20 Jan 2019 16:28:06 -0000 00:51:22 Yonathan Klijnsma joins me from RiskIQ to discuss Magecart, what it is, what it does, and how they found it. http://purplesquadsec.com/episode/27ca6d864641435f/episode-48-all-about-magecart-with-yonathan-klijnsma Magecart - a web-based credit card skimming kit used by various groups to grab ahold of online shoppers credit cards.  Interesting?  You bet!  On this episode of the Purple Squad Security podcast I have Yonathan Klijnsma, Head Researcher at RiskIQ, joining me to discuss their research on Magecart.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 47 – Happy New Year! Show Updates and Other News https://purplesquadsec.com/?post_type=podcast&p=286 Sun, 06 Jan 2019 14:08:55 -0000 00:32:51 John talks about his plans for the upcoming year and some show updates. http://purplesquadsec.com/episode/6e94ef5919cc48f8/episode-47-happy-new-year-show-updates-and-other-news Welcome to 2019!  John goes solo in this episode and talks about his personal goals for 2019, plus some updates for the show that should make things a bit more structured and hopefully more interesting for the listeners.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 46 – Holiday Special – Storytime with Jayson E. Street https://purplesquadsec.com/?post_type=podcast&p=282 Sun, 16 Dec 2018 14:42:42 -0000 00:33:11 Jayson E. Street shares a familiar story from one of his #HackerAdventures, but also follows up with a not-well-known epilogue that has me in stitches! http://purplesquadsec.com/episode/0d0d57b102f24d6a/episode-46-holiday-special-storytime-with-jayson-e-street Continuing our storytime theme for the holidays, on this week's show we have a special guest, Jayson E. Street!  For those who follow Jayson online, his hacker adventures bring him to all sorts of interesting places.  Jayson shares a story of one of those places, in which he robs the wrong bank.  Some of you may know this story, but he also provides us with an epilogue to this story that few have heard!  Thanks Jayson!

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 45.1 – Holiday Special – Storytime with Tinker – NO MUSIC!!! https://purplesquadsec.com/?post_type=podcast&p=281 Thu, 13 Dec 2018 14:19:18 -0000 01:06:52 NO MUSIC EDITION!!! Tinker (@Tinkersec) stops by to share a story, and pull a few pop quizzes with John on offensive techniques! http://purplesquadsec.com/episode/0beeb74d46664bf0/episode-45-1-holiday-special-storytime-with-tinker-no-music- Hey everyone, this is a re-release of episode 45 with Tinker, but this one is WITHOUT the background music.  I hope this makes up for the snafu in an otherwise great interview!

Happy December everyone!  Whatever holiday you may be celebrating this season, may it be enjoyable.  I've decided for the month of December to treat myself, by having a bunch of people I hold in high regard to join me in sharing of their tales, similar to the fireside chats I've had in the past.  We have no set agenda, we have no set time, but we do plan on sharing some fun stories that hopefully you will enjoy. So consider this a holiday gift my dear listener, and I hope you find it as enjoyable as I do.

This episode we are going to have a man whom I honestly believe should write as many books as possible, and provide audiobook versions as well, the one and only Tinker!

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 44 – SANS Holiday Hack Challenge with Ed Skoudis https://purplesquadsec.com/?post_type=podcast&p=269 Sun, 18 Nov 2018 15:01:48 -0000 00:50:58 Ed Skoudis joins me this week to talk all about the 2018 Holiday Hack Challenge. http://purplesquadsec.com/episode/8672e5c3353f4d18/episode-44-sans-holiday-hack-challenge-with-ed-skoudis So, a very popular season is coming up shortly.  I'm not talking about Thanksgiving (for my US listeners) and I'm not talking about Christmas for my Christian listeners.  No, I'm talking about the season that all good little hackers look forward to - the time when the SANS Holiday Hack Challenge is released!

This is probably one of the most ambitious CTFs I have ever known about, and I am lucky enough to get one of the main drivers behind it to join me for today's episode!  Ed Skoudis joins me to talk all about the SANS Holiday Hack Challenge, what it is, what goes into it, and why you should give it a try.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening! And as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 43 – Not all vulnerabilities are created equal with Tanya Janca https://purplesquadsec.com/?post_type=podcast&p=264 Sun, 04 Nov 2018 13:07:37 -0000 00:55:40 Tanya Janca joins me to talk about vulnerabilities, and how not all of them are created equal. http://purplesquadsec.com/episode/f99a203471f54e53/episode-43-not-all-vulnerabilities-are-created-equal-with-tanya-janca Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you're on.  For some, it's a thing of pride, and hopefully a monetary reward!  For others, it's a punch to the gut, fear inducing, "Oh crap!" moment because someone has shown you a flaw you weren't aware of.

But what if the disclosure isn't actually a valid vulnerability? That's the topic for this episode discussion, and thankfully I have someone who knows about exactly that!  Tanya Janca joins me to discuss when a vulnerability is not a vulnerability!

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 42 – CyberZoology with Patrick Kelley https://purplesquadsec.com/?post_type=podcast&p=261 Sun, 21 Oct 2018 15:03:56 -0000 00:56:51 Patrick Kelley comes on to talk about CyberZoology, trains, and Raspberry Pi! http://purplesquadsec.com/episode/c9101cbc558c4e1e/episode-42-cyberzoology-with-patrick-kelley Defending is hard.  The adage of "an attacker only has to be right once" is a bit played out, but it does have a hint of truth in that trying to defend everything is a monumental task.  Defenders are often short on budgets, short on time, and short on patience for silly sayings like these.

This week I'm happy to have Patrick Kelley on to talk about some very interesting work he has done on coming up with defensive techniques for freight trains using a Raspberry Pi!  If you want to hear about unique ways to defend unique environments, you will not want to miss this episode.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 41 – Cyber Security Awareness Month with Tracy Maleeff https://purplesquadsec.com/?post_type=podcast&p=253 Sun, 07 Oct 2018 15:31:45 -0000 01:04:20 Tracy @InfoSecSherpa Maleeff joins me to talk about Cyber Security Awareness Month http://purplesquadsec.com/episode/e6b9f5680b5044bf/episode-41-cyber-security-awareness-month-with-tracy-maleeff October is Cyber Security Awareness Month, and with that who better to help share some ideas on how to give back to the community than our own InfoSecSherpa!  Tracy Maleeff joins me to talk about Cyber Security Awareness Month, #ginfosec and #inforum.  This will be one of the most relaxed Infosec podcasts you'll hear this year.... Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 40 – Tabletop D&D With Rally Security https://purplesquadsec.com/?post_type=podcast&p=251 Sun, 23 Sep 2018 15:12:20 -0000 01:19:14 I'm joined by a few folks from the Rally Security podcast for another Tabletop D&D Episode! http://purplesquadsec.com/episode/cd565bae88144c97/episode-40-tabletop-d-d-with-rally-security It's that time again!  With milestone episode 40, we have another Tabletop D&D episode for you to enjoy!  This time around we are joined by a few members of the Rally Security podcast to face some scenarios and see how they fare.  Let's just say this was a rather impressive episode for a number of reasons. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 39 – John’s OSCP Journey https://purplesquadsec.com/?post_type=podcast&p=249 Sun, 16 Sep 2018 15:01:45 -0000 00:58:02 John goes through his OSCP journey, sharing his preparation, thoughts on the labs and the exam experience. http://purplesquadsec.com/episode/3911f683417941a2/episode-39-john-s-oscp-journey Over the past few months, John has been working on obtaining his OSCP certification.  Recently he attempted and successfully passed the exam!  In this episode he goes over his journey, what he learned as well as a few tips to help those attempting this rather difficult certification.

Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 38 – Discussing the Cyber Kill Chain with Amanda Berlin https://purplesquadsec.com/?post_type=podcast&p=240 Sun, 26 Aug 2018 16:41:21 -0000 00:49:28 Amanda Berlin (@Infosystir) stops by to chat about the Cyber Kill Chain. http://purplesquadsec.com/episode/a129ba02d4b7404d/episode-38-discussing-the-cyber-kill-chain-with-amanda-berlin The cyber kill chain.  For some, it's a nice framework to help build your defenses and help during an incident.  For others, it is an over hyped and rigid list that no real attacker follows anymore.  However you view the cyber kill chain, it is a strong pillar within Infosec, especially when it comes to defending your network.  Amanda Berlin joins me today to talk about the cyber kill chain, what it is and how to disrupt attacks using it! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 37 – Bring Your Own Land with Nathan Kirk https://purplesquadsec.com/?post_type=podcast&p=235 Sun, 12 Aug 2018 16:29:39 -0000 00:31:21 Nathan Kirk (@sekirkity) stops by the show to discuss the idea of going beyond living off the land and bringing your own! http://purplesquadsec.com/episode/78741efa758b43e2/episode-37-bring-your-own-land-with-nathan-kirk Living off the land is a term well understood by both offensive and defensive teams.  For offensive teams, it's meant by using the technologies already present on the system, such as Powershell, Python, and even Perl for those who like a challenge (or are facing an older Unix system).  On the defensive side, enhanced logging and locked down configurations are put in place to detect and prevent the use of these tools by malicious actors to either catch or prevent these actors from doing harm. Nathan Kirk (@sekirkity) joins me this week to talk about the concept behind "Bring Your Own Land". Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 36 – The Joy of CTFs with Derek Rook https://purplesquadsec.com/?post_type=podcast&p=226 Sun, 29 Jul 2018 17:17:14 -0000 00:45:17 Derek Root (@_r00k_) joins me to talk about CTFs and how they can be great learning tools for Infosec professionals http://purplesquadsec.com/episode/aff38a86ef344679/episode-36-the-joy-of-ctfs-with-derek-rook Capture The Flag games, or CTFs, are a popular way for infosec pros to brush up on the offensive skills.  From VulnHub to HackTheBox, there are a few different ways to quote "get your hack on"!  Derek Rook (@_r00k_) joins me today to talk about CTFs and how they can assist in your Infosec journey, regardless of your role. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 35 – Container Security with Jay Beale https://purplesquadsec.com/?post_type=podcast&p=223 Sun, 15 Jul 2018 17:11:08 -0000 00:53:55 Jay Beale of InGuardians joins me to talk about container security. http://purplesquadsec.com/episode/2aab2185a563451c/episode-35-container-security-with-jay-beale From jails to virtual machines, process isolation is the "holy grail" of security.  Lately, containers have been the go-to for modern organizations in order to scale and implement things like microservices.  Jay Beale of InGuardians fame joins me to talk all about container security! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 34 – Exploring Powershell with Mick Douglas https://purplesquadsec.com/?post_type=podcast&p=218 Sun, 01 Jul 2018 16:48:56 -0000 00:53:15 Mick Douglas joins me to talk all things Powershell! http://purplesquadsec.com/episode/c978970e83334c52/episode-34-exploring-powershell-with-mick-douglas Living off the land is pretty standard fare for pen testers.  On Linux systems, the go-to is usually Python, but on Windows it's all about Powershell.  This week I'm fortunate enough to sit down with Mick Douglas to talk all things Powershell! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 33 – 3 Pillars for Starting a Security Program https://purplesquadsec.com/?post_type=podcast&p=215 Sun, 17 Jun 2018 17:28:18 -0000 00:43:12 John talks about 3 pillars he uses for starting a new security program. http://purplesquadsec.com/episode/3255cdda4ddb46de/episode-33-3-pillars-for-starting-a-security-program In this episode John goes at it alone and discusses his own experiences with starting up a security program at different organizations by focusing in on what he views are the 3 key pillars for a new security program. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 32 – Fireside Chat with Deviant Ollam https://purplesquadsec.com/?post_type=podcast&p=207 Sun, 03 Jun 2018 17:00:49 -0000 00:57:52 I sit down with Deviant Ollam to have a casual conversation about physical penetration testing and hear some great stories from the road. http://purplesquadsec.com/episode/d364d59f1a114cc3/episode-32-fireside-chat-with-deviant-ollam Continuing on with my fireside chat series, where I bring on a guest to just have a casual chat and see where the conversation takes us, my guest this time is Deviant Ollam.  Well known for his work with TOOOL and the locksport community, we take a different path and talk about physical penetration testing as well as hear some great stories from the road.

Some links of interest:

And for fun:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 31 – Killing the Pen Test with Adrian Sanabria https://purplesquadsec.com/?post_type=podcast&p=201 Sun, 20 May 2018 16:58:13 -0000 00:49:04 Adrian Sanabria joins me to talk about killing what we know as the pen test and replacing it with something better! http://purplesquadsec.com/episode/c6e4989adf694654/episode-31-killing-the-pen-test-with-adrian-sanabria The penetration test, or pen test as it's commonly referred to, is one of the great necessary evils in Infosec today.  My guest for this episode is Adrian Sanabria, who has an interesting thought - let's kill the pen test!  Adrian has been in the industry for quite some time in quite a variety of roles, so he has some great experience and insights to share.  Let's see what his replacement for a pen test entitles! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 30 – Infosec D&D Tabletop with Jerry Bell and Andrew Kalat from Defensive Security https://purplesquadsec.com/?post_type=podcast&p=197 Sun, 06 May 2018 17:03:47 -0000 00:55:52 Jerry Bell and Andrew Kalat from the Defensive Security podcast join me for another Infosec D&D Tabletop game! What maddening scenarios have I found that they will need to overcome? http://purplesquadsec.com/episode/dec5ee0238634194/episode-30-infosec-d-d-tabletop-with-jerry-bell-and-andrew-kalat-from-defensive-security It's that time again!  We're doing another Infosec tabletop in a D&D style, this time with the fine gentlemen from the Defensive Security podcast!  Jerry and Andrew join me for another infosec tabletop with all new scenarios, pitfalls, and approaches. Special thanks to Ryan McGeehan and his Tabletop Scenarios twitter account for providing the ideas behind this episodes "challenges". Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 29 – The Importance of Community in Infosec w/ Cheryl “3ncr1pt3d” Biswas https://purplesquadsec.com/?post_type=podcast&p=191 Sun, 29 Apr 2018 16:52:41 -0000 00:46:15 Cheryl 3ncr1pt3d Biswas joins me to talk about how our Infosec community differs, as well as some cons like the Diana Initiative. http://purplesquadsec.com/episode/d2e4291a10d346a4/episode-29-the-importance-of-community-in-infosec-w-cheryl-3ncr1pt3d-biswas The idea of "community" is an important one, especially if you talk about a group of people who want to help improve their skills by sharing their ideas, experiences, etc, with like minded individuals.  The Infosec community is no exception to this.  In fact I would argue that it is one of the strongest communities I have encountered yet! Joining me this week is Cheryl "3ncr1pt3d" Biswas to talk about the Infosec community, what makes it special, and the importance of it.  In addition we will be talking about one of Cheryl's many contributions to the community in the form of the Diana Initiative. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 28 – John’s Weird Path To #Infosec And Other Ramblings https://purplesquadsec.com/?post_type=podcast&p=188 Sun, 22 Apr 2018 16:40:42 -0000 00:42:28 With no guest this week, John talks about his own personal path to #infosec and other thoughts on his journey. http://purplesquadsec.com/episode/07512ded98874cf5/episode-28-john-s-weird-path-to-infosec-and-other-ramblings With no guest this week, John decides to share his own story about how he got into #infosec and some other thoughts he's had about the journey and why it's a never ending adventure to learn new things. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 27 – Infosec and Mental Health with Danny Akacki https://purplesquadsec.com/?post_type=podcast&p=187 Sun, 15 Apr 2018 16:39:47 -0000 00:47:50 Danny Akacki joins me to talk about his own mental health and the site he created, infosanity.org, to help others who may be struggling. http://purplesquadsec.com/episode/5a008ade4c304635/episode-27-infosec-and-mental-health-with-danny-akacki Stress.  Depression. Anxiety.  Fear.  Uncertainty.  Doubt.  All of these symptoms and conditions are well known to anyone who has spent a few years in security.  This can be a heavy topic, but it's one that we should discuss openly and often.  Danny Akacki joins me on this episode to talk about his own mental health, what are some of the things that has helped him, and he also gives us some insight on his contributions back to the community through the creation of infosanity.org, a website dedicated to helping those in the hacking community who may be struggling and aren't sure where to go. Please remember, if you have a serious concern about your mental health, please, PLEASE seek professional help. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 26 – DFIR in the Cloud with Jonathon Poling https://purplesquadsec.com/?post_type=podcast&p=183 Sun, 08 Apr 2018 16:22:55 -0000 00:49:15 Jonathon Poling (@JPoForenso) comes back to talk about #DFIR in the #cloud, whats easier, whats harder, and whats different. A must for anyone on a #blueteam. http://purplesquadsec.com/episode/4bf710d3c8e34ce9/episode-26-dfir-in-the-cloud-with-jonathon-poling From the crowd to the cloud, we shift focus this episode to a topic that may be holding back some infosec professionals from embracing the cloud - namely what to do when you're attacked?  Digital Forensics and Incident Response (DFIR) is a topic we've covered in the past, but that was from a more traditional view.  I'm fortunate enough to have Jonathon Poling (@JPoForenso) join me again to revisit DFIR, but this time from a cloud perspective.  What's easier, what's harder, and what's different?  Have a listen to find out! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 25 – Securing The Crowd with Nicolas Valcarcel https://purplesquadsec.com/?post_type=podcast&p=178 Sun, 25 Mar 2018 16:28:10 -0000 00:54:22 Nicolas Valcarcel joins me to talk about his experience with the crowd, crowdsourcing, as well as Infosec and shares his experiences and thoughts on how best to secure it for use in your organization. http://purplesquadsec.com/episode/7336957411ee4086/episode-25-securing-the-crowd-with-nicolas-valcarcel The crowd.  Recently gaining attention again due to some news events that were much ado about nothing, there is still a bit of a mystery with crowdsourcing and how best to secure it.  Organizations like Bug Crowd and HackerOne have shown it can be used for specific security tasks, but what about in general?  Nicolas Valcarcel joins me on this episode to share his thoughts and experience with security the crowd and what organizations should be aware of when considering using the crowd for their own purposes. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 24 – Fireside Chat with Joe Gray https://purplesquadsec.com/?post_type=podcast&p=176 Sun, 18 Mar 2018 16:04:14 -0000 00:54:45 In this casual fireside-style chat I speak with Joe Gray about TTHG, Conferences and Discount Codes! http://purplesquadsec.com/episode/d11557e9fc564985/episode-24-fireside-chat-with-joe-gray In the first of a new format, I sit down with Joe Gray with only a handful of questions and just chat.  We cover things from Through The Hacking Glass, upcoming talks that Joe will be doing, to the various conferences that Joe will be attending.  Lots of great information and stories were shared, and if you'd like to provide feedback, please reach out and let me know!  Also, make sure you listen for a special easter egg that Joe has for those who are in the Atlanta area in September for entry to a conference at no cost! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 23 – Speaking to Developers with James Jardine https://purplesquadsec.com/?post_type=podcast&p=174 Sun, 11 Mar 2018 16:57:26 -0000 01:11:13 I speak with James Jardine from the DevelopSec Podcast on communication strategies to use when speaking with developers. http://purplesquadsec.com/episode/082b4f73358348e0/episode-23-speaking-to-developers-with-james-jardine Continuing with the theme of soft skills that any infosec professional should have, this episode will focus on developers.  I sit down with James Jardine from the DevelopSec podcast to talk about how best to communicate with developers.  Just like executives, developers have a different language and approach that is needed in order to communicate effectively.  Trying to avoid the all-to-common animosity between developers and security, James and I discuss some strategies to help build bridges between the groups and not burn them to the ground. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 22 – Open Source Intelligence Techniques with Michael Bazzell https://purplesquadsec.com/?post_type=podcast&p=169 Sun, 04 Mar 2018 17:19:30 -0000 00:33:29 I speak with the Godfather of OSINT, Michael Bazzell, about his book and various OSINT topics. http://purplesquadsec.com/episode/7e2b363557744860/episode-22-open-source-intelligence-techniques-with-michael-bazzell Nothing helps out security more than information.  Heck, it's the first part of our professions name!  In Infosec, knowledge is key and sometimes we need to roll up our sleeves to get the information we need from various open source outlets.  I'm fortunate to have as a guest on this episode the man who literally wrote the book on OSINT techniques, Michael Bazzell.  We discuss OSINT techniques as well as his recently updated book.  Have yourself a listen and hear the advice Michael has for starting your own OSINT adventures. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 21 – The Myth of the Purple Teamer with Haydn Johnson https://purplesquadsec.com/?post_type=podcast&p=168 Sun, 25 Feb 2018 14:00:05 -0000 00:47:54 I speak with Haydn Johnson about the myth of the purple teamer, that is, an individual who does both red and blue team activities as part of their day job. http://purplesquadsec.com/episode/5100ce96b0534318/episode-21-the-myth-of-the-purple-teamer-with-haydn-johnson I love purple teams.  Purple teaming is something that I was hoping to share with more people and more organizations!  It's part of the reason I named this podcast after them.  So why don't I think that a purple teamer exists?  It's an interesting stance, but it's one that makes sense.  Joining me this week is Haydn "Doctor Purple" Johnson to discuss all things purple. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 20 – Physical Penetration Testing with Jek Hyde https://purplesquadsec.com/?post_type=podcast&p=166 Sun, 18 Feb 2018 18:39:02 -0000 00:53:41 I speak with the legendary Jek Hyde about physical penetration testing. http://purplesquadsec.com/episode/44e16126a3d14ee1/episode-20-physical-penetration-testing-with-jek-hyde Not all penetration testing is done in a virtual setting or even through a phone call.  Sometimes you need to get down and dirty and actually interact with people.  In this very special episode I sit down and speak with the great Jek Hyde about physical penetration testing and everything that it entitles.  It's a fascinating talk for sure, and one you don't want to miss. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 19 – Speaking to Executives with Tracy Maleeff https://purplesquadsec.com/?post_type=podcast&p=164 Sun, 11 Feb 2018 14:03:44 -0000 01:10:13 Tracy Maleeff joins me to talk about strategies for communicating with senior leadership, which is a key skill for all infosec professionals http://purplesquadsec.com/episode/050975a4a2e24c51/episode-19-speaking-to-executives-with-tracy-maleeff Have you heard the term, managing up? It's and old expression used when you need to make sure that your boss has his or her expectations met so that you can focus on your own job.  Information security is really no different, and in a lot of ways it's also more important to get right.  We are an industry of social introverts and generally prefer the warm embrace of an IRC screen, Twitter feed or Slack channel for our communications.  It's taken me many years to get comfortable with speaking with other humans, but more than that I have learned there is a certain technique when speaking with executes - a special breed so to speak - about security.  Tracy Maleeff, the InfoSecSherpa, joins me to help guide us all on proper techniques to communicate with senior leadership. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 18 – Threat Hunting with Will Harmon https://purplesquadsec.com/?post_type=podcast&p=158 Sun, 28 Jan 2018 14:00:20 -0000 00:34:07 Will Harmon from Trustwaves Spider Labs comes to talk about Threat Hunting with me. http://purplesquadsec.com/episode/c6f438d087e845f8/episode-18-threat-hunting-with-will-harmon Take a pinch of blue, a dash of red, plus some good old fashioned investigative intuition and you get Threat Hunting!  Well, not exactly but it's a start!  This week Will Harmon from Trustwave's Spider Labs comes on the show to explain what Threat Hunting is, why it's important and how people can get started into this exciting infosec field! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 17 – A Look At The Treacherous Twelve From The CSA https://purplesquadsec.com/?post_type=podcast&p=153 Sun, 21 Jan 2018 14:08:00 -0000 00:38:50 I take a look at the Treacherous Twelve from the CSA to see what threats exist for people moving to the cloud. http://purplesquadsec.com/episode/e6226c78dd754f4c/episode-17-a-look-at-the-treacherous-twelve-from-the-csa The Cloud Security Alliance (CSA) has long been known to be the source of cloud security discussions.  From the CCSK to the partnership with ISC(2) to bring us the CCSP, they are definitely a group to pay attention to.  This week I focus on their "Treacherous Twelve", a list of 12 security concerns for any organization moving to the cloud. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 16 – OSINT with Joe Gray from Advanced Persistent Security https://purplesquadsec.com/?post_type=podcast&p=151 Sun, 14 Jan 2018 14:07:44 -0000 01:00:47 Joe Gray from the Advanced Persistent Security podcast and Through The Hacking Glass fame joins me to talk OSINT. http://purplesquadsec.com/episode/542fa9c423a743e6/episode-16-osint-with-joe-gray-from-advanced-persistent-security This week Joe Gray, host of the Advanced Persistent Security podcast, that friend you didn't recognize but added to Facebook anyway, and security researcher joins me to talk about OSINT.  This is a packed episode full of security goodness and definitely not one you want to miss! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 15 – Infosec Tabletop D&D with Brakeing Down Security https://purplesquadsec.com/?post_type=podcast&p=147 Sun, 24 Dec 2017 13:52:03 -0000 00:53:54 I sit down with Bryan and Brian from Brakeing Down Security to do a fun take on a classic - Infosec Tabletop Simulations - with a D&D twist! http://purplesquadsec.com/episode/d1cc212c63164e6b/episode-15-infosec-tabletop-d-d-with-brakeing-down-security The first of a series, I sit down with Bryan and Brian of Brakeing Down Security fame to have a fun take on a classic tabletop scenario with a D&D feel.  Please hold the hate, I haven't played D&D in many years and I know it's not "classic", but it's fun and lighthearted.  We go through a few different scenarios with you all in the hopes you find it enjoyable, entertaining, and educational. If you enjoyed this episode, please let me know!  I'd like to make this a recurring theme every 12-15 episodes with different podcasters if there's enough interest.  Special shout out to @badthingsdaily on Twitter for helping provide the scenarios! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no 2017 Holiday Special – Podcast of Podcasters https://purplesquadsec.com/?post_type=podcast&p=145 Fri, 22 Dec 2017 17:00:58 -0000 01:25:05 The Brakeing Down Security podcast of podcasters! http://purplesquadsec.com/episode/92915e9b850f4821/2017-holiday-special-podcast-of-podcasters I feel truly touched to be included in this year's tradition of the podcast of podcasters, hosted by Bryan Brake of Brakeing Down Security.  This is the audio that you will hear from the various other podcasts that were on the episode with me.  I was a bit star-struck, but it was a great time all around.  Enjoy! Podcasts and Podcasters represented on the show:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 14 – OWASP Top 10 2017 – A6 Through A10 https://purplesquadsec.com/?post_type=podcast&p=139 Sun, 10 Dec 2017 13:15:14 -0000 00:39:44 In this episode I complete my review of the OWASP Top 10 - 2017 looking at items A6 (Security Misconfiguration) through A10 (Insufficient Logging & Monitoring). http://purplesquadsec.com/episode/ba805d49dd8d4d6d/episode-14-owasp-top-10-2017-a6-through-a10 In the completion of our look at the OWASP Top 10 for 2017, this episode will cover the final 5 items on the list, from A6 (Security Misconfiguration) through A10 (Insufficient Logging & Monitoring). Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 013 – OWASP Top 10 2017 – A1 Through A5 https://purplesquadsec.com/?post_type=podcast&p=133 Sun, 03 Dec 2017 13:59:04 -0000 00:34:17 Taking a look at the first 5 vulnerabilities in the OWASP Top 10 - 2017 list. http://purplesquadsec.com/episode/ae1a1761f8594c96/episode-013-owasp-top-10-2017-a1-through-a5 The Open Web Application Security Project (OWASP) group has created a Top 10 web applications vulnerability list since 2003.  Normally the list gets updated every 3 years or so, with the previous release being 2013.  Now with the 2017 list being finalized, I felt it was appropriate for us to go through it and look at it from a red and blue team perspective. This episode will cover the first 5 items on the list, from A1 (Injection) through to A5 (Broken Access Control). Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 012 – InfoSec Certifications with Kim Crawley https://purplesquadsec.com/?post_type=podcast&p=132 Sun, 26 Nov 2017 13:03:41 -0000 00:48:53 I speak with Kim Crawley about her recent article in Cylance, Security Certifications You Should Consider Getting, and about certifications in InfoSec in general. http://purplesquadsec.com/episode/7d067e22577f4c6b/episode-012-infosec-certifications-with-kim-crawley Certifications.  We either love them or hate them, but we cannot deny that they are needed.  Either to prove a set of skills, prove the ability to memorize facts and take tests, or to prove that our egos are bigger than our peers, there are lots of opinions on certifications. This week Kim Crawley joins me to talk about a recent article she has written for Cylance, Security Certifications You Should Consider Getting.  We discuss what certifications are good for, our opinions on them, HR managers, and where you can find resources to help you study. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com

]]> no Episode 011 – Security Scenario Generator with Dr. Z. Cliffe Schreuders https://purplesquadsec.com/?post_type=podcast&p=130 Sun, 19 Nov 2017 13:58:52 -0000 00:40:38 I speak with Dr. Z. Cliffe Schreuders about a rather amazing project, the Security Scenario Generator (SecGen), which generates random vulnerable VMs! http://purplesquadsec.com/episode/4cfbd66731ad4ff8/episode-011-security-scenario-generator-with-dr-z-cliffe-schreuders As security professionals, we often try to keep our skills sharp.  We normally do this by going to training, reading books, or participating in CTFs.  There are Webgoat and Juice Shop from OWASP; sites like HackTheBox, OverTheWire, and SmashTheStack which are often mentioned when people are looking for websites to practice on. This week I speak with Dr. Z. Cliffe Schreuders about the Security Scenario Generator, a rather ambitious project that may scratch that vulnerable VM itch you've had for a while. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

]]> no Episode 010 – Crowdsourced Pen Testing w/ Jason Haddix of Bugcrowd https://purplesquadsec.com/?post_type=podcast&p=128 Sun, 12 Nov 2017 13:01:02 -0000 00:42:17 I speak with Jason Haddix of Bugcrowd about the crowdsourcing of pen tests and growing the infosec community. http://purplesquadsec.com/episode/651bf2b1803f4e5a/episode-010-crowdsourced-pen-testing-w-jason-haddix-of-bugcrowd Penetration testing.  If you're in the information security field, you have run into your fair share of them.  Now there seems to be a trend with penetration testing moving to a crowdsourcing model.  This week I speak with Jason Haddix of Bugcrowd to explore why that is, what's the draw and how are companies like Bugcrowd helping build the infosec community. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

]]> no Episode 009 – Detecting Intruders on AWS with Scott Piper https://purplesquadsec.com/?post_type=podcast&p=123 Sun, 29 Oct 2017 13:19:55 -0000 00:42:10 Scott Piper joins me this week to talk about detecting intruders on AWS. http://purplesquadsec.com/episode/32aa9b20cb4b4faf/episode-009-detecting-intruders-on-aws-with-scott-piper The old saying of a defender has to be right 100% of the time while an attacker only has to be right once is growing a bit tired.  Now blue team members should be measured not by keeping the attackers out, but by how quickly they can find out that they're on your network. Scott Piper joins me this week to discuss how we can detect intruders in your AWS cloud infrastructure.  We cover a lot of different tools and techniques that you can use to help detect intruders, and some mitigation strategies to help reduce the risk when an attack is successful. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

]]> no Episode 008 – IAM Securing AWS with J Cole Morrison https://purplesquadsec.com/?post_type=podcast&p=121 Sun, 22 Oct 2017 13:02:30 -0000 00:32:49 This week I speak with J Cole Morrison about AWS Security and how IAM policies seem to be a lost art that are causing news headlines because of security breaches. http://purplesquadsec.com/episode/188d3b31471a4217/episode-008-iam-securing-aws-with-j-cole-morrison The cloud.  The final frontier.  Well, not exactly but it is a pretty important topic in today's IT environment.  Unfortunately 2017 has been the year of leaks, hacks, and misconfigurations when it comes to the cloud.  Amazon Web Services (AWS) is the cloud provider with the most market share, but its security configuration can leave a bit to be desired. J Cole Morrison joins me this week to discuss IAM policies in AWS, what they are and why they are important.  Cole has written about IAM policies on his blog (link below), which I encourage everyone to read. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

]]> no Episode 007 – Securing Linux in Hostile Networks https://purplesquadsec.com/?post_type=podcast&p=119 Sun, 15 Oct 2017 13:17:27 -0000 00:40:19 I speak with author Kyle Rankin about his latest book, Linux Hardening in Hostile Networks: Server Security from TLS to Tor. http://purplesquadsec.com/episode/6d34ce7a013d4eea/episode-007-securing-linux-in-hostile-networks Linux is often the operating system of choice for server deployments due to its stability and security posturing, right out of the box.  Unfortunately not everything is "production ready" right after an install.  Throughout the internet, there are a lot of Linux hardening and security guides on the internet but most are outdated and provide instructions that are no longer applicable. Kyle Rankin joins me this week to discuss his latest book, Linux Hardening in Hostile Networks: Server Security from TLS to Tor.  This really is a great book and one I would recommend any InfoSec professional pick up to read.  It will make a great reference guide and provides an up-to-date hardening guide for most popular Linux distributions. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

]]> no Episode 006 – What up Bropy https://purplesquadsec.com/?post_type=podcast&p=117 Sun, 08 Oct 2017 13:34:52 -0000 00:35:34 I speak with Matt Domko about Bropy, a tool he built on top of Bro that offers infosec professionals an anomaly detection engine for network analysis. http://purplesquadsec.com/episode/85dfa06005894acb/episode-006-what-up-bropy When people think of an open source IDS, they usually think of Snort.  Bro is another open source IDS that is more than just an IDS.  It is a Network Security Monitor that does so much more.  Matt Domko joins me this week to talk about Bropy, a tool he built that works with Bro to help perform anomaly detection.  This is definitely a tool you will want to have in your bag of tricks. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

]]> no Episode 005 – #DFIR to Someone Else https://purplesquadsec.com/?post_type=podcast&p=112 Sun, 01 Oct 2017 13:43:18 -0000 01:03:48 I speak with Jonathon Poling about DFIR and what it entails. http://purplesquadsec.com/episode/7410c683025e49aa/episode-005-dfir-to-someone-else Digital Forensics and Incident Response - DFIR.  The mere mention of the acronym brings forth memories of CSI, plastic bags and agents in suits coming to collect all manner of evidence.  In this episode I speak with Jonathon Poling, a DFIR expert who has graciously agreed to talk DFIR with me!  Another great listen, Jonathon has a lot of great experience in the field and much to share.  Have yourself a listen! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

]]> no Episode 004 – A Day In The Life Of A Red Teamer With Mark Kikta https://purplesquadsec.com/?post_type=podcast&p=111 Sun, 24 Sep 2017 13:51:25 -0000 00:50:04 I speak with security consultant Mark Kikta about red teams, their activities and all sorts of interesting aspects on how red teams help organizations build a stronger defence. http://purplesquadsec.com/episode/6bad8d2ce7364daa/episode-004-a-day-in-the-life-of-a-red-teamer-with-mark-kikta Red Teams.  For some, it's the "frenemy".  For others, it's the greener grass on the other side of the defence wall.  In this episode I spend some time speaking with security consultant Mark Kikta about Red Teaming.  Mark has been a Red Teamer for a while and has a lot of experience to share.  We talk about a number of different things, share some laughs and try to shed some light on an often misunderstood group. Mark has also graciously offered to hang out in our Slack channel!  Just message @mark to get in touch with him if you have questions or just want to say "hey". Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

]]> no Episode 003 – Just the Equifax ma’am https://purplesquadsec.com/?post_type=podcast&p=109 Sun, 17 Sep 2017 14:16:59 -0000 00:45:39 Equifax suffered one of the biggest breaches in history. I try to break down what happened and what we as Infosec professionals can learn from their mistakes. http://purplesquadsec.com/episode/e5766ebc1d9d4c36/episode-003-just-the-equifax-ma-am Equifax had the largest data breach this year, possibly ever!  How could I possibly pass up this opportunity to discuss what happened?  How did it happen and what lessons could we learn from it?  Equifax did a lot of things wrong for sure, but that doesn't mean that we should throw stones.  Especially given how many of us live in glass houses. Have a listen as I explore the Equifax breach from another perspective, in the hopes of salvaging something of use for others in the infosec community. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

]]> no Episode 002 – Threat Modeling with Archie Agarwal – Part 2 https://purplesquadsec.com/?post_type=podcast&p=107 Sun, 10 Sep 2017 13:32:09 -0000 00:29:49 In the conclusion of my 2 part interview with Archie Agarwal from ThreatModeler, we look at threat modeling outside of early design and architecture. http://purplesquadsec.com/episode/60975efc855e406b/episode-002-threat-modeling-with-archie-agarwal-part-2 This is the conclusion of my two part series on threat modeling with Archie Agarwal.  In this episode we go into some benefits on threat modeling, how it can be used beyond the early stages of development and how it can help red teams carry out a more in-depth test against targets! Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

]]> no Episode 001 – Threat Modeling with Archie Agarwal – Part 1 https://purplesquadsec.com/?post_type=podcast&p=102 Sun, 03 Sep 2017 13:09:34 -0000 00:49:37 Part 1 of a 2 part discussion about threat modeling with Archie Agarwal, CEO of ThreatModeler. http://purplesquadsec.com/episode/55c56693c7114e65/episode-001-threat-modeling-with-archie-agarwal-part-1 Welcome to episode 1!  In this first part of a two part series, I sit down with Archie Agarwal to discuss threat modeling, what it is, why we need it and how it can help with improving your security posture early in your development cycle. Some links of interest:

Want to reach out to the show?  There's a few ways to get in touch!

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

]]> no Episode 000 – Welcome to the Podcast! https://purplesquadsec.com/?post_type=podcast&p=96 Tue, 08 Aug 2017 12:40:14 -0000 00:09:43 The origin episode! I talk about what the podcast is about, where to find me, welcoming new users and a general overview of the podcast itself. Welcome! http://purplesquadsec.com/episode/9611010ff23940a0/episode-000-welcome-to-the-podcast- Welcome to the first episode of the podcast!  In this episode, I talk about the podcast, what it's about, what I'm hoping to cover, who the podcast is for, and generally just ramble on.  Regardless, welcome to Purple Squad Security!  I hope you enjoy your stay and come back for more.

Thanks for listening!

Find out more at http://purplesquadsec.com

]]> no