Purple Squad Security

Working in information security has its own set of challenges, but aside from the technical challenges, many of us face hurdles within our own workspace.  Working with non-technical folks can be painful to most of us, but it doesn’t have to be!  Cheerio joins me on this week’s podcast to talk about how she uses business processes that she’s learned from years of being in the small business space and has started to apply them to her role as a Cyber Threat Intelligence analyst! Some links of interest: Sandler Sales Technique https://www.lucidchart.com/blog/sandler-sales-methodology https://www.sandler.com/sales-training/sandler-selling-system Cheerio’s Twitter Account: @Ch33r10 Want to hear about a new Infosec con?  If you’re in and around the Waterloo region area in October, why not check out Cyber City!  This is Waterloo region’s premier information security conference.  Tickets are on sale now and the CFP is open until July 31st, 2019.  Don’t wait, and come participate today!   Cyber City Conference: https://www.cybercityconf.io/ Cyber City Conference CFP: https://www.papercall.io/cybercityconf We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Often times in information security, we look upon penetration testing and red teaming with awe and view those professions as the “sexy” side of security.  Truth be told, the defensive side has a lot of exciting opportunities as well!  Kyle Andrus joins me this week to talk about malware analysis, which I think is definitely one of the sexier sides of defense. Some links of interest: Practical Malware Analysis Book – https://nostarch.com/malware Cuckoo Sandbox – https://cuckoosandbox.org/ CyberChef – https://gchq.github.io/CyberChef/ Leny Zeltser’s Blog – https://zeltser.com/blog/ Journey Into Incident Response – http://journeyintoir.blogspot.com/ Malware Unicorn’s Reverse Engineering Workshop – https://malwareunicorn.org/#/workshops MiSec – https://www.misec.us/ Kyle’s Twitter Account: @chaoticflaws Want to hear about a new Infosec con?  If you’re in and around the Waterloo region area in October, why not check out Cyber City!  This is Waterloo region’s premier information security conference.  Tickets are on sale now and the CFP is open until July 31st, 2019.  Don’t wait, and come participate today!   Cyber City Conference: https://www.cybercityconf.io/ Cyber City Conference CFP: https://www.papercall.io/cybercityconf We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

There were more than a few of you who were anxiously awaiting his return, and he’s back!  Tinker joins me once again to share some stories from his adventures in hackerland.  In addition, I have given Tinker free reign to speak as he chooses, and naturally I participate as well.  Fair warning, this is not safe for work or sensitive ears.  I do ask that you try not to be offended, as his stories and reflections on those events makes for one excellent episode. Some links of interest: Tinker’s Fediverse Account: @tinker@infosec.exchange Tinker’s Twitter Account: @TinkerSec Tinker’s Blog: https://tinker.sh SecLists: https://github.com/danielmiessler/SecLists Cyber City Conference: https://www.cybercityconf.io/ Cyber City Conference CFP: https://www.papercall.io/cybercityconf We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

A few weeks ago, Sam King on Twitter mentioned me in a tweet that included a link to a Medium post, but not just any Medium post.  Tim MalcomVetter had posted up an “Choose Your Own Red Team Adventure”, which I thought was just amazing!  I used to read a lot of choose your own adventure books as a kid, so I was naturally excited!  For this episode, I will be going through the story the first time, reading aloud as I try my hand at red teaming against a customer.  I hope you enjoy! Some links of interest: Choose Your Own Red Team Adventure – https://medium.com/@malcomvetter/choose-your-own-red-team-adventure-f87d6a3b0b76 Tim MalcomVetter’s Twitter – @malcomvetter We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

CORRECTION: Early in this episode I mentioned that Amazon would ask for your email password when signing up for a new account.  I meant to say Facebook, not Amazon.  The practice has since been discontinued, but I wanted to make it clear that this was a Facebook practice, not Amazon.  Amazon has not, to the best of my knowledge, ever done something like this.  Sorry for the mixup. For most security professionals, we view the CIA triad as our grail.  No, not the US government agency that works around the world doing a lot of questionable things, but rather the more tame version of Confidentiality, Integrity, and Availability.  For today’s episode, Matt Beland joins me to explain privacy and how it’s not all about Confidentiality as I, and I’m sure a few of you, may have thought. Some links of interest: Smooth Sailing Solutions: smoothsailingsolutions.com Matt’s Twitter: @Beland_Matt International Association of Privacy Professionals: https://iapp.org CIPP / CIPM / CIPT Certifications: https://iapp.org/certify/programs/ Ethical Data and Information Management: Concepts, Tools and Methods: https://www.amazon.com/Ethical-Data-Information-Management-Concepts/dp/0749482044 We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Tribe of Hackers is a recently released book by Marcus Carey and Jennifer Jin that is a collection of stories from member of our community, or tribe as Marcus describes it.  This was a great and insightful interview, and definitely one you will want to listen to if you haven’t read the book yet. Some links of interest: Tribe of Hackers: https://www.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189/ Tribe of Mentors (inspiration for Tribe of Hackers): https://www.amazon.com/Tribe-Mentors-Short-Advice-World/dp/1328994961/ The 4 Agreements – https://www.amazon.com/Four-Agreements-Practical-Personal-Freedom/dp/1878424319/ Marcus’s Twitter: @marcusjcarey Jennifer Jin’s Twitter: @jen_jin Tribe of Hackers Twitter: @TribeOfHackers Tribe of Hackers Summit – May 2, 2019: https://www.eventbrite.com/e/tribe-of-hackers-summit-registration-59074697009 We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Once again I am pleased to share a #ginfosec episode with the woman who helps guide others through the mountains of infosec, Tracy InfoSecSherpa Maleeff!  In this extended episode Tracy and I speak about conferences from the attendee point of view; what to expect, what to bring, how to go, and what you should aim to get from the con.  Enjoy! Some links of interest: Tracy’s Twitter: @InfoSecSherpa Sign up for Tracy’s Nuzzle Newsletter: https://nuzzel.com/InfoSecSherpa Study on different note taking techniques: https://www.scientificamerican.com/article/a-learning-secret-don-t-take-notes-with-a-laptop/ Tracy’s Unusual Journey into Infosec: https://www.secjuice.com/infosecsherpa-unusual-journeys/ Tracy’s Talk at BSides NoVa – Networking with Humans: https://www.youtube.com/watch?v=bbfyXTZCVC0 We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

This week John goes solo and decides to talk about a recent threat he spun up about on Twitter, naming himself as a generalist within Information Security and discussing what that means to him. Some links of interest: John’s Twitter Thread   We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.    

Chris Foulon stops by for a fireside chat to talk about breaking into Infosec.  For those unfamiliar with the fireside chat series, this is where we come in with a topic but no other real agenda.  It’s a casual conversation where I just have a casual conversation with my guest, similar to what would happen in hallway con.  I hope you enjoy! Some links of interest: Chris’ LinkedIn: https://www.linkedin.com/in/christophefoulon/ Chris’ Twitter: @chris_foulon We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

It’s that time again!  Yes, another Tabletop D&D episode is upon us!  This time I asked Timothy de Block from the Exploring Information Security podcast to join me, along with a few interesting characters.  Let’s just say this particular episode is not for the faint of heart, and we have a few swears thrown in to keep with the atmosphere.  Enjoy! Some links of interest: Exploring Information Security Podcast: https://www.timothydeblock.com/eis/ Tactical Edge: https://tacticaledge.co/index_en.html Tactical Edge Twitter: @Tactical3dge Kyle’s Twitter: @chaoticflaws Ed’s Twitter: @edgarr0jas Daniel’s Twitter: @notdanielebbutt Tim’s Twitter: @timothydeblock Tabletop Scenarios Twitter: @badthingsdaily We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

What is a red team?  How does it differ from a penetration tester’s day-to-day?  How do red teams stay sharp?  How do they stay motivated?  These are a few of the questions I seek to have answered by Curtis Brazzell, a managing Security Consultant at Pondurance.  It’s a great interview and sheds light on the difference between red teaming and penetration testing. Some links of interest: Curtis’ Twitter: https://twitter.com/CurtBraz Curtis’ LinkedIn Profile: https://www.linkedin.com/in/curtisbrazzell/ Pondurance Website – https://www.pondurance.com/ We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Magecart – a web-based credit card skimming kit used by various groups to grab ahold of online shoppers credit cards.  Interesting?  You bet!  On this episode of the Purple Squad Security podcast I have Yonathan Klijnsma, Head Researcher at RiskIQ, joining me to discuss their research on Magecart. Some links of interest: Inside Magecart Report – https://cdn.riskiq.com/wp-content/uploads/2018/11/RiskIQ-Flashpoint-Inside-MageCart-Report.pdf Ticketmaster breach – https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/ British Airways breach – https://www.riskiq.com/blog/labs/magecart-british-airways-breach/ Newegg breach – https://www.riskiq.com/blog/labs/magecart-newegg/ Vision Direct with admin skimming – https://www.riskiq.com/blog/labs/magecart-vision-direct/ Other Magecart Articles – https://www.riskiq.com/blog/category/magecart/ RiskIQ Website – https://www.riskiq.com/ Krebs on Security Skimming Article – https://krebsonsecurity.com/all-about-skimmers/ Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Welcome to 2019!  John goes solo in this episode and talks about his personal goals for 2019, plus some updates for the show that should make things a bit more structured and hopefully more interesting for the listeners. Some links of interest: EliteSec Website: https://elitesec.io/ Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Continuing our storytime theme for the holidays, on this week’s show we have a special guest, Jayson E. Street!  For those who follow Jayson online, his hacker adventures bring him to all sorts of interesting places.  Jayson shares a story of one of those places, in which he robs the wrong bank.  Some of you may know this story, but he also provides us with an epilogue to this story that few have heard!  Thanks Jayson! Some links of interest: Jayson’s Website: http://jaysonestreet.com/ Jayson’s Twitter: @jaysonstreet Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Hey everyone, this is a re-release of episode 45 with Tinker, but this one is WITHOUT the background music.  I hope this makes up for the snafu in an otherwise great interview! Happy December everyone!  Whatever holiday you may be celebrating this season, may it be enjoyable.  I’ve decided for the month of December to treat myself, by having a bunch of people I hold in high regard to join me in sharing of their tales, similar to the fireside chats I’ve had in the past.  We have no set agenda, we have no set time, but we do plan on sharing some fun stories that hopefully you will enjoy. So consider this a holiday gift my dear listener, and I hope you find it as enjoyable as I do. This episode we are going to have a man whom I honestly believe should write as many books as possible, and provide audiobook versions as well, the one and only Tinker! Some links of interest: Tinker’s Website: https://www.tinker.sh/ Dallas Hackers – https://dallashackers.com/ Popular Mechanics Article – https://www.popularmechanics.com/technology/a24676415/dallas-hackers/ Tinker’s Twitter: @tinkersec Tinker’s Mastodon – @tinker Infosec Mastodon – https://infosec.exchange/auth/sign_up Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.