Purple Squad Security

Happy December everyone!  Whatever holiday you may be celebrating this season, may it be enjoyable.  I’ve decided for the month of December to treat myself, by having a bunch of people I hold in high regard to join me in sharing of their tales, similar to the fireside chats I’ve had in the past.  We have no set agenda, we have no set time, but we do plan on sharing some fun stories that hopefully you will enjoy. So consider this a holiday gift my dear listener, and I hope you find it as enjoyable as I do. This episode we are going to have a man whom I honestly believe should write as many books as possible, and provide audiobook versions as well, the one and only Tinker! Some links of interest: Tinker’s Website: https://www.tinker.sh/ Dallas Hackers – https://dallashackers.com/ Popular Mechanics Article – https://www.popularmechanics.com/technology/a24676415/dallas-hackers/ Tinker’s Twitter: @tinkersec Tinker’s Mastodon – @tinker Infosec Mastodon – https://infosec.exchange/auth/sign_up Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

So, a very popular season is coming up shortly.  I’m not talking about Thanksgiving (for my US listeners) and I’m not talking about Christmas for my Christian listeners.  No, I’m talking about the season that all good little hackers look forward to – the time when the SANS Holiday Hack Challenge is released! This is probably one of the most ambitious CTFs I have ever known about, and I am lucky enough to get one of the main drivers behind it to join me for today’s episode!  Ed Skoudis joins me to talk all about the SANS Holiday Hack Challenge, what it is, what goes into it, and why you should give it a try. Some links of interest: KringleCon: https://kringlecon.com/ Holiday Hack Challenge Website: https://www.holidayhackchallenge.com/2018/ Ed;s Twitter: @edskoudis Infosec Mastodon – https://infosec.exchange/auth/sign_up Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you’re on.  For some, it’s a thing of pride, and hopefully a monetary reward!  For others, it’s a punch to the gut, fear inducing, “Oh crap!” moment because someone has shown you a flaw you weren’t aware of. But what if the disclosure isn’t actually a valid vulnerability? That’s the topic for this episode discussion, and thankfully I have someone who knows about exactly that!  Tanya Janca joins me to discuss when a vulnerability is not a vulnerability! Some links of interest: When is a vulnerability not a vulnerability?- https://medium.com/microsoftazure/when-is-a-vulnerability-not-a-vulnerability-41ff9c880adf Microsoft bug bounty: https://www.microsoft.com/en-us/msrc/bounty Cyber ladies: Twitter: @Cyber_ladies Meetup: https://www.meetup.com/find/events/?allMeetups=false&keywords=cyber+ladies&radius=Infinity Devslop show: Live Sundays at 1:00 pm EDT https://aka.ms/DevSlop-Mixer Recorded episodes: https://aka.ms/DevSlopShow Blog: https://medium.com/@shehackspurple Open bug bounty: https://www.openbugbounty.org Twitter: @shehackspurple Infosec Mastodon – https://infosec.exchange/auth/sign_up Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Defending is hard.  The adage of “an attacker only has to be right once” is a bit played out, but it does have a hint of truth in that trying to defend everything is a monumental task.  Defenders are often short on budgets, short on time, and short on patience for silly sayings like these. This week I’m happy to have Patrick Kelley on to talk about some very interesting work he has done on coming up with defensive techniques for freight trains using a Raspberry Pi!  If you want to hear about unique ways to defend unique environments, you will not want to miss this episode. Some links of interest: Bro: https://www.bro.org/ Suricata: https://suricata-ids.org/ Critical Path Security GitHub: https://github.com/CriticalPathSecurity Patrick’s Twitter: @pkelley2600 Patrick’s LinkedIn: https://www.linkedin.com/in/pmkelley/ Infosec Mastodon – https://infosec.exchange/auth/sign_up Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.  

October is Cyber Security Awareness Month, and with that who better to help share some ideas on how to give back to the community than our own InfoSecSherpa!  Tracy Maleeff joins me to talk about Cyber Security Awareness Month, #ginfosec and #inforum.  This will be one of the most relaxed Infosec podcasts you’ll hear this year…. Some links of interest: GetCyberSafe (Canada) – https://www.getcybersafe.gc.ca/cnt/rsrcs/csam/thms-en.aspx StaySafeOnline (US) – https://staysafeonline.org/ncsam/themes/ Tracy’s Twitter – https://twitter.com/InfoSecSherpa Infosec Mastodon – https://infosec.exchange/auth/sign_up Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

It’s that time again!  With milestone episode 40, we have another Tabletop D&D episode for you to enjoy!  This time around we are joined by a few members of the Rally Security podcast to face some scenarios and see how they fare.  Let’s just say this was a rather impressive episode for a number of reasons. Some links of interest: Rally Security Homepage – http://rallysecurity.com/ Rally Security Twitch – https://www.twitch.tv/rallysecurity Rally Security Twitter – https://twitter.com/RallySecurity Ben’s Twitter – https://twitter.com/benheise Jake’s Twitter – https://twitter.com/MalwareJake AJediDay’s Twitter – https://twitter.com/Ajediday Tony’s Twitter – https://twitter.com/da_667 Cubicles and Consequences – https://www.blackhillsinfosec.com/dungeons-dragons-meet-cubicles-compromises/ Infosec Mastodon – https://infosec.exchange/auth/sign_up Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Over the past few months, John has been working on obtaining his OSCP certification.  Recently he attempted and successfully passed the exam!  In this episode he goes over his journey, what he learned as well as a few tips to help those attempting this rather difficult certification. Some links of interest: Penetration Testing – A Hands On Introduction to Hacking – https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641 Web Application Hacker’s Handbook 2nd Edition – https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 OSCP Prep: https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob https://github.com/burntmybagel/OSCP-Prep http://niiconsulting.com/checkmate/2017/06/a-detail-guide-on-oscp-preparation-from-newbie-to-oscp/ https://medium.com/@andr3w_hilton/oscp-training-vms-hosted-on-vulnhub-com-22fa061bf6a1 https://tulpa-security.com/2016/09/19/prep-guide-for-offsecs-pwk/ VulnHub – https://www.vulnhub.com/ HackTheBox – https://www.hackthebox.eu/ Infosec Mastodon – https://infosec.exchange/auth/sign_up Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere John’s Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon – https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

The cyber kill chain.  For some, it’s a nice framework to help build your defenses and help during an incident.  For others, it is an over hyped and rigid list that no real attacker follows anymore.  However you view the cyber kill chain, it is a strong pillar within Infosec, especially when it comes to defending your network.  Amanda Berlin joins me today to talk about the cyber kill chain, what it is and how to disrupt attacks using it! Some links of interest: Amanda’s Disrupting The Kill Chain Training –  https://www.youtube.com/playlist?list=PL-giMT7sGCVKIWHVZ-N4A_eJhu6BzH4WM Amanda’s Cyber Kill Chain Implementation Spreadsheet – https://docs.google.com/spreadsheets/d/1J0swcA1Phb4mh-Pj8eR9ZEAIm5GEtz0UklP9YhVUbEY/edit#gid=0 Official Cyber Kill Chain Site – https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html SANS Suspicious Domains Lists – https://isc.sans.edu/suspicious_domains.html HaveIBeenPwned.com – https://haveibeenpwned.com Brakeing Down Security Podcast – https://www.brakeingsecurity.com/ Amanda’s Twitter – https://twitter.com/InfoSystir Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

“Living off the land” is a term well understood by both offensive and defensive teams.  For offensive teams, it’s meant by using the technologies already present on the system, such as Powershell, Python, and even Perl for those who like a challenge (or are facing an older Unix system).  On the defensive side, enhanced logging and locked down configurations are put in place to detect and prevent the use of these tools by malicious actors to either catch or prevent these actors from doing harm. Nathan Kirk (@sekirkity) joins me this week to talk about the concept behind “Bring Your Own Land”. Some links of interest: BYOL Article – https://www.fireeye.com/blog/threat-research/2018/06/bring-your-own-land-novel-red-teaming-technique.html SpecterOps – https://specterops.io/ Ghostpack – https://www.harmj0y.net/blog/redteaming/ghostpack/ SharpView – https://github.com/tevora-threat/SharpView Nathan’s Twitter – https://twitter.com/sekirkity Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Capture The Flag games, or CTFs, are a popular way for infosec pros to brush up on the offensive skills.  From VulnHub to HackTheBox, there are a few different ways to quote “get your hack on”!  Derek Rook (@_r00k_) joins me today to talk about CTFs and how they can assist in your Infosec journey, regardless of your role. Some links of interest: Derek’s YouTube Channel – https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA Derek’s Twitch Stream – https://www.twitch.tv/r00k_infosec ippsec’s YouTube Channel – https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA LiveOverflow YouTube Channel – https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w Mub1x’s Twitch Stream – https://www.twitch.tv/mub1x CCDC (US) – http://www.nationalccdc.org/ CCDC (Canada) – https://www.cyberdefencechallenge.ca/ SANS Holiday Hack Challenge – https://holidayhackchallenge.com/past-challenges/ Open2All CTF team – https://www.reddit.com/r/OpenToAllCTFteam/ CTF Time – https://ctftime.org/ Derek’s Twitter – https://twitter.com/_r00k_ Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

From jails to virtual machines, process isolation is the “holy grail” of security.  Lately, containers have been the go-to for modern organizations in order to scale and implement things like microservices.  Jay Beale of InGuardians fame joins me to talk all about container security! Some links of interest: Securing Applications with Linux Containers (Webinar by Jay Beale) Docker security – Using containers safely in production (Article by Adrian Mouat) Clair (Container Scanner) – https://github.com/coreos/clair InGuardians Website – https://www.inguardians.com/ InGuardians Blog – https://www.inguardians.com/labs/ InGuardians Twitter – https://twitter.com/inguardians Jay’s Twitter – https://twitter.com/jaybeale Jess Frazelle’s Twitter – https://twitter.com/jessfraz Want to reach out to the show?  There’s a few ways to get in touch! Purple Squad Security’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Living off the land is pretty standard fare for pen testers.  On Linux systems, the go-to is usually Python, but on Windows it’s all about Powershell.  This week I’m fortunate enough to sit down with Mick Douglas to talk all things Powershell! Some links of interest: Powercat – https://github.com/besimorhino/powercat Mick wants to give a special shout out to Luke Baggett for all the great work he’s done on this project! Kansa – Dave Hall was the original author – https://github.com/davehull/Kansa Mick’s Public Projects – https://github.com/besimorhino?tab=repositories Invoke-IR – https://github.com/Invoke-IR Bye-FePhishia – https://github.com/jcjohnson34/Bye-FePhishia OverworkedAdmin.com – https://overworkedadmin.com/category/scripting-languages/powershell/ Microsoft TechNet Blog – “Hey Scripting Guy!” – https://blogs.technet.microsoft.com/heyscriptingguy/ InfosecInovations.com – https://www.infosecinnovations.com/ Powershell Basics –  https://www.darkoperator.com/powershellbasics/ Powershell Cheatsheet – https://github.com/PrateekKumarSingh/CheatSheets/tree/master/Powershell Want to reach out to the show?  There’s a few ways to get in touch! Show’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

In this episode John goes at it alone and discusses his own experiences with starting up a security program at different organizations by focusing in on what he views are the 3 key pillars for a new security program. Some links of interest: CIS Critical Security Controls – https://www.cisecurity.org/controls/ Malware Archeology – Logging Cheat Sheets – https://www.malwarearchaeology.com/cheat-sheets/ Linux Security Incident Log Review Checklist – https://zeltser.com/security-incident-log-review-checklist/ SANS Log Management In-Depth – https://www.sans.org/brochure/course/log-management-in-depth/6 OWASP Logging Cheat Sheet – https://www.owasp.org/index.php/Logging_Cheat_Sheet Defensive Security Handbook – http://shop.oreilly.com/product/0636920051671.do Want to reach out to the show?  There’s a few ways to get in touch! Show’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

Continuing on with my fireside chat series, where I bring on a guest to just have a casual chat and see where the conversation takes us, my guest this time is Deviant Ollam.  Well known for his work with TOOOL and the locksport community, we take a different path and talk about physical penetration testing as well as hear some great stories from the road. Some links of interest: Deviant’s Twitter: @deviantollam The CORE Group: https://enterthecore.net/ And for fun: Check Box Secure: http://www.checkboxsecure.com/ Want to reach out to the show?  There’s a few ways to get in touch! Show’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.

The penetration test, or pen test as it’s commonly referred to, is one of the great necessary evils in Infosec today.  My guest for this episode is Adrian Sanabria, who has an interesting thought – let’s kill the pen test!  Adrian has been in the industry for quite some time in quite a variety of roles, so he has some great experience and insights to share.  Let’s see what his replacement for a pen test entitles! Some links of interest: Adrian’s Twitter: @sawaba Savage Security: https://www.savagesec.com/ BSides Knoxville: https://bsidesknoxville.com/ Penetration Testing Execution Standard (PTES): http://www.pentest-standard.org/index.php/Main_Page Want to reach out to the show?  There’s a few ways to get in touch! Show’s Twitter: @PurpleSquadSec John’s Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time.