Saturday, November 17, 2018
Purple Squad Security

Episode 43 – Not all vulnerabilities are created equal with Tanya Janca

Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you’re on.  For some, it’s a thing of pride, and hopefully a monetary reward! ...
Purple Squad Security

Episode 42 – CyberZoology with Patrick Kelley

Defending is hard.  The adage of “an attacker only has to be right once” is a bit played out, but it does have a hint of truth in that trying to defend everything is a monumental task.  Defenders are...
Purple Squad Security

Episode 41 – Cyber Security Awareness Month with Tracy Maleeff

October is Cyber Security Awareness Month, and with that who better to help share some ideas on how to give back to the community than our own InfoSecSherpa!  Tracy Maleeff joins me to talk about Cyber Security Awareness Month,...
Purple Squad Security

Episode 40 – Tabletop D&D With Rally Security

It’s that time again!  With milestone episode 40, we have another Tabletop D&D episode for you to enjoy!  This time around we are joined by a few members of the Rally Security podcast to face some scenarios and see...
Purple Squad Security

Episode 39 – John’s OSCP Journey

Over the past few months, John has been working on obtaining his OSCP certification.  Recently he attempted and successfully passed the exam!  In this episode he goes over his journey, what he learned as well as a...
Purple Squad Security

Episode 38 – Discussing the Cyber Kill Chain with Amanda Berlin

The cyber kill chain.  For some, it’s a nice framework to help build your defenses and help during an incident.  For others, it is an over hyped and rigid list that no real attacker follows anymore.  However you view the cyber...

Episode 37 – Bring Your Own Land with Nathan Kirk

“Living off the land” is a term well understood by both offensive and defensive teams.  For offensive teams, it’s meant by using the technologies already present on the system, such as Powershell, Python, and even Perl for those who like...

Episode 36 – The Joy of CTFs with Derek Rook

Capture The Flag games, or CTFs, are a popular way for infosec pros to brush up on the offensive skills.  From VulnHub to HackTheBox, there are a few different ways to quote “get your hack on”!  Derek Rook (@_r00k_) joins...

Episode 35 – Container Security with Jay Beale

From jails to virtual machines, process isolation is the “holy grail” of security.  Lately, containers have been the go-to for modern organizations in order to scale and implement things like microservices.  Jay Beale of InGuardians fame joins me to...

Episode 34 – Exploring Powershell with Mick Douglas

Living off the land is pretty standard fare for pen testers.  On Linux systems, the go-to is usually Python, but on Windows it’s all about Powershell.  This week I’m fortunate enough to sit down with Mick Douglas to talk...

Episode 33 – 3 Pillars for Starting a Security Program

In this episode John goes at it alone and discusses his own experiences with starting up a security program at different organizations by focusing in on what he views are the 3 key pillars for a new security program. Some...

Episode 32 – Fireside Chat with Deviant Ollam

Continuing on with my fireside chat series, where I bring on a guest to just have a casual chat and see where the conversation takes us, my guest this time is Deviant Ollam.  Well known for his work with...

Episode 31 – Killing the Pen Test with Adrian Sanabria

The penetration test, or pen test as it’s commonly referred to, is one of the great necessary evils in Infosec today.  My guest for this episode is Adrian Sanabria, who has an interesting thought – let’s kill the pen...

Episode 30 – Infosec D&D Tabletop with Jerry Bell and Andrew Kalat from Defensive Security

It’s that time again!  We’re doing another Infosec tabletop in a D&D style, this time with the fine gentlemen from the Defensive Security podcast!  Jerry and Andrew join me for another infosec tabletop with all new scenarios, pitfalls, and...

Episode 29 – The Importance of Community in Infosec w/ Cheryl “3ncr1pt3d” Biswas

The idea of “community” is an important one, especially if you talk about a group of people who want to help improve their skills by sharing their ideas, experiences, etc, with like minded individuals.  The Infosec community is no...
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.