Folgen

  • Episode Notes

    Here's the first episode of my new podcast, EliteCast! This is intended to be a less technical podcast aimed at business leaders and decision-makers to help explain the importance of information security (or cybersecurity as it's normally called by the target audience). I'm a bit rusty, but I'll get there. Apparently, a 9-month hiatus does that to a man.

    I hope you enjoy it and you choose to subscribe. It should be live on the usual podcast sites, but if you want the RSS link, check out:

    https://pinecast.com/feed/elitecast

    Thanks, and take care!

    EliteSec's Website: https://elitesec.ioWant to get in touch? [email protected]

    Find out more at http://purplesquadsec.com

  • Heath "The Cyber Mentor" Adams stops by to have a nice casual chat about how he got into infosec, what he's currently working on, and how he's giving back to the community in a rather novel way. Definitely someone I respect as a great up-and-comer in the industry, this was a fantastic discussion for sure.

    Some links of interest:

    Website - https://www.thecybermentor.com/Company - https://tcm-sec.com/Discord - https://discord.gg/REfpPJBTwitter - https://twitter.com/thecybermentorYouTube - https://www.youtube.com/c/thecybermentorTwitch - https://www.twitch.tv/thecybermentorUdemy - https://www.udemy.com/course/practical-ethical-hacking/

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comPodcast Store: https://purplesquadsec.com/storeSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • Fehlende Folgen?

    Hier klicken, um den Feed zu aktualisieren.

  • Kat Sweet (@TheSweetKat) sits down to chat about incident response and security operations, all while sipping tea with me.

    Some links of interest:

    Kat's Twitter - @TheSweetKatKat's Blog - thesweetkat.com

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comPodcast Store: https://purplesquadsec.com/storeSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • John sits down to talk solo about the show and what's in store for 2020.

    Some links of interest:

    EliteSec Website - https://elitesec.ioEliteSec Twitter - @EliteSec_io

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comPodcast Store: https://purplesquadsec.com/storeSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • Circuit Swan stops by the show to talk all things Diana Initiative. If you're going to Hacker Summer Camp 2020, you may want to consider adding the Diana Initiative to your list of cons to attend.

    Some links of interest:

    Circuit Swan's Twitter: @CircuitSwanDiana Initiative Twitter: @DianaInitiativeWebsite - https://www.dianainitiative.org

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comPodcast Store: https://purplesquadsec.com/storeSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • Snow stops by during the winter months to share with us the true origin of her hacker handle, stories from some physical penetration testing, a quick note on her Kringlecon talk, and so much more! A great way to round out the year!

    Some links of interest:

    Snow's Twitter: @_sn0ww

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comPodcast Store: https://purplesquadsec.com/storeSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • Adrian Cheek stops by the show this week to have a nice fireside chat with me. We talk about passive DNS, which Adrian first introduced to me a few years ago, and then move on to threat hunting. Adrian has a very interesting history and it was a joy to speak with him.

    Some links of interest:

    Adrian's Twitter: @Outkast_TIFarsight Passive DNS - https://www.farsightsecurity.com/solutions/dnsdb/

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comPodcast Store: https://purplesquadsec.com/storeSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • I'm trying a slightly different format for the next few episodes, and I'd appreciate any feedback you may have.

    In this episode I sit down with The Gibson, mayor of hackers.town, to talk about a variety of things from the Fediverse, working with the under-serviced SMB market, old school technologies, and the Infosec community as a whole. We're all over the place, but it's a good thing. Just a nice casual conversation talking about things that interest us.

    Some links of interest:

    Gibson's Mastodon: @[email protected]'s Town: https://hackers.townGibson's Twitter: @gibsonmainframeBlackFire Security: https://blackfiresec.com/

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comPodcast Store: https://purplesquadsec.com/storeSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • I'm trying a slightly different format for the next few episodes, and I'd appreciate any feedback you may have.

    In this episode I sit down with the amazing Tanya Janca for a fireside chat about her new company, Security Sidekick. They seem to have some pretty ambitious goals, and I couldn't think of anyone better to help make those a reality.

    Some links of interest:

    For Tanya:Tanya's Twitter: https://twitter.com/shehackspurpleTanya's Dev.to Profile: https://dev.to/shehackspurpleTanya's Blog: https://medium.com/@shehackspurpleTanya's YouTube Profile: https://www.youtube.com/shehackspurpleTanya's Twitch Channel: https://www.twitch.tv/shehackspurpleTanya's LinkedIn Profile: https://www.linkedin.com/in/tanya-jancaFor Security Sidekick:Website: https://securitysidekick.devTwitter: https://twitter.com/SecSidekick YouTube Channel: https://www.youtube.com/channel/UC3KyuI83jt0l14q8xyffC2A

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comPodcast Store: https://purplesquadsec.com/storeSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • Oh what I treat I have for you today! John Strand, former SANS instructor, long time co-host on Enterprise Security Weekly, Founder of Black Hills Information Security, and a whole lot more has taken time out of his busy schedule to stop by and talk about Backdoors & Breaches, the new IR card game from BHIS. Naturally we talk about more than just the game, but it was all as amazing as I had hoped. I trust you will enjoy listening to this one about as much as I enjoyed recording it.

    Some links of interest:

    Backdoors & Breaches Site - http://backdoorsandbreaches.com/John's Email - john 'at' blackhillsinfosec.comJohn's Twitter - @strandjsBHIS Website - https://www.blackhillsinfosec.comEvents where BHIS will be - https://www.blackhillsinfosec.com/events/

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comPodcast Store: https://purplesquadsec.com/storeSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • It's been long enough, and it's time for Tracy "InfoSecSherpa" to return for another #ginfosec episode! This time around we're going to talk about Empathy as a Service, a talk that she recently did at DerbyCon. Soft skills will get you everywhere, and Tracy has some great advice to share about a topic she's very passionate about.

    Some links of interest:

    Tracy's Talk - https://www.youtube.com/watch?v=KILlp4KMIPATracy's OSINT-y Goodness Blog - medium.com/@InfoSecSherpaTracy's Twitter - https://twitter.com/InfoSecSherpa

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comPodcast Store: https://purplesquadsec.com/storeSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • Ah, I love anniversaries. This is an anniversary episode celebrating 2 years of Purple Squad Security! Just a few personal rants and discussions for those interested in a bit of a behind the scenes view of things here at the show. No guests, just me blathering on about stuff. Enjoy!

    Some links of interest:

    Cyber CityWebsiteTwitterPodcast Store: https://purplesquadsec.com/store

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • The hiatus is over! Welcome back everyone to the latest episode of the Purple Squad Security podcast! In this episode we have Ken Johnson and Seth Law from the Absolute AppSec Podcast joining me for the latest session of Tabletop D&D. Enjoy!

    Some links of interest:

    Absolute AppSecWebsiteTwitterSeth's Twitter Account: @sethlawKen's Twitter Account: @cktricky

    Want to hear about a new Infosec con? If you're in and around the Waterloo region area in October, why not check out Cyber City! This is Waterloo region's premier information security conference. Tickets are on sale now!

    Cyber City Conference: https://www.cybercityconf.io/

    We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:

    https://purplesquadsec.com/store

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSecJohn's Twitter: @JohnsNotHereJohn's Mastodon: https://infosec.exchange/@JohnsNotHerePodcast Website: purplesquadsec.comSign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • Often times in information security, we look upon penetration testing and red teaming with awe and view those professions as the "sexy" side of security. Truth be told, the defensive side has a lot of exciting opportunities as well! Kyle Andrus joins me this week to talk about malware analysis, which I think is definitely one of the sexier sides of defense. Some links of interest:

    Practical Malware Analysis Book - https://nostarch.com/malware

    Cuckoo Sandbox - https://cuckoosandbox.org/

    CyberChef - https://gchq.github.io/CyberChef/

    Leny Zeltser's Blog - https://zeltser.com/blog/

    Journey Into Incident Response - http://journeyintoir.blogspot.com/

    Malware Unicorn's Reverse Engineering Workshop - https://malwareunicorn.org/#/workshops

    MiSec - https://www.misec.us/

    Kyle's Twitter Account: @chaoticflaws

    Want to hear about a new Infosec con? If you're in and around the Waterloo region area in October, why not check out Cyber City! This is Waterloo region's premier information security conference. Tickets are on sale now and the CFP is open until July 31st, 2019. Don't wait, and come participate today!

    Cyber City Conference: https://www.cybercityconf.io/

    Cyber City Conference CFP: https://www.papercall.io/cybercityconf

    We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:

    https://purplesquadsec.com/store

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSec

    John's Twitter: @JohnsNotHere

    John's Mastodon: https://infosec.exchange/@JohnsNotHere

    Podcast Website: purplesquadsec.com

    Patreon - https://www.patreon.com/purplesquadsec

    Sign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • There were more than a few of you who were anxiously awaiting his return, and he's back! Tinker joins me once again to share some stories from his adventures in hackerland. In addition, I have given Tinker free reign to speak as he chooses, and naturally I participate as well. Fair warning, this is not safe for work or sensitive ears. I do ask that you try not to be offended, as his stories and reflections on those events makes for one excellent episode.

    Some links of interest:

    Tinker's Fediverse Account: @[email protected]

    Tinker's Twitter Account: @TinkerSec

    Tinker's Blog: https://tinker.sh

    SecLists: https://github.com/danielmiessler/SecLists

    Cyber City Conference: https://www.cybercityconf.io/

    Cyber City Conference CFP: https://www.papercall.io/cybercityconf

    We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:

    https://purplesquadsec.com/store

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSec

    John's Twitter: @JohnsNotHere

    John's Mastodon: https://infosec.exchange/@JohnsNotHere

    Podcast Website: purplesquadsec.com

    Patreon - https://www.patreon.com/purplesquadsec

    Sign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • A few weeks ago, Sam King on Twitter mentioned me in a tweet that included a link to a Medium post, but not just any Medium post. Tim MalcomVetter had posted up an "Choose Your Own Red Team Adventure", which I thought was just amazing! I used to read a lot of choose your own adventure books as a kid, so I was naturally excited! For this episode, I will be going through the story the first time, reading aloud as I try my hand at red teaming against a customer. I hope you enjoy!

    Some links of interest:

    Choose Your Own Red Team Adventure - https://medium.com/@malcomvetter/choose-your-own-red-team-adventure-f87d6a3b0b76

    Tim MalcomVetter's Twitter - @malcomvetter

    We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:

    https://purplesquadsec.com/store

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSec

    John's Twitter: @JohnsNotHere

    John's Mastodon: https://infosec.exchange/@JohnsNotHere

    Podcast Website: purplesquadsec.com

    Patreon - https://www.patreon.com/purplesquadsec

    Sign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • CORRECTION: Early in this episode I mentioned that Amazon would ask for your email password when signing up for a new account. I meant to say Facebook, not Amazon. The practice has since been discontinued, but I wanted to make it clear that this was a Facebook practice, not Amazon. Amazon has not, to the best of my knowledge, ever done something like this. Sorry for the mixup.

    For most security professionals, we view the CIA triad as our grail. No, not the US government agency that works around the world doing a lot of questionable things, but rather the more tame version of Confidentiality, Integrity, and Availability. For today's episode, Matt Beland joins me to explain privacy and how it's not all about Confidentiality as I, and I'm sure a few of you, may have thought.

    Some links of interest:

    Smooth Sailing Solutions: smoothsailingsolutions.com

    Matt's Twitter: @Beland_Matt

    International Association of Privacy Professionals: https://iapp.org

    CIPP / CIPM / CIPT Certifications: https://iapp.org/certify/programs/

    Ethical Data and Information Management: Concepts, Tools and Methods: https://www.amazon.com/Ethical-Data-Information-Management-Concepts/dp/0749482044

    We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:

    https://purplesquadsec.com/store

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSec

    John's Twitter: @JohnsNotHere

    John's Mastodon: https://infosec.exchange/@JohnsNotHere

    Podcast Website: purplesquadsec.com

    Patreon - https://www.patreon.com/purplesquadsec

    Sign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • Tribe of Hackers is a recently released book by Marcus Carey and Jennifer Jin that is a collection of stories from member of our community, or tribe as Marcus describes it. This was a great and insightful interview, and definitely one you will want to listen to if you haven't read the book yet. Some links of interest:

    Tribe of Hackers: https://www.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189/

    Tribe of Mentors (inspiration for Tribe of Hackers): https://www.amazon.com/Tribe-Mentors-Short-Advice-World/dp/1328994961/

    The 4 Agreements - https://www.amazon.com/Four-Agreements-Practical-Personal-Freedom/dp/1878424319/

    Marcus's Twitter: @marcusjcarey

    Jennifer Jin's Twitter: @jen_jin

    Tribe of Hackers Twitter: @TribeOfHackers

    Tribe of Hackers Summit - May 2, 2019: https://www.eventbrite.com/e/tribe-of-hackers-summit-registration-59074697009

    We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:

    https://purplesquadsec.com/store

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSec

    John's Twitter: @JohnsNotHere

    John's Mastodon: https://infosec.exchange/@JohnsNotHere

    Podcast Website: purplesquadsec.com

    Patreon - https://www.patreon.com/purplesquadsec

    Sign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • Once again I am pleased to share a #ginfosec episode with the woman who helps guide others through the mountains of infosec, Tracy InfoSecSherpa Maleeff! In this extended episode Tracy and I speak about conferences from the attendee point of view; what to expect, what to bring, how to go, and what you should aim to get from the con. Enjoy! Some links of interest:

    Tracy's Twitter: @InfoSecSherpa

    Sign up for Tracy's Nuzzle Newsletter: https://nuzzel.com/InfoSecSherpa

    Study on different note taking techniques: https://www.scientificamerican.com/article/a-learning-secret-don-t-take-notes-with-a-laptop/

    Tracy's Unusual Journey into Infosec: https://www.secjuice.com/infosecsherpa-unusual-journeys/

    Tracy's Talk at BSides NoVa - Networking with Humans: https://www.youtube.com/watch?v=bbfyXTZCVC0

    We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:

    https://purplesquadsec.com/store

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSec

    John's Twitter: @JohnsNotHere

    John's Mastodon: https://infosec.exchange/@JohnsNotHere

    Podcast Website: purplesquadsec.com

    Patreon - https://www.patreon.com/purplesquadsec

    Sign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com

  • This week John goes solo and decides to talk about a recent threat he spun up about on Twitter, naming himself as a generalist within Information Security and discussing what that means to him. Some links of interest:

    John's Twitter Thread

    We have a new store! Come check out the various Purple Squad Security goods you can buy to share your following and help the show. From stickers to mugs, we have a few items up for sale:

    https://purplesquadsec.com/store

    Want to reach out to the show? There's a few ways to get in touch!

    Purple Squad Security's Twitter: @PurpleSquadSec

    John's Twitter: @JohnsNotHere

    John's Mastodon: https://infosec.exchange/@JohnsNotHere

    Podcast Website: purplesquadsec.com

    Patreon - https://www.patreon.com/purplesquadsec

    Sign-Up for our Slack community: https://signup.purplesquadsec.com

    Thanks for listening, and as always, I will talk with you all again next time.

    Find out more at http://purplesquadsec.com