Purple Squad Security

Chris Foulon stops by for a fireside chat to talk about breaking into Infosec.  For those unfamiliar with the fireside chat series, this is where we come in with a topic but no other real agenda.  It's a casual conversation where I just have a casual conversation with my guest, similar to what would happen in hallway con.  I hope you enjoy! Some links of interest: Chris' LinkedIn: https://www.linkedin.com/in/christophefoulon/ Chris' Twitter: @chris_foulon We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

It's that time again!  Yes, another Tabletop D&D episode is upon us!  This time I asked Timothy de Block from the Exploring Information Security podcast to join me, along with a few interesting characters.  Let's just say this particular episode is not for the faint of heart, and we have a few swears thrown in to keep with the atmosphere.  Enjoy! Some links of interest: Exploring Information Security Podcast: https://www.timothydeblock.com/eis/ Tactical Edge: https://tacticaledge.co/index_en.html Tactical Edge Twitter: @Tactical3dge Kyle's Twitter: @chaoticflaws Ed's Twitter: @edgarr0jas Daniel's Twitter: @notdanielebbutt Tim's Twitter: @timothydeblock Tabletop Scenarios Twitter: @badthingsdaily We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

What is a red team?  How does it differ from a penetration tester's day-to-day?  How do red teams stay sharp?  How do they stay motivated?  These are a few of the questions I seek to have answered by Curtis Brazzell, a managing Security Consultant at Pondurance.  It's a great interview and sheds light on the difference between red teaming and penetration testing. Some links of interest: Curtis' Twitter: https://twitter.com/CurtBraz Curtis' LinkedIn Profile: https://www.linkedin.com/in/curtisbrazzell/ Pondurance Website - https://www.pondurance.com/ We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Magecart - a web-based credit card skimming kit used by various groups to grab ahold of online shoppers credit cards.  Interesting?  You bet!  On this episode of the Purple Squad Security podcast I have Yonathan Klijnsma, Head Researcher at RiskIQ, joining me to discuss their research on Magecart. Some links of interest: Inside Magecart Report - https://cdn.riskiq.com/wp-content/uploads/2018/11/RiskIQ-Flashpoint-Inside-MageCart-Report.pdf Ticketmaster breach - https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/ British Airways breach - https://www.riskiq.com/blog/labs/magecart-british-airways-breach/ Newegg breach - https://www.riskiq.com/blog/labs/magecart-newegg/ Vision Direct with admin skimming - https://www.riskiq.com/blog/labs/magecart-vision-direct/ Other Magecart Articles - https://www.riskiq.com/blog/category/magecart/ RiskIQ Website - https://www.riskiq.com/ Krebs on Security Skimming Article - https://krebsonsecurity.com/all-about-skimmers/ Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Welcome to 2019!  John goes solo in this episode and talks about his personal goals for 2019, plus some updates for the show that should make things a bit more structured and hopefully more interesting for the listeners. Some links of interest: EliteSec Website: https://elitesec.io/ Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Continuing our storytime theme for the holidays, on this week's show we have a special guest, Jayson E. Street!  For those who follow Jayson online, his hacker adventures bring him to all sorts of interesting places.  Jayson shares a story of one of those places, in which he robs the wrong bank.  Some of you may know this story, but he also provides us with an epilogue to this story that few have heard!  Thanks Jayson! Some links of interest: Jayson's Website: http://jaysonestreet.com/ Jayson's Twitter: @jaysonstreet Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Hey everyone, this is a re-release of episode 45 with Tinker, but this one is WITHOUT the background music.  I hope this makes up for the snafu in an otherwise great interview! Happy December everyone!  Whatever holiday you may be celebrating this season, may it be enjoyable.  I've decided for the month of December to treat myself, by having a bunch of people I hold in high regard to join me in sharing of their tales, similar to the fireside chats I've had in the past.  We have no set agenda, we have no set time, but we do plan on sharing some fun stories that hopefully you will enjoy. So consider this a holiday gift my dear listener, and I hope you find it as enjoyable as I do. This episode we are going to have a man whom I honestly believe should write as many books as possible, and provide audiobook versions as well, the one and only Tinker! Some links of interest: Tinker's Website: https://www.tinker.sh/ Dallas Hackers - https://dallashackers.com/ Popular Mechanics Article - https://www.popularmechanics.com/technology/a24676415/dallas-hackers/ Tinker's Twitter: @tinkersec Tinker's Mastodon - @tinker Infosec Mastodon - https://infosec.exchange/auth/sign_up Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

So, a very popular season is coming up shortly.  I'm not talking about Thanksgiving (for my US listeners) and I'm not talking about Christmas for my Christian listeners.  No, I'm talking about the season that all good little hackers look forward to - the time when the SANS Holiday Hack Challenge is released! This is probably one of the most ambitious CTFs I have ever known about, and I am lucky enough to get one of the main drivers behind it to join me for today's episode!  Ed Skoudis joins me to talk all about the SANS Holiday Hack Challenge, what it is, what goes into it, and why you should give it a try. Some links of interest: KringleCon: https://kringlecon.com/ Holiday Hack Challenge Website: https://www.holidayhackchallenge.com/2018/ Ed's Twitter: @edskoudis Infosec Mastodon - https://infosec.exchange/auth/sign_up Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening! And as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you're on.  For some, it's a thing of pride, and hopefully a monetary reward!  For others, it's a punch to the gut, fear inducing, "Oh crap!" moment because someone has shown you a flaw you weren't aware of. But what if the disclosure isn't actually a valid vulnerability? That's the topic for this episode discussion, and thankfully I have someone who knows about exactly that!  Tanya Janca joins me to discuss when a vulnerability is not a vulnerability! Some links of interest: When is a vulnerability not a vulnerability?- https://medium.com/microsoftazure/when-is-a-vulnerability-not-a-vulnerability-41ff9c880adf Microsoft bug bounty: https://www.microsoft.com/en-us/msrc/bounty Cyber ladies: Twitter: @Cyber_ladies Meetup: https://www.meetup.com/find/events/?allMeetups=false&keywords=cyber+ladies&radius=Infinity Devslop show: Live Sundays at 1:00 pm EDT https://aka.ms/DevSlop-Mixer Recorded episodes: https://aka.ms/DevSlopShow Blog: https://medium.com/@shehackspurple Open bug bounty: https://www.openbugbounty.org Twitter: @shehackspurple Infosec Mastodon - https://infosec.exchange/auth/sign_up Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Defending is hard.  The adage of "an attacker only has to be right once" is a bit played out, but it does have a hint of truth in that trying to defend everything is a monumental task.  Defenders are often short on budgets, short on time, and short on patience for silly sayings like these. This week I'm happy to have Patrick Kelley on to talk about some very interesting work he has done on coming up with defensive techniques for freight trains using a Raspberry Pi!  If you want to hear about unique ways to defend unique environments, you will not want to miss this episode. Some links of interest: Bro: https://www.bro.org/ Suricata: https://suricata-ids.org/ Critical Path Security GitHub: https://github.com/CriticalPathSecurity Patrick's Twitter: @pkelley2600 Patrick's LinkedIn: https://www.linkedin.com/in/pmkelley/ Infosec Mastodon - https://infosec.exchange/auth/sign_up Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com