Purple Squad Security

Certifications.  We either love them or hate them, but we cannot deny that they are needed.  Either to prove a set of skills, prove the ability to memorize facts and take tests, or to prove that our egos are bigger than our peers, there are lots of opinions on certifications. This week Kim Crawley joins me to talk about a recent article she has written for Cylance, Security Certifications You Should Consider Getting.  We discuss what certifications are good for, our opinions on them, HR managers, and where you can find resources to help you study. Some links of interest: Security Certifications You Should Consider Getting: https://www.cylance.com/en_us/blog/security-certifications-you-should-consider-getting.html Kim's Twitter: @kim_crawley Cybrary: https://www.cybrary.it/ O'Reilly Safari Books Online: https://www.safaribooksonline.com/ Want to reach out to the show?  There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you all again next time. Find out more at http://purplesquadsec.com

As security professionals, we often try to keep our skills sharp.  We normally do this by going to training, reading books, or participating in CTFs.  There are Webgoat and Juice Shop from OWASP; sites like HackTheBox, OverTheWire, and SmashTheStack which are often mentioned when people are looking for websites to practice on. This week I speak with Dr. Z. Cliffe Schreuders about the Security Scenario Generator, a rather ambitious project that may scratch that vulnerable VM itch you've had for a while. Some links of interest: Security Scenario Generator: https://github.com/cliffe/SecGen Dr. Z. Cliffe Schreuders' Website: http://z.cliffe.schreuders.org/ Dr. Z. Cliffe Schreuders' YouTube Channel: https://www.youtube.com/channel/UCAYF5jJkUBcmn1cor50yDOg Want to reach out to the show?  There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you again next time! Find out more at http://purplesquadsec.com

Penetration testing.  If you're in the information security field, you have run into your fair share of them.  Now there seems to be a trend with penetration testing moving to a crowdsourcing model.  This week I speak with Jason Haddix of Bugcrowd to explore why that is, what's the draw and how are companies like Bugcrowd helping build the infosec community. Some links of interest: Bugcrowd: https://www.bugcrowd.com/ HackerOne: https://www.hackerone.com/ HackTheBox: https://www.hackthebox.eu/ Bugcrowd Report: The 2017 State of Bug Bounty Bugcrowd's Twitter: https://twitter.com/Bugcrowd Want to reach out to the show?  There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you again next time! Find out more at http://purplesquadsec.com

The old saying of a defender has to be right 100% of the time while an attacker only has to be right once is growing a bit tired.  Now blue team members should be measured not by keeping the attackers out, but by how quickly they can find out that they're on your network. Scott Piper joins me this week to discuss how we can detect intruders in your AWS cloud infrastructure.  We cover a lot of different tools and techniques that you can use to help detect intruders, and some mitigation strategies to help reduce the risk when an attack is successful. Some links of interest: ElastAlert: https://github.com/Yelp/elastalert StreamAlert: https://github.com/airbnb/streamalert Prowler: https://github.com/Alfresco/prowler Security Monkey: https://github.com/Netflix/security_monkey AWS Billing Alerts: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-alarms.html jq (for JSON parsing on the CLI): https://stedolan.github.io/jq/ Summit Route: https://summitroute.com/ Downclimb: https://summitroute.com/blog/ Scott's Twitter: @SummitRoute Want to reach out to the show?  There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you again next time! Find out more at http://purplesquadsec.com

The cloud.  The final frontier.  Well, not exactly but it is a pretty important topic in today's IT environment.  Unfortunately 2017 has been the year of leaks, hacks, and misconfigurations when it comes to the cloud.  Amazon Web Services (AWS) is the cloud provider with the most market share, but its security configuration can leave a bit to be desired. J Cole Morrison joins me this week to discuss IAM policies in AWS, what they are and why they are important.  Cole has written about IAM policies on his blog (link below), which I encourage everyone to read. Some links of interest: Cole's IAM Blog Article: AWS IAM Policies in a Nutshell Cole's Website: https://start.jcolemorrison.com/ Cole's Twitter: @JColeMorrison AWS DevOps: https://awsdevops.io/ Want to reach out to the show?  There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Website: purplesquadsec.com Slack Sign-Up Link: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you again next time! Find out more at http://purplesquadsec.com

Linux is often the operating system of choice for server deployments due to its stability and security posturing, right out of the box.  Unfortunately not everything is "production ready" right after an install.  Throughout the internet, there are a lot of Linux hardening and security guides on the internet but most are outdated and provide instructions that are no longer applicable. Kyle Rankin joins me this week to discuss his latest book, Linux Hardening in Hostile Networks: Server Security from TLS to Tor.  This really is a great book and one I would recommend any InfoSec professional pick up to read.  It will make a great reference guide and provides an up-to-date hardening guide for most popular Linux distributions. Some links of interest: Kyle's Book: Amazon Barnes & Noble Kyle's Twitter: @kylerankin Want to reach out to the show?  There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Website: purplesquadsec.com Slack Sign-Up Link: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you again next time! Find out more at http://purplesquadsec.com

When people think of an open source IDS, they usually think of Snort.  Bro is another open source IDS that is more than just an IDS.  It is a Network Security Monitor that does so much more.  Matt Domko joins me this week to talk about Bropy, a tool he built that works with Bro to help perform anomaly detection.  This is definitely a tool you will want to have in your bag of tricks. Some links of interest: Bro Homepage: https://www.bro.org/ Bropy: https://github.com/hashtagcyber/bropy Matt's Twitter: @Hashtagcyber Matt's Bropy Talk at Security Onion Con: https://www.youtube.com/watch?v=LzFNOuaYc0g Want to reach out to the show?  There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Website: purplesquadsec.com Slack Sign-Up Link: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you again next time! Find out more at http://purplesquadsec.com

Digital Forensics and Incident Response - DFIR.  The mere mention of the acronym brings forth memories of CSI, plastic bags and agents in suits coming to collect all manner of evidence.  In this episode I speak with Jonathon Poling, a DFIR expert who has graciously agreed to talk DFIR with me!  Another great listen, Jonathon has a lot of great experience in the field and much to share.  Have yourself a listen! Some links of interest: Jonathon's Blog: http://ponderthebits.com/ Jonathon's Twitter: @JPoForenso Slack Sign-Up Link: https://signup.purplesquadsec.com Want to reach out to the show?  There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Website: purplesquadsec.com Slack Sign-Up Link: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you again next time! Find out more at http://purplesquadsec.com

Red Teams.  For some, it's the "frenemy".  For others, it's the greener grass on the other side of the defence wall.  In this episode I spend some time speaking with security consultant Mark Kikta about Red Teaming.  Mark has been a Red Teamer for a while and has a lot of experience to share.  We talk about a number of different things, share some laughs and try to shed some light on an often misunderstood group. Mark has also graciously offered to hang out in our Slack channel!  Just message @mark to get in touch with him if you have questions or just want to say "hey". Some links of interest: CircleCityCon - Seeing Purple Hybrid Security Teams for the Enterprise Time Based Security Slack Sign-Up Link: https://signup.purplesquadsec.com Want to reach out to the show?  There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Website: purplesquadsec.com Slack Sign-Up Link: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you again next time! Find out more at http://purplesquadsec.com

Equifax had the largest data breach this year, possibly ever!  How could I possibly pass up this opportunity to discuss what happened?  How did it happen and what lessons could we learn from it?  Equifax did a lot of things wrong for sure, but that doesn't mean that we should throw stones.  Especially given how many of us live in glass houses. Have a listen as I explore the Equifax breach from another perspective, in the hopes of salvaging something of use for others in the infosec community. Some links of interest: https://www.equifaxsecurity2017.com/ Equifax Bitcoin Ransom Krebs On Security - Equifax Breach Response Turns Dumpster Fire Apache Foundation Responds to Struts Vulnerability Confirmation CVE-2017-5638 Details OWASP Maven Dependency Checker Wappalyzer Browser Plug-In Want to reach out to the show?  There's a few ways to get in touch! Show Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Website: purplesquadsec.com Slack Sign-Up Link: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you again next time! Find out more at http://purplesquadsec.com