Purple Squad Security
If you know the enemy and know yourself, you need not fear the result of a hundred battles.
August 26, 2018

Episode 38 – Discussing the Cyber Kill Chain with Amanda Berlin

Amanda Berlin (@Infosystir) stops by to chat about the Cyber Kill Chain.

The cyber kill chain.  For some, it's a nice framework to help build your defenses and help during an incident.  For others, it is an over hyped and rigid list that no real attacker follows anymore.  However you view the cyber kill chain, it is a strong pillar within Infosec, especially when it comes to defending your network.  Amanda Berlin joins me today to talk about the cyber kill chain, what it is and how to disrupt attacks using it! Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
August 12, 2018

Episode 37 – Bring Your Own Land with Nathan Kirk

Nathan Kirk (@sekirkity) stops by the show to discuss the idea of going beyond living off the land and bringing your own!

Living off the land is a term well understood by both offensive and defensive teams.  For offensive teams, it's meant by using the technologies already present on the system, such as Powershell, Python, and even Perl for those who like a challenge (or are facing an older Unix system).  On the defensive side, enhanced logging and locked down configurations are put in place to detect and prevent the use of these tools by malicious actors to either catch or prevent these actors from doing harm. Nathan Kirk (@sekirkity) joins me this week to talk about the concept behind "Bring Your Own Land". Some links of interest:


Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
July 29, 2018

Episode 36 – The Joy of CTFs with Derek Rook

Derek Root (@_r00k_) joins me to talk about CTFs and how they can be great learning tools for Infosec professionals

Capture The Flag games, or CTFs, are a popular way for infosec pros to brush up on the offensive skills.  From VulnHub to HackTheBox, there are a few different ways to quote "get your hack on"!  Derek Rook (@_r00k_) joins me today to talk about CTFs and how they can assist in your Infosec journey, regardless of your role. Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
July 15, 2018

Episode 35 – Container Security with Jay Beale

Jay Beale of InGuardians joins me to talk about container security.

From jails to virtual machines, process isolation is the "holy grail" of security.  Lately, containers have been the go-to for modern organizations in order to scale and implement things like microservices.  Jay Beale of InGuardians fame joins me to talk all about container security! Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
July 1, 2018

Episode 34 – Exploring Powershell with Mick Douglas

Mick Douglas joins me to talk all things Powershell!

Living off the land is pretty standard fare for pen testers.  On Linux systems, the go-to is usually Python, but on Windows it's all about Powershell.  This week I'm fortunate enough to sit down with Mick Douglas to talk all things Powershell! Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
June 17, 2018

Episode 33 – 3 Pillars for Starting a Security Program

John talks about 3 pillars he uses for starting a new security program.

In this episode John goes at it alone and discusses his own experiences with starting up a security program at different organizations by focusing in on what he views are the 3 key pillars for a new security program. Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
June 3, 2018

Episode 32 – Fireside Chat with Deviant Ollam

I sit down with Deviant Ollam to have a casual conversation about physical penetration testing and hear some great stories from the road.

Continuing on with my fireside chat series, where I bring on a guest to just have a casual chat and see where the conversation takes us, my guest this time is Deviant Ollam.  Well known for his work with TOOOL and the locksport community, we take a different path and talk about physical penetration testing as well as hear some great stories from the road.

Some links of interest:


And for fun:


Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
May 20, 2018

Episode 31 – Killing the Pen Test with Adrian Sanabria

Adrian Sanabria joins me to talk about killing what we know as the pen test and replacing it with something better!

The penetration test, or pen test as it's commonly referred to, is one of the great necessary evils in Infosec today.  My guest for this episode is Adrian Sanabria, who has an interesting thought - let's kill the pen test!  Adrian has been in the industry for quite some time in quite a variety of roles, so he has some great experience and insights to share.  Let's see what his replacement for a pen test entitles! Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
May 6, 2018

Episode 30 – Infosec D&D Tabletop with Jerry Bell and Andrew Kalat from Defensive Security

Jerry Bell and Andrew Kalat from the Defensive Security podcast join me for another Infosec D&D Tabletop game! What maddening scenarios have I found that they will need to overcome?

It's that time again!  We're doing another Infosec tabletop in a D&D style, this time with the fine gentlemen from the Defensive Security podcast!  Jerry and Andrew join me for another infosec tabletop with all new scenarios, pitfalls, and approaches. Special thanks to Ryan McGeehan and his Tabletop Scenarios twitter account for providing the ideas behind this episodes "challenges". Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
April 29, 2018

Episode 29 – The Importance of Community in Infosec w/ Cheryl “3ncr1pt3d” Biswas

Cheryl 3ncr1pt3d Biswas joins me to talk about how our Infosec community differs, as well as some cons like the Diana Initiative.

The idea of "community" is an important one, especially if you talk about a group of people who want to help improve their skills by sharing their ideas, experiences, etc, with like minded individuals.  The Infosec community is no exception to this.  In fact I would argue that it is one of the strongest communities I have encountered yet! Joining me this week is Cheryl "3ncr1pt3d" Biswas to talk about the Infosec community, what makes it special, and the importance of it.  In addition we will be talking about one of Cheryl's many contributions to the community in the form of the Diana Initiative. Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…