Purple Squad Security
If you know the enemy and know yourself, you need not fear the result of a hundred battles.
November 18, 2018

Episode 44 – SANS Holiday Hack Challenge with Ed Skoudis

Ed Skoudis joins me this week to talk all about the 2018 Holiday Hack Challenge.

So, a very popular season is coming up shortly.  I'm not talking about Thanksgiving (for my US listeners) and I'm not talking about Christmas for my Christian listeners.  No, I'm talking about the season that all good little hackers look forward to - the time when the SANS Holiday Hack Challenge is released!

This is probably one of the most ambitious CTFs I have ever known about, and I am lucky enough to get one of the main drivers behind it to join me for today's episode!  Ed Skoudis joins me to talk all about the SANS Holiday Hack Challenge, what it is, what goes into it, and why you should give it a try.

Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening! And as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
November 4, 2018

Episode 43 – Not all vulnerabilities are created equal with Tanya Janca

Tanya Janca joins me to talk about vulnerabilities, and how not all of them are created equal.

Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you're on.  For some, it's a thing of pride, and hopefully a monetary reward!  For others, it's a punch to the gut, fear inducing, "Oh crap!" moment because someone has shown you a flaw you weren't aware of.

But what if the disclosure isn't actually a valid vulnerability? That's the topic for this episode discussion, and thankfully I have someone who knows about exactly that!  Tanya Janca joins me to discuss when a vulnerability is not a vulnerability!

Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
October 21, 2018

Episode 42 – CyberZoology with Patrick Kelley

Patrick Kelley comes on to talk about CyberZoology, trains, and Raspberry Pi!

Defending is hard.  The adage of "an attacker only has to be right once" is a bit played out, but it does have a hint of truth in that trying to defend everything is a monumental task.  Defenders are often short on budgets, short on time, and short on patience for silly sayings like these.

This week I'm happy to have Patrick Kelley on to talk about some very interesting work he has done on coming up with defensive techniques for freight trains using a Raspberry Pi!  If you want to hear about unique ways to defend unique environments, you will not want to miss this episode.

Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
October 7, 2018

Episode 41 – Cyber Security Awareness Month with Tracy Maleeff

Tracy @InfoSecSherpa Maleeff joins me to talk about Cyber Security Awareness Month

October is Cyber Security Awareness Month, and with that who better to help share some ideas on how to give back to the community than our own InfoSecSherpa!  Tracy Maleeff joins me to talk about Cyber Security Awareness Month, #ginfosec and #inforum.  This will be one of the most relaxed Infosec podcasts you'll hear this year.... Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
September 23, 2018

Episode 40 – Tabletop D&D With Rally Security

I'm joined by a few folks from the Rally Security podcast for another Tabletop D&D Episode!

It's that time again!  With milestone episode 40, we have another Tabletop D&D episode for you to enjoy!  This time around we are joined by a few members of the Rally Security podcast to face some scenarios and see how they fare.  Let's just say this was a rather impressive episode for a number of reasons. Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
September 16, 2018

Episode 39 – John’s OSCP Journey

John goes through his OSCP journey, sharing his preparation, thoughts on the labs and the exam experience.

Over the past few months, John has been working on obtaining his OSCP certification.  Recently he attempted and successfully passed the exam!  In this episode he goes over his journey, what he learned as well as a few tips to help those attempting this rather difficult certification.

Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
August 26, 2018

Episode 38 – Discussing the Cyber Kill Chain with Amanda Berlin

Amanda Berlin (@Infosystir) stops by to chat about the Cyber Kill Chain.

The cyber kill chain.  For some, it's a nice framework to help build your defenses and help during an incident.  For others, it is an over hyped and rigid list that no real attacker follows anymore.  However you view the cyber kill chain, it is a strong pillar within Infosec, especially when it comes to defending your network.  Amanda Berlin joins me today to talk about the cyber kill chain, what it is and how to disrupt attacks using it! Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
August 12, 2018

Episode 37 – Bring Your Own Land with Nathan Kirk

Nathan Kirk (@sekirkity) stops by the show to discuss the idea of going beyond living off the land and bringing your own!

Living off the land is a term well understood by both offensive and defensive teams.  For offensive teams, it's meant by using the technologies already present on the system, such as Powershell, Python, and even Perl for those who like a challenge (or are facing an older Unix system).  On the defensive side, enhanced logging and locked down configurations are put in place to detect and prevent the use of these tools by malicious actors to either catch or prevent these actors from doing harm. Nathan Kirk (@sekirkity) joins me this week to talk about the concept behind "Bring Your Own Land". Some links of interest:


Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
July 29, 2018

Episode 36 – The Joy of CTFs with Derek Rook

Derek Root (@_r00k_) joins me to talk about CTFs and how they can be great learning tools for Infosec professionals

Capture The Flag games, or CTFs, are a popular way for infosec pros to brush up on the offensive skills.  From VulnHub to HackTheBox, there are a few different ways to quote "get your hack on"!  Derek Rook (@_r00k_) joins me today to talk about CTFs and how they can assist in your Infosec journey, regardless of your role. Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…
July 15, 2018

Episode 35 – Container Security with Jay Beale

Jay Beale of InGuardians joins me to talk about container security.

From jails to virtual machines, process isolation is the "holy grail" of security.  Lately, containers have been the go-to for modern organizations in order to scale and implement things like microservices.  Jay Beale of InGuardians fame joins me to talk all about container security! Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Support Purple Squad Security by donating to the tip jar: https://tips.pinecast.com/jar/purple-squad-security

Find out more at http://purplesquadsec.com

Read more…