Purple Squad Security
If you know the enemy and know yourself, you need not fear the result of a hundred battles.
February 17, 2019

Episode 50 – Tabletop D&D with Tim De Block, Ed Rojas, Daniel Ebbutt, and Kyle Andrus

Another tabletop D&D episode! Pure mayhem with this one, which is fitting for a bicentennial episode!

It's that time again!  Yes, another Tabletop D&D episode is upon us!  This time I asked Timothy de Block from the Exploring Information Security podcast to join me, along with a few interesting characters.  Let's just say this particular episode is not for the faint of heart, and we have a few swears thrown in to keep with the atmosphere.  Enjoy! Some links of interest:



We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Read more…
February 3, 2019

Episode 49 – The Red Team Life with Curtis Brazzell

Curtis Brazzell from Pondurance joins me to talk about red teaming and managing red teams.

What is a red team?  How does it differ from a penetration tester's day-to-day?  How do red teams stay sharp?  How do they stay motivated?  These are a few of the questions I seek to have answered by Curtis Brazzell, a managing Security Consultant at Pondurance.  It's a great interview and sheds light on the difference between red teaming and penetration testing.

Some links of interest:



We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale:

https://purplesquadsec.com/store

Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Read more…
January 20, 2019

Episode 48 – All About Magecart with Yonathan Klijnsma

Yonathan Klijnsma joins me from RiskIQ to discuss Magecart, what it is, what it does, and how they found it.

Magecart - a web-based credit card skimming kit used by various groups to grab ahold of online shoppers credit cards.  Interesting?  You bet!  On this episode of the Purple Squad Security podcast I have Yonathan Klijnsma, Head Researcher at RiskIQ, joining me to discuss their research on Magecart.

Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Read more…
January 6, 2019

Episode 47 – Happy New Year! Show Updates and Other News

John talks about his plans for the upcoming year and some show updates.

Welcome to 2019!  John goes solo in this episode and talks about his personal goals for 2019, plus some updates for the show that should make things a bit more structured and hopefully more interesting for the listeners.

Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Read more…
December 16, 2018

Episode 46 – Holiday Special – Storytime with Jayson E. Street

Jayson E. Street shares a familiar story from one of his #HackerAdventures, but also follows up with a not-well-known epilogue that has me in stitches!

Continuing our storytime theme for the holidays, on this week's show we have a special guest, Jayson E. Street!  For those who follow Jayson online, his hacker adventures bring him to all sorts of interesting places.  Jayson shares a story of one of those places, in which he robs the wrong bank.  Some of you may know this story, but he also provides us with an epilogue to this story that few have heard!  Thanks Jayson!

Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Read more…
December 13, 2018

Episode 45.1 – Holiday Special – Storytime with Tinker – NO MUSIC!!!

NO MUSIC EDITION!!! Tinker (@Tinkersec) stops by to share a story, and pull a few pop quizzes with John on offensive techniques!

Hey everyone, this is a re-release of episode 45 with Tinker, but this one is WITHOUT the background music.  I hope this makes up for the snafu in an otherwise great interview!


Happy December everyone!  Whatever holiday you may be celebrating this season, may it be enjoyable.  I've decided for the month of December to treat myself, by having a bunch of people I hold in high regard to join me in sharing of their tales, similar to the fireside chats I've had in the past.  We have no set agenda, we have no set time, but we do plan on sharing some fun stories that hopefully you will enjoy. So consider this a holiday gift my dear listener, and I hope you find it as enjoyable as I do.

This episode we are going to have a man whom I honestly believe should write as many books as possible, and provide audiobook versions as well, the one and only Tinker!

Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Read more…
November 18, 2018

Episode 44 – SANS Holiday Hack Challenge with Ed Skoudis

Ed Skoudis joins me this week to talk all about the 2018 Holiday Hack Challenge.

So, a very popular season is coming up shortly.  I'm not talking about Thanksgiving (for my US listeners) and I'm not talking about Christmas for my Christian listeners.  No, I'm talking about the season that all good little hackers look forward to - the time when the SANS Holiday Hack Challenge is released!

This is probably one of the most ambitious CTFs I have ever known about, and I am lucky enough to get one of the main drivers behind it to join me for today's episode!  Ed Skoudis joins me to talk all about the SANS Holiday Hack Challenge, what it is, what goes into it, and why you should give it a try.

Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening! And as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Read more…
November 4, 2018

Episode 43 – Not all vulnerabilities are created equal with Tanya Janca

Tanya Janca joins me to talk about vulnerabilities, and how not all of them are created equal.

Vulnerability disclosure is one of those things that either brings a smile or a scowl to your face, depending on what end of the disclosure you're on.  For some, it's a thing of pride, and hopefully a monetary reward!  For others, it's a punch to the gut, fear inducing, "Oh crap!" moment because someone has shown you a flaw you weren't aware of.

But what if the disclosure isn't actually a valid vulnerability? That's the topic for this episode discussion, and thankfully I have someone who knows about exactly that!  Tanya Janca joins me to discuss when a vulnerability is not a vulnerability!

Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Read more…
October 21, 2018

Episode 42 – CyberZoology with Patrick Kelley

Patrick Kelley comes on to talk about CyberZoology, trains, and Raspberry Pi!

Defending is hard.  The adage of "an attacker only has to be right once" is a bit played out, but it does have a hint of truth in that trying to defend everything is a monumental task.  Defenders are often short on budgets, short on time, and short on patience for silly sayings like these.

This week I'm happy to have Patrick Kelley on to talk about some very interesting work he has done on coming up with defensive techniques for freight trains using a Raspberry Pi!  If you want to hear about unique ways to defend unique environments, you will not want to miss this episode.

Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Read more…
October 7, 2018

Episode 41 – Cyber Security Awareness Month with Tracy Maleeff

Tracy @InfoSecSherpa Maleeff joins me to talk about Cyber Security Awareness Month

October is Cyber Security Awareness Month, and with that who better to help share some ideas on how to give back to the community than our own InfoSecSherpa!  Tracy Maleeff joins me to talk about Cyber Security Awareness Month, #ginfosec and #inforum.  This will be one of the most relaxed Infosec podcasts you'll hear this year.... Some links of interest:



Want to reach out to the show?  There's a few ways to get in touch!



Thanks for listening, and as always, I will talk with you all again next time.

Find out more at http://purplesquadsec.com

Read more…