As security professionals, we often try to keep our skills sharp.  We normally do this by going to training, reading books, or participating in CTFs.  There are Webgoat and Juice Shop from OWASP; sites like HackTheBox, OverTheWire, and SmashTheStack which are often mentioned when people are looking for websites to practice on. This week I speak with Dr. Z. Cliffe Schreuders about the Security Scenario Generator, a rather ambitious project that may scratch that vulnerable VM itch you've had for a while. Some links of interest:

• Security Scenario Generator: https://github.com/cliffe/SecGen
• Dr. Z. Cliffe Schreuders' Website: http://z.cliffe.schreuders.org/
• Dr. Z. Cliffe Schreuders' YouTube Channel: https://www.youtube.com/channel/UCAYF5jJkUBcmn1cor50yDOg

Want to reach out to the show?  There's a few ways to get in touch!

• Show Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• Podcast Website: purplesquadsec.com
• Sign-Up for our Slack community: https://signup.purplesquadsec.com
• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

Penetration testing.  If you're in the information security field, you have run into your fair share of them.  Now there seems to be a trend with penetration testing moving to a crowdsourcing model.  This week I speak with Jason Haddix of Bugcrowd to explore why that is, what's the draw and how are companies like Bugcrowd helping build the infosec community. Some links of interest:

• Bugcrowd: https://www.bugcrowd.com/
• HackerOne: https://www.hackerone.com/
• HackTheBox: https://www.hackthebox.eu/
• Bugcrowd Report: The 2017 State of Bug Bounty
• Bugcrowd's Twitter: https://twitter.com/Bugcrowd

Want to reach out to the show?  There's a few ways to get in touch!

• Show Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• Podcast Website: purplesquadsec.com
• Sign-Up for our Slack community: https://signup.purplesquadsec.com
• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

The old saying of a defender has to be right 100% of the time while an attacker only has to be right once is growing a bit tired.  Now blue team members should be measured not by keeping the attackers out, but by how quickly they can find out that they're on your network. Scott Piper joins me this week to discuss how we can detect intruders in your AWS cloud infrastructure.  We cover a lot of different tools and techniques that you can use to help detect intruders, and some mitigation strategies to help reduce the risk when an attack is successful. Some links of interest:

• ElastAlert: https://github.com/Yelp/elastalert
• StreamAlert: https://github.com/airbnb/streamalert
• Prowler: https://github.com/Alfresco/prowler
• Security Monkey: https://github.com/Netflix/security_monkey
• AWS Billing Alerts: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/free-tier-alarms.html
• jq (for JSON parsing on the CLI): https://stedolan.github.io/jq/
• Summit Route: https://summitroute.com/
• Downclimb: https://summitroute.com/blog/
• Scott's Twitter: @SummitRoute

Want to reach out to the show?  There's a few ways to get in touch!

• Show Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• Podcast Website: purplesquadsec.com
• Sign-Up for our Slack community: https://signup.purplesquadsec.com
• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

The cloud.  The final frontier.  Well, not exactly but it is a pretty important topic in today's IT environment.  Unfortunately 2017 has been the year of leaks, hacks, and misconfigurations when it comes to the cloud.  Amazon Web Services (AWS) is the cloud provider with the most market share, but its security configuration can leave a bit to be desired. J Cole Morrison joins me this week to discuss IAM policies in AWS, what they are and why they are important.  Cole has written about IAM policies on his blog (link below), which I encourage everyone to read. Some links of interest:

• Cole's IAM Blog Article: AWS IAM Policies in a Nutshell
• Cole's Website: https://start.jcolemorrison.com/
• Cole's Twitter: @JColeMorrison
• AWS DevOps: https://awsdevops.io/

Want to reach out to the show?  There's a few ways to get in touch!

• Show Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• Website: purplesquadsec.com
• Slack Sign-Up Link: https://signup.purplesquadsec.com
• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

Linux is often the operating system of choice for server deployments due to its stability and security posturing, right out of the box.  Unfortunately not everything is "production ready" right after an install.  Throughout the internet, there are a lot of Linux hardening and security guides on the internet but most are outdated and provide instructions that are no longer applicable. Kyle Rankin joins me this week to discuss his latest book, Linux Hardening in Hostile Networks: Server Security from TLS to Tor.  This really is a great book and one I would recommend any InfoSec professional pick up to read.  It will make a great reference guide and provides an up-to-date hardening guide for most popular Linux distributions. Some links of interest:

• Kyle's Book:
  • Amazon
  • Barnes & Noble
• Kyle's Twitter: @kylerankin

Want to reach out to the show?  There's a few ways to get in touch!

• Show Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• Website: purplesquadsec.com
• Slack Sign-Up Link: https://signup.purplesquadsec.com
• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

When people think of an open source IDS, they usually think of Snort.  Bro is another open source IDS that is more than just an IDS.  It is a Network Security Monitor that does so much more.  Matt Domko joins me this week to talk about Bropy, a tool he built that works with Bro to help perform anomaly detection.  This is definitely a tool you will want to have in your bag of tricks. Some links of interest:

• Bro Homepage: https://www.bro.org/
• Bropy: https://github.com/hashtagcyber/bropy
• Matt's Twitter: @Hashtagcyber
• Matt's Bropy Talk at Security Onion Con: https://www.youtube.com/watch?v=LzFNOuaYc0g

Want to reach out to the show?  There's a few ways to get in touch!

• Show Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• Website: purplesquadsec.com
• Slack Sign-Up Link: https://signup.purplesquadsec.com
• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

Digital Forensics and Incident Response - DFIR.  The mere mention of the acronym brings forth memories of CSI, plastic bags and agents in suits coming to collect all manner of evidence.  In this episode I speak with Jonathon Poling, a DFIR expert who has graciously agreed to talk DFIR with me!  Another great listen, Jonathon has a lot of great experience in the field and much to share.  Have yourself a listen! Some links of interest:

• Jonathon's Blog: http://ponderthebits.com/
• Jonathon's Twitter: @JPoForenso
• Slack Sign-Up Link: https://signup.purplesquadsec.com

Want to reach out to the show?  There's a few ways to get in touch!

• Show Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• Website: purplesquadsec.com
• Slack Sign-Up Link: https://signup.purplesquadsec.com
• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

Red Teams.  For some, it's the "frenemy".  For others, it's the greener grass on the other side of the defence wall.  In this episode I spend some time speaking with security consultant Mark Kikta about Red Teaming.  Mark has been a Red Teamer for a while and has a lot of experience to share.  We talk about a number of different things, share some laughs and try to shed some light on an often misunderstood group. Mark has also graciously offered to hang out in our Slack channel!  Just message @mark to get in touch with him if you have questions or just want to say "hey". Some links of interest:

• CircleCityCon - Seeing Purple Hybrid Security Teams for the Enterprise
• Time Based Security
• Slack Sign-Up Link: https://signup.purplesquadsec.com

Want to reach out to the show?  There's a few ways to get in touch!

• Show Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• Website: purplesquadsec.com
• Slack Sign-Up Link: https://signup.purplesquadsec.com
• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

Equifax had the largest data breach this year, possibly ever!  How could I possibly pass up this opportunity to discuss what happened?  How did it happen and what lessons could we learn from it?  Equifax did a lot of things wrong for sure, but that doesn't mean that we should throw stones.  Especially given how many of us live in glass houses. Have a listen as I explore the Equifax breach from another perspective, in the hopes of salvaging something of use for others in the infosec community. Some links of interest:

• https://www.equifaxsecurity2017.com/
• Equifax Bitcoin Ransom
• Krebs On Security - Equifax Breach Response Turns Dumpster Fire
• Apache Foundation Responds to Struts Vulnerability Confirmation
• CVE-2017-5638 Details
• OWASP Maven Dependency Checker
• Wappalyzer Browser Plug-In

Want to reach out to the show?  There's a few ways to get in touch!

• Show Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• Website: purplesquadsec.com
• Slack Sign-Up Link: https://signup.purplesquadsec.com
• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com

This is the conclusion of my two part series on threat modeling with Archie Agarwal.  In this episode we go into some benefits on threat modeling, how it can be used beyond the early stages of development and how it can help red teams carry out a more in-depth test against targets! Some links of interest:

• Offensive Threat Modeling for Pen Testers and Red Teams
• How to Threat Model a Microservice Architecture
• Anyone can Threat Model a Commute to Work
• Archie's Email
• ThreatModeler Company Website

Want to reach out to the show?  There's a few ways to get in touch!

• Website: purplesquadsec.com
• Show Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• John's Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you again next time!

Find out more at http://purplesquadsec.com