To continue our adventure in talking about security concepts on the net, we have decided it's time to talk through the top Web Application vulnerabilities. On top of that we decided to make it a mini-series! In this episode we cover the number one OWASP vulnerability - Broken Access Controls. Follow along as we explore all the fun of web application penetration testing. Links: The Official BLS Discord The Official BLS Website The Official BLS Github The Official APotN Twitter The OWASP Top 10 OWASP: Broken Access Control Burp Suite Wsdler Plugin
The boys are back with BLS' own Josh to discuss the difficulties a new penetration tester might face, and how to break in to the industry. Links: The Official BLS Discord The Official BLS Website The Official BLS Github The Official APotN Twitter Free lecture resources: Professor Messer Heath Adams John Hammond Katie Paxton-Fear Free hands on resources: Hack the Box Try Hack Me Over the Wire Pentester labs (some free exercises)
The boys are back with Mike to discuss how to get the most bang for your buck when scheduling a pentest (mostly boils down to being nice to us please) and things predictably go off the rails. Links: The Official BLS Discord The Official BLS Website The Official BLS Github The Official APotN Twitter
The boys have found their mics once again and have returned to the digital stage. This stage exists primarily in closets. In the hiatus Sam & Chase have equally lost sanity and the ability to stay on topic for longer than five minutes. Join in and try to follow along for the a wild return to season 2. Links: The Official BLS Discord The Official BLS Website The Official BLS Github The Official APotN Twitter
In this episode Sam & Chase suffer from post engagement delirium. The pair chat about chatting with clients and why technical interviews are not as scary as they seem. Chase slanders Sam. Sam responds with potential libel. Links: Our Discord BLS Risk Assessments MITRE ATT&CK Framework
The APotN Crew is back! We kick off season 2 with a chat (maybe a lecture?) on the new old hotness, Attack Surface Management. A new character will be introduced and we determine our band name. Sam climbs a soap box while Chase hides in a closet. This and much much more in the season 2 premier! ... we get started on a weird foot. Links BLS Website BLS Discord EyeWitness GoWitness WitnessMe Gobuster DIRB FFUF SpiderFoot Amass
We couldn't do it. Things at BLS have been pretty busy lately, which means we were not able to pull together a quality episode in time. So, here is Sam briefly talking about our shortcoming. In other news... ANOUNCEMENT: Only two more episodes are in left our first season! If you have any feedback on the season so far or anything you would like to see change in the next one then please hit us up on twitter (that's @AnyPort_Pod for those who haven't followed us yet).
Carson comes back! He is rip-roaring ready to talk about Supply Chain Attacks. The crew also hits on the Colonial Pipeline incident, Ukraine, and many other hot button cybersecurity topics. Sam proves he is the fastest googler. Chase has another new mic. Do you like history? If so, topics like the 2013 Target Breach and Stuxnet may interest you. Bonus, they are talked about in this episode as well! Links: Supply Chain Attacks by Imperva Andy Greenberg's Sandworm A Brief History of Stuxnet The 2013 Target Breach Forbes' Article on the Colonial Pipeline Incident
Paul is back! This time he takes us hunting. We learn about bug bounties and how to get them. We also talk about some of the best tools of the trade. Can you cross site script your way to being a millionaire? We sure hope so. Links: HackerOne Bugcrowd Synack Darknet Diaries: dawgyg James Kettle HTTP Request Smuggler Param Miner Paul's Blog Paul's Twitter
Today the gang talks about what it's like to be blue. Chase has a few things to say and may be emotionally scarred. Our guest, Brian O'hara, absolutely enthralls us with his tales of detection. Sam remembers that this one time at the other place... things happened. We also touch on detection analysis, logging management, and incident response in this episode of Any Port on the Net! Links: Carlos Perez's 2016 "Thinking Purple" Talk Brian O'hara's Detecting DCSync Blog TheHive Project
Today we talk to our least and favorite people, ourselves! Inspired by Chase's appreciation for hearing other info sec professional's stories - Sam has Chase tell his story. Jokes about the impossible recruiting expectations are expressed. And this episode can probably be played as an afterschool special for aspiring cybersecurity students. Links: HackTheBox TryHackMe Offensive Security's OSCP CompTia Certifications University of Cincinnati's Cybersecurity Program
On this one we step outside of the "traditional" security mindset and discuss how cybersecurity closely integrates with the business side of an organization. Thomas Preston, a former money man turned hacker man, discusses his unique perspective on the relationship between these two industries. We look at why business knowledge is necessary for an effective evaluation of an organization's defenses. Will Sam figure out how to end a podcast? Listen to find out. Links: Thomas' Write-up on Risk Assessments
Today we set out to talk about the hacker mentality and methodology but get sidetracked before we even start. Our boss, Micheal Reski, rants about the good old days. Sam lies, again, to Chase about the author of a talk (sorry Brian King - I promise I know your name is not Robert). In the end we share our perspective on the industry and eventually talk about methodology a little... just a little. Links: Brian King's "Hack for Show, Report for Dough" Talk Responder Offensive Security's OSCP UTSA's Cybersecurity Program
Today we talk to real life spider man, Paul Mueller, as he tells stories of manipulating the web. We hear stories of the wacky ways we walk websites. Chase resolves his awful mic issue with a new less awful mic. And Paul has a run in with the authorities while hating on developers. (Seriously devs... we do love you, for real.) Links PortSwigger PentesterAcademy OWASP Top 10
In our inaugural episode we chat with Carson Sallis, Black Lantern's own phishing guru. We hit on how to devise phishing campaigns from the premise to the payload. Carson details how OpSec, OSINT, and creative writing all play into a successful campaign. We reminisce on hitting a brick wall and there may even be a ghost story at the end. Links evilginx Sextortion Phishing Campaign 2020 Phishing Statistics Have you tried 12000?
The boys are headed to the Kennedy Space Center for HackSpaceCon in April! BLS will be hosting a training there too! Also, come check out the training at DakotaCon in March! We're doing it the pay what you can style (for the training)! Links: HackSpaceCon Official Site DakotaCon Official Site The Official BLS Discord The Official BLS Website The Official BLS Github The Official APotN Twitter
In today's episode the boys discuss a new hacker focused OSINT framework created by BLS' Python Superstar Joel. Links: BBOT Spiderfoot Writehat Manspider BLS Discord
It's here - the second part of our first two part series. We complete our discussion around ransomware. Brian sums up the steps used to defend against these attacks. Sam closes out the season by talking too much. Chase uses the c word and doesn't apologize for it (hint... it rhymes with crowd). And that's a wrap on season one! Thanks everyone for listening and let us know if you have any insight, comments, or requests for what you'd like to see in the next season. Links: BLS Discord DIVD Disclosure CISA Resource NIST 800-61
We bring back Brian to talk about the Kaseya ransomware incident only to discover 100 related rabbit holes. We do our best to be concise with the topic but obviously we failed and had to make this two parts. Join us as we work through Kaseya's incident from the incident response perspective. Then join us again in two weeks when we finish talking about the Kaseya Ransomware from the incident response perspective. Links BLS Discord DIVD Disclosure CISA Resource NIST 800-61
New guest alert! Jack Ward teaches us about the basics of Reverse Engineering. Sam struggles with remembering things in the morning while over using the word capabilities. While Chase continues to encourage bad corporate spreadsheet etiquette. We work to keep ourselves out of the deep end of software development. The team announces the public Black Lantern Security discord server (invite link below)! Links: BLS Discord Ghidra SRE Tool IDA Pro Pluralsight SANS FOR610 Learn C Learn Python