Purple Squad Security

Snow stops by during the winter months to share with us the true origin of her hacker handle, stories from some physical penetration testing, a quick note on her Kringlecon talk, and so much more! A great way to round out the year! Some links of interest: Snow's Twitter: @_sn0ww Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Adrian Cheek stops by the show this week to have a nice fireside chat with me. We talk about passive DNS, which Adrian first introduced to me a few years ago, and then move on to threat hunting. Adrian has a very interesting history and it was a joy to speak with him. Some links of interest: Adrian's Twitter: @Outkast_TI Farsight Passive DNS - https://www.farsightsecurity.com/solutions/dnsdb/ Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

I'm trying a slightly different format for the next few episodes, and I'd appreciate any feedback you may have. In this episode I sit down with The Gibson, mayor of hackers.town, to talk about a variety of things from the Fediverse, working with the under-serviced SMB market, old school technologies, and the Infosec community as a whole. We're all over the place, but it's a good thing. Just a nice casual conversation talking about things that interest us. Some links of interest: Gibson's Mastodon: @TheGibson@hackers.town Hacker's Town: https://hackers.town Gibson's Twitter: @gibsonmainframe BlackFire Security: https://blackfiresec.com/ Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

I'm trying a slightly different format for the next few episodes, and I'd appreciate any feedback you may have. In this episode I sit down with the amazing Tanya Janca for a fireside chat about her new company, Security Sidekick. They seem to have some pretty ambitious goals, and I couldn't think of anyone better to help make those a reality. Some links of interest: For Tanya: Tanya's Twitter: https://twitter.com/shehackspurple Tanya's Dev.to Profile: https://dev.to/shehackspurple Tanya's Blog: https://medium.com/@shehackspurple Tanya's YouTube Profile: https://www.youtube.com/shehackspurple Tanya's Twitch Channel: https://www.twitch.tv/shehackspurple Tanya's LinkedIn Profile: https://www.linkedin.com/in/tanya-janca For Security Sidekick: Website: https://securitysidekick.dev Twitter: https://twitter.com/SecSidekick YouTube Channel: https://www.youtube.com/channel/UC3KyuI83jt0l14q8xyffC2A Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Oh what I treat I have for you today! John Strand, former SANS instructor, long time co-host on Enterprise Security Weekly, Founder of Black Hills Information Security, and a whole lot more has taken time out of his busy schedule to stop by and talk about Backdoors & Breaches, the new IR card game from BHIS. Naturally we talk about more than just the game, but it was all as amazing as I had hoped. I trust you will enjoy listening to this one about as much as I enjoyed recording it. Some links of interest: Backdoors & Breaches Site - http://backdoorsandbreaches.com/ John's Email - john 'at' blackhillsinfosec.com John's Twitter - @strandjs BHIS Website - https://www.blackhillsinfosec.com Events where BHIS will be - https://www.blackhillsinfosec.com/events/ Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

It's been long enough, and it's time for Tracy "InfoSecSherpa" to return for another #ginfosec episode! This time around we're going to talk about Empathy as a Service, a talk that she recently did at DerbyCon. Soft skills will get you everywhere, and Tracy has some great advice to share about a topic she's very passionate about. Some links of interest: Tracy's Talk - https://www.youtube.com/watch?v=KILlp4KMIPA Tracy's OSINT-y Goodness Blog - medium.com/@InfoSecSherpa Tracy's Twitter - https://twitter.com/InfoSecSherpa Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Podcast Store: https://purplesquadsec.com/store Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Ah, I love anniversaries. This is an anniversary episode celebrating 2 years of Purple Squad Security! Just a few personal rants and discussions for those interested in a bit of a behind the scenes view of things here at the show. No guests, just me blathering on about stuff. Enjoy! Some links of interest: Cyber City Website Twitter Podcast Store: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

The hiatus is over! Welcome back everyone to the latest episode of the Purple Squad Security podcast! In this episode we have Ken Johnson and Seth Law from the Absolute AppSec Podcast joining me for the latest session of Tabletop D&D. Enjoy! Some links of interest: Absolute AppSec Website Twitter Seth's Twitter Account: @sethlaw Ken's Twitter Account: @cktricky Want to hear about a new Infosec con?  If you're in and around the Waterloo region area in October, why not check out Cyber City!  This is Waterloo region's premier information security conference.  Tickets are on sale now! Cyber City Conference: https://www.cybercityconf.io/ We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Often times in information security, we look upon penetration testing and red teaming with awe and view those professions as the "sexy" side of security.  Truth be told, the defensive side has a lot of exciting opportunities as well!  Kyle Andrus joins me this week to talk about malware analysis, which I think is definitely one of the sexier sides of defense. Some links of interest: Practical Malware Analysis Book - https://nostarch.com/malware Cuckoo Sandbox - https://cuckoosandbox.org/ CyberChef - https://gchq.github.io/CyberChef/ Leny Zeltser's Blog - https://zeltser.com/blog/ Journey Into Incident Response - http://journeyintoir.blogspot.com/ Malware Unicorn's Reverse Engineering Workshop - https://malwareunicorn.org/#/workshops MiSec - https://www.misec.us/ Kyle's Twitter Account: @chaoticflaws Want to hear about a new Infosec con?  If you're in and around the Waterloo region area in October, why not check out Cyber City!  This is Waterloo region's premier information security conference.  Tickets are on sale now and the CFP is open until July 31st, 2019.  Don't wait, and come participate today!   Cyber City Conference: https://www.cybercityconf.io/ Cyber City Conference CFP: https://www.papercall.io/cybercityconf We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

There were more than a few of you who were anxiously awaiting his return, and he's back!  Tinker joins me once again to share some stories from his adventures in hackerland.  In addition, I have given Tinker free reign to speak as he chooses, and naturally I participate as well.  Fair warning, this is not safe for work or sensitive ears.  I do ask that you try not to be offended, as his stories and reflections on those events makes for one excellent episode. Some links of interest: Tinker's Fediverse Account: @tinker@infosec.exchange Tinker's Twitter Account: @TinkerSec Tinker's Blog: https://tinker.sh SecLists: https://github.com/danielmiessler/SecLists Cyber City Conference: https://www.cybercityconf.io/ Cyber City Conference CFP: https://www.papercall.io/cybercityconf We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

A few weeks ago, Sam King on Twitter mentioned me in a tweet that included a link to a Medium post, but not just any Medium post.  Tim MalcomVetter had posted up an "Choose Your Own Red Team Adventure", which I thought was just amazing!  I used to read a lot of choose your own adventure books as a kid, so I was naturally excited!  For this episode, I will be going through the story the first time, reading aloud as I try my hand at red teaming against a customer.  I hope you enjoy! Some links of interest: Choose Your Own Red Team Adventure - https://medium.com/@malcomvetter/choose-your-own-red-team-adventure-f87d6a3b0b76 Tim MalcomVetter's Twitter - @malcomvetter We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

CORRECTION: Early in this episode I mentioned that Amazon would ask for your email password when signing up for a new account.  I meant to say Facebook, not Amazon.  The practice has since been discontinued, but I wanted to make it clear that this was a Facebook practice, not Amazon.  Amazon has not, to the best of my knowledge, ever done something like this.  Sorry for the mixup. For most security professionals, we view the CIA triad as our grail.  No, not the US government agency that works around the world doing a lot of questionable things, but rather the more tame version of Confidentiality, Integrity, and Availability.  For today's episode, Matt Beland joins me to explain privacy and how it's not all about Confidentiality as I, and I'm sure a few of you, may have thought. Some links of interest: Smooth Sailing Solutions: smoothsailingsolutions.com Matt's Twitter: @Beland_Matt International Association of Privacy Professionals: https://iapp.org CIPP / CIPM / CIPT Certifications: https://iapp.org/certify/programs/ Ethical Data and Information Management: Concepts, Tools and Methods: https://www.amazon.com/Ethical-Data-Information-Management-Concepts/dp/0749482044 We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Tribe of Hackers is a recently released book by Marcus Carey and Jennifer Jin that is a collection of stories from member of our community, or tribe as Marcus describes it.  This was a great and insightful interview, and definitely one you will want to listen to if you haven't read the book yet. Some links of interest: Tribe of Hackers: https://www.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189/ Tribe of Mentors (inspiration for Tribe of Hackers): https://www.amazon.com/Tribe-Mentors-Short-Advice-World/dp/1328994961/ The 4 Agreements - https://www.amazon.com/Four-Agreements-Practical-Personal-Freedom/dp/1878424319/ Marcus's Twitter: @marcusjcarey Jennifer Jin's Twitter: @jen_jin Tribe of Hackers Twitter: @TribeOfHackers Tribe of Hackers Summit - May 2, 2019: https://www.eventbrite.com/e/tribe-of-hackers-summit-registration-59074697009 We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

Once again I am pleased to share a #ginfosec episode with the woman who helps guide others through the mountains of infosec, Tracy InfoSecSherpa Maleeff!  In this extended episode Tracy and I speak about conferences from the attendee point of view; what to expect, what to bring, how to go, and what you should aim to get from the con.  Enjoy! Some links of interest: Tracy's Twitter: @InfoSecSherpa Sign up for Tracy's Nuzzle Newsletter: https://nuzzel.com/InfoSecSherpa Study on different note taking techniques: https://www.scientificamerican.com/article/a-learning-secret-don-t-take-notes-with-a-laptop/ Tracy's Unusual Journey into Infosec: https://www.secjuice.com/infosecsherpa-unusual-journeys/ Tracy's Talk at BSides NoVa - Networking with Humans: https://www.youtube.com/watch?v=bbfyXTZCVC0 We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com

This week John goes solo and decides to talk about a recent threat he spun up about on Twitter, naming himself as a generalist within Information Security and discussing what that means to him. Some links of interest: John's Twitter Thread We have a new store!  Come check out the various Purple Squad Security goods you can buy to share your following and help the show.  From stickers to mugs, we have a few items up for sale: https://purplesquadsec.com/store Want to reach out to the show?  There's a few ways to get in touch! Purple Squad Security's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere John's Mastodon: https://infosec.exchange/@JohnsNotHere Podcast Website: purplesquadsec.com Patreon - https://www.patreon.com/purplesquadsec Sign-Up for our Slack community: https://signup.purplesquadsec.com Thanks for listening, and as always, I will talk with you all again next time. Find out more at http://purplesquadsec.com