Cover image of Advanced Persistent Security
(7)
Technology
News
Tech News

Advanced Persistent Security

Updated 9 days ago

Technology
News
Tech News
Read more

This is a periodic audio podcast discussing current events and trends in Information and Cyber Security. Hallway con with a topic!

Read more

This is a periodic audio podcast discussing current events and trends in Information and Cyber Security. Hallway con with a topic!

iTunes Ratings

7 Ratings
Average Ratings
6
0
0
1
0

Great Podcast!

By Amish_G - Apr 20 2018
Read more
Fun and informative podcast that I can’t get enough of. Can’t wait to hear more.

Great new infosec podcast

By EDinATL - Apr 26 2016
Read more
Very informative and substantive discussions. The banter is kept to a minimum and the quality of the content is great for anyone with an interest in information security. There are a few sales pitches sprinkled around, but there is nothing annoying or excessive about their approach. I highly recommend checking out this podcast.

iTunes Ratings

7 Ratings
Average Ratings
6
0
0
1
0

Great Podcast!

By Amish_G - Apr 20 2018
Read more
Fun and informative podcast that I can’t get enough of. Can’t wait to hear more.

Great new infosec podcast

By EDinATL - Apr 26 2016
Read more
Very informative and substantive discussions. The banter is kept to a minimum and the quality of the content is great for anyone with an interest in information security. There are a few sales pitches sprinkled around, but there is nothing annoying or excessive about their approach. I highly recommend checking out this podcast.
Cover image of Advanced Persistent Security

Advanced Persistent Security

Latest release on Apr 26, 2018

Read more

This is a periodic audio podcast discussing current events and trends in Information and Cyber Security. Hallway con with a topic!

Rank #1: Threat Intelligence (with Rob Gresham)

Podcast cover
Read more

THREAT INTELLIGENCE (WITH Rob Gresham)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 36

GUEST:Rob Gresham

February 13, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Threat Intelligence (WITH Rob Gresham)

SHOW NOTES

PART 1

Joe introduces Rob Gresham. Rob explains the Intel/McAfee/Foundstone dynamic. Rob tells us about the 6 degrees of Foundstone and the associated businesses and people. We recall and discuss SuperScan. We cover Threat Hunting in terms of what it is and it is not. Rob explains that Threat Hunting is learning YOUR ENVIRONMENT and determining when/where/how to meet the enemy.  Joe characterizes it as “Purple Teaming.” Rob provides an application of the Scientific Method using hypotheses to evaluate purple teaming.

Rob stresses to not be Elmer Fudd. Joe postulates IT F.U.D. (Fear, Uncertainty, Doubt, Elmer’s nephew).  Rob talks about attribution versus retribution. We talk about APTs and motivations of other types of attackers. Social Media as C2 (Command and Control) is discussed. We discuss the identification of Indicators that can be used in an actionable context. Joe gets on his training and awareness soapbox. The Cyber Kill Chain makes an appearance in regards to the applicability in network defense.

PART 2

Rob tells us about MITRE and CVEs (Common Vulnerabilities and Exposures). He tells us about Adversarial Tactics Techniques And Common Knowledge  (ATTACK). Rob talks about actionable intelligence vice merely feeds or the tool de jour. Joe goes on his rant about the fallacy of silver bullet solutions. Rob talks about robust and elastic incident response planning. He tells us about adaptive and active containment.We talk about vendor diversity and the coverage in threat mitigation and identification. Rob talks about the level of influence and integration that machine learning has with antivirus companies like McAfee and Symantec. Rob brings the Pyramid of Pain into the discussion.

ABOUT Rob

Rob Gresham has extensive experience executing and instructing on cyber threat intelligence. Primarily on the information flow and analysis of operational, strategic and tactical cyber intelligence. He has extensive experience building data centers and enterprise environments with the proper security architecture and robust designs that enable business security needs and maturity over time with less rework. With  extensive experience, Rob investigates compromised systems, performs memory analysis and determines the scope of the breach. Rob has a perceptive talent for visualizing processes, workflows and procedures which has help tremendously when designing SOC process framework. He has successfully built security response teams that provide incident response for SOCs and critical infrastructure and key resource restoration teams.

CONTACTING Rob:

Twitter: @rwgresham
LinkedIn
Team Email: foundstone@intel.com
Webinar

JOE’S Second BLOG ON CISOCAST

CISOCast

JOE’S Social Engineering BLOG ON Black Hills Information Security

Black Hills Information Security

JOE’S AlienVault Blog about Insider Threat

AlienVault
Hosted Locally on Advanced Persistent Security

JOE’S Sword & Shield BLOG Post

Sword & Shield Blog
Hosted Locally on Advanced Persistent Security

JOE’S First BLOG ON CISOCast

CISOCast
Hosted Locally on Advanced Persistent Security

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Feb 13 2017

1hr 44mins

Play

Rank #2: Ransomware and Incident Response (with Ben Johnson)

Podcast cover
Read more

Ransomware and Incident Response (WITH Ben Johnson)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 33

GUEST:Ben Johnson

January 16, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Ransomware and Incident Response (WITH Ben Johnson)

SHOW NOTES

PART 1

Joe introduces Ben and they briefly discuss Ben’s experiences and Carbon Black and how it came about. We will be discussing Incident Response a little later. Instead of talking about the news, we discuss Ransomware in 2016 and 2017. We talk about the Ransomware problem. Ben discusses the role of awareness in preventing Ransomware. We discuss the cultural impact of awareness and the do’s and dont’s of building an awareness program. Joe and Ben talk about non-punitive measures in programs and empowering employees. Ben tells us about fallacies like Full Disk Encryption being an absolute answer to Ransomware.

PART 2

Ben defines EDR (Endpoint Detection and Response) and the transition from “just anti-virus.” He  talks about detection and response vice reaction when doing Incident Response. We talk about critical and high risk positions and roles such as HR, Finance, Accounting, Contracting, and Editors and specific concerns for each. Ben gives us a devious idea about stealing metadata from PDFs from Job Announcements and other documents to use against organizations in OSINT and Social Engineering. We transition into a brief rant about Cloud Security and the lack of controls. Ben teaches us about black listing and white listing.

PART 3

Ben tells us about the difference between EDR and IDR (Incident Detection and Response). Joe asks Ben about his thoughts about Threat Hunting. We shift the discussion to successful implementations of Threat Hunting. Ben talks about subtle successes in Threat Hunting via identifying risk and threats that are not as obvious as things like attackers and APT. We talk about good hacker/information security mindsets that yield success. Ben arms us with advice to be successful in information security and “getting your hands dirty.”

ABOUT Ben

Ben Johnson

Ben Johnson is co-founder of Carbon Black and now an Executive in Residence for Ten Eleven Ventures as he flushes out his next company.  When at Carbon Black, Ben was CTO and Chief Security Strategist, where his duties including early development, building the technical team, setting the product vision, and then evangelizing and spreading the company message and offerings around the world to prospects, customers, and partners.  Prior to Carbon Black, Ben worked at NSA and then a defense contractor as an intrusion engineer.  Ben’s passionate about security, technology and entrepreneurship.  Ben has two computer science degrees (University of Chicago and Johns Hopkins University), and he currently teaches a masters level course in entrepreneurship at the University of Chicago.  Aside from all this, Ben enjoys being involved with other security startups as an advisor or board member.  Ben lives in Chicago.

CONTACTING Ben:

Twitter: @ChicagoBen

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Jan 16 2017

1hr 32mins

Play

Rank #3: Red Teaming (with Joe Vest & James Tubberville)

Podcast cover
Read more

Red Teaming (with Joe Vest & James Tubberville)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 34

GUEST:Joe Vest & James Tubberville

January 23, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, Blubrry, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

RED TEAMING (WITH JOE VEST & JAMES TUBBERVILLE)

SHOW NOTES

PART 1

Joe introduces Joe and James. Joe Vest tells us about his background in journey to Information Security and Penetration Testing. He explains that he and James were Red Teaming together then founded Minis with James. James echoes Joe’s sentiments and path. Mr. Vest tells us about how he had to break things as a system administrator to better understand how to secure them. He also tells us how to break into information security via system or network administration. Joe Gray tells us his advice to people trying to get into security. Mr. Vest talks about being passionate about technology which leads to a discussion about enthusiasm versus knowledge and experience.

We talk about the relationship between offense and defense; red and blue. We then transition into a discussion about FamilyTreeNow.com for the current event. It is discussed as an OSINT Playground. Mr. vest talks about “getting personal” when collecting data about targets. James talks about verifying relationships and build a smart password list and profile/dossier on targets. Joe Gray talks about his new FamilyTreeNow phishing proof of concept and the psychology behind making it work. We talk about the burden being on the user and best practices for creating awareness programs.

PART 2

We kick this segment with Mr. Vest discussing what types of penetration testing are used. Mr. Vest talks about the inverse triangle to the left that describes the focus in security assessment and testing. He talks about the realization of vulnerabilities in scope as the triangle narrows. Red Teaming is focused on specific scenarios and goals of which are called “Operational Impacts.” These are what makes organizations tick. Essentially, where can the organization be exploited to a point to cause catastrophic outcome for the organization. Think the worst case scenario for an organization.

This allows organizations to see what capabilities threat actors possess while measuring their security controls, defensive controls and procedures, and exercise their detection and response. Red Teaming is not specifically penetration testing on steroids. Red Teaming is more focused on meeting an objective to enable the organization to assess and measure their security posture and operations. Everything is goal driven. Mr. Vest talks about white carding and the assumed breach model. James talks about the correlation with penetration testing.

We discuss the maturity requirements for penetration testing and compare it to the maturity required for Red Teaming. Mr. Vest talks about providing value to an organization through engagement via red teaming psychology and goals. James clarifies that Blue Team is more than just traditional security defenders and includes Help Desk, System Admins, Networks, and BCP/DRP. Mr. Vest correlates Vulnerability Assessment and Penetration Testing to good security hygiene.

PART 3

James and Joe give us a war story about an engagement that dealt with an external access objective and an operational impact objective. The client CIO asked for a phishing campaign to demonstrate access. James and Joe noted that the client had sensitive files on a network that was not explicitly segregated as thought so. The impacts that dealt with detection and determining compromise and resiliency were implemented.

While ramping up presence (to attempt to be detected), the team quickly realized that they needed to make more noise to gain the attention of the blue team. They deployed EICAR, images, and audio bytes to get noticed. The blue team noticed this and made an announcement for all personnel to stop using network assets, causing a near 6 hour interruption. The blue team started pulling cables after they realized that a reboot did not work. The sound byte was selected from the Non-Rick Roll song below:

ABOUT Joe

Joe Vest has worked in the information technology industry for over 17 years with a focus on red teaming, penetration testing and application security. As a former technical lead for a DoD red team, he has extensive knowledge of cyber threats and their tools, tactics and techniques, including threat emulation and threat detection. Joe is the co-founder of MINIS LLC, providing innovative solutions for the mitigation against an ever-changing cyber threat. He is the technical editor for the book Red Team Field Manual (RTFM) and holds numerous security certifications. OSCP, CISSP-ISSMP, CISA, GPEN, GCIH, GWAPT, CEH

CONTACTING Joe:

Twitter: @JoeVest
LinkedIn
Email

ABOUT James

James’ Biography is coming soon.

CONTACTING James:

LinkedIn
Email

ABOUT Minis

Minis Website
Find Minis Github
Minis on LinkedIn
Find Minis on Twitter
Minis ThreatExchange Blog

joe and james’ SANS Course

Security 564: Red Team Operations and Threat Emulation

JOE’S Sword & Shield BLOG Post

Sword & Shield Blog
Hosted Locally on Advanced Persistent Security

JOE’S BLOG ON CISOCast

CISOCast

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Jan 24 2017

1hr 31mins

Play

Rank #4: SANS Top 20 Critical Security Controls 1-4

Podcast cover
Read more

SANS Top 20 Critical Security Controls 1-4

The SANS SANS Top 20 Critical Security Controls are an industry and (for the most part) vendor neutral set of controls that organizations are encouraged to implement to ensure they are cognizant of security issues and can respond accordingly. This episode deals exclusively with the first 4 controls in-depth, so to not overwhelm listeners with what is shaping up to be a nearly 3 hour podcast.

If you want to discuss how Advanced Persistent Security can help you implement the SANS Top 20 Critical Security Controls, please contact Advanced Persistent Security Sales.

Content

This week, we begin to discuss the SANS Top 20 Critical Security Controls, this week we cover the following 4 Controls:
SANS Top 20 Critical Security Controls, #1: Inventory of Authorized and Unauthorized Devices
SANS Top 20 Critical Security Controls, #2: Inventory of Authorized and Unauthorized Software
SANS Top 20 Critical Security Controls, #3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
SANS Top 20 Critical Security Controls, #4: Continuous Vulnerability Assessment and Remediation
The Center for Internet Security Benchmarks Program
The NIST National Checklist Program

DISCLAIMER: Aside from receiving training from SANS and holding a certification from their partner organization, GIAC, neither Advanced Persistent Security nor myself, Joe Gray are affiliated with SANS. This podcast is authorized via SANS open use clause and is not officially authorized by SANS. There is no compensation to Advanced Persistent Security nor myself, Joe Gray for doing this podcast. The purpose is to increase awareness using open frameworks.

If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net

Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this podcast and to our Blog.

References

NIST SP 800-53 Revision 4
SANS Top 20 Critical Security Controls




Enter your email address:
Delivered by FeedBurner


Subscribe to our mailing list

* indicates required Email Address *

First Name
Last Name

//
//

Sep 24 2015

25mins

Play

Rank #5: This week in Security September 22 2015

Podcast cover
Read more

This week in Security: September 22, 2015

 Content

We discuss the 150 successful Department of Energy Cyber Attacks between 2010 and 2014, Excellus Blue Cross and Blue Shield data breach from December 2013 to August 2015, Android Lock Screen Buffer Overflow vulnerability discovered by the University of Texas, and rationalize a timeline for either changing Adobe Flash or discarding it based on the frequency and severity of it being exploited. We recap the blogs and I add a little information and perspective. This is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses.

If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net

Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this podcast and to our Blog.


Enter your email address:
Delivered by FeedBurner


Subscribe to our mailing list

* indicates required Email Address *

First Name
Last Name

//
//

Sep 22 2015

15mins

Play

Rank #6: SANS Top 20 Critical Security Controls 9-12

Podcast cover
Read more

SANS Top 20 Critical Security Controls 9-12

The SANS SANS Top 20 Critical Security Controls are an industry and (for the most part) vendor neutral set of controls that organizations are encouraged to implement to ensure they are cognizant of security issues and can respond accordingly. This episode deals exclusively with the third 4 (Numbers 9-12) controls in-depth, so to not overwhelm listeners with what is shaping up to be a nearly 3 hour podcast.

If you want to discuss how Advanced Persistent Security can help you implement the SANS Top 20 Critical Security Controls, please contact Advanced Persistent Security Sales.

Content

This week, we begin to discuss the SANS Top 20 Critical Security Controls, this week we cover the following 4 Controls:
SANS Top 20 Critical Security Controls, #9: Security Skills Assessment and Appropriate Training to Fill Gaps
SANS Top 20 Critical Security Controls, #10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
SANS Top 20 Critical Security Controls, #11: Limitation and Control of Network Ports, Protocols, and Services
SANS Top 20 Critical Security Controls, #12: Controlled Use of Administrative Privileges

DISCLAIMER: Aside from receiving training from SANS and holding a certification from their partner organization, GIAC, neither Advanced Persistent Security nor myself, Joe Gray are affiliated with SANS. This podcast is authorized via SANS open use clause and is not officially authorized by SANS. There is no compensation to Advanced Persistent Security nor myself, Joe Gray for doing this podcast. The purpose is to increase awareness using open frameworks.

If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net

Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this podcast and to our Blog.


References

NIST SP 800-53 Revision 4
SANS Top 20 Critical Security Controls




Enter your email address:
Delivered by FeedBurner


Subscribe to our mailing list

* indicates required Email Address *

First Name
Last Name

//
//

Oct 08 2015

21mins

Play

Rank #7: This week in Security: October 6, 2015

Podcast cover
Read more

This week in Security: October 6, 2015

Content

We discuss the recent attack on T-Mobile/Experian, Trump Hotel’s Malware Infection, Cyphinx Cyber Security Training Video Game, and the world of automobile cyber security. The automobile portion discusses attacks on Tesla, Chrysler, Fiat, Dodge, Ram, and On-Star. We look at how the Volkswagen emissions issue may change cyber security in the auto industry.

This is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses.

If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net

Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this podcast and to our Blog.


Enter your email address:
Delivered by FeedBurner


Subscribe to our mailing list

* indicates required Email Address *

First Name
Last Name

//
//

Oct 06 2015

24mins

Play

Rank #8: SANS Top 20 Critical Security Controls 5-8

Podcast cover
Read more

SANS Top 20 Critical Security Controls 5-8

The SANS SANS Top 20 Critical Security Controls are an industry and (for the most part) vendor neutral set of controls that organizations are encouraged to implement to ensure they are cognizant of security issues and can respond accordingly. This episode deals exclusively with the second 4 (Numbers 5-8) controls in-depth, so to not overwhelm listeners with what is shaping up to be a nearly 3 hour podcast.

If you want to discuss how Advanced Persistent Security can help you implement the SANS Top 20 Critical Security Controls, please contact Advanced Persistent Security Sales.

Content

This week, we begin to discuss the SANS Top 20 Critical Security Controls, this week we cover the following 4 Controls:
SANS Top 20 Critical Security Controls, #5: Malware Defenses
SANS Top 20 Critical Security Controls, #6: Application Software Security
SANS Top 20 Critical Security Controls, #7: Wireless Access Control
SANS Top 20 Critical Security Controls, #8: Data Recovery Capability

DISCLAIMER: Aside from receiving training from SANS and holding a certification from their partner organization, GIAC, neither Advanced Persistent Security nor myself, Joe Gray are affiliated with SANS. This podcast is authorized via SANS open use clause and is not officially authorized by SANS. There is no compensation to Advanced Persistent Security nor myself, Joe Gray for doing this podcast. The purpose is to increase awareness using open frameworks.

If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net

Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this podcast and to our Blog.

References

NIST SP 800-53 Revision 4
SANS Top 20 Critical Security Controls




Enter your email address:
Delivered by FeedBurner


Subscribe to our mailing list

* indicates required Email Address *

First Name
Last Name

//
//

Oct 01 2015

20mins

Play

Rank #9: This week in Security September 29 2015

Podcast cover
Read more

This week in Security: September 29, 2015

We discuss the recent attack on Apple’s App Store that revealed a fraudulent version of XCode (XCode Ghost) that inserted malware into over 300 apps. We also discuss the cyber landscape for Federal IT Security and  the strained Cyber relations between the U.S. and China. We recap the blogs and I add a little information and perspective.

This is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses.

If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net

Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this podcast and to our Blog.


Enter your email address:
Delivered by FeedBurner


Subscribe to our mailing list

* indicates required Email Address *

First Name
Last Name

//
//

Sep 29 2015

13mins

Play

Rank #10: This week in Security September 14 2015

Podcast cover
Read more

This week in Security: September 14, 2015

Content

This week, we discuss the OPM cyber attack, baby monitors, & FireEye/Kaspersky issues & follow up to the Ashley Madison hack. We recap the blogs and I add a little information and perspective. This is a work in progress. The only way to improve at podcasting is to do it more. I will be applying my knowledge of security, coupled with my teaching experience to create valuable IT and Cyber Security podcasts as time progresses.

If you have any questions or concerns about the podcast or something you want featured on the podcast, please email us at podcast@advancedpersistentsecurity.net

Thanks for stopping by and listening to our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens to this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this podcast and to our Blog.


Enter your email address:
Delivered by FeedBurner


Subscribe to our mailing list

* indicates required Email Address *

First Name
Last Name

//
//

Sep 14 2015

20mins

Play

Rank #11: Critical Security Controls: Part 1 (with Brian Ventura)

Podcast cover
Read more

Critical Security Controls: Part 1 (with Brian Ventura) (WITH BRIAN VENTURA)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 23

GUEST: BRIAN VENTURA

October 24, 2016

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

NOTE: This series was originally intended to be a single episode. Because we recorded in excess of three hours of content, we decided (after the fact) to split this into 2 episodes.

Critical Security Controls: Part 1 SHOW NOTES

PART 1

We talk about National Cyber Security Awareness Month (NCSAM) and some of the initiatives that we have observed to work and not work as well as what some organizations are doing to help. We touch on what the SANS and Center for Internet Security (CIS) Critical Security Controls (Formerly SANS Top 20) are. We then compare and contrast them briefly to other lists, like the Australian Signals Directorate 35 Strategies to Mitigate Cyber Intrusions, Cloud Security Alliance (CSA) Treacherous 12, Open Web Application Security Project (OWASP) Top 10, and OWASP Application Security Validation Standard (ASVS).

PART 2

Controls:

  1. Inventory of Authorized and Unauthorized Devices
  2. Inventory of Authorized and Unauthorized Software

We discuss the beginning of the Critical Security Controls. Starting with control number 1, we discuss the importance of knowing what devices and assets are on the network as well as maintaining an inventory management tool. We discuss using inventory management as a means of accountability in management. We transition into control 2 which deals with authorized and unauthorized software.

PART 3

Controls:

3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
4. Continuous Vulnerability Assessment and Remediation

5. Controlled Use of Administrative Accounts

We discuss developing secure environments, benchmarking, and baselining. We discuss the cross correlation of the US DOD’s (DISA) STIGs (Security Technical Implementation Guides) and CIS Benchmarks and assessing it using Secure Content Assessment Protocol (SCAP). A discussion about golden images ensues and we discuss methods for patching golden images. We discuss vulnerability scanning versus assessment, mobile vulnerabilities, and scanning strategies. Finally, we discuss the importance of limiting who has administrative privileges and when they should be used.

ABOUT BRIAN

Brian Ventura

Brian has 20+ years in Information Technology, ranging from systems administration to project management and information security. He is an Information Security Architect in Portland, Oregon and volunteers as the Director of Education for the Portland ISSA Chapter. Brian holds his CISSP and GCCC, as well as other industry certifications. As the Director of Education, Brian coordinates relevant local and online training opportunities.

CONTACTING BRIAN:

Twitter: @brianwifaneye
Brian’s SANS Instructor Profile

Brian’s SANS Courses:

SEC440: Critical Security Controls: Planning, Implementing and Auditing (2 day course in Pittsburgh, PA: February 1 and 2, 2017)
SEC566: Implementing and Auditing the Critical Security Controls – In-Depth  (5 day course in Seattle, WA: February 6 through 10, 2017)

Links to Resources mentioned:

Australian Signals Directorate 35 Strategies to Mitigate Cyber Intrusions
CSA Treacherous 12 (PDF)
OWASP Top 10
OWASP ASVS 3.0 (PDF)
National Cyber Security Awareness Month (Stay Safe Online)
CIS Critical Security Controls

Gary McGraw Books

Software Security: Building Security In
Building Secure Software: How to Avoid Security Problems the Right Way
Exploiting Online Games: Cheating Massively Distributed Systems
Software Security Library Boxed Set, First Edition

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Oct 24 2016

1hr 30mins

Play

Rank #12: Maintaining a SOC (with Rob Gresham)

Podcast cover
Read more

Maintaining a SOC (WITH Rob Gresham)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 37

GUEST:Rob Gresham

February 20, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Maintaining a SOC (WITH ROB GRESHAM)

SHOW NOTES

PART 1

Joe introduces Rob Gresham. Rob explains the Intel/McAfee/Foundstone dynamic. Rob tells us about the 6 degrees of Foundstone and the associated businesses and people. We recall and discuss SuperScan. We cover Threat Hunting in terms of what it is and it is not. Rob explains that Threat Hunting is learning YOUR ENVIRONMENT and determining when/where/how to meet the enemy.  Joe characterizes it as “Purple Teaming.” Rob provides an application of the Scientific Method using hypotheses to evaluate purple teaming.

Rob stresses to not be Elmer Fudd. Joe postulates IT F.U.D. (Fear, Uncertainty, Doubt, Elmer’s nephew).  Rob talks about attribution versus retribution. We talk about APTs and motivations of other types of attackers. Social Media as C2 (Command and Control) is discussed. We discuss the identification of Indicators that can be used in an actionable context. Joe gets on his training and awareness soapbox. The Cyber Kill Chain makes an appearance in regards to the applicability in network defense.

PART 2

In this special episode, the final in a two part series, we discuss how to create and maintain a successful SOC – Security Operations Center. Rob discusses the considerations in creating a maintaining a SOC in terms of goals and the environment around the SOC. He explains what a BOT is – a Build, Operate, Transfer model used by firms when helping organizations build their SOCs. Rob talks about decision making in terms of deciding to go with a Managed Security Service Provider (MSSP). Joe talks about contracts and SLAs as they relate to liability then transitions to realistic expectations. We close the segment in discussing sensor locations.

ABOUT ROB

Rob Gresham has extensive experience executing and instructing on cyber threat intelligence. Primarily on the information flow and analysis of operational, strategic and tactical cyber intelligence. He has extensive experience building data centers and enterprise environments with the proper security architecture and robust designs that enable business security needs and maturity over time with less rework. With  extensive experience, Rob investigates compromised systems, performs memory analysis and determines the scope of the breach. Rob has a perceptive talent for visualizing processes, workflows and procedures which has help tremendously when designing SOC process framework. He has successfully built security response teams that provide incident response for SOCs and critical infrastructure and key resource restoration teams.

CONTACTING ROB:

Twitter: @rwgresham
LinkedIn
Team Email: foundstone@intel.com
Webinar

JOE’S SECOND BLOG ON CISOCAST

CISOCast

JOE’S Social Engineering BLOG ON Black Hills Information Security

Black Hills Information Security

JOE’S AlienVault Blog about Insider Threat

AlienVault
Hosted Locally on Advanced Persistent Security

JOE’S Sword & Shield BLOG Post

Sword & Shield Blog
Hosted Locally on Advanced Persistent Security

JOE’S First BLOG ON CISOCast

CISOCast
Hosted Locally on Advanced Persistent Security

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Feb 20 2017

1hr 25mins

Play

Rank #13: 2017 Holiday Podcaster’s Podcast (NSF Kids/Work)

Podcast cover
Read more

2017 Holiday Podcaster’s Podcast (NSF Kids/Work)

ADVANCED PERSISTENT SECURITY

December 22, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this show are ours alone and do not reflect those of our employers

2017 HOliday Podcaster’s Podcast (NSF Kids/Work) SHOW NOTES

SUPER NOT SAFE for kids (and probably adults, come to think of it). Really this is just us griping and remaining hopeful for industry.

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Dec 22 2017

1hr 22mins

Play

Rank #14: BSides Atlanta (with Martin Fisher)

Podcast cover
Read more

BSides Atlanta (with Martin Fisher)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 22

GUEST: Martin Fisher

October 17, 2016

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

BSides Atlanta (with Martin Fisher) SHOW NOTES

Apology: Unbeknownst to us, we encountered sound distortion issues around the 3:30 to 5:15 mark and some sound overlapping later in the podcast. I apologize immensely for this. I am in the process of upgrading my recording equipment to a more professional set up to  get away from relying on software to record.

Your ears do not deceive you, Armor Guy, Martin Fisher is on Advanced Persistent Security Podcast. Joe introduces Martin and we kick off the conversation about BSides Atlanta. Here is a quick Q&A:

  • Are BSides Atlanta Tickets sold out? Yes, but more may open up closer to the time of the event. Follow the Twitter feed to check for continuing updates.
  • What do you have to pay for? Parking. Pay for Atlanta Tech Village parking. It’s $6 at ATV, vice getting booted for $75+.
  • Are CPEs available for attending the event? Yes. Take the form from the site (below) to the event.
  • Are there any volunteering opportunities? Not at this time. The response was excellent.
  • When will the speaker list be out? Within about 10 days of the event.

ABOUT Martin

Martin Fisher

Martin is a seasoned and experienced information security executive with experience in the healthcare, commercial aviation, and finance sectors. His passion is to build high performing teams that, in turn, build excellent programs that add capability and value to the larger organization. He believes in programs that create guardrails – enabling business to change as quickly as needed without driving off a cliff – and not speed bumps that only hinder the velocity of valuable change and only detract from value.

He has been co-host of the award nominated Southern Fried Security Podcast since January 2010. The podcast focuses on issues of information security management and leadership and has, since its inception, delivered over 200,000 episode downloads to listeners.

Martin was honored to be a 2014 Information Security Executive of the Year Southeast nominee.

Resources and sites mentioned:

Security BSides

BSides Atlanta: Twitter / Website
Twitter: @armorguy
Podcast: @sfspodcast
Southern Fried Security Podcast

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Oct 17 2016

15mins

Play

Rank #15: 2017 DerbyCon Podcaster’s Podcast (NSF Kids/Work)

Podcast cover
Read more

2017 DerbyCon Podcaster’s Podcast (NSF Kids/Work)

ADVANCED PERSISTENT SECURITY

2017 DerbyCon Podcaster’s Podcast

September 27, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this show are ours alone and do not reflect those of our employers

2017 DerbyCon Podcaster’s Podcast (NSF Kids/Work) SHOW NOTES

SUPER NOT SAFE for kids (and probably adults, come to think of it). Really this is just us riffing about derbycon (and I really love @oncee, and wished I’d gone to his stable talk (which you can listen/watch here: http://www.irongeek.com/i.php?page=videos/derbycon7/s07-the-skills-gap-how-can-we-fix-it-bill-gardner)

We actually did talk about the skills gap, resume workshop held at Derbycon, and so much else.

If you haven’t been to Derbycon, you should definitely make plans now to attend…

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Sep 27 2017

1hr 18mins

Play

Rank #16: BSides Huntsville & SDN (with Paul Coggin)

Podcast cover
Read more

BSides Huntsville & SDN (WITH Paul Coggin)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 35

GUEST:Paul Coggin

January 30, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

BSides Huntsville & SDN (WITH Paul Coggin)

SHOW NOTES

PART 1

Joe introduces Paul and we discuss his career thus far. In terms of topics, we evade the news again and decide to talk about IOT – the Internet of Things. Paul brings a unique perspective since he comes from a background that is heavily rooted in networking. He likens it to ICS/SCADA and jokingly endorses it for our job security. Paul talks about the role that endpoints will play in the IOT environment.

Paul introduces us to a concept called “Fog Computing.” He then provides his perspective on the application of Fog Computing. He then describes VPT or Vendor Persistent Threat, which is when proprietary products may have backdoors or maintenance hooks for either data or support purposes. We talk about the impact on supply chain security from the networking and IOT perspectives.

PART 2

Paul tells us that BSides Hunstville will be February 4, 2017 at the Dynetics Solutions Complex facility. The event features 16 speakers on both the local and the global levels. There are 2 tracks for the event. Adrian Crenshaw (Iron Geek) will be recording the talks, providing lock picking equipment, and co-keynoting. By attending, you’ll get all the Krispy Kreme doughnuts and Papa John’s Pizza that you can handle.

The BSides Huntsville event is open to everyone, but if you are planning on attending and NOT A US CITIZEN, please contact the organizers to complete the proper documentation. Talks range from malware, threat intelligence, to physical security and the dark net. Paul tells us that if you’re looking for a new job, bring your resume and/or business cards and to expect to network at the event. Joe talks about the benefits of an employee attending conferences like BSides and the value it adds to organizations.

PART 3

We transition to talk about Software Defined Networking (SDN). Paul calls this the Network Apocalypse or Netpocalypse. He tells us about products like VMware NSX. Paul goes on to talk about ONOS (Open Networking Operating System) and OpenDaylight as controllers then explains how the virtualization effort in the controller will direct the routing equipment such as switches and routers as to how to operate.

Paul talks about the disruptive nature (in the market perspective; not availability) of SDN and the need for networking professionals to get up to speed to maintain relevance. We talk about using SDN and the cloud to virtualize the networking and use the cloud for CP/BCP/DRP/COOP.

ABOUT Paul

Paul Coggin

Paul Coggin is an information Security Engineer. His expertise includes tactical, service provider and ICS\SCADA network infrastructure attacks and defenses as well as large complex network design and implementation. His experience includes leading network architecture reviews, vulnerability analysis and penetration testing engagements for critical infrastructure and tactical networks.

CONTACTING Paul:

Twitter: @PaulCoggin
LinkedIn
Email (Yahoo)
Email (Gmail)

ABOUT BSides Huntsville

Date: Februrary 4, 2017
Time: 8:30 AM Central Time (9:30 Eastern)
Location: Dynetics, Inc (Solutions Complex building)
1004 Explorer Blvd, Huntsville, AL 35805
Website
Twitter
Cost: $10

Software Defined Networking (SDN) Resources

ONOS Wikipedia
Northbound Networks Zodiac Physical Controller
Software Defined Wide Area Network (SD-WAN) definitions
ONOS Website
MiniNet project
OpenDaylight project
IPSpace Website
Open Networking Foundation
Northbound Networks YouTube channel
TechNet article about Network Controllers

JOE’S Second BLOG ON CISOCAST

CISOCast

JOE’S Social Engineering BLOG ON Black Hills Information Security

Black Hills Information Security

JOE’S AlienVault Blog about Insider Threat

AlienVault
Hosted Locally on Advanced Persistent Security

JOE’S Sword & Shield BLOG Post

Sword & Shield Blog
Hosted Locally on Advanced Persistent Security

JOE’S First BLOG ON CISOCast

CISOCast
Hosted Locally on Advanced Persistent Security

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Jan 30 2017

1hr 10mins

Play

Rank #17: Practical Packet Analysis (with Chris Sanders)

Podcast cover
Read more

Practical Packet Analysis (with Chris Sanders)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 32

GUEST:Chris Sanders

January 9, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, Blubrry, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Practical Packet Analysis (with Chris Sanders)

SHOW NOTES

PART 1

Joe introduces Chris and talks about his work and accomplishments. We transition to talking about the “Russian Hackers” and the “GRIZZLY STEPPE” report. We provide analysis of the quality of application of the IP addresses and hashes in the reports. Attribution is discussed in terms of Russia versus China. We talk about “Nation State” and the implications of such attribution. We talk about the role of Social Engineering and spear phishing in the success. Chris and I debunk the Vermont “Power Grid” attack in terms of application and the news reports. We talk about proper research and identifying bias and skew.

Resources Used

US CERT Report on GRIZZLY STEPPE
US CERT Site about GRIZZLY STEPPE
CNBC Article about Russia’s Role in DNC Hack
Washington Post article detracting attribution of Vermont Power Grid attack to Russia

PART 2

We kick it off by asking Chris the origin of Practical Packet Analysis. Chris tells us that the first edition came 10 years ago (in 2006)  as he was studying in college at age 19 (published at age 20). It all started with a blog post. Someone posted it to Dig and crashed his site. He was contacted by No Starch press who asked him to write it. Chris said that he initially wrote it to help pay his way through college, but at the time he was fairly young and not experienced enough to write a really great book. The next edition was really about redemption and making the book live up to its potential. Chris talks about how this was not originally a security book, but rather network monitoring and packet analysis.

PART 3

Chris talks about his Investigative Theory training and the correlation between his writing and teaching. He talks about the lack of training in terms of how to apply tools and how to investigate. Chris talks about his interaction with the course and how the questions are structured. He explains how human and cognitive psychology plays into investigating. His January class is full and his March class is almost full.

We shift to discuss the Rural Tech Fund. Chris lost his mother and sister at a young age. The house he grew up in recently sold at auction for $14,000. Like me, he had little opportunity to be successful, less learn technology. A teacher named Ms. Jackson told Chris that he would do great things, but to “Remember where he came from.” Chris shifted the focus from scholarships to the classrooms. He helped to get teachers involved to help impact over 10,000 students last year in the donation of equipment. In 2017, Chris wants to impact 25,000 students.

ABOUT Chris

Chris Sanders

Chris Sanders is an information security consultant, author, and researcher. He is the leader of a detection and investigation research team at FireEye and has extensive experience supporting multiple government and military agencies, as well as several Fortune 500 companies. In multiple roles with the US Department of Defense, Chris helped to create several NSM and intelligence tools currently being used to defend the interests of the nation.

Chris has authored several books and articles, including the international best seller “Practical Packet Analysis” form No Starch Press, currently in its third edition and in seven languages, and “Applied Network Security Monitoring” from Syngress. He is currently pursuing a PhD in Cognitive Psychology in an attempt to enhance the field of security investigative technique through a better understanding of the human thought and learning processes.

Chris is the founder and director of the Rural Technology Fund, a non-profit that donates thousands of dollars in scholarships and equipment annually to further technical education in rural and high poverty areas.

CONTACTING Chris:

Twitter: @ChrisSanders88
Website
Training Site
Rural Technology Fund

Chris’ Books:

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
Applied Network Security Monitoring: Collection, Detection, and Analysis

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Jan 09 2017

1hr 47mins

Play

Rank #18: Infosec Success (with Lesley Carhart)

Podcast cover
Read more

Infosec Success (with Lesley Carhart)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 31

GUEST:Lesley Carhart

January 2, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Infosec Success (with Lesley Carhart)

SHOW NOTES

PART 1

We discuss our predictions for 2017. Lesley gives us her theme of “Reaching a Breaking Point.” She says that some things will get worse in places. This will give risk managers a little more budgetary leverage. Lesley predicts more Distributed Denial of Service (DDOS) and IOT botnet DDOS attacks. Joe predicts a data breach bigger than Yahoo in terms of sensitivity, records, applicability, and ability for misuse. Lesley’s next prediction is government/Law Enforcement on cloud and social media providers and their data retention policies. Joe’s final prediction is to see a rise in social engineering and phishing.

PART 2

Lesley shares with us her wisdom about taking GIAC exams after SANS training and the value of having solid indices. We talk about what to take into the testing center. We talk about the various cost offset models. Lesley and I also talk about the advantages and disadvantages of the larger SANS events versus smaller events and venues. We talk about the SANS Blue Team (DFIR) and Red Team (Pen Test) pipelines. We talk about true “Purple Teamers.”

PART 3

In our Infosec success segment, Lesley’s first tidbit of advice is “Want to be in infosec.” Joe talks about being able to teach someone the knowledge, but not the passion. Joe talks about learning outside of work and tinkering in a home lab. Lesley talks about learning types and finding the method for you to learn best. Joe recommends getting active in the security community via BSides, defcon groups, 2600, ISSA, OWASP, and (ISC)2 chapters. We also talk about Irongeek’s site as well. Joe recommends business cards regardless of your career level. We talk about report writing and public speaking and the importance of producing quality reports regardless of the role. We discuss languages and programming languages.

ABOUT Lesley

Lesley Carhart

Lesley Carhart (GCIH, GREM, GCFA, GPEN, B.S. Network Technologies, DePaul University) is a 17 year IT industry veteran, including 8 years in information security (specifically, digital forensics and incident response). She speaks and writes about digital forensics and incident response, OSINT, and information security careers, is highly involved in the Chicagoland information security community, and is staff at Circle City Con, Indianapolis.

In her free time, Lesley studies three martial arts, is a competitive pistol marksman, and is generally all around a huge geek.

Lesley loves to speak about information security and digital forensics to technical and non-technical audiences, and would be happy to come to your con or speak to your class (time allowing)! Please reach out to @hacks4pancakes on Twitter, or at hacks4pancakes@gmail.com.

CONTACTING Lesley:

Twitter: @hacks4pancakes
Twitter: @Infosec_VetTix
Blog: Tisiphone

SANS References:

Rtfm: Red Team Field Manual
SANS Cheat Sheet Google Search String
Joe’s SANS Security 504 Mentor Course

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Jan 02 2017

1hr 21mins

Play

Rank #19: CFP Success (with Kat Sweet)

Podcast cover
Read more

CFP Success (WITH Kat Sweet)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 30

GUEST: Kat Sweet

December 26, 2016

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

CFP Success (WITH Kat Sweet)

SHOW NOTES

PART 1

Kat is introduced then we hop into our Infosec time machine (cue Dr. Who sound effects) and discuss the NEW Yahoo data breach and the Lynda (a LinkedIn company) data breach. We compare and contrast the two. Next, we talk about the LA County Phishing attack that impacted over 750,000 people as a result of 108 successful phishing attacks. Kat advocates “Safe Infosecs.”

PART 2

Kat starts off by letting the listeners know that everyone has a con that they can speak at. It varies upon experience and the talk. She then talks about overcoming obstacles like impostor syndrome and selecting a topic. Kat stresses rehearsal of the talk. We discuss the abstract and the outline as well the verbosity of the outline and when to/not to spell things out more. Kat tells us when to complete our slides.

PART 3

Kat tells us about submission etiquette. We talk about acceptance strategies (rolling vs not rolling), feedback, and multiple rounds. We talk about the novelty of a talk and how much you should sprinkle buzz words into your talk. Kat tells us about scoring talks in the review process. She reiterates rehearsal and redundancy and contingency. We discuss rejections, how to deal with them and how to improve.

ABOUT Kat

Kat Sweet

Kat Sweet is in her final semester of studying network security at Madison Area Technical College. When she’s not hacking for grades (or lulz), she feeds herself (and her brain) by blue teaming for her school, writing, and teaching at her friendly neighborhood hackerspace. She got her speaking start in the BSidesLV Proving Ground, where she returned last year as a presentation mentor. She currently serves as the CFP co-chair for CircleCityCon, as well as a founding board member of TiaraCon. Her speaking credits include BSidesLV, CircleCityCon, CypherCon, SkyTalks, and the DEF CON Wireless Village. Always accumulating way too many hobbies, she enjoys long walks on the beach, bursting into song, and picking unsuspecting locks.

CONTACTING Kat:

Twitter: @thesweetkat
Website
Blog post about submitting to Conferences

ABOUT Circle City Con

Website: circlecitycon.com
Twitter: @CircleCityCon
When: June 9-11, 2011
Cost: $150
Where:

Sheraton Indianapolis City Centre Hotel
31 West Ohio Street
Indianapolis, IN 46204 Phone: (317) 635-2000  

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Dec 26 2016

1hr 15mins

Play

Rank #20: 2016 HOLIDAY PODCAST MASHUP

Podcast cover
Read more

2016 HOLIDAY PODCAST MASHUP

ADVANCED PERSISTENT SECURITY

DECEMBER 21, 2016

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this show are ours alone and do not reflect those of our employers

2016 HOLIDAY PODCAST MASHUP SHOW NOTES

A few of the information security podcasters got together to record a special holiday episode. This is a dumpster fire full of awesome! We discussed trends, goals, and predictions. This is a great way to say goodbye to 2016 and welcome 2017! This showfeatures the following brilliant celebrities:

PVC Security Podcast: http://www.pvcsec.com/

Brakeing Down Security Podcast: http://www.brakeingsecurity.com/

Defensive Security Podcast: https://www.defensivesecurity.org/

…and Amanda Berlin!

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

JOE’S BLOG ON TRIPWIRE:

Burgling From an OSINT Point of View

JOE’S BLOGS ON SWORD & SHIELD ENTERPRISE SECURITY’S SITE:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

JOE’S WORK WITH WATE 6 NEWS IN KNOXVILLE, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Dec 19 2016

1hr 13mins

Play

Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)

Podcast cover
Read more

Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)

Advanced Persistent Security Podcast

Episode 44

Guests: Adrian Sanabria

April 26, 2018

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)

Show Notes

In this episode, Joe is joined by Adrian Sanabria. Adrian is a co-organizer of BSides Knoxville and one of the founders of dc865. We discuss Adrian’s background in technology and how he came into security in the days before PCI. Adrian talks about his transition into working at 451 Research in terms of terminology and industry analysis.

Joe and Adrian talk about Savage Security and RSA Conference. Adrian tells us about his (then forthcoming) presentation at RSA Conference. Adrian’s presentation is called It is Time to Kill the Pen Test and why it is important. He cites Haroon Meer’s Keynote at 44con in 2011 as a thought provoking idea that spawned this.

Pen testing as a skill is not the problem, it is the service offering that is. Adrian cites inefficiencies like vulnerability scanning and reporting at the same rate as the test. We talk about the advanced attacks versus sticking to the basics. Adrian talks about prioritizing breach simulations and ransomware simulations over a pen test.

We talk about the scoping documents of pen tests and how they are relative to actual attacks and their objectives. The fact that not all adversaries attempt to get domain admin, while others try to perform defacement or exfiltration. Adrian mentions Haroon’s quote:

Pen testers are not emulating attackers. They are emulating other pen testers.

Adrian talks about the lack of responsiveness of blue teams during pen tests. We talk about the mentality of many attackers of wanting to “pwn the world” vice enhance the security of an organization. Adrian calls for more “white box testing.” Joe mentions the lack of analysis of OSINT as another inefficiency in pen testing. We also discuss the fact that dwell time is so high that expecting a black box test is almost unrealistic.

Adrian talks about some metrics associated with MSSPs detecting him when doing breach simulations. We talk about C2 and other indicators such as the use of TOR. We talk about how to make the industry better.

About Adrian:

Adrian Sanabria is Co-Founder and Director of Research at Savage Security. Sanabria’s past experience includes 13 years as a Defender and Consultant building security programs, defending large financial organizations and performing penetration tests. He has spent far more time dealing with PCI than is healthy for an adult male of his age. Sanabria learned the business side of the industry as a research analyst for 451 Research, working closely with vendors and investors. He is an outspoken researcher and doesn’t shy away from the truth or being proven wrong. Sanabria loves to write about the industry, tell stories and still sees the glass as half full.

Contacting Adrian:

Twitter: @sawaba
Blog

BSides Knoxville:

Website
Registration
Date: May 18, 2018
Locations: Scruffy City Hall, Preservation Pub, Knoxville Entrepreneurial Center
8:00 AM – 6:00 PM

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Apr 26 2018

59mins

Play

Ransomware (with Allan Liska & Tim Gallo)

Podcast cover
Read more

Ransomware (with Allan Liska & Tim Gallo)

Advanced Persistent Security Podcast

Episode 43

Guests: Allan Liska and Tim Gallo

April 19, 2018

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Ransomware (with Allan Liska & Tim Gallo)

Show Notes

Segment 1

In this episode, Joe is joined by Allan Liska and Tim Gallo, co-authors of O’Reilly’s Ransomware book. The show kicks off with origin stories. We talk about the passion of security professionals and the career versus hobby camps. We discuss mentoring in terms of selecting mentees and mentors. Allan and Tim provide insight on the process of writing a book. We talk about persistence.

Segment 2

Joe kicks it off with a question to Allan and Tim about their observations of ransomware. A discussion as to whether to pay the ransom or not ensues and considerations for each argument are given. Tim talks about the relationship between IT Operations and IT Security. He relates stories from his past to convey why many security professionals make assumptions as to why/how things are done. Joe talks about “Schrodinger’s Backup” and its relation to proper incident response plans.  We talk about the malware SDLC.

The conversation shifts to our research on exploit kits and ransomware as well as trends for each. We discuss the argument of paying or not paying [the ransomware.] This segment is concluded with a talk about ransomware in cars.

phishing@advancedpersistentsecurity.net

Book Link:

Ransomware: Defending Against Digital Extortion

About Allan:

Allan Liska

Allan Liska is a solutions architect at Recorded Future. He has more than 15 years’ experience in the world of information security and has worked as both a security practitioner and an ethical hacker. Allan has helped countless organizations improve their security posture using more effective intelligence. He is the author of The Practice of Network Security, Building an Intelligence-Led Security Program, and Securing NTP: A Quickstart Guide and the co-author of DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.

Contacting Allan:

Twitter: @uuallan

About Tim:

Tim Gallo

I’ve been working in security for 20 years, everything from firewall management to security officer and consultant. I spent 8 years as a product manager for an intelligence vendor and recently coauthored an O’Reilly book on Ransomware, I was also a technical editor on books about DNS Security and Building Threat Intelligence Programs. I have strong opinions on the importance of building intelligence programs and how they can help your organization save money when done correctly, and can cost you a lot of money if done poorly. In the end, I’d like to try and share with others what I’ve seen go well and go wrong. I’m not a rockstar, nor am I some sort of guru. You won’t find shrines to me in the halls of Twitter, nor the fields of LinkedIn, but you will find me there, sipping on information and bourbon.

Contacting Tim:

Twitter: @TimJGallo

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Apr 19 2018

1hr 30mins

Play

Infosec Thoughts (with Jayson E. Street & Tracy Maleeff)

Podcast cover
Read more

Infosec Thoughts (with Jayson E. Street & Tracy Maleeff)

Advanced Persistent Security Podcast

Episode 42

Guests: Jayson E. Street and Tracy “Infosec Sherpa” Maleeff

April 12, 2018

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Infosec Thoughts (with Jayson E. Street & Tracy Maleeff)

Show Notes

Segment 1

In this episode, Tracy and Joe introduce Jayson E. Street. Tracy mentions Jayson’s talk about failing from Tactical Edge conference. Joe and Tracy agree that people in infosec do not talk enough about their failures. Jayson talks about how to break into infosec. He shares how he would survey his defenses as a security guard (30 years ago) from the lens of someone who would be breaking in.

Bad Guys will break in just like a red teamer, but they won’t give you a report to mitigate it.

Brian Krebs should not be your IDS.

Joe hits Jayson with a trick question about which language one should learn to break into infosec. Jayson passes the test with the answer of “English.” We continue down the rabbit hole of effective communications with regards to buzzwords and speaking the language of the audience. We talk about the use of the word “cyber” in the sense of cybersecurity in lieu of information security when speaking to the businesses.

Segment 2

Tracy asks Jayson how to approach talking to non-technical, non-security people about the umbrella of information security relative to explaining the various types of security disciplines and the differences in each. Jayson levels with us with regards to the culture of information security based on his travels across the world. Jayson tells us how he would collect information about a company using OSINT to phish the company or gain unauthorized access. He encourages listeners to go out and speak to non-security groups to raise awareness across other verticals.

kittenwar.com

About Jayson

Jayson E. Street

Jayson E. Street is an Author of Dissecting the Hack: The F0rb1dd3n Network from Syngress. Also Creator of http://dissectingthehack.com He has also spoken at DEFCON, DerbyCon, UCON and at several other ’CONs and colleges on a variety of information security subjects. His life story can be found on Google under “Jayson E. Street” *He is a highly carbonated speaker who has partaken of pizza from Beijing to Brazil. He does not expect anybody to still be reading this far, but if they are please note he was chosen as one of Time’s persons of the year for 2006.

Contacting Jayson:

Twitter: @jaysonstreet
Awkward Hugs
iRonin
JaysonEStreet.com
The Forb1dd3n Network

Books

Dissecting the Hack: The F0rb1dd3n Network Revised
Dissecting the Hack: The V3rb0t3n Network

About Tracy:

Tracy Maleef

Tracy Z. Maleeff is a Cyber Analyst in the Security Operations Center for global pharmaceutical company GSK. She holds a Master of Library and Information Science degree from the University of Pittsburgh. She has 15+ years’ experience as a law firm librarian and also worked as an independent consultant who specialized in social media, research, and Information Security awareness training. Tracy received the Wolters Kluwer Law & Business Innovations in Law Librarianship Award in 2016 and the Information Systems Security Association Women in Security Leadership Award in 2017. Tracy has presented at a variety of conferences including the Special Libraries Association, Security BSides, O’Reilly Security, and DEF CON’s Recon Village.

Contacting Tracy:

Twitter: @infosecsherpa
Newsletter
Website: Sherpa Intel

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Apr 12 2018

55mins

Play

Security of Mainframes (with Cheryl Biswas & Tracy Maleeff)

Podcast cover
Read more

Security of Mainframes (with Cheryl Biswas & Tracy Maleeff)

Advanced Persistent Security Podcast

Episode 41

Guests: Cheryl Biswas and Tracy “Infosec Sherpa” Maleeff

April 5, 2018

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Security of Mainframes (with Cheryl Biswas & Tracy Maleeff)

Show Notes

Segment 1

In this episode, Tracy and Joe interview Cheryl Biswas. We introduce Cheryl and she shares what she is seeing in industry from the mainframes and Industrial Control Systems (ICS) perspectives. Cheryl discusses her habits of reading all night and the passion that we all share for security. We share our origin stories. Joe showcases his authentic southern accent. Joe talks about the Navy’s mentorship mentality and how he applies it to security mentoring (what eventually will have gone onto become Through The Hacking Glass).

For “current events,” we discuss Vault 7. Joe details his “Workplace Crossfit” and “Workplace Yoga” programs in jest. Cheryl shares her insight as a Canadian regarding how the US Intelligence Community operates.

Segment 2

Cheryl begins to discuss the financial sector and how ransomware impacts it. Cheryl shouts out to Soldier of Fortran (@mainframed767) and Big Endian Smalls (@bigendiansmalls). Cheryl talks about the ability to access mainframes from the internet and the relation to another Stuxnet.

Examples as to how Nation States could exploit and disrupt operations using mainframes are explained. For the sake of entry level listeners, Cheryl explains the difference between servers and a mainframes. We get an education about the operating systems of mainframes – Z/OS and how it relates to commercial software like UNIX and Java. To learn about mainframes, Cheryl recommends we check out her blog, Cyber Watch/White Hat Cheryl, Big Endian Smalls’ Mainframe Security, and Soldier of Fortran’s Mainframe Hacking.

Cheryl talks about ransomware and how it is impacting banks. She talks about fileless ransomware and (the lack of) awareness programs. Joe gets on the user training soapbox regarding the lack of commitment. We agree that it will get worse before it gets better. Joe and Cheryl talk about virtualizing mainframes using Hercules. Joe attempts to sing a Cher cover regarding mainframes, TERRIBLY.

ABOUT Cheryl

Cheryl Biswas

Cheryl Biswas, aka @3ncr1pt3d, has landed her dream job as a Strategic Threat Intel Analyst with TD in Toronto, Canada. Prior to that she was a Cyber Security Consultant with KPMG and worked on GRC, privacy, breaches, and DRP. Her areas of interest include APTs, mainframes, ransomware, ICS SCADA, and building threat intel. She blames this on her ITIL certification and degree in Political Science.She actively shares her passion for security in blogs, online, via podcasts, and speaking at conferences.

Contacting Cheryl:

Twitter: @3ncr1pt3d
Blog: Cyber Watch/White Hat Cheryl

About Tracy:

Tracy Maleef

Tracy Z. Maleeff is a Cyber Analyst in the Security Operations Center for global pharmaceutical company GSK. She holds a Master of Library and Information Science degree from the University of Pittsburgh. She has 15+ years’ experience as a law firm librarian and also worked as an independent consultant who specialized in social media, research, and Information Security awareness training. Tracy received the Wolters Kluwer Law & Business Innovations in Law Librarianship Award in 2016 and the Information Systems Security Association Women in Security Leadership Award in 2017. Tracy has presented at a variety of conferences including the Special Libraries Association, Security BSides, O’Reilly Security, and DEF CON’s Recon Village.

Contacting Tracy:

Twitter: @infosecsherpa
Newsletter
Website: Sherpa Intel

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Apr 05 2018

1hr

Play

OSINT TECHNIQUES (WITH MICHAEL BAZZELL)

Podcast cover
Read more

OSINT Techniques (with Michael Bazzell)

Advanced Persistent Security Podcast

Episode 40

Guest:Michael Bazzell

March 30, 2018

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

OSINT Techniques (with Michael Bazzell)

Show Notes

In this episode, we introduce Caroline Stephens as a new co-host. Our guest, Michael Bazzell discusses his background in OSINT; how he got into OSINT and why he wrote his first book as well as his new book Open Source Intelligence Techniques (6th Edition). Michael talks about what has changed in OSINT since 2001 in terms of collecting everything then versus filtering as much as possible now. We discuss automating OSINT and Buscador Linux. We go over a few tools that we like to use – Recon-ng, Datasploit, and Buscador. Maltego came up and we discuss our use and reservations of usage.

On the topic of Buscador, Michael discusses how it came about, his collaboration with David Wescott, and the need for a linux based OSINT virtual machine. Joe and Michael discuss the ethical requirements and implications of collecting and usage of data gathered using OSINT techniques. Michael talks about his commitment to OPSEC (Operations Security) when working on OSINT investigations.

We talk about proactive OSINT and Privacy; the offense and defense. Facebook Live is discussed. Michael and Joe also talk about spoofing location information and the impact of using a VPN on a cell phone. The usage of Michael’s tools for law enforcement and the media is discussed. Michael tells us about his experience working on Mr. Robot.

ABOUT Michael

Michael Bazzell spent 18 years as a government computer crime investigator. During the majority of that time, he was assigned to the FBI’s Cyber Crimes Task Force where he focused on computer crime investigations. As an active investigator, he has been involved in numerous major criminal investigations including online child solicitation, child abduction, kidnapping, cold-case homicide, terrorist threats, and computer intrusions. He has trained thousands of individuals in the use of his investigative techniques. He also served as the technical advisor for the television hacker drama “Mr. Robot”. His books “Open Source Intelligence Techniques” and “Hiding from the Internet” have been best sellers in both the United States and Europe. Michael currently works and resides in Washington, D.C.

Contacting Michael:

Twitter: @inteltechniques
Web: inteltechniques.com

Books:

Open Source Intelligence Techniques 6th Edition
Hiding From the Internet
Complete Privacy and Security Desk Reference Volume 1: The Digital
Outsmarting Your Kids Online: A Safety Handbook for Overwhelmed Parents
Personal Digital Security: Protecting Yourself from Online Crime

Podcast: Complete Privacy and Security Podcast

Contacting David:

Twitter: @aptnotes

Contacting Caroline:

Twitter: @cxstephens

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Mar 30 2018

1hr 5mins

Play

2017 Holiday Podcaster’s Podcast (NSF Kids/Work)

Podcast cover
Read more

2017 Holiday Podcaster’s Podcast (NSF Kids/Work)

ADVANCED PERSISTENT SECURITY

December 22, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this show are ours alone and do not reflect those of our employers

2017 HOliday Podcaster’s Podcast (NSF Kids/Work) SHOW NOTES

SUPER NOT SAFE for kids (and probably adults, come to think of it). Really this is just us griping and remaining hopeful for industry.

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Dec 22 2017

1hr 22mins

Play

2017 DerbyCon Podcaster’s Podcast (NSF Kids/Work)

Podcast cover
Read more

2017 DerbyCon Podcaster’s Podcast (NSF Kids/Work)

ADVANCED PERSISTENT SECURITY

2017 DerbyCon Podcaster’s Podcast

September 27, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this show are ours alone and do not reflect those of our employers

2017 DerbyCon Podcaster’s Podcast (NSF Kids/Work) SHOW NOTES

SUPER NOT SAFE for kids (and probably adults, come to think of it). Really this is just us riffing about derbycon (and I really love @oncee, and wished I’d gone to his stable talk (which you can listen/watch here: http://www.irongeek.com/i.php?page=videos/derbycon7/s07-the-skills-gap-how-can-we-fix-it-bill-gardner)

We actually did talk about the skills gap, resume workshop held at Derbycon, and so much else.

If you haven’t been to Derbycon, you should definitely make plans now to attend…

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Sep 27 2017

1hr 18mins

Play

Maintaining a SOC (with Rob Gresham)

Podcast cover
Read more

Maintaining a SOC (WITH Rob Gresham)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 37

GUEST:Rob Gresham

February 20, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Maintaining a SOC (WITH ROB GRESHAM)

SHOW NOTES

PART 1

Joe introduces Rob Gresham. Rob explains the Intel/McAfee/Foundstone dynamic. Rob tells us about the 6 degrees of Foundstone and the associated businesses and people. We recall and discuss SuperScan. We cover Threat Hunting in terms of what it is and it is not. Rob explains that Threat Hunting is learning YOUR ENVIRONMENT and determining when/where/how to meet the enemy.  Joe characterizes it as “Purple Teaming.” Rob provides an application of the Scientific Method using hypotheses to evaluate purple teaming.

Rob stresses to not be Elmer Fudd. Joe postulates IT F.U.D. (Fear, Uncertainty, Doubt, Elmer’s nephew).  Rob talks about attribution versus retribution. We talk about APTs and motivations of other types of attackers. Social Media as C2 (Command and Control) is discussed. We discuss the identification of Indicators that can be used in an actionable context. Joe gets on his training and awareness soapbox. The Cyber Kill Chain makes an appearance in regards to the applicability in network defense.

PART 2

In this special episode, the final in a two part series, we discuss how to create and maintain a successful SOC – Security Operations Center. Rob discusses the considerations in creating a maintaining a SOC in terms of goals and the environment around the SOC. He explains what a BOT is – a Build, Operate, Transfer model used by firms when helping organizations build their SOCs. Rob talks about decision making in terms of deciding to go with a Managed Security Service Provider (MSSP). Joe talks about contracts and SLAs as they relate to liability then transitions to realistic expectations. We close the segment in discussing sensor locations.

ABOUT ROB

Rob Gresham has extensive experience executing and instructing on cyber threat intelligence. Primarily on the information flow and analysis of operational, strategic and tactical cyber intelligence. He has extensive experience building data centers and enterprise environments with the proper security architecture and robust designs that enable business security needs and maturity over time with less rework. With  extensive experience, Rob investigates compromised systems, performs memory analysis and determines the scope of the breach. Rob has a perceptive talent for visualizing processes, workflows and procedures which has help tremendously when designing SOC process framework. He has successfully built security response teams that provide incident response for SOCs and critical infrastructure and key resource restoration teams.

CONTACTING ROB:

Twitter: @rwgresham
LinkedIn
Team Email: foundstone@intel.com
Webinar

JOE’S SECOND BLOG ON CISOCAST

CISOCast

JOE’S Social Engineering BLOG ON Black Hills Information Security

Black Hills Information Security

JOE’S AlienVault Blog about Insider Threat

AlienVault
Hosted Locally on Advanced Persistent Security

JOE’S Sword & Shield BLOG Post

Sword & Shield Blog
Hosted Locally on Advanced Persistent Security

JOE’S First BLOG ON CISOCast

CISOCast
Hosted Locally on Advanced Persistent Security

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Feb 20 2017

1hr 25mins

Play

Threat Intelligence (with Rob Gresham)

Podcast cover
Read more

THREAT INTELLIGENCE (WITH Rob Gresham)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 36

GUEST:Rob Gresham

February 13, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Threat Intelligence (WITH Rob Gresham)

SHOW NOTES

PART 1

Joe introduces Rob Gresham. Rob explains the Intel/McAfee/Foundstone dynamic. Rob tells us about the 6 degrees of Foundstone and the associated businesses and people. We recall and discuss SuperScan. We cover Threat Hunting in terms of what it is and it is not. Rob explains that Threat Hunting is learning YOUR ENVIRONMENT and determining when/where/how to meet the enemy.  Joe characterizes it as “Purple Teaming.” Rob provides an application of the Scientific Method using hypotheses to evaluate purple teaming.

Rob stresses to not be Elmer Fudd. Joe postulates IT F.U.D. (Fear, Uncertainty, Doubt, Elmer’s nephew).  Rob talks about attribution versus retribution. We talk about APTs and motivations of other types of attackers. Social Media as C2 (Command and Control) is discussed. We discuss the identification of Indicators that can be used in an actionable context. Joe gets on his training and awareness soapbox. The Cyber Kill Chain makes an appearance in regards to the applicability in network defense.

PART 2

Rob tells us about MITRE and CVEs (Common Vulnerabilities and Exposures). He tells us about Adversarial Tactics Techniques And Common Knowledge  (ATTACK). Rob talks about actionable intelligence vice merely feeds or the tool de jour. Joe goes on his rant about the fallacy of silver bullet solutions. Rob talks about robust and elastic incident response planning. He tells us about adaptive and active containment.We talk about vendor diversity and the coverage in threat mitigation and identification. Rob talks about the level of influence and integration that machine learning has with antivirus companies like McAfee and Symantec. Rob brings the Pyramid of Pain into the discussion.

ABOUT Rob

Rob Gresham has extensive experience executing and instructing on cyber threat intelligence. Primarily on the information flow and analysis of operational, strategic and tactical cyber intelligence. He has extensive experience building data centers and enterprise environments with the proper security architecture and robust designs that enable business security needs and maturity over time with less rework. With  extensive experience, Rob investigates compromised systems, performs memory analysis and determines the scope of the breach. Rob has a perceptive talent for visualizing processes, workflows and procedures which has help tremendously when designing SOC process framework. He has successfully built security response teams that provide incident response for SOCs and critical infrastructure and key resource restoration teams.

CONTACTING Rob:

Twitter: @rwgresham
LinkedIn
Team Email: foundstone@intel.com
Webinar

JOE’S Second BLOG ON CISOCAST

CISOCast

JOE’S Social Engineering BLOG ON Black Hills Information Security

Black Hills Information Security

JOE’S AlienVault Blog about Insider Threat

AlienVault
Hosted Locally on Advanced Persistent Security

JOE’S Sword & Shield BLOG Post

Sword & Shield Blog
Hosted Locally on Advanced Persistent Security

JOE’S First BLOG ON CISOCast

CISOCast
Hosted Locally on Advanced Persistent Security

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Feb 13 2017

1hr 44mins

Play

BSides Huntsville & SDN (with Paul Coggin)

Podcast cover
Read more

BSides Huntsville & SDN (WITH Paul Coggin)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 35

GUEST:Paul Coggin

January 30, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

BSides Huntsville & SDN (WITH Paul Coggin)

SHOW NOTES

PART 1

Joe introduces Paul and we discuss his career thus far. In terms of topics, we evade the news again and decide to talk about IOT – the Internet of Things. Paul brings a unique perspective since he comes from a background that is heavily rooted in networking. He likens it to ICS/SCADA and jokingly endorses it for our job security. Paul talks about the role that endpoints will play in the IOT environment.

Paul introduces us to a concept called “Fog Computing.” He then provides his perspective on the application of Fog Computing. He then describes VPT or Vendor Persistent Threat, which is when proprietary products may have backdoors or maintenance hooks for either data or support purposes. We talk about the impact on supply chain security from the networking and IOT perspectives.

PART 2

Paul tells us that BSides Hunstville will be February 4, 2017 at the Dynetics Solutions Complex facility. The event features 16 speakers on both the local and the global levels. There are 2 tracks for the event. Adrian Crenshaw (Iron Geek) will be recording the talks, providing lock picking equipment, and co-keynoting. By attending, you’ll get all the Krispy Kreme doughnuts and Papa John’s Pizza that you can handle.

The BSides Huntsville event is open to everyone, but if you are planning on attending and NOT A US CITIZEN, please contact the organizers to complete the proper documentation. Talks range from malware, threat intelligence, to physical security and the dark net. Paul tells us that if you’re looking for a new job, bring your resume and/or business cards and to expect to network at the event. Joe talks about the benefits of an employee attending conferences like BSides and the value it adds to organizations.

PART 3

We transition to talk about Software Defined Networking (SDN). Paul calls this the Network Apocalypse or Netpocalypse. He tells us about products like VMware NSX. Paul goes on to talk about ONOS (Open Networking Operating System) and OpenDaylight as controllers then explains how the virtualization effort in the controller will direct the routing equipment such as switches and routers as to how to operate.

Paul talks about the disruptive nature (in the market perspective; not availability) of SDN and the need for networking professionals to get up to speed to maintain relevance. We talk about using SDN and the cloud to virtualize the networking and use the cloud for CP/BCP/DRP/COOP.

ABOUT Paul

Paul Coggin

Paul Coggin is an information Security Engineer. His expertise includes tactical, service provider and ICS\SCADA network infrastructure attacks and defenses as well as large complex network design and implementation. His experience includes leading network architecture reviews, vulnerability analysis and penetration testing engagements for critical infrastructure and tactical networks.

CONTACTING Paul:

Twitter: @PaulCoggin
LinkedIn
Email (Yahoo)
Email (Gmail)

ABOUT BSides Huntsville

Date: Februrary 4, 2017
Time: 8:30 AM Central Time (9:30 Eastern)
Location: Dynetics, Inc (Solutions Complex building)
1004 Explorer Blvd, Huntsville, AL 35805
Website
Twitter
Cost: $10

Software Defined Networking (SDN) Resources

ONOS Wikipedia
Northbound Networks Zodiac Physical Controller
Software Defined Wide Area Network (SD-WAN) definitions
ONOS Website
MiniNet project
OpenDaylight project
IPSpace Website
Open Networking Foundation
Northbound Networks YouTube channel
TechNet article about Network Controllers

JOE’S Second BLOG ON CISOCAST

CISOCast

JOE’S Social Engineering BLOG ON Black Hills Information Security

Black Hills Information Security

JOE’S AlienVault Blog about Insider Threat

AlienVault
Hosted Locally on Advanced Persistent Security

JOE’S Sword & Shield BLOG Post

Sword & Shield Blog
Hosted Locally on Advanced Persistent Security

JOE’S First BLOG ON CISOCast

CISOCast
Hosted Locally on Advanced Persistent Security

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Jan 30 2017

1hr 10mins

Play

Red Teaming (with Joe Vest & James Tubberville)

Podcast cover
Read more

Red Teaming (with Joe Vest & James Tubberville)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 34

GUEST:Joe Vest & James Tubberville

January 23, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, Blubrry, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

RED TEAMING (WITH JOE VEST & JAMES TUBBERVILLE)

SHOW NOTES

PART 1

Joe introduces Joe and James. Joe Vest tells us about his background in journey to Information Security and Penetration Testing. He explains that he and James were Red Teaming together then founded Minis with James. James echoes Joe’s sentiments and path. Mr. Vest tells us about how he had to break things as a system administrator to better understand how to secure them. He also tells us how to break into information security via system or network administration. Joe Gray tells us his advice to people trying to get into security. Mr. Vest talks about being passionate about technology which leads to a discussion about enthusiasm versus knowledge and experience.

We talk about the relationship between offense and defense; red and blue. We then transition into a discussion about FamilyTreeNow.com for the current event. It is discussed as an OSINT Playground. Mr. vest talks about “getting personal” when collecting data about targets. James talks about verifying relationships and build a smart password list and profile/dossier on targets. Joe Gray talks about his new FamilyTreeNow phishing proof of concept and the psychology behind making it work. We talk about the burden being on the user and best practices for creating awareness programs.

PART 2

We kick this segment with Mr. Vest discussing what types of penetration testing are used. Mr. Vest talks about the inverse triangle to the left that describes the focus in security assessment and testing. He talks about the realization of vulnerabilities in scope as the triangle narrows. Red Teaming is focused on specific scenarios and goals of which are called “Operational Impacts.” These are what makes organizations tick. Essentially, where can the organization be exploited to a point to cause catastrophic outcome for the organization. Think the worst case scenario for an organization.

This allows organizations to see what capabilities threat actors possess while measuring their security controls, defensive controls and procedures, and exercise their detection and response. Red Teaming is not specifically penetration testing on steroids. Red Teaming is more focused on meeting an objective to enable the organization to assess and measure their security posture and operations. Everything is goal driven. Mr. Vest talks about white carding and the assumed breach model. James talks about the correlation with penetration testing.

We discuss the maturity requirements for penetration testing and compare it to the maturity required for Red Teaming. Mr. Vest talks about providing value to an organization through engagement via red teaming psychology and goals. James clarifies that Blue Team is more than just traditional security defenders and includes Help Desk, System Admins, Networks, and BCP/DRP. Mr. Vest correlates Vulnerability Assessment and Penetration Testing to good security hygiene.

PART 3

James and Joe give us a war story about an engagement that dealt with an external access objective and an operational impact objective. The client CIO asked for a phishing campaign to demonstrate access. James and Joe noted that the client had sensitive files on a network that was not explicitly segregated as thought so. The impacts that dealt with detection and determining compromise and resiliency were implemented.

While ramping up presence (to attempt to be detected), the team quickly realized that they needed to make more noise to gain the attention of the blue team. They deployed EICAR, images, and audio bytes to get noticed. The blue team noticed this and made an announcement for all personnel to stop using network assets, causing a near 6 hour interruption. The blue team started pulling cables after they realized that a reboot did not work. The sound byte was selected from the Non-Rick Roll song below:

ABOUT Joe

Joe Vest has worked in the information technology industry for over 17 years with a focus on red teaming, penetration testing and application security. As a former technical lead for a DoD red team, he has extensive knowledge of cyber threats and their tools, tactics and techniques, including threat emulation and threat detection. Joe is the co-founder of MINIS LLC, providing innovative solutions for the mitigation against an ever-changing cyber threat. He is the technical editor for the book Red Team Field Manual (RTFM) and holds numerous security certifications. OSCP, CISSP-ISSMP, CISA, GPEN, GCIH, GWAPT, CEH

CONTACTING Joe:

Twitter: @JoeVest
LinkedIn
Email

ABOUT James

James’ Biography is coming soon.

CONTACTING James:

LinkedIn
Email

ABOUT Minis

Minis Website
Find Minis Github
Minis on LinkedIn
Find Minis on Twitter
Minis ThreatExchange Blog

joe and james’ SANS Course

Security 564: Red Team Operations and Threat Emulation

JOE’S Sword & Shield BLOG Post

Sword & Shield Blog
Hosted Locally on Advanced Persistent Security

JOE’S BLOG ON CISOCast

CISOCast

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Jan 24 2017

1hr 31mins

Play

Ransomware and Incident Response (with Ben Johnson)

Podcast cover
Read more

Ransomware and Incident Response (WITH Ben Johnson)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 33

GUEST:Ben Johnson

January 16, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Ransomware and Incident Response (WITH Ben Johnson)

SHOW NOTES

PART 1

Joe introduces Ben and they briefly discuss Ben’s experiences and Carbon Black and how it came about. We will be discussing Incident Response a little later. Instead of talking about the news, we discuss Ransomware in 2016 and 2017. We talk about the Ransomware problem. Ben discusses the role of awareness in preventing Ransomware. We discuss the cultural impact of awareness and the do’s and dont’s of building an awareness program. Joe and Ben talk about non-punitive measures in programs and empowering employees. Ben tells us about fallacies like Full Disk Encryption being an absolute answer to Ransomware.

PART 2

Ben defines EDR (Endpoint Detection and Response) and the transition from “just anti-virus.” He  talks about detection and response vice reaction when doing Incident Response. We talk about critical and high risk positions and roles such as HR, Finance, Accounting, Contracting, and Editors and specific concerns for each. Ben gives us a devious idea about stealing metadata from PDFs from Job Announcements and other documents to use against organizations in OSINT and Social Engineering. We transition into a brief rant about Cloud Security and the lack of controls. Ben teaches us about black listing and white listing.

PART 3

Ben tells us about the difference between EDR and IDR (Incident Detection and Response). Joe asks Ben about his thoughts about Threat Hunting. We shift the discussion to successful implementations of Threat Hunting. Ben talks about subtle successes in Threat Hunting via identifying risk and threats that are not as obvious as things like attackers and APT. We talk about good hacker/information security mindsets that yield success. Ben arms us with advice to be successful in information security and “getting your hands dirty.”

ABOUT Ben

Ben Johnson

Ben Johnson is co-founder of Carbon Black and now an Executive in Residence for Ten Eleven Ventures as he flushes out his next company.  When at Carbon Black, Ben was CTO and Chief Security Strategist, where his duties including early development, building the technical team, setting the product vision, and then evangelizing and spreading the company message and offerings around the world to prospects, customers, and partners.  Prior to Carbon Black, Ben worked at NSA and then a defense contractor as an intrusion engineer.  Ben’s passionate about security, technology and entrepreneurship.  Ben has two computer science degrees (University of Chicago and Johns Hopkins University), and he currently teaches a masters level course in entrepreneurship at the University of Chicago.  Aside from all this, Ben enjoys being involved with other security startups as an advisor or board member.  Ben lives in Chicago.

CONTACTING Ben:

Twitter: @ChicagoBen

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles
Hosted Locally on Advanced Persistent Security

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire
Hosted Locally on Advanced Persistent Security

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault
Hosted Locally on Advanced Persistent Security

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Jan 16 2017

1hr 32mins

Play

Practical Packet Analysis (with Chris Sanders)

Podcast cover
Read more

Practical Packet Analysis (with Chris Sanders)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 32

GUEST:Chris Sanders

January 9, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, Blubrry, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Practical Packet Analysis (with Chris Sanders)

SHOW NOTES

PART 1

Joe introduces Chris and talks about his work and accomplishments. We transition to talking about the “Russian Hackers” and the “GRIZZLY STEPPE” report. We provide analysis of the quality of application of the IP addresses and hashes in the reports. Attribution is discussed in terms of Russia versus China. We talk about “Nation State” and the implications of such attribution. We talk about the role of Social Engineering and spear phishing in the success. Chris and I debunk the Vermont “Power Grid” attack in terms of application and the news reports. We talk about proper research and identifying bias and skew.

Resources Used

US CERT Report on GRIZZLY STEPPE
US CERT Site about GRIZZLY STEPPE
CNBC Article about Russia’s Role in DNC Hack
Washington Post article detracting attribution of Vermont Power Grid attack to Russia

PART 2

We kick it off by asking Chris the origin of Practical Packet Analysis. Chris tells us that the first edition came 10 years ago (in 2006)  as he was studying in college at age 19 (published at age 20). It all started with a blog post. Someone posted it to Dig and crashed his site. He was contacted by No Starch press who asked him to write it. Chris said that he initially wrote it to help pay his way through college, but at the time he was fairly young and not experienced enough to write a really great book. The next edition was really about redemption and making the book live up to its potential. Chris talks about how this was not originally a security book, but rather network monitoring and packet analysis.

PART 3

Chris talks about his Investigative Theory training and the correlation between his writing and teaching. He talks about the lack of training in terms of how to apply tools and how to investigate. Chris talks about his interaction with the course and how the questions are structured. He explains how human and cognitive psychology plays into investigating. His January class is full and his March class is almost full.

We shift to discuss the Rural Tech Fund. Chris lost his mother and sister at a young age. The house he grew up in recently sold at auction for $14,000. Like me, he had little opportunity to be successful, less learn technology. A teacher named Ms. Jackson told Chris that he would do great things, but to “Remember where he came from.” Chris shifted the focus from scholarships to the classrooms. He helped to get teachers involved to help impact over 10,000 students last year in the donation of equipment. In 2017, Chris wants to impact 25,000 students.

ABOUT Chris

Chris Sanders

Chris Sanders is an information security consultant, author, and researcher. He is the leader of a detection and investigation research team at FireEye and has extensive experience supporting multiple government and military agencies, as well as several Fortune 500 companies. In multiple roles with the US Department of Defense, Chris helped to create several NSM and intelligence tools currently being used to defend the interests of the nation.

Chris has authored several books and articles, including the international best seller “Practical Packet Analysis” form No Starch Press, currently in its third edition and in seven languages, and “Applied Network Security Monitoring” from Syngress. He is currently pursuing a PhD in Cognitive Psychology in an attempt to enhance the field of security investigative technique through a better understanding of the human thought and learning processes.

Chris is the founder and director of the Rural Technology Fund, a non-profit that donates thousands of dollars in scholarships and equipment annually to further technical education in rural and high poverty areas.

CONTACTING Chris:

Twitter: @ChrisSanders88
Website
Training Site
Rural Technology Fund

Chris’ Books:

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
Applied Network Security Monitoring: Collection, Detection, and Analysis

Joe’s Blog on Jenny Radcliffe’s Deception Chronicle

Jenny Radcliffe’s Deception Chronicles

Joe’s Dyn DDOS Blog on Tripwire:

Tripwire

Joe’s Ranking in the AlienVault Top Blogs of 2016:

AlienVault

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Jan 09 2017

1hr 47mins

Play

Infosec Success (with Lesley Carhart)

Podcast cover
Read more

Infosec Success (with Lesley Carhart)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 31

GUEST:Lesley Carhart

January 2, 2017

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

Infosec Success (with Lesley Carhart)

SHOW NOTES

PART 1

We discuss our predictions for 2017. Lesley gives us her theme of “Reaching a Breaking Point.” She says that some things will get worse in places. This will give risk managers a little more budgetary leverage. Lesley predicts more Distributed Denial of Service (DDOS) and IOT botnet DDOS attacks. Joe predicts a data breach bigger than Yahoo in terms of sensitivity, records, applicability, and ability for misuse. Lesley’s next prediction is government/Law Enforcement on cloud and social media providers and their data retention policies. Joe’s final prediction is to see a rise in social engineering and phishing.

PART 2

Lesley shares with us her wisdom about taking GIAC exams after SANS training and the value of having solid indices. We talk about what to take into the testing center. We talk about the various cost offset models. Lesley and I also talk about the advantages and disadvantages of the larger SANS events versus smaller events and venues. We talk about the SANS Blue Team (DFIR) and Red Team (Pen Test) pipelines. We talk about true “Purple Teamers.”

PART 3

In our Infosec success segment, Lesley’s first tidbit of advice is “Want to be in infosec.” Joe talks about being able to teach someone the knowledge, but not the passion. Joe talks about learning outside of work and tinkering in a home lab. Lesley talks about learning types and finding the method for you to learn best. Joe recommends getting active in the security community via BSides, defcon groups, 2600, ISSA, OWASP, and (ISC)2 chapters. We also talk about Irongeek’s site as well. Joe recommends business cards regardless of your career level. We talk about report writing and public speaking and the importance of producing quality reports regardless of the role. We discuss languages and programming languages.

ABOUT Lesley

Lesley Carhart

Lesley Carhart (GCIH, GREM, GCFA, GPEN, B.S. Network Technologies, DePaul University) is a 17 year IT industry veteran, including 8 years in information security (specifically, digital forensics and incident response). She speaks and writes about digital forensics and incident response, OSINT, and information security careers, is highly involved in the Chicagoland information security community, and is staff at Circle City Con, Indianapolis.

In her free time, Lesley studies three martial arts, is a competitive pistol marksman, and is generally all around a huge geek.

Lesley loves to speak about information security and digital forensics to technical and non-technical audiences, and would be happy to come to your con or speak to your class (time allowing)! Please reach out to @hacks4pancakes on Twitter, or at hacks4pancakes@gmail.com.

CONTACTING Lesley:

Twitter: @hacks4pancakes
Twitter: @Infosec_VetTix
Blog: Tisiphone

SANS References:

Rtfm: Red Team Field Manual
SANS Cheat Sheet Google Search String
Joe’s SANS Security 504 Mentor Course

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Jan 02 2017

1hr 21mins

Play

CFP Success (with Kat Sweet)

Podcast cover
Read more

CFP Success (WITH Kat Sweet)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 30

GUEST: Kat Sweet

December 26, 2016

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

CFP Success (WITH Kat Sweet)

SHOW NOTES

PART 1

Kat is introduced then we hop into our Infosec time machine (cue Dr. Who sound effects) and discuss the NEW Yahoo data breach and the Lynda (a LinkedIn company) data breach. We compare and contrast the two. Next, we talk about the LA County Phishing attack that impacted over 750,000 people as a result of 108 successful phishing attacks. Kat advocates “Safe Infosecs.”

PART 2

Kat starts off by letting the listeners know that everyone has a con that they can speak at. It varies upon experience and the talk. She then talks about overcoming obstacles like impostor syndrome and selecting a topic. Kat stresses rehearsal of the talk. We discuss the abstract and the outline as well the verbosity of the outline and when to/not to spell things out more. Kat tells us when to complete our slides.

PART 3

Kat tells us about submission etiquette. We talk about acceptance strategies (rolling vs not rolling), feedback, and multiple rounds. We talk about the novelty of a talk and how much you should sprinkle buzz words into your talk. Kat tells us about scoring talks in the review process. She reiterates rehearsal and redundancy and contingency. We discuss rejections, how to deal with them and how to improve.

ABOUT Kat

Kat Sweet

Kat Sweet is in her final semester of studying network security at Madison Area Technical College. When she’s not hacking for grades (or lulz), she feeds herself (and her brain) by blue teaming for her school, writing, and teaching at her friendly neighborhood hackerspace. She got her speaking start in the BSidesLV Proving Ground, where she returned last year as a presentation mentor. She currently serves as the CFP co-chair for CircleCityCon, as well as a founding board member of TiaraCon. Her speaking credits include BSidesLV, CircleCityCon, CypherCon, SkyTalks, and the DEF CON Wireless Village. Always accumulating way too many hobbies, she enjoys long walks on the beach, bursting into song, and picking unsuspecting locks.

CONTACTING Kat:

Twitter: @thesweetkat
Website
Blog post about submitting to Conferences

ABOUT Circle City Con

Website: circlecitycon.com
Twitter: @CircleCityCon
When: June 9-11, 2011
Cost: $150
Where:

Sheraton Indianapolis City Centre Hotel
31 West Ohio Street
Indianapolis, IN 46204 Phone: (317) 635-2000  

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Dec 26 2016

1hr 15mins

Play

2016 HOLIDAY PODCAST MASHUP

Podcast cover
Read more

2016 HOLIDAY PODCAST MASHUP

ADVANCED PERSISTENT SECURITY

DECEMBER 21, 2016

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this show are ours alone and do not reflect those of our employers

2016 HOLIDAY PODCAST MASHUP SHOW NOTES

A few of the information security podcasters got together to record a special holiday episode. This is a dumpster fire full of awesome! We discussed trends, goals, and predictions. This is a great way to say goodbye to 2016 and welcome 2017! This showfeatures the following brilliant celebrities:

PVC Security Podcast: http://www.pvcsec.com/

Brakeing Down Security Podcast: http://www.brakeingsecurity.com/

Defensive Security Podcast: https://www.defensivesecurity.org/

…and Amanda Berlin!

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

JOE’S BLOG ON TRIPWIRE:

Burgling From an OSINT Point of View

JOE’S BLOGS ON SWORD & SHIELD ENTERPRISE SECURITY’S SITE:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

JOE’S WORK WITH WATE 6 NEWS IN KNOXVILLE, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Dec 19 2016

1hr 13mins

Play

OSINT Framework (with Justin Nordine)

Podcast cover
Read more

OSINT Framework (WITH Justin Nordine)

ADVANCED PERSISTENT SECURITY PODCAST

EPISODE 29

GUEST: Justin Nordine

December 19, 2016

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

OSINT Framework (WITH Justin Nordine)

SHOW NOTES

PART 1

Instead of discussing the news, we decided to talk about Josh Huff‘s recent OSINT Fire Drills: Monitoring the Internet blog post. We discuss his approach in evaluating change detection and his use of and testing of a variety of tools. Joe also relates this to contingency and redundancy. We talk about when testing of new tools is appropriate and when it is not. We discussed Josh’s DerbyCon talk. The discussion shifted to the breadth of OSINT and the integration of OSINT into Penetration Testing and Red Teaming.

PART 2

Justin talks about the origins of OSINT Framework. It began as a project with some of his co-workers. We talk about the change detection tools within OSINT Framework and some case studies relative to Josh’s blog post. We discuss the use of typo squatting for OSINT and Social Engineering as well malicious use. We talk about contributing information to threat intelligence feeds like AlienVault Open Threat Exchange (OTX). OSINT and the election is covered in terms of the misinformation campaigns and candidates using OSINT to better understand their constituents.

PART 3

We talk about analyzing Metadata. Justin provides examples of scraping metadata from pictures on websites like Facebook or Craigslist. He talks about sites now removing or obfuscating metadata to protect users. We discuss use cases for malicious software from the attacker and defender perspectives, when to scan your own files for exploitation (thus burning them) versus keeping them. The discussion shifts to Operations Security (OPSEC). We discuss persona generation and when to employ it. Joe mentions Riffle as a Tor alternative.

Riffle Information:

Tech Crunch article about Riffle
Riffle

ABOUT Justin

Justin Nordine

Justin is a “Cyber Pathologist” by day. He holds various SANS/GIAC certifications. He is active in the lock picking and lock sports communities. He is the author of OSINTFramework. He resides somewhere in the Carolinas.

CONTACTING Justin:

Twitter: @jnordine
OSINT Framework
GitHub: Lock Fale

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Dec 19 2016

1hr 24mins

Play

Holiday Special (with Tracy Z. Maleeff)

Podcast cover
Read more

Holiday Special (with Tracy Z. Maleeff)

Advanced Persistent Security Podcast

Episode 28

Guest: Tracy Z. Maleeff

December 12, 2016

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

HOLIDAY SPECIAL (WITH TRACY Z. MALEEFF)

Part 1

We did a quick review of Tracy’s (@InfoSecSherpa) background and entry into Information Security (InfoSec.) She is a returning guest to the podcast. Hear her first appearance here.

We discussed the UK reopening Bletchley Park as a cybersecurity school. Tracy told us about her uncle that did similar things in the US to Bletchley Park during World War II. We then discussed basic advice to prevent phishing and improve personal information security.

Part 2

We discussed Violet Blue‘s article, “Six Gifts for Your Paranoid Friends and Family.” One we discussed in-depth was the “USB Condom.” This device is capable of blocking unsolicited synchronizing and buffering against malware infections.

Tracy liked the RFID blocking wallet. We discussed the TOOOL‘s lock picking kit (Note: check your state for legality here). Next, we discussed the Onion Pi. This is a Raspberry Pi with Tor enabled for a secure proxy. The conversation briefly went on a tangent to discuss the MIT Riffle.

Part 3

As a contrast to the previous segment, Joe talked about some gifts he would like. He would really like Santa to bring him Hak5’s field kits. They contain “Rubber Duckies,” “LAN Turtles,” “Wi-Fi Pineapples (Nano and Tetras),” and an RF Hacking kit. Many of these were seen on the “Mr. Robot” TV show — guaranteed to make your friends and family paranoid!

About Tracy

Tracy Z. Maleeff

Tracy is an independent information professional providing research and social media consulting, with a focus on information security. She is a frequent presenter about best practices of data mining from social media, professional networking, and introduction to information security topics. Tracy has 15 years of experience as a librarian in academia, corporate, and law firm industries and earned a Master of Library and Information Science from the University of Pittsburgh. She is the Principal of Sherpa Intelligence LLC – your guide up a mountain of information.

Contacting Tracy:

Twitter: @infosecsherpa
Email:  tracy@sherpaintel.com
LinkedIn
Website: http://sherpaintel.com/
PVC Sec Podcast:  www.pvcsec.com/
Link to Beginner’s Guide to Information Security: Kickstart your security career with insight from InfoSec experts (Book sourced from Peerlyst.com and mentioned in this podcast)
Peerlyst: tracy-z-maleeff

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

Joe’s Blog on Tripwire:

Burgling From an OSINT Point of View

Joe’s Blogs on Sword & Shield Enterprise Security’s site:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Dec 12 2016

1hr 25mins

Play

Brakeing Down the Advanced Persistent Security…

Podcast cover
Read more

Brakeing Down the Advanced Persistent Security Podcast Holiday Special and Book CLub Kickoff

Make sure you’re wearing your ugly Christmas Sweater and have a glass of eggnog when you enjoy this special episode.

A Joint PODCAST with Brakeing Down Security

(With Bryan Brake and Brian (mr.) Boettcher, Featuring Dr. Gary McGraw)

December 3, 2016

If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.

NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers

BRAKEING DOWN THE ADVANCED PERSISTENT SECURITY PODCAST HOLIDAY SPECIAL AND BOOK CLUB KICKOFF SHOW NOTES

As part of Brakeing Down Security’s ongoing discussion about the #SDLC and getting security baked in as far left as possible, Bryan, Mr. Boettcher, and I sat down with Dr. Gary McGraw, author of “Software Security: Building Security In” to discuss his book, which we are doing in the Brakeing Security Book Club (check out both Brakeing Down Security‘s and our #Slack channel for more information!)

Gary walks us through the 7 Kingdoms of getting more security in, including doing automated and manual code audits, proper penetration testing of the application at various stages (testing), documentation (if you don’t know it works, how can you test it?), and your Security Operations people, monitoring for things once it goes into production.

Join Bryan, Mr. Boettcher, and I for a discussion with a true leader in the software and application security industry.

ABOUT Gary McGraw

Dr. Gary McGraw, CTO, Cigital

Gary McGraw is the CTO of Cigital, Inc., a software security consulting firm with headquarters in the Washington, D.C. area and thirteen offices throughout the world. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series.  Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for SearchSecurity and Information Security Magazine, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Dasient (acquired by Twitter), Fortify Software (acquired by HP), Raven White, Invotas, and Max Financial. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics.  Gary served on the IEEE Computer Society Board of Governors and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by SearchSecurity).

CONTACTING Dr. McGraw:

Twitter: @cigitalgem
Company: www.cigital.com
Podcast: www.cigital.com/silverbullet
Blog: www.cigital.com/blog
Book: www.swsec.com
Personal: www.garymcgraw.com

Dr. McGraw’s Books:

Software Security: Building Security In
Exploiting Software: How to Break Code
Building Secure Software: How to Avoid Security Problems the Right Way (Discussed on the show and part of the Brakeing Down Security Book Club; considered by many to be a seminal text in application security)

PASSWORD BLOG LINKS:

AlienVault
Hosted Locally on Advanced Persistent Security

WI-FI BLOG LINK:

AlienVault
Hosted Locally on Advanced Persistent Security

POWERSHELL LINK:

AlienVault

JOE’S BLOG ON ITSP:

When Friendly Thermostats & Toasters Join The IoT Dark Side

JOE’S BLOG ON TRIPWIRE:

Burgling From an OSINT Point of View

JOE’S BLOGS ON SWORD & SHIELD ENTERPRISE SECURITY’S SITE:

Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce
Holiday Shopping Safety Series: Holiday Scams and Hoaxes

Joe’s Work with WATE 6 News in Knoxville, TN:

Shopping online safely this holiday season
iPhone scam uses text messages to hack iCloud information
Maryville hacker takes over Facebook accounts

Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Enter your email address:
Delivered by FeedBurner

SUBSCRIBE TO OUR MAILING LIST

* indicates required Email Address *

First Name
Last Name

Dec 04 2016

1hr 10mins

Play

Help Families Affected by the Smoky Mountain Wildfires

Podcast cover
Read more

Help families Affected by the Smoky Mountain Wildfires

If you’re a regular reader, you’ll know that I am not one to ask for help or money. I am not asking for money myself, but I am asking for help. As you may know, I am originally from Eastern Tennessee near the Great Smoky Mountains. They are ablaze right now. I am asking that if you’re able to do so financially, consider donating to help the families that lost their homes and everything during an already financially stressful time of year.

I will update this list with resources as I receive them.

  • To assist families who have lost everything (including their homes), donate to Citizens National Bank branch Phone:865-453-9031 re: “City of Pigeon Forge Fire Relief Fund” #PrayForTheSmokies #PrayForGatlinburg#PrayforEastTennessee
  • You can donate to the American Red Cross by Texting “REDCROSS” to 90999 to make a $10 donation. You may also mail checks to:

6921 MIddlebrook Pike
Knoxville, TN 37909

  • You can donate to the Seymour Volunteer Fire Department here.

H/T to WATE 6 On Your Side (http://wate.com/)

Nov 29 2016

3mins

Play

iTunes Ratings

7 Ratings
Average Ratings
6
0
0
1
0

Great Podcast!

By Amish_G - Apr 20 2018
Read more
Fun and informative podcast that I can’t get enough of. Can’t wait to hear more.

Great new infosec podcast

By EDinATL - Apr 26 2016
Read more
Very informative and substantive discussions. The banter is kept to a minimum and the quality of the content is great for anyone with an interest in information security. There are a few sales pitches sprinkled around, but there is nothing annoying or excessive about their approach. I highly recommend checking out this podcast.