Advanced Persistent Security

A weekly Technology and Tech News podcast
Good podcast? Give it some love!

Best Episodes of Advanced Persistent Security

Mark All
Search Episodes...
Killing the Pen Test & BSides Knoxville (with Adrian Sanabria) Advanced Persistent Security Podcast Episode 44 Guests: Adrian Sanabria April 26, 2018 If you enjoy this podcast, be sure to give ... The post Killing the Pen Test & BSides Knoxville (with Adrian Sanabria) first appeared on Advanced Persistent Security.
Ransomware (with Allan Liska & Tim Gallo) Advanced Persistent Security Podcast Episode 43 Guests: Allan Liska and Tim Gallo April 19, 2018 If you enjoy this podcast, be sure to give ... The post Ransomware (with Allan Liska & Tim Gallo) first appeared on Advanced Persistent Security.
Infosec Thoughts (with Jayson E. Street & Tracy Maleeff) Advanced Persistent Security Podcast Episode 42 Guests: Jayson E. Street and Tracy “Infosec Sherpa” Maleeff April 12, 2018 If you enjoy this ... The post Infosec Thoughts (with Jayson E. Street & Tracy Maleeff) first appeared on Advanced Persistent Security.
Security of Mainframes (with Cheryl Biswas & Tracy Maleeff) Advanced Persistent Security Podcast Episode 41 Guests: Cheryl Biswas and Tracy “Infosec Sherpa” Maleeff April 5, 2018 If you enjoy this podcast, ... The post Security of Mainframes (with Cheryl Biswas & Tracy Maleeff) first appeared on Advanced Persistent Security.
OSINT Techniques (with Michael Bazzell) Advanced Persistent Security Podcast Episode 40 Guest:Michael Bazzell March 30, 2018 If you enjoy this podcast, be sure to give us a 5 Star Review and ... The post OSINT TECHNIQUES (WITH MICHAEL BAZZELL) first appeared on Advanced Persistent Security.
2017 Holiday Podcaster’s Podcast (NSF Kids/Work) ADVANCED PERSISTENT SECURITY   December 22, 2017 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on ... The post 2017 Holiday Podcaster’s Podcast (NSF Kids/Work) first appeared on Advanced Persistent Security.
2017 DerbyCon Podcaster’s Podcast (NSF Kids/Work) ADVANCED PERSISTENT SECURITY   September 27, 2017 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on ... The post 2017 DerbyCon Podcaster’s Podcast (NSF Kids/Work) first appeared on Advanced Persistent Security.
Maintaining a SOC (WITH Rob Gresham) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 37 GUEST:Rob Gresham February 20, 2017 If you enjoy this podcast, be sure to give us a 5 Star Review ... The post Maintaining a SOC (with Rob Gresham) first appeared on Advanced Persistent Security.
THREAT INTELLIGENCE (WITH Rob Gresham) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 36 GUEST:Rob Gresham February 13, 2017 If you enjoy this podcast, be sure to give us a 5 Star Review and ... The post Threat Intelligence (with Rob Gresham) first appeared on Advanced Persistent Security.
BSides Huntsville & SDN (WITH Paul Coggin) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 35 GUEST:Paul Coggin January 30, 2017 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers BSides Huntsville & SDN (WITH Paul Coggin) SHOW NOTES PART 1 Joe introduces Paul and we discuss his career thus far. In terms of topics, we evade the news again and decide to talk about IOT – the Internet of Things. Paul brings a unique perspective since he comes from a background that is heavily rooted in networking. He likens it to ICS/SCADA and jokingly endorses it for our job security. Paul talks about the role that endpoints will play in the IOT environment. Paul introduces us to a concept called “Fog Computing.” He then provides his perspective on the application of Fog Computing. He then describes VPT or Vendor Persistent Threat, which is when proprietary products may have backdoors or maintenance hooks for either data or support purposes. We talk about the impact on supply chain security from the networking and IOT perspectives. PART 2 Paul tells us that BSides Hunstville will be February 4, 2017 at the Dynetics Solutions Complex facility. The event features 16 speakers on both the local and the global levels. There are 2 tracks for the event. Adrian Crenshaw (Iron Geek) will be recording the talks, providing lock picking equipment, and co-keynoting. By attending, you’ll get all the Krispy Kreme doughnuts and Papa John’s Pizza that you can handle. The BSides Huntsville event is open to everyone, but if you are planning on attending and NOT A US CITIZEN, please contact the organizers to complete the proper documentation. Talks range from malware, threat intelligence, to physical security and the dark net. Paul tells us that if you’re looking for a new job, bring your resume and/or business cards and to expect to network at the event. Joe talks about the benefits of an employee attending conferences like BSides and the value it adds to organizations. PART 3 We transition to talk about Software Defined Networking (SDN). Paul calls this the Network Apocalypse or Netpocalypse. He tells us about products like VMware NSX. Paul goes on to talk about ONOS (Open Networking Operating System) and OpenDaylight as controllers then explains how the virtualization effort in the controller will direct the routing equipment such as switches and routers as to how to operate. Paul talks about the disruptive nature (in the market perspective; not availability) of SDN and the need for networking professionals to get up to speed to maintain relevance. We talk about using SDN and the cloud to virtualize the networking and use the cloud for CP/BCP/DRP/COOP. ABOUT Paul Paul Coggin Paul Coggin is an information Security Engineer. His expertise includes tactical, service provider and ICS\SCADA network infrastructure attacks and defenses as well as large complex network design and implementation. His experience includes leading network architecture reviews, vulnerability analysis and penetration testing engagements for critical infrastructure and tactical networks. CONTACTING Paul: Twitter: @PaulCoggin LinkedIn Email (Yahoo) Email (Gmail) ABOUT BSides Huntsville Date: Februrary 4, 2017 Time: 8:30 AM Central Time (9:30 Eastern) Location: Dynetics, Inc (Solutions Complex building) 1004 Explorer Blvd, Huntsville, AL 35805 Website Twitter Cost: $10   Software Defined Networking (SDN) Resources ONOS Wikipedia Northbound Networks Zodiac Physical Controller Software Defined Wide Area Network (SD-WAN) definitions ONOS Website MiniNet project OpenDaylight project IPSpace Website Open Networking Foundation Northbound Networks YouTube channel TechNet article about Network Controllers JOE’S Second BLOG ON CISOCAST CISOCast JOE’S Social Engineering BLOG ON Black Hills Information Security Black Hills Information Security JOE’S AlienVault Blog about Insider Threat AlienVault Hosted Locally on Advanced Persistent Security JOE’S Sword & Shield BLOG Post Sword & Shield Blog Hosted Locally on Advanced Persistent Security JOE’S First BLOG ON CISOCast CISOCast Hosted Locally on Advanced Persistent Security Joe’s Blog on Jenny Radcliffe’s Deception Chronicle Jenny Radcliffe’s Deception Chronicles Hosted Locally on Advanced Persistent Security Joe’s Dyn DDOS Blog on Tripwire: Tripwire Hosted Locally on Advanced Persistent Security Joe’s Ranking in the AlienVault Top Blogs of 2016: AlienVault Hosted Locally on Advanced Persistent Security PASSWORD BLOG LINKS: AlienVault Hosted Locally on Advanced Persistent Security WI-FI BLOG LINK: AlienVault Hosted Locally on Advanced Persistent Security POWERSHELL LINK: AlienVault JOE’S BLOG ON ITSP: When Friendly Thermostats & Toasters Join The IoT Dark Side Joe’s Blog on Tripwire: Burgling From an OSINT Point of View Joe’s Blogs on Sword & Shield Enterprise Security’s site: Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce Holiday Shopping Safety Series: Holiday Scams and Hoaxes Joe’s Work with WATE 6 News in Knoxville, TN: Shopping online safely this holiday season iPhone scam uses text messages to hack iCloud information Maryville hacker takes over Facebook accounts Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name The post BSides Huntsville & SDN (with Paul Coggin) first appeared on Advanced Persistent Security.
Red Teaming (with Joe Vest & James Tubberville) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 34 GUEST:Joe Vest & James Tubberville January 23, 2017 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, Blubrry, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers RED TEAMING (WITH JOE VEST & JAMES TUBBERVILLE) SHOW NOTES PART 1 Joe introduces Joe and James. Joe Vest tells us about his background in journey to Information Security and Penetration Testing. He explains that he and James were Red Teaming together then founded Minis with James. James echoes Joe’s sentiments and path. Mr. Vest tells us about how he had to break things as a system administrator to better understand how to secure them. He also tells us how to break into information security via system or network administration. Joe Gray tells us his advice to people trying to get into security. Mr. Vest talks about being passionate about technology which leads to a discussion about enthusiasm versus knowledge and experience. We talk about the relationship between offense and defense; red and blue. We then transition into a discussion about FamilyTreeNow.com for the current event. It is discussed as an OSINT Playground. Mr. vest talks about “getting personal” when collecting data about targets. James talks about verifying relationships and build a smart password list and profile/dossier on targets. Joe Gray talks about his new FamilyTreeNow phishing proof of concept and the psychology behind making it work. We talk about the burden being on the user and best practices for creating awareness programs. PART 2 We kick this segment with Mr. Vest discussing what types of penetration testing are used. Mr. Vest talks about the inverse triangle to the left that describes the focus in security assessment and testing. He talks about the realization of vulnerabilities in scope as the triangle narrows. Red Teaming is focused on specific scenarios and goals of which are called “Operational Impacts.” These are what makes organizations tick. Essentially, where can the organization be exploited to a point to cause catastrophic outcome for the organization. Think the worst case scenario for an organization. This allows organizations to see what capabilities threat actors possess while measuring their security controls, defensive controls and procedures, and exercise their detection and response. Red Teaming is not specifically penetration testing on steroids. Red Teaming is more focused on meeting an objective to enable the organization to assess and measure their security posture and operations. Everything is goal driven. Mr. Vest talks about white carding and the assumed breach model. James talks about the correlation with penetration testing. We discuss the maturity requirements for penetration testing and compare it to the maturity required for Red Teaming. Mr. Vest talks about providing value to an organization through engagement via red teaming psychology and goals. James clarifies that Blue Team is more than just traditional security defenders and includes Help Desk, System Admins, Networks, and BCP/DRP. Mr. Vest correlates Vulnerability Assessment and Penetration Testing to good security hygiene. PART 3 James and Joe give us a war story about an engagement that dealt with an external access objective and an operational impact objective. The client CIO asked for a phishing campaign to demonstrate access. James and Joe noted that the client had sensitive files on a network that was not explicitly segregated as thought so. The impacts that dealt with detection and determining compromise and resiliency were implemented. While ramping up presence (to attempt to be detected), the team quickly realized that they needed to make more noise to gain the attention of the blue team. They deployed EICAR, images, and audio bytes to get noticed. The blue team noticed this and made an announcement for all personnel to stop using network assets, causing a near 6 hour interruption. The blue team started pulling cables after they realized that a reboot did not work. The sound byte was selected from the Non-Rick Roll song below: ABOUT Joe Joe Vest has worked in the information technology industry for over 17 years with a focus on red teaming, penetration testing and application security. As a former technical lead for a DoD red team, he has extensive knowledge of cyber threats and their tools, tactics and techniques, including threat emulation and threat detection. Joe is the co-founder of MINIS LLC, providing innovative solutions for the mitigation against an ever-changing cyber threat. He is the technical editor for the book Red Team Field Manual (RTFM) and holds numerous security certifications. OSCP, CISSP-ISSMP, CISA, GPEN, GCIH, GWAPT, CEH CONTACTING Joe: Twitter: @JoeVest LinkedIn Email ABOUT James James’ Biography is coming soon. CONTACTING James: LinkedIn Email ABOUT Minis Minis Website Find Minis Github Minis on LinkedIn Find Minis on Twitter Minis ThreatExchange Blog joe and james’ SANS Course Security 564: Red Team Operations and Threat Emulation JOE’S Sword & Shield BLOG Post Sword & Shield Blog Hosted Locally on Advanced Persistent Security JOE’S BLOG ON CISOCast CISOCast Joe’s Blog on Jenny Radcliffe’s Deception Chronicle Jenny Radcliffe’s Deception Chronicles Hosted Locally on Advanced Persistent Security Joe’s Dyn DDOS Blog on Tripwire: Tripwire Hosted Locally on Advanced Persistent Security Joe’s Ranking in the AlienVault Top Blogs of 2016: AlienVault Hosted Locally on Advanced Persistent Security PASSWORD BLOG LINKS: AlienVault Hosted Locally on Advanced Persistent Security WI-FI BLOG LINK: AlienVault Hosted Locally on Advanced Persistent Security POWERSHELL LINK: AlienVault JOE’S BLOG ON ITSP: When Friendly Thermostats & Toasters Join The IoT Dark Side Joe’s Blog on Tripwire: Burgling From an OSINT Point of View Joe’s Blogs on Sword & Shield Enterprise Security’s site: Holiday Shopping Safety Series: Shopping Via Credit Card and e-Commerce Holiday Shopping Safety Series: Holiday Scams and Hoaxes Joe’s Work with WATE 6 News in Knoxville, TN: Shopping online safely this holiday season iPhone scam uses text messages to hack iCloud information Maryville hacker takes over Facebook accounts Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name The post Red Teaming (with Joe Vest & James Tubberville) first appeared on Advanced Persistent Security.
Ransomware and Incident Response (WITH Ben Johnson) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 33 GUEST:Ben Johnson January 16, 2017 If you enjoy this podcast, be sure to give us a 5 Star ... The post Ransomware and Incident Response (with Ben Johnson) first appeared on Advanced Persistent Security.
Practical Packet Analysis (with Chris Sanders) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 32 GUEST:Chris Sanders January 9, 2017 If you enjoy this podcast, be sure to give us a 5 Star Review ... The post Practical Packet Analysis (with Chris Sanders) first appeared on Advanced Persistent Security.
Infosec Success (with Lesley Carhart) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 31 GUEST:Lesley Carhart January 2, 2017 If you enjoy this podcast, be sure to give us a 5 Star Review and ... The post Infosec Success (with Lesley Carhart) first appeared on Advanced Persistent Security.
CFP Success (WITH Kat Sweet) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 30 GUEST: Kat Sweet December 26, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review ... The post CFP Success (with Kat Sweet) first appeared on Advanced Persistent Security.
2016 HOLIDAY PODCAST MASHUP ADVANCED PERSISTENT SECURITY DECEMBER 21, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like ... The post 2016 HOLIDAY PODCAST MASHUP first appeared on Advanced Persistent Security.
OSINT Framework (WITH Justin Nordine) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 29 GUEST: Justin Nordine December 19, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and ... The post OSINT Framework (with Justin Nordine) first appeared on Advanced Persistent Security.
Holiday Special (with Tracy Z. Maleeff) Advanced Persistent Security Podcast Episode 28 Guest: Tracy Z. Maleeff December 12, 2016 If you enjoy this podcast, be sure to give us a 5 ... The post Holiday Special (with Tracy Z. Maleeff) first appeared on Advanced Persistent Security.
Brakeing Down the Advanced Persistent Security Podcast Holiday Special and Book CLub Kickoff Make sure you’re wearing your ugly Christmas Sweater and have a glass of eggnog when you enjoy ... The post Brakeing Down the Advanced Persistent Security… first appeared on Advanced Persistent Security.
Help families Affected by the Smoky Mountain Wildfires If you’re a regular reader, you’ll know that I am not one to ask for help or money. I am not asking ... The post Help Families Affected by the Smoky Mountain Wildfires first appeared on Advanced Persistent Security.
Lessons in Incident Response (with Ben Shipley) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 27 GUEST: Ben Shipley NOVEMBER 28, 2016 If you enjoy this podcast, be sure to give us a 5 Star ... The post Lessons in Incident Response (with Ben Shipley) first appeared on Advanced Persistent Security.
Multi-Tool Multi-User HTTP Proxy (with Russel Van Tuyl) IF IT’S A PROTOCOL, YOU CAN PLAY WITH IT ADVANCED PERSISTENT SECURITY PODCAST EPISODE 26 GUEST: Russel Van Tuyl NOVEMBER 21, 2016 If you ... The post Multi-Tool Multi-User HTTP Proxy (with Russel Van Tuyl) first appeared on Advanced Persistent Security.
OSINT, Social Engineering, & the Election (with Ed Porter) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 25 GUEST: Ed Porter NOVEMBER 14, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube. NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers OSINT, Social Engineering, & the Election (with Ed Porter) SHOW NOTES PART 1 We kick this episode off by discussing a couple of current events in the news. The first is from ThreatPost and discusses a story that academic professionals provide a seal of approval on the signal algorithm and associated apps (What’sApp, Allo, and Signal) rating it ‘Cryptographically sound.” The second, also from ThreatPost discusses an OAuth2 vulnerability released at Black Hat EU and takes advantage of poor implementations to hijack accounts. Stories ThreatPost: Signal is Cryptographically Sound ThreatPost: OAuth2 vulnerability exposes mobile applications PART 2 We discuss OSINT and Social  Engineering as they relate to the election. In this segment, we talk about misinformation campaigns (such as claims of election hacking), gathering information, and influencing the public opinion. This is more of how OSINT and Social Engineering played into the election. Joe provides advice for aspiring candidates to use OSINT to better understand their constituents and develop better campaign platforms. PART 3 In this segment, the direction shifts to how the election is driving Social Engineering campaigns and what OSINT can be gathered from social media after the election. Joe provides an example of such a phishing campaign purporting to be ABC News. He predicts that the number of campaigns will only increase. ABOUT Ed Ed Porter Edward Porter has been working with IT for over 17 years in the Atlanta area and recently obtained his CISSP in August 2016. He has a technical background and has also held certifications from Cisco (CCNA) and CompTIA (A+, Network+, Security+, Linux+). Through his passion for technology and helping others he became a guru to family, friends, and community, spreading the good news about our information age while putting out the resulting fires and malware infections. Having established a solid foundation of IT and networking competencies, he began to focus on information security and protecting others. Ed is looking for work and can be found on Twitter @edinatl and LinkedIn. CONTACTING Ed: Twitter: @EdInATL LinkedIn PASSWORD BLOG LINKS: AlienVault Hosted Locally on Advanced Persistent Security WI-FI BLOG LINK: AlienVault Hosted Locally on Advanced Persistent Security POWERSHELL LINK: AlienVault Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page. Enter your email address: Delivered by FeedBurner SUBSCRIBE TO OUR MAILING LIST * indicates required Email Address * First Name Last Name The post OSINT, Social Engineering, & the Election (with Ed Porter) first appeared on Advanced Persistent Security.
Critical Security Controls: Part 2 (with Brian Ventura) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 24 GUEST: Brian Ventura October 31, 2016 If you enjoy this podcast, be sure to give us a 5 ... The post Critical Security Controls: Part 2 (with Brian Ventura) first appeared on Advanced Persistent Security.
Critical Security Controls: Part 1 (with Brian Ventura) (WITH BRIAN VENTURA) ADVANCED PERSISTENT SECURITY PODCAST EPISODE 23 GUEST: BRIAN VENTURA October 24, 2016 If you enjoy this podcast, be sure to give ... The post Critical Security Controls: Part 1 (with Brian Ventura) first appeared on Advanced Persistent Security.
Rate Podcast

Share This Podcast

Recommendation sent

Join Podchaser to...

  • Rate podcasts and episodes
  • Follow podcasts and creators
  • Create podcast and episode lists
  • & much more

Podcast Details

Created by
Advanced Persistent Security and Joe Gray
Podcast Status
Hiatus/Finished
Started
Sep 8th, 2015
Latest Episode
Apr 26th, 2018
Release Period
Weekly
Episodes
50
Avg. Episode Length
About 1 hour
Explicit
No
Order
Episodic
Language
English

Podcast Tags

Do you host or manage this podcast?
Claim and edit this page to your liking.
Are we missing an episode or update?
Use this to check the RSS feed immediately.