Any Port on the Net
By Black Lantern Security
Any Port on the NetApr 20, 2023
The Boys Start A Mini-Series - Introducing The OWASP Review
To continue our adventure in talking about security concepts on the net, we have decided it's time to talk through the top Web Application vulnerabilities. On top of that we decided to make it a mini-series! In this episode we cover the number one OWASP vulnerability - Broken Access Controls. Follow along as we explore all the fun of web application penetration testing.
Links:
The team is going to a con! (And doing some training and other stuff)
The boys are headed to the Kennedy Space Center for HackSpaceCon in April! BLS will be hosting a training there too! Also, come check out the training at DakotaCon in March! We're doing it the pay what you can style (for the training)!
Links:
You've Made It... Now What?
The boys are back with BLS' own Josh to discuss the difficulties a new penetration tester might face, and how to break in to the industry.
Links:
Free lecture resources:
Professor Messer
Heath Adams
John Hammond
Katie Paxton-Fear
Free hands on resources:
Hack the Box
Try Hack Me
Over the Wire
Pentester labs (some free exercises)
Saving Money the Reski Way: Getting the Most for Your Pentest!
The boys are back with Mike to discuss how to get the most bang for your buck when scheduling a pentest (mostly boils down to being nice to us please) and things predictably go off the rails.
Links:
The Official BLS Discord
The Official BLS Website
The Official BLS Github
The Official APotN Twitter
Back in the Digital Saddle
The boys have found their mics once again and have returned to the digital stage. This stage exists primarily in closets. In the hiatus Sam & Chase have equally lost sanity and the ability to stay on topic for longer than five minutes. Join in and try to follow along for the a wild return to season 2.
Links:
The Official BLS Discord
The Official BLS Website
The Official BLS Github
The Official APotN Twitter
Special Episode: Be Taught BBOT with TheTechromancer
In today's episode the boys discuss a new hacker focused OSINT framework created by BLS' Python Superstar Joel.
Links:
Interviews are the Devil
In this episode Sam & Chase suffer from post engagement delirium. The pair chat about chatting with clients and why technical interviews are not as scary as they seem. Chase slanders Sam. Sam responds with potential libel.
Links:
Our Discord
BLS Risk Assessments
MITRE ATT&CK Framework
Attacking Attack Surface Management
The APotN Crew is back! We kick off season 2 with a chat (maybe a lecture?) on the new old hotness, Attack Surface Management. A new character will be introduced and we determine our band name. Sam climbs a soap box while Chase hides in a closet. This and much much more in the season 2 premier! ... we get started on a weird foot.
Links
BLS Website
BLS Discord
EyeWitness
GoWitness
WitnessMe
Gobuster
DIRB
FFUF
SpiderFoot
Amass
Kaseya Ransomware and You (Part 2)
It's here - the second part of our first two part series. We complete our discussion around ransomware. Brian sums up the steps used to defend against these attacks. Sam closes out the season by talking too much. Chase uses the c word and doesn't apologize for it (hint... it rhymes with crowd).
And that's a wrap on season one! Thanks everyone for listening and let us know if you have any insight, comments, or requests for what you'd like to see in the next season.
Links:
Kaseya Ransomware and You (Part 1)
We bring back Brian to talk about the Kaseya ransomware incident only to discover 100 related rabbit holes. We do our best to be concise with the topic but obviously we failed and had to make this two parts. Join us as we work through Kaseya's incident from the incident response perspective. Then join us again in two weeks when we finish talking about the Kaseya Ransomware from the incident response perspective.
Reversing Reverse Engineering
New guest alert! Jack Ward teaches us about the basics of Reverse Engineering. Sam struggles with remembering things in the morning while over using the word capabilities. While Chase continues to encourage bad corporate spreadsheet etiquette. We work to keep ourselves out of the deep end of software development.
The team announces the public Black Lantern Security discord server (invite link below)!
Links:
BLS Discord
Ghidra SRE Tool
IDA Pro
Pluralsight
SANS FOR610
Learn C
Learn Python
This Is Not The Next Episode
We couldn't do it. Things at BLS have been pretty busy lately, which means we were not able to pull together a quality episode in time. So, here is Sam briefly talking about our shortcoming.
In other news...
ANOUNCEMENT: Only two more episodes are in left our first season! If you have any feedback on the season so far or anything you would like to see change in the next one then please hit us up on twitter (that's @AnyPort_Pod for those who haven't followed us yet).
Getting Hacked on Your Own Supply... Chain
Carson comes back! He is rip-roaring ready to talk about Supply Chain Attacks. The crew also hits on the Colonial Pipeline incident, Ukraine, and many other hot button cybersecurity topics. Sam proves he is the fastest googler. Chase has another new mic. Do you like history? If so, topics like the 2013 Target Breach and Stuxnet may interest you. Bonus, they are talked about in this episode as well!
Links:
Supply Chain Attacks by Imperva
Andy Greenberg's Sandworm
A Brief History of Stuxnet
The 2013 Target Breach
Forbes' Article on the Colonial Pipeline Incident
Paul the (bug) Bounty Hunter
Paul is back! This time he takes us hunting. We learn about bug bounties and how to get them. We also talk about some of the best tools of the trade. Can you cross site script your way to being a millionaire? We sure hope so.
Links:
HackerOne
Bugcrowd
Synack
Darknet Diaries: dawgyg
James Kettle
HTTP Request Smuggler
Param Miner
Paul's Blog
Paul's Twitter
I'm Blue if I Was Red I Would Die
Today the gang talks about what it's like to be blue. Chase has a few things to say and may be emotionally scarred. Our guest, Brian O'hara, absolutely enthralls us with his tales of detection. Sam remembers that this one time at the other place... things happened. We also touch on detection analysis, logging management, and incident response in this episode of Any Port on the Net!
Links:
Carlos Perez's 2016 "Thinking Purple" Talk
Talking to Ourselves
Today we talk to our least and favorite people, ourselves! Inspired by Chase's appreciation for hearing other info sec professional's stories - Sam has Chase tell his story. Jokes about the impossible recruiting expectations are expressed. And this episode can probably be played as an afterschool special for aspiring cybersecurity students.
Links:
Securing Finance Securities for Secure Financials
On this one we step outside of the "traditional" security mindset and discuss how cybersecurity closely integrates with the business side of an organization. Thomas Preston, a former money man turned hacker man, discusses his unique perspective on the relationship between these two industries. We look at why business knowledge is necessary for an effective evaluation of an organization's defenses. Will Sam figure out how to end a podcast? Listen to find out.
The one where Sam lied about what the episode was about
Today we set out to talk about the hacker mentality and methodology but get sidetracked before we even start. Our boss, Micheal Reski, rants about the good old days. Sam lies, again, to Chase about the author of a talk (sorry Brian King - I promise I know your name is not Robert). In the end we share our perspective on the industry and eventually talk about methodology a little... just a little.
Links:
We're So Sorry Web Developers
Today we talk to real life spider man, Paul Mueller, as he tells stories of manipulating the web. We hear stories of the wacky ways we walk websites. Chase resolves his awful mic issue with a new less awful mic. And Paul has a run in with the authorities while hating on developers. (Seriously devs... we do love you, for real.)
Links
So Long and Thanks for All the Phish
In our inaugural episode we chat with Carson Sallis, Black Lantern's own phishing guru. We hit on how to devise phishing campaigns from the premise to the payload. Carson details how OpSec, OSINT, and creative writing all play into a successful campaign. We reminisce on hitting a brick wall and there may even be a ghost story at the end.
Links
Have you tried 12000?