Any Port on the Net

To continue our adventure in talking about security concepts on the net, we have decided it's time to talk through the top Web Application vulnerabilities. On top of that we decided to make it a mini-series! In this episode we cover the number one OWASP vulnerability - Broken Access Controls. Follow along as we explore all the fun of web application penetration testing.

Links: 

The boys are headed to the Kennedy Space Center for HackSpaceCon in April! BLS will be hosting a training there too! Also, come check out the training at DakotaCon in March! We're doing it the pay what you can style (for the training)!

Links: 

The boys are back with BLS' own Josh to discuss the difficulties a new penetration tester might face, and how to break in to the industry. 

Links: 

The boys are back with Mike to discuss how to get the most bang for your buck when scheduling a pentest (mostly boils down to being nice to us please) and things predictably go off the rails.

In today's episode the boys discuss a new hacker focused OSINT framework created by BLS' Python Superstar Joel.

Links:

The APotN Crew is back! We kick off season 2 with a chat (maybe a lecture?) on the new old hotness, Attack Surface Management. A new character will be introduced and we determine our band name. Sam climbs a soap box while Chase hides in a closet. This and much much more in the season 2 premier! ... we get started on a weird foot.

It's here - the second part of our first two part series. We complete our discussion around ransomware. Brian sums up the steps used to defend against these attacks. Sam closes out the season by talking too much. Chase uses the c word and doesn't apologize for it (hint... it rhymes with crowd). 

And that's a wrap on season one! Thanks everyone for listening and let us know if you have any insight, comments, or requests for what you'd like to see in the next season. 

Links:

We bring back Brian to talk about the Kaseya ransomware incident only to discover 100 related rabbit holes. We do our best to be concise with the topic but obviously we failed and had to make this two parts. Join us as we work through Kaseya's incident from the incident response perspective. Then join us again in two weeks when we finish talking about the Kaseya Ransomware from the incident response perspective. 

New guest alert! Jack Ward teaches us about the basics of Reverse Engineering. Sam struggles with remembering things in the morning while over using the word capabilities. While Chase continues to encourage bad corporate spreadsheet etiquette. We work to keep ourselves out of the deep end of software development. 

The team announces the public Black Lantern Security discord server (invite link below)! 

Links:

Carson comes back! He is rip-roaring ready to talk about Supply Chain Attacks. The crew also hits on the Colonial Pipeline incident, Ukraine, and many other hot button cybersecurity topics. Sam proves he is the fastest googler. Chase has another new mic. Do you like history? If so, topics like the 2013 Target Breach and Stuxnet may interest you. Bonus, they are talked about in this episode as well!

Links:

Paul is back! This time he takes us hunting. We learn about bug bounties and how to get them. We also talk about some of the best tools of the trade. Can you cross site script your way to being a millionaire? We sure hope so.

Links:

Today the gang talks about what it's like to be blue. Chase has a few things to say and may be emotionally scarred. Our guest, Brian O'hara, absolutely enthralls us with his tales of detection. Sam remembers that this one time at the other place... things happened. We also touch on detection analysis, logging management, and incident response in this episode of Any Port on the Net!

Links:

Today we talk to our least and favorite people, ourselves! Inspired by Chase's appreciation for hearing other info sec professional's stories - Sam has Chase tell his story. Jokes about the impossible recruiting expectations are expressed. And this episode can probably be played as an afterschool special for aspiring cybersecurity students. 

Links:

On this one we step outside of the "traditional" security mindset and discuss how cybersecurity closely integrates with the business side of an organization. Thomas Preston, a former money man turned hacker man, discusses his unique perspective on the relationship between these two industries. We look at why business knowledge is necessary for an effective evaluation of an organization's defenses. Will Sam figure out how to end a podcast? Listen to find out.

Today we set out to talk about the hacker mentality and methodology but get sidetracked before we even start. Our boss, Micheal Reski, rants about the good old days. Sam lies, again, to Chase about the author of a talk (sorry Brian King - I promise I know your name is not Robert). In the end we share our perspective on the industry and eventually talk about methodology a little... just a little. 

Links:

Today we talk to real life spider man, Paul Mueller, as he tells stories of manipulating the web. We hear stories of the wacky ways we walk websites. Chase resolves his awful mic issue with a new less awful mic. And Paul has a run in with the authorities while hating on developers. (Seriously devs... we do love you, for real.)

Links

In our inaugural episode we chat with Carson Sallis, Black Lantern's own phishing guru. We hit on how to devise phishing campaigns from the premise to the payload. Carson details how OpSec, OSINT, and creative writing all play into a successful campaign. We reminisce on hitting a brick wall and there may even be a ghost story at the end.  

Links