To continue our adventure in talking about security concepts on the net, we have decided it's time to talk through the top Web Application vulnerabilities. On top of that we decided to make it a mini-series! In this episode we cover the number one OWASP vulnerability - Broken Access Controls. Follow along as we explore all the fun of web applicatio…

The boys are headed to the Kennedy Space Center for HackSpaceCon in April! BLS will be hosting a training there too! Also, come check out the training at DakotaCon in March! We're doing it the pay what you can style (for the training)! Links: HackSpaceCon Official Site DakotaCon Official Site The Official BLS Discord The Official BLS Website The Of…

The boys are back with BLS' own Josh to discuss the difficulties a new penetration tester might face, and how to break in to the industry. Links: The Official BLS Discord The Official BLS Website The Official BLS Github The Official APotN Twitter Free lecture resources: Professor Messer Heath Adams John Hammond Katie Paxton-Fear Free hands on resou…

The boys are back with Mike to discuss how to get the most bang for your buck when scheduling a pentest (mostly boils down to being nice to us please) and things predictably go off the rails. Links: The Official BLS Discord The Official BLS Website The Official BLS Github The Official APotN Twitter

The boys have found their mics once again and have returned to the digital stage. This stage exists primarily in closets. In the hiatus Sam & Chase have equally lost sanity and the ability to stay on topic for longer than five minutes. Join in and try to follow along for the a wild return to season 2. Links: The Official BLS Discord The Official BL…

In today's episode the boys discuss a new hacker focused OSINT framework created by BLS' Python Superstar Joel. Links: BBOT Spiderfoot Writehat Manspider BLS Discord

In this episode Sam & Chase suffer from post engagement delirium. The pair chat about chatting with clients and why technical interviews are not as scary as they seem. Chase slanders Sam. Sam responds with potential libel. Links: Our Discord BLS Risk Assessments MITRE ATT&CK Framework

The APotN Crew is back! We kick off season 2 with a chat (maybe a lecture?) on the new old hotness, Attack Surface Management. A new character will be introduced and we determine our band name. Sam climbs a soap box while Chase hides in a closet. This and much much more in the season 2 premier! ... we get started on a weird foot. Links BLS Website …

It's here - the second part of our first two part series. We complete our discussion around ransomware. Brian sums up the steps used to defend against these attacks. Sam closes out the season by talking too much. Chase uses the c word and doesn't apologize for it (hint... it rhymes with crowd). And that's a wrap on season one! Thanks everyone for l…

We bring back Brian to talk about the Kaseya ransomware incident only to discover 100 related rabbit holes. We do our best to be concise with the topic but obviously we failed and had to make this two parts. Join us as we work through Kaseya's incident from the incident response perspective. Then join us again in two weeks when we finish talking ab…

New guest alert! Jack Ward teaches us about the basics of Reverse Engineering. Sam struggles with remembering things in the morning while over using the word capabilities. While Chase continues to encourage bad corporate spreadsheet etiquette. We work to keep ourselves out of the deep end of software development. The team announces the public Black…

We couldn't do it. Things at BLS have been pretty busy lately, which means we were not able to pull together a quality episode in time. So, here is Sam briefly talking about our shortcoming. In other news... ANOUNCEMENT: Only two more episodes are in left our first season! If you have any feedback on the season so far or anything you would like to …

Carson comes back! He is rip-roaring ready to talk about Supply Chain Attacks. The crew also hits on the Colonial Pipeline incident, Ukraine, and many other hot button cybersecurity topics. Sam proves he is the fastest googler. Chase has another new mic. Do you like history? If so, topics like the 2013 Target Breach and Stuxnet may interest you. Bo…

Paul is back! This time he takes us hunting. We learn about bug bounties and how to get them. We also talk about some of the best tools of the trade. Can you cross site script your way to being a millionaire? We sure hope so. Links: HackerOne Bugcrowd Synack Darknet Diaries: dawgyg James Kettle HTTP Request Smuggler Param Miner Paul's Blog Paul's T…

Today the gang talks about what it's like to be blue. Chase has a few things to say and may be emotionally scarred. Our guest, Brian O'hara, absolutely enthralls us with his tales of detection. Sam remembers that this one time at the other place... things happened. We also touch on detection analysis, logging management, and incident response in th…

Today we talk to our least and favorite people, ourselves! Inspired by Chase's appreciation for hearing other info sec professional's stories - Sam has Chase tell his story. Jokes about the impossible recruiting expectations are expressed. And this episode can probably be played as an afterschool special for aspiring cybersecurity students. Links: …

On this one we step outside of the "traditional" security mindset and discuss how cybersecurity closely integrates with the business side of an organization. Thomas Preston, a former money man turned hacker man, discusses his unique perspective on the relationship between these two industries. We look at why business knowledge is necessary for an e…

Today we set out to talk about the hacker mentality and methodology but get sidetracked before we even start. Our boss, Micheal Reski, rants about the good old days. Sam lies, again, to Chase about the author of a talk (sorry Brian King - I promise I know your name is not Robert). In the end we share our perspective on the industry and eventually t…

Today we talk to real life spider man, Paul Mueller, as he tells stories of manipulating the web. We hear stories of the wacky ways we walk websites. Chase resolves his awful mic issue with a new less awful mic. And Paul has a run in with the authorities while hating on developers. (Seriously devs... we do love you, for real.) Links PortSwigger Pen…

In our inaugural episode we chat with Carson Sallis, Black Lantern's own phishing guru. We hit on how to devise phishing campaigns from the premise to the payload. Carson details how OpSec, OSINT, and creative writing all play into a successful campaign. We reminisce on hitting a brick wall and there may even be a ghost story at the end. Links evil…