This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Content provided by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Advanced Persistent Security
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
We head to the Lone Star State to connect with fellow Linux enthusiasts and immerse ourselves in the vibrant scene of Austin, Texas. Live chat: https:/jblive.tv
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)
Archived series ("Inactive feed" status)
When?
This feed was archived on July 28, 2021 12:26 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 204207313 series 173009
Content provided by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)
Advanced Persistent Security Podcast
Episode 44
Guests: Adrian Sanabria
April 26, 2018
If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers
Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)
Show Notes
In this episode, Joe is joined by Adrian Sanabria. Adrian is a co-organizer of BSides Knoxville and one of the founders of dc865. We discuss Adrian’s background in technology and how he came into security in the days before PCI. Adrian talks about his transition into working at 451 Research in terms of terminology and industry analysis.
Joe and Adrian talk about Savage Security and RSA Conference. Adrian tells us about his (then forthcoming) presentation at RSA Conference. Adrian’s presentation is called It is Time to Kill the Pen Test and why it is important. He cites Haroon Meer’s Keynote at 44con in 2011 as a thought provoking idea that spawned this.
Pen testing as a skill is not the problem, it is the service offering that is. Adrian cites inefficiencies like vulnerability scanning and reporting at the same rate as the test. We talk about the advanced attacks versus sticking to the basics. Adrian talks about prioritizing breach simulations and ransomware simulations over a pen test.
We talk about the scoping documents of pen tests and how they are relative to actual attacks and their objectives. The fact that not all adversaries attempt to get domain admin, while others try to perform defacement or exfiltration. Adrian mentions Haroon’s quote:
Pen testers are not emulating attackers. They are emulating other pen testers.
Adrian talks about the lack of responsiveness of blue teams during pen tests. We talk about the mentality of many attackers of wanting to “pwn the world” vice enhance the security of an organization. Adrian calls for more “white box testing.” Joe mentions the lack of analysis of OSINT as another inefficiency in pen testing. We also discuss the fact that dwell time is so high that expecting a black box test is almost unrealistic.
Adrian talks about some metrics associated with MSSPs detecting him when doing breach simulations. We talk about C2 and other indicators such as the use of TOR. We talk about how to make the industry better.
About Adrian:
Adrian Sanabria is Co-Founder and Director of Research at Savage Security. Sanabria’s past experience includes 13 years as a Defender and Consultant building security programs, defending large financial organizations and performing penetration tests. He has spent far more time dealing with PCI than is healthy for an adult male of his age. Sanabria learned the business side of the industry as a research analyst for 451 Research, working closely with vendors and investors. He is an outspoken researcher and doesn’t shy away from the truth or being proven wrong. Sanabria loves to write about the industry, tell stories and still sees the glass as half full.
Contacting Adrian:
BSides Knoxville:
Website
Registration
Date: May 18, 2018
Locations: Scruffy City Hall, Preservation Pub, Knoxville Entrepreneurial Center
8:00 AM – 6:00 PM
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Enter your email address:Delivered by FeedBurner
SUBSCRIBE TO OUR MAILING LIST
* indicates required
Email Address *
First Name
Last Name
50 episodes
Share
Archived series ("Inactive feed" status)
When?
This feed was archived on July 28, 2021 12:26 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 204207313 series 173009
Content provided by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)
Advanced Persistent Security Podcast
Episode 44
Guests: Adrian Sanabria
April 26, 2018
If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers
Killing the Pen Test & BSides Knoxville (with Adrian Sanabria)
Show Notes
In this episode, Joe is joined by Adrian Sanabria. Adrian is a co-organizer of BSides Knoxville and one of the founders of dc865. We discuss Adrian’s background in technology and how he came into security in the days before PCI. Adrian talks about his transition into working at 451 Research in terms of terminology and industry analysis.
Joe and Adrian talk about Savage Security and RSA Conference. Adrian tells us about his (then forthcoming) presentation at RSA Conference. Adrian’s presentation is called It is Time to Kill the Pen Test and why it is important. He cites Haroon Meer’s Keynote at 44con in 2011 as a thought provoking idea that spawned this.
Pen testing as a skill is not the problem, it is the service offering that is. Adrian cites inefficiencies like vulnerability scanning and reporting at the same rate as the test. We talk about the advanced attacks versus sticking to the basics. Adrian talks about prioritizing breach simulations and ransomware simulations over a pen test.
We talk about the scoping documents of pen tests and how they are relative to actual attacks and their objectives. The fact that not all adversaries attempt to get domain admin, while others try to perform defacement or exfiltration. Adrian mentions Haroon’s quote:
Pen testers are not emulating attackers. They are emulating other pen testers.
Adrian talks about the lack of responsiveness of blue teams during pen tests. We talk about the mentality of many attackers of wanting to “pwn the world” vice enhance the security of an organization. Adrian calls for more “white box testing.” Joe mentions the lack of analysis of OSINT as another inefficiency in pen testing. We also discuss the fact that dwell time is so high that expecting a black box test is almost unrealistic.
Adrian talks about some metrics associated with MSSPs detecting him when doing breach simulations. We talk about C2 and other indicators such as the use of TOR. We talk about how to make the industry better.
About Adrian:
Adrian Sanabria is Co-Founder and Director of Research at Savage Security. Sanabria’s past experience includes 13 years as a Defender and Consultant building security programs, defending large financial organizations and performing penetration tests. He has spent far more time dealing with PCI than is healthy for an adult male of his age. Sanabria learned the business side of the industry as a research analyst for 451 Research, working closely with vendors and investors. He is an outspoken researcher and doesn’t shy away from the truth or being proven wrong. Sanabria loves to write about the industry, tell stories and still sees the glass as half full.
Contacting Adrian:
BSides Knoxville:
Website
Registration
Date: May 18, 2018
Locations: Scruffy City Hall, Preservation Pub, Knoxville Entrepreneurial Center
8:00 AM – 6:00 PM
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Enter your email address:Delivered by FeedBurner
SUBSCRIBE TO OUR MAILING LIST
* indicates required
Email Address *
First Name
Last Name
50 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Advanced Persistent Security
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
We head to the Lone Star State to connect with fellow Linux enthusiasts and immerse ourselves in the vibrant scene of Austin, Texas. Live chat: https:/jblive.tv
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
