Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Content provided by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Advanced Persistent Security
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Multi-Tool Multi-User HTTP Proxy (with Russel Van Tuyl)
Archived series ("Inactive feed" status)
When?
This feed was archived on July 28, 2021 12:26 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 166365839 series 173009
Content provided by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Multi-Tool Multi-User HTTP Proxy (with Russel Van Tuyl)
IF IT’S A PROTOCOL, YOU CAN PLAY WITH IT
ADVANCED PERSISTENT SECURITY PODCAST
EPISODE 26
GUEST: Russel Van Tuyl
NOVEMBER 21, 2016
If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers
Multi-Tool Multi-User HTTP Proxy (with Russel Van Tuyl) SHOW NOTES
PART 1
Instead of talking about the news, we continue the conversation from the previous episode about election machine hacking. With this topic, we also venture into the voter registration database and misinformation campaign aspect of voter confidence in the election. Russel provides an interesting perspective about the registration databases. The perspective is that it is not very much different than any other breach. The data is similar to those in other databases.
From the perspective of voting machines, Russel points out the difficulty in compromising a large enough segment of the electorate to be significant enough for the population to care. Because the machines are not online (to our knowledge), the risk is minimal. The same core principles of information security can be applied to the system to ensure good security.
PART 2
Read Russel’s work about this segment in it’s full glory, here.
Russel kicks off his discussion about his Multi-Tool Multi-User HTTP Proxy. The purpose is to allow a single server to act as a proxy to route traffic from multiple tools: Empire, Metasploit, Meterpreter, and BeEF. The tool aims to help unify command and control (C2) for use in post exploitation. He talks about how IDS and other monitoring tools would find the native ports used by the tools or the context of the tool and prevent the tool from being successful. His use of this tool circumvents this for the most part.
PART 3
We shift gears from offense to defense and talk about protecting oneself from the Multi-Tool Multi-User HTTP Proxy. Russel says that one must apply the best practices and information security fundamentals as a starting point. He discusses the use of a Proxy like BlueHost to further inspect the packets and understand what is happening. We discuss the use of a Web Application Firewall (WAF) or other proxy tools such as squid or Zed Attack Proxy (ZAP) as a means of prevention. We discuss other preventative measures and best practices in regards to this specific method of attack.
ABOUT Russel
Russel Van Tuyl is the managing consultant for security assessments at Sword & Shield Enterprise Security. His primary role is conducting network vulnerability assessments and penetration tests but also performs web application assessments, firewall configuration audits, wireless assessments, and social engineering.
He has more than 11 years of experience in the technical field in roles such as database design, field device support, help desk, IT asset management, programming, and information security.
CONTACTING Russel:
Twitter: @Ne0nd0g
Multi-Tool Multi-User HTTP Proxy
Sword and Shield Enterprise Security
PASSWORD BLOG LINKS:
AlienVault
Hosted Locally on Advanced Persistent Security
WI-FI BLOG LINK:
AlienVault
Hosted Locally on Advanced Persistent Security
POWERSHELL LINK:
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Enter your email address:Delivered by FeedBurner
SUBSCRIBE TO OUR MAILING LIST
* indicates required
Email Address *
First Name
Last Name
50 episodes
Share
Archived series ("Inactive feed" status)
When?
This feed was archived on July 28, 2021 12:26 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 166365839 series 173009
Content provided by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Advanced Persistent Security and Joe Gray, Advanced Persistent Security, and Joe Gray or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Multi-Tool Multi-User HTTP Proxy (with Russel Van Tuyl)
IF IT’S A PROTOCOL, YOU CAN PLAY WITH IT
ADVANCED PERSISTENT SECURITY PODCAST
EPISODE 26
GUEST: Russel Van Tuyl
NOVEMBER 21, 2016
If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers
Multi-Tool Multi-User HTTP Proxy (with Russel Van Tuyl) SHOW NOTES
PART 1
Instead of talking about the news, we continue the conversation from the previous episode about election machine hacking. With this topic, we also venture into the voter registration database and misinformation campaign aspect of voter confidence in the election. Russel provides an interesting perspective about the registration databases. The perspective is that it is not very much different than any other breach. The data is similar to those in other databases.
From the perspective of voting machines, Russel points out the difficulty in compromising a large enough segment of the electorate to be significant enough for the population to care. Because the machines are not online (to our knowledge), the risk is minimal. The same core principles of information security can be applied to the system to ensure good security.
PART 2
Read Russel’s work about this segment in it’s full glory, here.
Russel kicks off his discussion about his Multi-Tool Multi-User HTTP Proxy. The purpose is to allow a single server to act as a proxy to route traffic from multiple tools: Empire, Metasploit, Meterpreter, and BeEF. The tool aims to help unify command and control (C2) for use in post exploitation. He talks about how IDS and other monitoring tools would find the native ports used by the tools or the context of the tool and prevent the tool from being successful. His use of this tool circumvents this for the most part.
PART 3
We shift gears from offense to defense and talk about protecting oneself from the Multi-Tool Multi-User HTTP Proxy. Russel says that one must apply the best practices and information security fundamentals as a starting point. He discusses the use of a Proxy like BlueHost to further inspect the packets and understand what is happening. We discuss the use of a Web Application Firewall (WAF) or other proxy tools such as squid or Zed Attack Proxy (ZAP) as a means of prevention. We discuss other preventative measures and best practices in regards to this specific method of attack.
ABOUT Russel
Russel Van Tuyl is the managing consultant for security assessments at Sword & Shield Enterprise Security. His primary role is conducting network vulnerability assessments and penetration tests but also performs web application assessments, firewall configuration audits, wireless assessments, and social engineering.
He has more than 11 years of experience in the technical field in roles such as database design, field device support, help desk, IT asset management, programming, and information security.
CONTACTING Russel:
Twitter: @Ne0nd0g
Multi-Tool Multi-User HTTP Proxy
Sword and Shield Enterprise Security
PASSWORD BLOG LINKS:
AlienVault
Hosted Locally on Advanced Persistent Security
WI-FI BLOG LINK:
AlienVault
Hosted Locally on Advanced Persistent Security
POWERSHELL LINK:
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Enter your email address:Delivered by FeedBurner
SUBSCRIBE TO OUR MAILING LIST
* indicates required
Email Address *
First Name
Last Name
50 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Advanced Persistent Security
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
…
continue reading
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
