Security Noise

Let's talk about Threat Hunting! On this episode of Security Noise, Geoff and Skyler are joined by Principal Security Consultants Shane Hartman and Justin Vaicaro to discuss the essential components of a successful Threat Hunting program. But where do you start and how do you access the best resources? Listen as they share insights on building an effective program, operationalizing practices, and the importance of a proactive mindset.  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. 

In this episode of Security Noise, we focus on Cloud Security Testing. Our guest , Security Consultant Edwin David, discusses current objectives for securing the cloud, tools for cloud testing, and the challenges of multi-cloud and hybrid environments. Key takeaways include: -The importance of MFA and conditional access -The need for strong password protection -The lack of a unified toolset for cloud testing -The complexities and security implications of multi-cloud and hybrid environments. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

This week on Security Noise, we talk about "Hacker Summer Camp" also known as DEF CON and BlackHat in Las Vegas. We chat with Senior Security Consultants Luke Bremer and Aaron James, who both attended for the first time, about initial impressions and takeaways from the cons and Vegas itself. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

On this episode of Security Noise, we discuss the recent CrowdStrike incident with our guests: Director of Advisory Innovation Rockie Brockway and Managing Director of Remediation Services Paul Sems. The incident occurred on July 19, 2024, when a CrowdStrike security platform update caused a large number of Windows platforms to fail to boot, resulting in the largest IT outage in history. We also touch on patch management and the balance between speed and risk. What is the potential for future attacks targeting kernel-level drivers? What can you expect from similar attacks in the future? Listen now as we cover all this and more on Security Noise! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

In this episode, Geoff and Skyler are joined by special guests Keith Koehne and Matt Miller from Paradigm Cyber Ventures to discuss their mission to integrate cybersecurity into high school industrial tech education. Through this program, teachers at high schools around the U.S. are trained to deliver an in-depth cybersecurity curriculum to their students which introduces them to the field, giving them practical training and readying them for industry exams. The program prepares and empowers students to join the cybersecurity workforce, attend college, or both.  About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

On this episode of Security Noise, we talk to some veteran network guys to discuss CVE-2024–3661 and other thoughts about VPN security. Geoff and Skyler are joined by Security Consultant Philip DuBois and Principal Security Consultant Justin Bollinger to get their perspective on current issues. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most. Listen and subscribe wherever you get your podcasts!

On this episode, Skyler talks to Principal Security Consultant Drew Kirkpatrick who recently gave a talk at CackalackyCon where he demonstrated new features of his tool, JS-Tap. The tool allows red teams to monitor and attack web applications by rewriting code in the user's browser. Drew introduced a new feature called Mimic, which automates the process of generating custom JavaScript payloads for performing actions as the user in the application. The payloads can be integrated with a Command and Control (C2) system to execute tasks in the user's browser. Drew provided a demo of the tool using a vulnerable WordPress site. JS-Tap is a powerful tool for monitoring and attacking web applications. It allows users to log in and track client activity, including cookies, local storage, and session storage. JS-Tap can intercept form submissions and network communications, making it useful for both monitoring and attacking. It can generate custom payloads and exfiltrate data from the target application. The tool is versatile and can be used for red teaming, penetration testing, and post-exploitation. JS-TAP is available on GitHub and is open source. Watch the podcast and demo on YouTube here - https://youtu.be/cU915mxLfTo About this podcast Security Noise, a TrustedSec Podcast, features our cybersecurity experts in conversation about the security topics that interest them the most. Hosted by Geoff Walton and Producer/Contributor Skyler Tuter. Listen and subscribe wherever you get your podcasts!

In this episode, we discuss state-of-the-art red team testing with Targeted Operations Practice Lead Jason Lang and Director of Security Intelligence Carlos Perez. The conversation is focused on how to extract more value via enhanced cooperation between the red team and the IT Security organization. We conclude with Jason sharing some highlights from his talk "Modern Hackery: A Look At Current Breaches Through An Attacker's Eyes" which will be presented at NolaCon in New Orleans on May 17, 2024.  Show References: https://services.google.com/fh/files/misc/m-trends-2024.pdf 

Join us as we continue our series on developing careers in InfoSec. In this episode, we talk about a unique opportunity for students at Bedford High School in Ohio, a school that is near and dear to TrustedSec Founder and CEO David Kennedy. We chat with Dave about the cybersecurity education program that was launched recently with help from long-time Bedford teacher Darren Pocek and others. Listen to learn how this program was created and how it helps prepare students for careers in cybersecurity. 

Security Noise starts a multi episode look at how to start or grow a career in infoSec. We begin by talking with Senior Security Consultant Kelsey Segrue and Security Consultant Olivia Cate who took what might be considered the traditional route. They share their stories and offer some insights into how to maximize the advantage of similar opportunities. About this podcast Security Noise, a TrustedSec Podcast, features our cybersecurity experts in conversation about the security topics that interest them the most. Hosted by Geoff Walton and Producer/Contributor Skyler Tuter. Listen and subscribe wherever you get your podcasts!