To continue our adventure in talking about security concepts on the net, we have decided it's time to talk through the top Web Application vulnerabilities. On top of that we decided to make it a mini-series! In this episode we cover the number one OWASP vulnerability - Broken Access Controls. Follow along as we explore all the fun of web application penetration testing.

Links: 

The Official BLS Discord 

The Official BLS Website 

The Official BLS Github 

The Official APotN Twitter

The OWASP Top 10

OWASP: Broken Access Control

Burp Suite Wsdler Plugin

The boys are headed to the Kennedy Space Center for HackSpaceCon in April! BLS will be hosting a training there too! Also, come check out the training at DakotaCon in March! We're doing it the pay what you can style (for the training)!

Links: 

HackSpaceCon Official Site

DakotaCon Official Site

The Official BLS Discord 

The Official BLS Website 

The Official BLS Github 

The Official APotN Twitter

The boys are back with BLS' own Josh to discuss the difficulties a new penetration tester might face, and how to break in to the industry. 

Links: 

The Official BLS Discord 

The Official BLS Website 

The Official BLS Github 

The Official APotN Twitter

Free lecture resources:

Professor Messer

The boys are back with Mike to discuss how to get the most bang for your buck when scheduling a pentest (mostly boils down to being nice to us please) and things predictably go off the rails.

Links:

The boys have found their mics once again and have returned to the digital stage. This stage exists primarily in closets. In the hiatus Sam & Chase have equally lost sanity and the ability to stay on topic for longer than five minutes. Join in and try to follow along for the a wild return to season 2.

In today's episode the boys discuss a new hacker focused OSINT framework created by BLS' Python Superstar Joel.

Links:

BBOT

Spiderfoot

Writehat

Manspider

BLS Discord

In this episode Sam & Chase suffer from post engagement delirium. The pair chat about chatting with clients and why technical interviews are not as scary as they seem. Chase slanders Sam. Sam responds with potential libel.

The APotN Crew is back! We kick off season 2 with a chat (maybe a lecture?) on the new old hotness, Attack Surface Management. A new character will be introduced and we determine our band name. Sam climbs a soap box while Chase hides in a closet. This and much much more in the season 2 premier! ... we get started on a weird foot.

Links

It's here - the second part of our first two part series. We complete our discussion around ransomware. Brian sums up the steps used to defend against these attacks. Sam closes out the season by talking too much. Chase uses the c word and doesn't apologize for it (hint... it rhymes with crowd). 

And that's a wrap on season one! Thanks everyone for listening and let us know if you have any insight, comments, or requests for what you'd like to see in the next season. 

Links:

BLS Discord

We bring back Brian to talk about the Kaseya ransomware incident only to discover 100 related rabbit holes. We do our best to be concise with the topic but obviously we failed and had to make this two parts. Join us as we work through Kaseya's incident from the incident response perspective. Then join us again in two weeks when we finish talking about the Kaseya Ransomware from the incident response perspective. 

Links