Brakeing Down Security Podcast-logo

Brakeing Down Security Podcast

Technology News >

More Information

Location:

United States

Twitter:

@brakesec

Language:

English


Episodes

2019-019-Securing your RDP and ElasticSearch, InfoSec Campout news

5/19/2019
More
https://static1.squarespace.com/static/556340ece4b0869396f21099/t/5cc9ff79c830253749527277/1556742010186/Red+Team+Practice+Lead.pdf https://www.reddit.com/r/netsec/comments/bonwil/prevent_a_worm_by_updating_remote_desktop/ https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/ https://security.berkeley.edu/resources/best-practices-how-articles/system-application-security/securing-remote-desktop-rdp-system https://www.b...

Duration:00:53:10

2019-018-Lesson's I learned, github breach, ransoming github repos

5/14/2019
More
Things I learned this week: https://www.securusglobal.com/community/2013/12/20/dumping-windows-credentials/ https://www.helpnetsecurity.com/2019/04/29/docker-hub-breach/ https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/ https://attack.mitre.org/techniques/T1003/ https://github.com/giMini/PowerMemory https://en.wikipedia.org/wiki/Local_Security_Authority_Subsystem_Service https://attack.mitre.org/techniques/T1208/

Duration:00:39:47

2019-017-K8s Security, Kamus, interview with Omer Levi Hevroni

5/5/2019
More
K8s security with Omer Levi Hevroni (@omerlh) service tickets - Super-Dev Omer’s requirements for storing secrets: Gitops enabled Kubernetes Native Secure “One-way encryption” Omer’s slides and youtube video: https://www.slideshare.net/SolutoTLV/can-kubernetes-keep-a-secret https://www.youtube.com/watch?v=FoM3u8G99pc&&index=14&t=0s We’ve all experienced it: you’re working on a task, adding some code, and then you need to store some sensitive configuration value. It could...

Duration:00:49:48

2019-016-Conference announcement, and password spray defense

4/29/2019
More
Agenda: Announce the conference CFP: up soon CFW: up soon Campers: Friday night/Saturday night Like “toorcamp”, but if it sucks, you can drive home… :D Limiting tickets, looking for sponsors To support the conference and future initiatives: “Infosec Education Foundation” 501c3 non-profit (we are working on the charity part) www.infoseccampout.com Password...

Duration:00:46:10

2019-015-Kevin_johnson-incident_response_aftermath

4/21/2019
More
Announcements: https://www.workshopcon.com/ SpecterOps (red Team operations) and Tim Tomes (PWAPT) Bsides Nashville https://blog.secureideas.com/2019/04/we-take-security-seriously-and-other-trite-statements.html “We take security seriously and other trite statements“ Wordpress infrastructure (supply chain failure) WordPress plugin called Woocommerce was at fault. Vuln late last year: ...

Duration:01:24:26

2019-014-Tesla fails encryption, Albany and Sammamish ransomware attacks.

4/14/2019
More
Announcements: WorkshopCon Training with SpecterOps and Tim Tomes www.workshopcon.com redteam operations with SpecterOps PWAPT with Tim Tomes Source Boston: [Boston, MA 2019 (April 29 – May 3, 2019) (https://sourceconference.com/events/boston19/)Trainings: April 29 - April 30, 2019 | Conference: May 1 - 3, 2019 Cybernauts CTF meetup in Austin Texas at Indeed offices, 23 April at 5pm Central...

Duration:00:50:40

2019-013-ASVSv4 discussion with Daniel Cuthbert and Jim Manico - Part 2

4/7/2019
More
Announcements: SpecterOps and Tim Tomes are giving training at WorkshopCon https://www.workshopcon.com Rob Cheyne Source Boston - https://sourceconference.com/events/boston19/ Austin Cybernauts meetup - https://www.eventbrite.com/e/cybernauts-ctf-meetup-indeed-tickets-58816141663 SHOW NOTES: Architecture is not an implementation, but a way of thinking about a problem that has potentially many different answers, and no one single "correct" answer. https://github.com/OWASP/ASVS “is to...

Duration:00:56:34

2019-012: OWASP ASVSv4 discussion with Daniel Cuthbert and Jim Manico - Part 1

3/31/2019
More
Show Notes SpecterOps and Tim Tomes are giving training at WorkshopCon https://www.workshopcon.com Rob Cheyne Source Boston - https://sourceconference.com/events/boston19/ Architecture is not an implementation, but a way of thinking about a problem that has potentially many different answers, and no one single "correct" answer. https://github.com/OWASP/ASVS “is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web...

Duration:00:51:50

2019-011-part 2 of our interview with Brian "Noid" Harden

3/24/2019
More
Log-MD story SeaSec East meetup Gabe (county Infosec guy) https://www.sammamish.us/government/departments/information-technology/ransomware-attack-information-hub/ New Slack Moderator (@cherokeeJB) Shoutout to “Jerry G” Mike P on Slack: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-dc-april-2019-tickets-54735183407 www.Workshopcon.com/events and that we're looking for BlueTeam trainers please Any chance you can tag @workshopcon. SpecterOps...

Duration:00:47:11

2019-010-Zach_Ruble-building_a_better_cheaper_C2_infra

3/18/2019
More
Shout-out to Thomas… Tried to meetup while at SEA comic-con Patreon Log-MD Hacker’s Health - Ms. Roddie is at TROOPERS (Ms. Berlin?) 4 podcasts? SpecterOps Training / workshopCon - https://www.workshopcon.com/events Zach Ruble- @sendrublez C2 infra using Public WebApps TARCE - Teaching Assistant RCE(?) - they run your code every week, don’t check for backdoors before running it... C2 Basics Local HTTPd server (bashfile) Python scrapes web server 3...

Duration:01:12:03

2019-009- Log-MD story, Noid, communicating with Devs and security people-part1

3/11/2019
More
Log-MD story (quick one) (you’ll like this one, Mr. Boettcher) SeaSec East meetup "Gabe" https://www.sammamish.us/government/departments/information-technology/ransomware-attack-information-hub/ New Slack Moderator (@cherokeeJB) Shoutout to “Jerry G” Mike P on Slack: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-dc-april-2019-tickets-54735183407 www.Workshopcon.com/events and that we're looking for BlueTeam trainers please Any chance you...

Duration:00:50:59

2019-008-windows retpoline patches, PSremoting, underthewire, thunderclap vuln

3/4/2019
More
BrakeingDownIR show #10 GrumpySec appearance? https://support.microsoft.com/en-us/help/4482887/windows-10-update-kb4482887 https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Mitigating-Spectre-variant-2-with-Retpoline-on-Windows/ba-p/295618 https://blogs.technet.microsoft.com/srd/2018/03/15/mitigating-speculative-execution-side-channel-hardware-vulnerabilities/ “Microsoft has added support for the /Qspectre flag to Visual C++ which currently enables some narrow...

Duration:00:56:00

2019-007-bsides_seattle_recap-new_phishing_vector-Kernel_use_after_free_vuln

2/24/2019
More
Bsides Seattle recap (Bryan) New phishing technique to bypass email filters- https://www.helpnetsecurity.com/2019/02/20/phishers-new-trick-for-bypassing-email-url-filters/ https://en.wikipedia.org/wiki/Office_Open_XML_file_formats#Relationships Use after free in Linux...

Duration:00:44:43

2019-006: CSRF, XSS, infosec hypocrites, and the endless cycle

2/17/2019
More
https://www.zdnet.com/article/google-working-on-new-chrome-security-feature-to-obliterate-dom-xss/ https://www.owasp.org/index.php/DOM_Based_XSS CSRF - confused deputy https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) Google Cloud Platform - tip tricks, stuff ms. berlin learned Layer 8 conference - Rhode Island’’ I was wrong…..cycles don’t sync --Ms. Berlin https://health.clevelandclinic.org/myth-truth-period-really-sync-close-friends/ Check out our...

Duration:00:40:38

2019-005: Security Researcher attack, disabling SPECTER, and Systemd discussion

2/10/2019
More
SpecterOps Class: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-boston-june-2019-tickets-54970050902 https://www.secjuice.com/security-researcher-assaulted-ice-atrient/ https://www.csoonline.com/article/3338112/security/vendor-allegedly-assaults-security-researcher-who-disclosed-massive-vulnerability.html Tweet of application teardown: ...

Duration:00:55:22

2019-004-ShmooCon, and Bsides Leeds discussion, Facetime bug (with update), a town for ransom

2/3/2019
More
Facetime bug update: https://www.cnbc.com/2019/02/01/apple-facetime-bug-fix-and-apology.html ShmooCon discussion Bsides Leeds...

Duration:00:44:50

2019-003-Liz Rice, creating processes to shift security farther left in DevOps

1/27/2019
More
BIO: Liz Rice is the Technology Evangelist with container security specialists Aqua Security, where she also works on container-related open source projects including kube-hunter and kube-bench. She was Co-Chair of the CNCF’s KubeCon + CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle, and co-author of the O’Reilly Kubernetes Security book. She has a wealth of software development, team, and product management experience from working on network protocols and distributed...

Duration:01:03:33

2019-002-part 2 of the OWASP IoT Top 10 with Aaron Guzman

1/21/2019
More
intro CFP for Bsides Barcelona is open! https://bsides.barcelona Aaron Guzman: @scriptingxss https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive https://www.owasp.org/index.php/IoT_Attack_Surface_Areas https://scriptingxss.gitbooks.io/embedded-appsec-best-practices//executive_summary/9_usage_of_data_collection_and_storage_-_privacy.html OWASP SLACK: https://owasp.slack.com/ https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg Team of...

Duration:00:46:03

2019-001: OWASP IoT Top 10 discussion with Aaron Guzman

1/14/2019
More
Aaron Guzman: @scriptingxss https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive https://www.owasp.org/index.php/IoT_Attack_Surface_Areas https://scriptingxss.gitbooks.io/embedded-appsec-best-practices//executive_summary/9_usage_of_data_collection_and_storage_-_privacy.html OWASP SLACK: https://owasp.slack.com/ https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg Team of 10 or so… list of “do’s and don’ts” Sub-projects? Embedded...

Duration:00:36:53

2018-045: end of the year podcast!

12/27/2018
More
Join the combined forces of: Jerry Bell (@maliciousLink) from Defensive Security Podcast! (https://defensivesecurity.org/) Bill Gardner from the "RebootIt! podcast" https://itunes.apple.com/us/podcast/reboot-it/id1256466198?mt=2 Ms. Berlin and Bryan Brake for the end of the year podcast! BrakeSec Podcast = www.brakeingsecurity.com RSS: https://www.brakeingsecurity.com/rss

Duration:01:11:26