Brakeing Down Security Podcast-logo

Brakeing Down Security Podcast

Technology News >

More Information

Location:

United States

Twitter:

@brakesec

Language:

English


Episodes

2018-036-Derbycon 2018 Audio with Cheryl Biswas and Tomasz Tula

10/14/2018
More
Derbycon is probably one of the best infosec conferences of the calendar year. The podcast always has so much fun meeting listeners, meeting new people, and getting some audio to share with folks who can't be there. This year, we still got some audio, and it's great. We talked with Cheryl Biswas (@3ncr1pt3d) with her talks at #Derbycon and her work with the #dianaInitiative Check out her talks at the links on @irongeek's website... Cheryl's Track talk: ...

Duration:00:39:56

2018-035-software bloat is forever; malicious file extensions; WMIC abuses

10/1/2018
More
Pizza Party Link - https://www.eventbrite.com/e/brakesec-derbycon-pizza-meetup-tickets-50719385046 News stories- Software/library...

Duration:00:52:42

2018-034-Pentester_Scenario

9/24/2018
More
Interesting email from one of our listeners. Detailing an issue that came up on a client engagement. We walk through best ways to store information post-engagement, and what you need to do to document test procedures so you don't get bit by a potential issue perhaps months down the line. Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec...

Duration:00:40:02

2018--033-Chris_Hadnagy-SE-OSINT-vishing-phishing-book_interview-pt2

9/15/2018
More
Part 2 of our interview with Chris Hadnagy Discuss more about his book, best ways to setup your pre-text in an engagement how you might read someone on a poker table a great story about Chris's favorite person “Neil Fallon” from the rock band “Clutch” and we talk about “innocent lives foundation”, something near and dear to Chris' heart. We start the second part of our interview with Chris with the question “are the majority of your SE engagements phishing and calls, or is it...

Duration:01:00:27

2018-032-chris Hadnagy, discusses his new book, OSINT and SE Part 1

9/8/2018
More
Christopher Hadnagy Interview: Origin story connoisseur of moonshine Social Engineering: The Science of Human Hacking 2nd Edition Sponsored Link (paperback on Amazon): https://amzn.to/2NKxLD9 SEORG book list: https://www.social-engineer.org/resources/seorg-book-list/ Chris’ Podcast: https://www.social-engineer.org/podcast/ SECTF at Derby (contestants are chosen) Remembering - attention to detail Remembering details Can be the difference between success and...

Duration:00:37:51

2018-031-Derbycon ticket CTF, Windows Event forwarding, SIEM collection, and missing events... oh my!

8/31/2018
More
We are back with a new episode this week! We got over our solutions for some of the #derbyCon ticket #CTF challenges and include links to some of the challenges. We talk about Windows Event Forwarder, and all log forwarders seem to losing events! Thanks to our Patrons! Gonna be at Derbycon, come see us! Congrats to our Derbycon Ticket CTF winners! Winner: @gigstaggart 2nd Place: @ohai_ninja 3rd Place: @SoDakHib Mr. Boettcher’s Challenge (SuperCrypto): ...

Duration:01:08:26

2018-030: Derbycon CTF and Auction info, T-mobile breach suckage, and lockpicking

8/25/2018
More
CTF information: Official site: https://scoreboard.totallylegitsite.com (thanks Matt Domko (@hashtagcyber) for hosting and allowing us to use his employee discount!) Please do not pentest the environment, not DDoS, nor cause anything undesirable to happen to the site. View the page, submit the flags, leave everything else alone... Derbycon Auction - starts September 8th at 9am Pacific Time Slack only - Opening bid is $175 Increments of $25 only 100% goes to Chris Sanders’ “Rural...

Duration:01:01:34

2018-029-postsummercamp-future_record_breached-vulns_nofix

8/17/2018
More
Post-Hacker Summercamp IppSec Walkthroughs Brakesec Derbycon ticket CTF - Drama - (hotel room search gate) AirconditionerGate Personal privacy Ask for ID Call the front desk Use the deadbolt - can be bypassed Plug the peephole with TP Hotel rooms aren’t secure (neither are the safes) Probably the most hostile environment infosec people go into to try and be...

Duration:00:55:29

2018-028-runkeys, DNS Logging, derbycon Talks

8/9/2018
More
HTTPS on www.brakeingsecurity.com, Libsyn RSS syncing of itunes/google Play is over TLS Amanda giving a talk at Diana Initiative Derbycon Talk - mental health Volunteer/Topic request form -...

Duration:00:50:35

2018-027-Godfrey Daniels talks about his book about the Mojave Phonebooth

8/1/2018
More
Godfrey Daniels - author of "Adventures with the Mojave Phone Booth" on sale at...

Duration:00:37:45

2018-026-insurers gathering data, netflix released a new DFIR tool, and google no longer gets phished?

7/26/2018
More
Stories and topics we covered: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/ https://osquery.io/ https://www.propublica.org/article/health-insurers-are-vacuuming-up-details-about-you-and-it-could-raise-your-rates https://medium.com/netflix-techblog/netflix-sirt-releases-diffy-a-differencing-engine-for-digital-forensics-in-the-cloud-37b71abd2698 Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter...

Duration:00:43:51

2018-025-BsidesSPFD, threathunting, assessing risk

7/19/2018
More
Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery. Bryan B. got back from BsidesSPFD, MO this week, after what was a well-received talk on building community. Lots of other excellent talks from speakers like Ms. Sunny Wear , and impromptu panel with Ben Miller and a whole host of others,...

Duration:00:34:52

2018-024- Pacu, a tool for pentesting AWS environments

7/11/2018
More
Ben Caudill @rhinosecurity Spencer Gietzen @spengietz Rhino Security - https://rhinosecuritylabs.com/blog/ AWS escalation and mitigation blog - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/ What is the difference between this and something like Scout or Lynis? Is it a forensic or IR tool? How might offensive people use this tool? What is possible when you’re using this as a ‘redteam’ or ‘pentesting’ tool? S3 bucket perms? Security Group...

Duration:00:55:19

2018-023: Cydefe interview-DNS enumeration-CTF setup & prep

7/2/2018
More
Raymond Evans - CTF organizer for nolacon and Founder of CyDefe Labs @cydefe CTF setup / challenges of setting up a CTF.Beginners & CTFsTypestips/tricksBiggest downfalls of CTF development https://www.heroku.com/ www.exploit-db.com BrakeSec DerbyCon @dragosinc dragos.com DNS Enumeration: https://github.com/nixawk/pentest-wiki/blob/master/1.Information-Gathering/How-to-gather-dns-information.md DNS...

Duration:00:55:24

2018-022-preventing_insider_threat

6/25/2018
More
After the recent Tesla insider threat event, BrakeSec decided to discuss some of the indicators of insider threat, what can be done to mitigate it, and why it happens. news stories...

Duration:00:47:31

2018-021-TLS 1.3 discussion, Area41 report, wireshark goodness

6/20/2018
More
Area41 Zurich report Book Club - 4th Tuesday of the month https://www.owasp.org/images/d/d3/TLS_v1.3_Overview_OWASP_Final.pdf https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet TLS_DHE_RSA_AES_256_GCM_SHA256 TLS = Protocol DHE = Diffie-Hellman ephemeral (provides Perfect Forward Secrecy) Perfect Forward Secrecy = session keys won’t be compromised, even if server private keys are Past messages and data cannot be retrieved or decrypted...

Duration:00:42:42

2018-020: NIST's new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords

6/13/2018
More
https://nostarch.com/packetanalysis3 -- Excellent Book! You must buy it. DetSEC mention ShowMe Con panel and keynote SeaSec East standing room only. Crispin gave a great toalk about running as Standard user Bsides Cleveland - https://www.passwordping.com/surprising-new-password-guidelines-nist/ 1Password version 7.1 integrates with Troy Hunt's "Pwned Passwords" service to check for passwords that...

Duration:00:36:43

2018-019-50 good ways to protect your network, brakesec summer reading program

6/5/2018
More
Ms. Berlin’s mega tweet on protecting your network https://twitter.com/InfoSystir/status/1000109571598364672 Utica College CYB617 I tweeted “utica university” many pardons Mr. Childress’ high school class Laurens, South Carolina Probably spent as much as a daily coffee at Starbucks… makes all the difference. CTF Club, and book club (summer reading series) Patreon SeaSec East Showmecon Area41con bsidescleveland Here are 50 FREE things you can do to improve the...

Duration:00:47:20

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs

5/30/2018
More
https://darknetdiaries.com/ Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/https://www.youtube.com/watch?v=eFVBz_ATAlU- when anonymous attacks your hospital The oldest known vulnerability is still a big problem. Default passwords. Why haven't we fixed this yet?...

Duration:00:34:14

2018-017- threat models, vuln triage, useless scores, and analysis tools

5/22/2018
More
Vuln mgmt tools CVE scores suck. Threat modeling is good. Forces you to know your...

Duration:00:39:37