Brakeing Down Security Podcast-logo

Brakeing Down Security Podcast

Technology News >

More Information

Location:

United States

Twitter:

@brakesec

Language:

English


Episodes

2018-017- threat models, vuln triage, useless scores, and analysis tools

5/22/2018
More
Vuln mgmt tools CVE scores suck. Threat modeling is good. Forces you to know your...

Duration:00:39:37

2018-016- Jack Rhysider, DarkNet Diaries, and a bit of infosec history (Part 1)

5/15/2018
More
Converge Detroit Jack Rhysider- Podcaster, DarkNet Diaries https://darknetdiaries.com/ Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/https://www.youtube.com/watch?v=eFVBz_ATAlU- when anonymous attacks your hospital The oldest known vulnerability is still a big problem. Default passwords. Why haven't we fixed this yet?...

Duration:00:37:12

2018-015-Data labeling, data classification, and GDPR issues

5/7/2018
More
GDPR will affect any information system that processes or will process people… like it or not. Derby Tickets CTF and auction Keynote Converge Detroit I’ll be at nolacon too Boettcher Recap BDIR #3 https://blog.netwrix.com/2018/05/01/five-reasons-to-ditch-manual-data-classification-methods/ https://blog.networksgroup.com/data-loss-prevention-fundamentals Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify:...

Duration:00:52:06

2018-014- Container Security with Jay Beale

4/29/2018
More
Container security Jay Beale @inguardians , @jaybeale Containers What the heck is a container?Linux distribution with a kernelContainers run on top of that, sharing the kernel, but not the filesystemNamespacesMountNetworkHostnamePIDIPCUsersSomebody said we’ve had containers since before DockerContainers started in 2005, with OpenVZDocker was 2013, Kubernetes 2014Image SecurityCoreOS Clair for vuln scanning imagesPublic repos vs privateDon’t keep the image running for so...

Duration:01:05:29

2018-013-Sigma_malware_report, Verizon_DBIR discussion, proper off-boarding of employees

4/20/2018
More
Report from Bsides Nash - Ms. Berlin New Job Keynote at Bsides Springfield, MO Mr. Boettcher talks about Sigma Malware infection. http://www.securitybsides.com/w/page/116970567/BSidesSpfd **new website upcoming** Registration is coming and will be updated on next show (hopefully) DBIR -https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf VERIS framework http://veriscommunity.net/ 53,000 incidents 2,216 breaches?! 73% breaches...

Duration:01:05:19

2018-012: SIEM tuning, collection, types of SIEM, and do you even need one?

4/11/2018
More
Bryan plays 'stump the experts' with Ms. Berlin and Mr. Boettcher this week... We discuss SIEM logging, and tuning... How do SIEM deal with disparate log file types? What logs should be the first to be gathered? Is a SIEM even required, or is just a central log repo enough? Which departments benefit the most from logging? (IT, IR, Compliance?) Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS:...

Duration:01:00:42

2018-011: Creating a Culture of Neurodiversity

4/4/2018
More
Megan Roddie discusses being a High functioning Autistic, and we discuss how company and management can take advantage of the unique abilities of those with high functioning autism. Direct Link: http://traffic.libsyn.com/brakeingsecurity/2018-011.mp3 Matt Miller's Assembly and Reverse Engineering Class: Still can sign up! The syllabus is here: https://drive.google.com/open?id=1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0 SHOW NOTES: Link to Megan’s slides Megan Roddie...

Duration:01:10:35

2018-010 - The ransoming of Atlanta, Facebook slurping PII, Dridex variants

3/27/2018
More
Matt Miller’s #Assembly and #Reverse #Engineering class $150USD for each class, 250USD for both classes Syllabus : https://docs.google.com/document/d/1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0/edit?usp=sharing Please state which class you'd like to take when ordering in the "Notes" field in Paypal https://paypal.me/BDSPodcast/150usd To sign up for both classes:...

Duration:00:37:45

2018-009- Retooling for new infosec jobs, sno0ose, Jay Beale, and mentorship

3/19/2018
More
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2018-009-internships-mentorships-retooling-finding-that-unicorn-pentester.mp3 Topics discussed: @jaybeale@inguardians@sno0ose Matt Miller’s #Assembly and #Reverse #Engineering class $150USD for each class, 250USD for both classes Syllabus : https://docs.google.com/document/d/1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0/edit?usp=sharing Please state which class you'd like to take when ordering in the "Notes" field in Paypal...

Duration:01:12:02

BDIR-001: Credential stealing emails, How do you protect against it?

3/12/2018
More
BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO Join us for Episode-001, our guest will be: Topic of the day will be: "CREDENTIAL STEALING EMAILS WHAT CAN YOU DO" Show Notes: More show notes at https://www.imfsecurity.com/podcasts/2018/2/28/bdir-podcast-episode-001

Duration:01:48:48

2018-008- ransomware rubes, Defender does not like Kali, proper backups

3/12/2018
More
https://www.auditscripts.com/free-resources/critical-security-controls/ Thanks to Slacker Ben Chung, who heard about this from John Strand... BsidesIndy report - Amanda Bsides Austin - Brian Log_MD 2.0 -...

Duration:00:58:11

2018-007- Memcached DDoS, Secure Framework Documentation, and chromebook hacking

3/5/2018
More
Topics: Link to secure framework document: https://drive.google.com/open?id=1xLfY4uI88K2AiA1mosWJ7jFyP100Jv5d Tickets are already on sale for "Hack in the Box" in Amsterdam from 9-13 April 2018, and using the checkout code 'brakeingsecurity' discount code gets you a 10% discount". Register at https://conference.hitb.org/hitbsecconf2018ams/register/ #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:...

Duration:00:45:58

2018-006- NPM is whacking boxes, code signing, and stability of code

2/26/2018
More
Topics on today's show: NPM (Node Package Manager) - bug was introduced changing permissions on /etc, /boot, and /usr, breaking many systems, requiring full re-installs. Why was it allowed to be passed, and worse, why did so many run that version on production systems? Code signing - a well known content management system does not sign it's code. What are the risks involved in not signing the code? And we talk about why you should verify the code before you use it. Using code without...

Duration:00:46:17

2018-005-Securing_your_mobile_devices_and_CMS_against_plugin_attacks

2/14/2018
More
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2018-005-Securing_CMS_and_mobile_devices-phishing_story.mp3 Topics: Discussion of Ms. Berlin's course CAPEC discussion RTF malware MS Office A Phishing story... Mobile Supply Chain Security CMS Supply Chain Security Ms. Berlin’s course - recap of 2nd session Brakeing Down IR -date? Any malware of note? Upgrade your Office! Just double-clicked, used rtf and document never opened, just the script ran. Supply chain...

Duration:00:48:23

2018-004 - Discussing Bsides Seattle, and Does Autosploit matter?

2/4/2018
More
Show Notes: https://docs.google.com/document/d/1CSjskf-3vrguoyIyg8yOK2KLqg7srxYlee4RD6jzgNc/edit?usp=sharing Topics Discussed: New tool : AutoSploit - Does it lower the bar? How should Blue teamers be using Shodan? Discuss WPAD attacks, what WPAD is, and why it's a thing blue teams should worry about. ANNOUNCEMENTS: Ms. Amanda Berlin is running 4 session of her workshop "Disrupting the Killchain" starting on the 5th of February at 6:30pm Pacific Time (9:30 Eastern Time) If you...

Duration:00:38:38

BDIR-000 ; The Beginning

1/29/2018
More
Here is the inaugural episode of the "Brakeing Down Incident Response" Please check it out! BDIR Episode - 000 Our guests will be: Dave Cowan - Forensic Lunch Podcast and G-C Partners Tyler Hudak - Trainer in Malware Analysis and Reverse Engineering Topic of the Day: WHAT IS THIS NEW PODCAST ALL ABOUT, WHAT WILL IT COVER? "Incident Response, Malware Discovery, and Basic Malware Analysis, Detection and Response, Active Defense, Threat Hunting, and where does it fit within...

Duration:01:07:33

2018-003-Privacy Issues using Crowdsourced services,

1/26/2018
More
Back in late 2017, we did a show about expensify and how the organization was using a service called 'Amazon Mechanical Turk' (MTurk) to process receipts and to help train their Machine Learning Algorithms. You can download that show and listen to it here: 2017-040 #infosec people on Twitter and elsewhere were worried about #privacy issues, as examples of receipts on MTurk included things like business receipts, medical invoices, travel receipts and the like. One of our Slack members...

Duration:01:06:29

2018-002-John_Nye-Healthcare's_biggest_issues-ransomware

1/20/2018
More
John Nye is the VP of Cybersecurity Strategy at Healthcare consultancy Cynergistek. He's in the process of writing a whitepaper about the issues that are still plaguing the #healthcare. The sad thing is that while these issues (and many others) still cause defender's aches and pains in the many other industry's. But it's especially personal because the data held by them can cause every person issues, and depending on who has it, can be the cause of embarrassment, or even extortion or...

Duration:01:03:27

2018-001- A new year, new changes, same old trojan malware

1/12/2018
More
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2018-001-A_new_year-new_changes-same_old_malware.mp3 The first show of our 2018 season brings us something new (some awesome new additions to our repertoire), and something old (ransomware). Michael Gough is joining us to discuss a new a partnership with BrakeSec Podcast (you'll have to listen to find out, or wait a few weeks :D ) We discuss #Spectre and #meltdown vulnerabilities, wonder about the criticality of the vulnerabilities...

Duration:01:05:36

2017-SPECIAL005-End of year Podcast with podcasters

12/22/2017
More
As is tradition (or becoming around here) we like to get a bunch of podcasters together and just talk about our year. No prognostications, a bit of silliness, and we still manage to get in some great infosec content. Please enjoy! And please seek out these podcasts and have a listen! Slight warning: some rough language People and podcasts in attendance: Tracy Maleef (@infosecSherpa) Purple Squad Security Podcast (@purpleSquadSec) - John Svazic (@JohnsNotHere) Advanced Persistent...

Duration:01:25:49

Try Premium for 30 days

Live games for all NFL, MLB, NBA, & NHL teams
Commercial-Free Music
No Display Ads