Brakeing Down Security Podcast-logo

Brakeing Down Security Podcast

Technology News >

More Information

Location:

United States

Twitter:

@brakesec

Language:

English


Episodes

2018-043-Adam-Baldwin, npmjs Director of Security, event stream post mortem, and making your package system more secure

12/11/2018
More
Adam Baldwin (@adam_baldwin) Director of Security, npm https://foundation.nodejs.org/ https://spring.io/understanding/javascript-package-managers Role in the NodeJS project Advisory? Active role? Maintain security modules? Are there any requirements to being a dev? Are there different roles in the NodeJS environment? Is there any review of system sensitive packages? (or has that ship sailed…) Discussion of timeline from NodeJS security team When were you notified? (or were...

Duration:01:11:13

2018-042-Election security processes in the state of Ohio

12/2/2018
More
Where in the world is Ms. Amanda Berlin? Keynoting hackerconWV Election Security Cuyahoga County: Intro: Jeremy Mio (@cyborg00101 Name? Why are you here? Discussing Ohio does election operations. Walk through the process Pre-Elections Elections Night Post Elections All about the C.I.A. Votes must be confidential Votes must not be compromised (integrity) Voting should be available and without outage Did a tabletop exercise with all counties in Ohio...

Duration:01:24:49

2018-041: part 2 of Kubernetes security insights w/ ian Coldwater

11/26/2018
More
@IanColdwater https://www.redteamsecure.com/ *new gig* So many different moving parts Plugins Code Hardware She’s working on speaking schedule for 2019 How would I use these at home? https://kubernetes.io/docs/setup/minikube/ Kubernetes - up and running https://www.amazon.com/Kubernetes-Running-Dive-Future-Infrastructure/dp/1491935677 General wikipedia article (with architecture diagram): https://en.wikipedia.org/wiki/Kubernetes https://twitter.com/alicegoldfuss -...

Duration:00:44:56

2018-040- Jarrod Frates discusses pentest processes

11/18/2018
More
Jarrod Frates Inguardians @jarrodfrates “Skittering Through Networks” Ms. Berlin in Germany - How’d it go? TinkerSec’s story: https://threadreaderapp.com/thread/1063423110513418240.html Takeaways Blue Team: - Least Privilege Model - Least Access Model “limited remote access to only a small number of IT personnel” “This user didn't need Citrix, so her Citrix linked to NOTHING” “They limited access EVEN TO LOCAL ADMINS!” - Multi-Factor Authentication - Simple Anomaly Rule...

Duration:01:21:17

2018-039-Ian Coldwater, kubernetes, container security

11/12/2018
More
Ian Coldwater- @IanColdwater https://www.redteamsecure.com/ *new gig* So many different moving parts Plugins Code Hardware She’s working on speaking schedule for 2019 How would I use these at home? https://kubernetes.io/docs/setup/minikube/ Kubernetes - up and running https://www.amazon.com/Kubernetes-Running-Dive-Future-Infrastructure/dp/1491935677 General wikipedia article (with architecture diagram):...

Duration:00:50:15

2018-038-InfosecSherpa, security culture,

11/5/2018
More
@InfoSecSherpa I have two talks coming up: Empathy as a Service to Create a Culture of Security at the Cofense Submerge conferenceDeep Dive into Social Media as an OSINT Tool at the H-ISAC Fall Summit (Health Information Sharing and Analysis Center) *Shameless Plug* My Nuzzel newsletters https://nuzzel.com/InfoSecSherpa https://nuzzel.com/InfoSecSherpa/cybersecurity-africa News stories - Biglaw Firm Hit With Cybersecurity Incident Earlier This Month (Published: 29 October...

Duration:00:59:11

2018-037-iWatch save man's life, Alexa detects your mood, and post-derby discussion

10/21/2018
More
Health & Tech? https://arstechnica.com/gadgets/2018/10/amazon-patents-alexa-tech-to-tell-if-youre-sick-depressed-and-sell-you-meds/ https://hackaday.io/project/151388-minder (774 results for “health” on hackaday) (def don’t need to talk about, but still funny AF) https://hackaday.io/project/11407-myflow https://9to5mac.com/2017/12/15/apple-watch-saves-life-managing-heart-attack/ https://www.adheretech.com/ Privacy implications? Microsoft healthcare initiative - ...

Duration:00:44:30

2018-036-Derbycon 2018 Audio with Cheryl Biswas and Tomasz Tula

10/14/2018
More
Derbycon is probably one of the best infosec conferences of the calendar year. The podcast always has so much fun meeting listeners, meeting new people, and getting some audio to share with folks who can't be there. This year, we still got some audio, and it's great. We talked with Cheryl Biswas (@3ncr1pt3d) with her talks at #Derbycon and her work with the #dianaInitiative Check out her talks at the links on @irongeek's website... Cheryl's Track talk: ...

Duration:00:39:56

2018-035-software bloat is forever; malicious file extensions; WMIC abuses

10/1/2018
More
Pizza Party Link - https://www.eventbrite.com/e/brakesec-derbycon-pizza-meetup-tickets-50719385046 News stories- Software/library...

Duration:00:52:42

2018-034-Pentester_Scenario

9/24/2018
More
Interesting email from one of our listeners. Detailing an issue that came up on a client engagement. We walk through best ways to store information post-engagement, and what you need to do to document test procedures so you don't get bit by a potential issue perhaps months down the line. Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec...

Duration:00:40:02

2018--033-Chris_Hadnagy-SE-OSINT-vishing-phishing-book_interview-pt2

9/15/2018
More
Part 2 of our interview with Chris Hadnagy Discuss more about his book, best ways to setup your pre-text in an engagement how you might read someone on a poker table a great story about Chris's favorite person “Neil Fallon” from the rock band “Clutch” and we talk about “innocent lives foundation”, something near and dear to Chris' heart. We start the second part of our interview with Chris with the question “are the majority of your SE engagements phishing and calls, or is it...

Duration:01:00:27

2018-032-chris Hadnagy, discusses his new book, OSINT and SE Part 1

9/8/2018
More
Christopher Hadnagy Interview: Origin story connoisseur of moonshine Social Engineering: The Science of Human Hacking 2nd Edition Sponsored Link (paperback on Amazon): https://amzn.to/2NKxLD9 SEORG book list: https://www.social-engineer.org/resources/seorg-book-list/ Chris’ Podcast: https://www.social-engineer.org/podcast/ SECTF at Derby (contestants are chosen) Remembering - attention to detail Remembering details Can be the difference between success and...

Duration:00:37:51

2018-031-Derbycon ticket CTF, Windows Event forwarding, SIEM collection, and missing events... oh my!

8/31/2018
More
We are back with a new episode this week! We got over our solutions for some of the #derbyCon ticket #CTF challenges and include links to some of the challenges. We talk about Windows Event Forwarder, and all log forwarders seem to losing events! Thanks to our Patrons! Gonna be at Derbycon, come see us! Congrats to our Derbycon Ticket CTF winners! Winner: @gigstaggart 2nd Place: @ohai_ninja 3rd Place: @SoDakHib Mr. Boettcher’s Challenge (SuperCrypto): ...

Duration:01:08:26

2018-030: Derbycon CTF and Auction info, T-mobile breach suckage, and lockpicking

8/25/2018
More
CTF information: Official site: https://scoreboard.totallylegitsite.com (thanks Matt Domko (@hashtagcyber) for hosting and allowing us to use his employee discount!) Please do not pentest the environment, not DDoS, nor cause anything undesirable to happen to the site. View the page, submit the flags, leave everything else alone... Derbycon Auction - starts September 8th at 9am Pacific Time Slack only - Opening bid is $175 Increments of $25 only 100% goes to Chris Sanders’ “Rural...

Duration:01:01:34

2018-029-postsummercamp-future_record_breached-vulns_nofix

8/17/2018
More
Post-Hacker Summercamp IppSec Walkthroughs Brakesec Derbycon ticket CTF - Drama - (hotel room search gate) AirconditionerGate Personal privacy Ask for ID Call the front desk Use the deadbolt - can be bypassed Plug the peephole with TP Hotel rooms aren’t secure (neither are the safes) Probably the most hostile environment infosec people go into to try and be...

Duration:00:55:29

2018-028-runkeys, DNS Logging, derbycon Talks

8/9/2018
More
HTTPS on www.brakeingsecurity.com, Libsyn RSS syncing of itunes/google Play is over TLS Amanda giving a talk at Diana Initiative Derbycon Talk - mental health Volunteer/Topic request form -...

Duration:00:50:35

2018-027-Godfrey Daniels talks about his book about the Mojave Phonebooth

8/1/2018
More
Godfrey Daniels - author of "Adventures with the Mojave Phone Booth" on sale at...

Duration:00:37:45

2018-026-insurers gathering data, netflix released a new DFIR tool, and google no longer gets phished?

7/26/2018
More
Stories and topics we covered: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/ https://osquery.io/ https://www.propublica.org/article/health-insurers-are-vacuuming-up-details-about-you-and-it-could-raise-your-rates https://medium.com/netflix-techblog/netflix-sirt-releases-diffy-a-differencing-engine-for-digital-forensics-in-the-cloud-37b71abd2698 Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter...

Duration:00:43:51

2018-025-BsidesSPFD, threathunting, assessing risk

7/19/2018
More
Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery. Bryan B. got back from BsidesSPFD, MO this week, after what was a well-received talk on building community. Lots of other excellent talks from speakers like Ms. Sunny Wear , and impromptu panel with Ben Miller and a whole host of others,...

Duration:00:34:52

2018-024- Pacu, a tool for pentesting AWS environments

7/11/2018
More
Ben Caudill @rhinosecurity Spencer Gietzen @spengietz Rhino Security - https://rhinosecuritylabs.com/blog/ AWS escalation and mitigation blog - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/ What is the difference between this and something like Scout or Lynis? Is it a forensic or IR tool? How might offensive people use this tool? What is possible when you’re using this as a ‘redteam’ or ‘pentesting’ tool? S3 bucket perms? Security Group...

Duration:00:55:19