Brakeing Down Security Podcast-logo

Brakeing Down Security Podcast

Technology News >

More Information

Location:

United States

Twitter:

@brakesec

Language:

English


Episodes

2018-029-postsummercamp-future_record_breached-vulns_nofix

8/17/2018
More
Post-Hacker Summercamp IppSec Walkthroughs Brakesec Derbycon ticket CTF - Drama - (hotel room search gate) AirconditionerGate Personal privacy Ask for ID Call the front desk Use the deadbolt - can be bypassed Plug the peephole with TP Hotel rooms aren’t secure (neither are the safes) Probably the most hostile environment infosec people go into to try and be...

Duration:00:55:29

2018-018-runkeys, DNS Logging, derbycon Talks

8/9/2018
More
HTTPS on www.brakeingsecurity.com, Libsyn RSS syncing of itunes/google Play is over TLS Amanda giving a talk at Diana Initiative Derbycon Talk - mental health Volunteer/Topic request form -...

Duration:00:50:35

2018-027-Godfrey Daniels talks about his book about the Mojave Phonebooth

8/1/2018
More
Godfrey Daniels - author of "Adventures with the Mojave Phone Booth" Mojave phonebooth Mojavephonebooth.com - book is on sale - at...

Duration:00:37:45

2018-026-insurers gathering data, netflix released a new DFIR tool, and google no longer gets phished?

7/26/2018
More
Stories and topics we covered: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/ https://osquery.io/ https://www.propublica.org/article/health-insurers-are-vacuuming-up-details-about-you-and-it-could-raise-your-rates https://medium.com/netflix-techblog/netflix-sirt-releases-diffy-a-differencing-engine-for-digital-forensics-in-the-cloud-37b71abd2698 Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter...

Duration:00:43:51

2015-025-BsidesSPFD, threathunting, assessing risk

7/19/2018
More
Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery. Bryan B. got back from BsidesSPFD, MO this week, after what was a well-received talk on building community. Lots of other excellent talks from speakers like Ms. Sunny Wear , and impromptu panel with Ben Miller and a whole host of others,...

Duration:00:34:52

2018-024- Pacu, a tool for pentesting AWS environments

7/11/2018
More
Ben Caudill @rhinosecurity Spencer Gietzen @spengietz Rhino Security - https://rhinosecuritylabs.com/blog/ AWS escalation and mitigation blog - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/ What is the difference between this and something like Scout or Lynis? Is it a forensic or IR tool? How might offensive people use this tool? What is possible when you’re using this as a ‘redteam’ or ‘pentesting’ tool? S3 bucket perms? Security...

Duration:00:55:19

2018-023: Cydefe interview-DNS enumeration-CTF setup & prep

7/2/2018
More
Raymond Evans - CTF organizer for nolacon and Founder of CyDefe Labs @cydefe CTF setup / challenges of setting up a CTF.Beginners & CTFsTypestips/tricksBiggest downfalls of CTF development https://www.heroku.com/ www.exploit-db.com BrakeSec DerbyCon @dragosinc dragos.com DNS Enumeration: https://github.com/nixawk/pentest-wiki/blob/master/1.Information-Gathering/How-to-gather-dns-information.md DNS...

Duration:00:55:24

2018-022-preventing_insider_threat

6/25/2018
More
After the recent Tesla insider threat event, BrakeSec decided to discuss some of the indicators of insider threat, what can be done to mitigate it, and why it happens. news stories...

Duration:00:47:31

2018-021-TLS 1.3 discussion, Area41 report, wireshark goodness

6/20/2018
More
Area41 Zurich report Book Club - 4th Tuesday of the month https://www.owasp.org/images/d/d3/TLS_v1.3_Overview_OWASP_Final.pdf https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet TLS_DHE_RSA_AES_256_GCM_SHA256 TLS = Protocol DHE = Diffie-Hellman ephemeral (provides Perfect Forward Secrecy) Perfect Forward Secrecy = session keys won’t be compromised, even if server private keys are Past messages and data cannot be retrieved or decrypted...

Duration:00:42:42

2018-020: NIST's new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords

6/13/2018
More
https://nostarch.com/packetanalysis3 -- Excellent Book! You must buy it. DetSEC mention ShowMe Con panel and keynote SeaSec East standing room only. Crispin gave a great toalk about running as Standard user Bsides Cleveland - https://www.passwordping.com/surprising-new-password-guidelines-nist/ 1Password version 7.1 integrates with Troy Hunt's "Pwned Passwords" service to check for passwords that...

Duration:00:36:43

2018-019-50 good ways to protect your network, brakesec summer reading program

6/5/2018
More
Ms. Berlin’s mega tweet on protecting your network https://twitter.com/InfoSystir/status/1000109571598364672 Utica College CYB617 I tweeted “utica university” many pardons Mr. Childress’ high school class Laurens, South Carolina Probably spent as much as a daily coffee at Starbucks… makes all the difference. CTF Club, and book club (summer reading series) Patreon SeaSec East Showmecon Area41con bsidescleveland Here are 50 FREE things you can do to improve the...

Duration:00:47:20

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs

5/30/2018
More
https://darknetdiaries.com/ Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/https://www.youtube.com/watch?v=eFVBz_ATAlU- when anonymous attacks your hospital The oldest known vulnerability is still a big problem. Default passwords. Why haven't we fixed this yet?...

Duration:00:34:14

2018-017- threat models, vuln triage, useless scores, and analysis tools

5/22/2018
More
Vuln mgmt tools CVE scores suck. Threat modeling is good. Forces you to know your...

Duration:00:39:37

2018-016- Jack Rhysider, DarkNet Diaries, and a bit of infosec history (Part 1)

5/15/2018
More
Converge Detroit Jack Rhysider- Podcaster, DarkNet Diaries https://darknetdiaries.com/ Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/https://www.youtube.com/watch?v=eFVBz_ATAlU- when anonymous attacks your hospital The oldest known vulnerability is still a big problem. Default passwords. Why haven't we fixed this yet?...

Duration:00:37:12

2018-015-Data labeling, data classification, and GDPR issues

5/7/2018
More
GDPR will affect any information system that processes or will process people… like it or not. Derby Tickets CTF and auction Keynote Converge Detroit I’ll be at nolacon too Boettcher Recap BDIR #3 https://blog.netwrix.com/2018/05/01/five-reasons-to-ditch-manual-data-classification-methods/ https://blog.networksgroup.com/data-loss-prevention-fundamentals Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify:...

Duration:00:52:06

2018-014- Container Security with Jay Beale

4/29/2018
More
Container security Jay Beale @inguardians , @jaybeale Containers What the heck is a container?Linux distribution with a kernelContainers run on top of that, sharing the kernel, but not the filesystemNamespacesMountNetworkHostnamePIDIPCUsersSomebody said we’ve had containers since before DockerContainers started in 2005, with OpenVZDocker was 2013, Kubernetes 2014Image SecurityCoreOS Clair for vuln scanning imagesPublic repos vs privateDon’t keep the image running for so...

Duration:01:05:29

2018-013-Sigma_malware_report, Verizon_DBIR discussion, proper off-boarding of employees

4/20/2018
More
Report from Bsides Nash - Ms. Berlin New Job Keynote at Bsides Springfield, MO Mr. Boettcher talks about Sigma Malware infection. http://www.securitybsides.com/w/page/116970567/BSidesSpfd **new website upcoming** Registration is coming and will be updated on next show (hopefully) DBIR -https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf VERIS framework http://veriscommunity.net/ 53,000 incidents 2,216 breaches?! 73% breaches...

Duration:01:05:19

2018-012: SIEM tuning, collection, types of SIEM, and do you even need one?

4/11/2018
More
Bryan plays 'stump the experts' with Ms. Berlin and Mr. Boettcher this week... We discuss SIEM logging, and tuning... How do SIEM deal with disparate log file types? What logs should be the first to be gathered? Is a SIEM even required, or is just a central log repo enough? Which departments benefit the most from logging? (IT, IR, Compliance?) Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS:...

Duration:01:00:42

2018-011: Creating a Culture of Neurodiversity

4/4/2018
More
Megan Roddie discusses being a High functioning Autistic, and we discuss how company and management can take advantage of the unique abilities of those with high functioning autism. Direct Link: http://traffic.libsyn.com/brakeingsecurity/2018-011.mp3 Matt Miller's Assembly and Reverse Engineering Class: Still can sign up! The syllabus is here: https://drive.google.com/open?id=1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0 SHOW NOTES: Link to Megan’s slides Megan Roddie...

Duration:01:10:35

2018-010 - The ransoming of Atlanta, Facebook slurping PII, Dridex variants

3/27/2018
More
Matt Miller’s #Assembly and #Reverse #Engineering class $150USD for each class, 250USD for both classes Syllabus : https://docs.google.com/document/d/1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0/edit?usp=sharing Please state which class you'd like to take when ordering in the "Notes" field in Paypal https://paypal.me/BDSPodcast/150usd To sign up for both classes:...

Duration:00:37:45