Brakeing Down Security Podcast-logo

Brakeing Down Security Podcast

Technology News >

More Information

Location:

United States

Twitter:

@brakesec

Language:

English


Episodes

2019-015-Kevin_johnson-incident_response_aftermath

4/21/2019
More
Announcements: https://www.workshopcon.com/ SpecterOps (red Team operations) and Tim Tomes (PWAPT) Bsides Nashville https://blog.secureideas.com/2019/04/we-take-security-seriously-and-other-trite-statements.html “We take security seriously and other trite statements“ Wordpress infrastructure (supply chain failure) WordPress plugin called Woocommerce was at fault. Vuln late last year: ...

Duration:01:24:26

2019-014-Tesla fails encryption, Albany and Sammamish ransomware attacks.

4/14/2019
More
Announcements: WorkshopCon Training with SpecterOps and Tim Tomes www.workshopcon.com redteam operations with SpecterOps PWAPT with Tim Tomes Source Boston: [Boston, MA 2019 (April 29 – May 3, 2019) (https://sourceconference.com/events/boston19/)Trainings: April 29 - April 30, 2019 | Conference: May 1 - 3, 2019 Cybernauts CTF meetup in Austin Texas at Indeed offices, 23 April at 5pm Central...

Duration:00:50:40

2019-013-ASVSv4 discussion with Daniel Cuthbert and Jim Manico - Part 2

4/7/2019
More
Announcements: SpecterOps and Tim Tomes are giving training at WorkshopCon https://www.workshopcon.com Rob Cheyne Source Boston - https://sourceconference.com/events/boston19/ Austin Cybernauts meetup - https://www.eventbrite.com/e/cybernauts-ctf-meetup-indeed-tickets-58816141663 SHOW NOTES: Architecture is not an implementation, but a way of thinking about a problem that has potentially many different answers, and no one single "correct" answer. https://github.com/OWASP/ASVS “is to...

Duration:00:56:34

2019-012: OWASP ASVSv4 discussion with Daniel Cuthbert and Jim Manico - Part 1

3/31/2019
More
Show Notes SpecterOps and Tim Tomes are giving training at WorkshopCon https://www.workshopcon.com Rob Cheyne Source Boston - https://sourceconference.com/events/boston19/ Architecture is not an implementation, but a way of thinking about a problem that has potentially many different answers, and no one single "correct" answer. https://github.com/OWASP/ASVS “is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web...

Duration:00:51:50

2019-011-part 2 of our interview with Brian "Noid" Harden

3/24/2019
More
Log-MD story SeaSec East meetup Gabe (county Infosec guy) https://www.sammamish.us/government/departments/information-technology/ransomware-attack-information-hub/ New Slack Moderator (@cherokeeJB) Shoutout to “Jerry G” Mike P on Slack: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-dc-april-2019-tickets-54735183407 www.Workshopcon.com/events and that we're looking for BlueTeam trainers please Any chance you can tag @workshopcon. SpecterOps...

Duration:00:47:11

2019-010-Zach_Ruble-building_a_better_cheaper_C2_infra

3/18/2019
More
Shout-out to Thomas… Tried to meetup while at SEA comic-con Patreon Log-MD Hacker’s Health - Ms. Roddie is at TROOPERS (Ms. Berlin?) 4 podcasts? SpecterOps Training / workshopCon - https://www.workshopcon.com/events Zach Ruble- @sendrublez C2 infra using Public WebApps TARCE - Teaching Assistant RCE(?) - they run your code every week, don’t check for backdoors before running it... C2 Basics Local HTTPd server (bashfile) Python scrapes web server 3...

Duration:01:12:03

2019-009- Log-MD story, Noid, communicating with Devs and security people-part1

3/11/2019
More
Log-MD story (quick one) (you’ll like this one, Mr. Boettcher) SeaSec East meetup "Gabe" https://www.sammamish.us/government/departments/information-technology/ransomware-attack-information-hub/ New Slack Moderator (@cherokeeJB) Shoutout to “Jerry G” Mike P on Slack: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-dc-april-2019-tickets-54735183407 www.Workshopcon.com/events and that we're looking for BlueTeam trainers please Any chance you...

Duration:00:50:59

2019-008-windows retpoline patches, PSremoting, underthewire, thunderclap vuln

3/4/2019
More
BrakeingDownIR show #10 GrumpySec appearance? https://support.microsoft.com/en-us/help/4482887/windows-10-update-kb4482887 https://techcommunity.microsoft.com/t5/Windows-Kernel-Internals/Mitigating-Spectre-variant-2-with-Retpoline-on-Windows/ba-p/295618 https://blogs.technet.microsoft.com/srd/2018/03/15/mitigating-speculative-execution-side-channel-hardware-vulnerabilities/ “Microsoft has added support for the /Qspectre flag to Visual C++ which currently enables some narrow...

Duration:00:56:00

2019-007-bsides_seattle_recap-new_phishing_vector-Kernel_use_after_free_vuln

2/24/2019
More
Bsides Seattle recap (Bryan) New phishing technique to bypass email filters- https://www.helpnetsecurity.com/2019/02/20/phishers-new-trick-for-bypassing-email-url-filters/ https://en.wikipedia.org/wiki/Office_Open_XML_file_formats#Relationships Use after free in Linux...

Duration:00:44:43

2019-006: CSRF, XSS, infosec hypocrites, and the endless cycle

2/17/2019
More
https://www.zdnet.com/article/google-working-on-new-chrome-security-feature-to-obliterate-dom-xss/ https://www.owasp.org/index.php/DOM_Based_XSS CSRF - confused deputy https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) Google Cloud Platform - tip tricks, stuff ms. berlin learned Layer 8 conference - Rhode Island’’ I was wrong…..cycles don’t sync --Ms. Berlin https://health.clevelandclinic.org/myth-truth-period-really-sync-close-friends/ Check out our...

Duration:00:40:38

2019-005: Security Researcher attack, disabling SPECTER, and Systemd discussion

2/10/2019
More
SpecterOps Class: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-boston-june-2019-tickets-54970050902 https://www.secjuice.com/security-researcher-assaulted-ice-atrient/ https://www.csoonline.com/article/3338112/security/vendor-allegedly-assaults-security-researcher-who-disclosed-massive-vulnerability.html Tweet of application teardown: ...

Duration:00:55:22

2019-004-ShmooCon, and Bsides Leeds discussion, Facetime bug (with update), a town for ransom

2/3/2019
More
Facetime bug update: https://www.cnbc.com/2019/02/01/apple-facetime-bug-fix-and-apology.html ShmooCon discussion Bsides Leeds...

Duration:00:44:50

2019-003-Liz Rice, creating processes to shift security farther left in DevOps

1/27/2019
More
BIO: Liz Rice is the Technology Evangelist with container security specialists Aqua Security, where she also works on container-related open source projects including kube-hunter and kube-bench. She was Co-Chair of the CNCF’s KubeCon + CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle, and co-author of the O’Reilly Kubernetes Security book. She has a wealth of software development, team, and product management experience from working on network protocols and distributed...

Duration:01:03:33

2019-002-part 2 of the OWASP IoT Top 10 with Aaron Guzman

1/21/2019
More
intro CFP for Bsides Barcelona is open! https://bsides.barcelona Aaron Guzman: @scriptingxss https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive https://www.owasp.org/index.php/IoT_Attack_Surface_Areas https://scriptingxss.gitbooks.io/embedded-appsec-best-practices//executive_summary/9_usage_of_data_collection_and_storage_-_privacy.html OWASP SLACK: https://owasp.slack.com/ https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg Team of...

Duration:00:46:03

2019-001: OWASP IoT Top 10 discussion with Aaron Guzman

1/14/2019
More
Aaron Guzman: @scriptingxss https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive https://www.owasp.org/index.php/IoT_Attack_Surface_Areas https://scriptingxss.gitbooks.io/embedded-appsec-best-practices//executive_summary/9_usage_of_data_collection_and_storage_-_privacy.html OWASP SLACK: https://owasp.slack.com/ https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg Team of 10 or so… list of “do’s and don’ts” Sub-projects? Embedded...

Duration:00:36:53

2018-045: end of the year podcast!

12/27/2018
More
Join the combined forces of: Jerry Bell (@maliciousLink) from Defensive Security Podcast! (https://defensivesecurity.org/) Bill Gardner from the "RebootIt! podcast" https://itunes.apple.com/us/podcast/reboot-it/id1256466198?mt=2 Ms. Berlin and Bryan Brake for the end of the year podcast! BrakeSec Podcast = www.brakeingsecurity.com RSS: https://www.brakeingsecurity.com/rss

Duration:01:11:26

2018-044: Mike Samuels discusses NodeJS hardening initiatives

12/18/2018
More
Mike Samuels https://twitter.com/mvsamuel https://github.com/mikesamuel/attack-review-testbed https://nodejs-security-wg.slack.com/ Hardening NodeJS Speaking engagement talks: A Node.js Security Roadmap at JSConf.eu - https://www.youtube.com/watch?v=1Gun2lRb5Gw Improving Security by Improving the Framework @ Node Summit - https://vimeo.com/287516009 Achieving Secure Software through Redesign at Nordic.js - ...

Duration:00:56:10

2018-043-Adam-Baldwin, npmjs Director of Security, event stream post mortem, and making your package system more secure

12/11/2018
More
Adam Baldwin (@adam_baldwin) Director of Security, npm https://foundation.nodejs.org/ https://spring.io/understanding/javascript-package-managers Role in the NodeJS project Advisory? Active role? Maintain security modules? Are there any requirements to being a dev? Are there different roles in the NodeJS environment? Is there any review of system sensitive packages? (or has that ship sailed…) Discussion of timeline from NodeJS security team When were you notified? (or were...

Duration:01:11:13

2018-042-Election security processes in the state of Ohio

12/2/2018
More
Where in the world is Ms. Amanda Berlin? Keynoting hackerconWV Election Security Cuyahoga County: Intro: Jeremy Mio (@cyborg00101 Name? Why are you here? Discussing Ohio does election operations. Walk through the process Pre-Elections Elections Night Post Elections All about the C.I.A. Votes must be confidential Votes must not be compromised (integrity) Voting should be available and without outage Did a tabletop exercise with all counties in Ohio...

Duration:01:24:49

2018-041: part 2 of Kubernetes security insights w/ ian Coldwater

11/26/2018
More
@IanColdwater https://www.redteamsecure.com/ *new gig* So many different moving parts Plugins Code Hardware She’s working on speaking schedule for 2019 How would I use these at home? https://kubernetes.io/docs/setup/minikube/ Kubernetes - up and running https://www.amazon.com/Kubernetes-Running-Dive-Future-Infrastructure/dp/1491935677 General wikipedia article (with architecture diagram): https://en.wikipedia.org/wiki/Kubernetes https://twitter.com/alicegoldfuss -...

Duration:00:44:56