Brakeing Down Security Podcast-logo

Brakeing Down Security Podcast

Technology News >

More Information


United States







Direct Link: Topics: Discussion of Ms. Berlin's course CAPEC discussion RTF malware MS Office A Phishing story... Mobile Supply Chain Security CMS Supply Chain Security Ms. Berlin’s course - recap of 2nd session Brakeing Down IR -date? Any malware of note? Upgrade your Office! Just double-clicked, used rtf and document never opened, just the script ran. Supply chain isn’t...


2018-004 - Discussing Bsides Seattle, and Does Autosploit matter?

Show Notes: Topics Discussed: New tool : AutoSploit - Does it lower the bar? How should Blue teamers be using Shodan? Discuss WPAD attacks, what WPAD is, and why it's a thing blue teams should worry about. ANNOUNCEMENTS: Ms. Amanda Berlin is running 4 session of her workshop "Disrupting the Killchain" starting on the 5th of February at 6:30pm Pacific Time (9:30 Eastern Time) If you...


BDIR-000 ; The Beginning

Here is the inaugural episode of the "Brakeing Down Incident Response" Please check it out! BDIR Episode - 000 Our guests will be: Dave Cowan - Forensic Lunch Podcast and G-C Partners Tyler Hudak - Trainer in Malware Analysis and Reverse Engineering Topic of the Day: WHAT IS THIS NEW PODCAST ALL ABOUT, WHAT WILL IT COVER? "Incident Response, Malware Discovery, and Basic Malware Analysis, Detection and Response, Active Defense, Threat Hunting, and where does it fit within...


2018-003-Privacy Issues using Crowdsourced services,

Back in late 2017, we did a show about expensify and how the organization was using a service called 'Amazon Mechanical Turk' (MTurk) to process receipts and to help train their Machine Learning Algorithms. You can download that show and listen to it here: 2017-040 #infosec people on Twitter and elsewhere were worried about #privacy issues, as examples of receipts on MTurk included things like business receipts, medical invoices, travel receipts and the like. One of our Slack members...



John Nye is the VP of Cybersecurity Strategy at Healthcare consultancy Cynergistek. He's in the process of writing a whitepaper about the issues that are still plaguing the #healthcare. The sad thing is that while these issues (and many others) still cause defender's aches and pains in the many other industry's. But it's especially personal because the data held by them can cause every person issues, and depending on who has it, can be the cause of embarrassment, or even extortion or...


2018-001- A new year, new changes, same old trojan malware

Direct Link: The first show of our 2018 season brings us something new (some awesome new additions to our repertoire), and something old (ransomware). Michael Gough is joining us to discuss a new a partnership with BrakeSec Podcast (you'll have to listen to find out, or wait a few weeks :D ) We discuss #Spectre and #meltdown vulnerabilities, wonder about the criticality of the vulnerabilities...


2017-SPECIAL005-End of year Podcast with podcasters

As is tradition (or becoming around here) we like to get a bunch of podcasters together and just talk about our year. No prognostications, a bit of silliness, and we still manage to get in some great infosec content. Please enjoy! And please seek out these podcasts and have a listen! Slight warning: some rough language People and podcasts in attendance: Tracy Maleef (@infosecSherpa) Purple Squad Security Podcast (@purpleSquadSec) - John Svazic (@JohnsNotHere) Advanced Persistent...


2017-042-Jay beale, Hushcon, Apple 0Day, and BsidesWLG audio

Ms. Berlin and Mr. Boettcher are on holiday this week, and I (Bryan) went to Hushcon ( last week (8-9 Dec 2017). Lots of excellent discussion and talks. While there, our friend Jay Beale (@jaybeale) came on to discuss Hushcon, as well as some recent news. Google released an 0day for Apple iOS, and we talk about how jailbreaking repos seem to be shuttering, because there have not been as many as vulns found to allow for jailbreaking iDevices. We also went back and...


2017-041- DFIR Hierarchy of Needs, and new malware attacks

Maslow's Hierarchy of needs was developed with the idea that the most basic needs should be satisfied to allow for continued successful development of the person and the community inevitably created by people seeking the same goals. DFIR is also much the same way in that there are certain necessary basics needed to ensure that you can detect, respond, and reduce possible damage inflicted by an attack. In my searching, we saw a tweet about a #github from Matt Swann (@MSwannMSFT) with just...



With Mr. Boettcher out this week due to family illness, Ms. Berlin and I discussed a little bit of what is going on in the world. Expensify unveiled a new 'feature' where random people would help train their AI to better analyze receipts. Problem is that the random people could see medical receipts, hotel bills, and other PII. We discuss how they allowed this and the press surrounding it. We also discuss why these kinds of issues are prime reasons to do periodic vendor reviews. Our...


2017-039-creating custom training for your org, and audio from SANS Berlin!

This week is a bit of a short show, as Ms. Berlin and Mr. Boettcher are out this week for the holiday. I wanted to talk about something that I've started doing at work... Creating training... custom training that can help your org get around the old style training. Also, we got some community audio from one of our listeners! "JB" went to a SANS event in Berlin, Germany a few weeks ago, and talked to some attendees, as well as Heather Mahalick (@HeatherMahalik), instructor of the FOR585...


2017-038- Michael De Libero discusses building out your AppSec Team

Direct Link: Michael De Libero spends his work hours running an application security team at a gaming development company. I (Bryan) was really impressed at the last NCC Group Quarterly meetup when he gave a talk (not recorded) about how to properly build out your Application Security Team. So I asked him on, and we went over the highlights of his talk. Some of the topics included: Discussing with management your manpower issues Who to include in your...


2017-037 - Asset management techniques, and it's importance, DDE malware

Direct Link: We started off the show talking to Mr. Boettcher about what DDE is and how malware is using this super legacy Windows component (found in Windows 2) to propogate malware in MS Office docs and spreadsheets. We also talk about how to protect your Windows users from this. We then get into discussing why it's so important to have proper asset management in place. Without knowing what is in your environment,...


2017-036-Adam Shostack talks about threat modeling, and how to do it properly

Direct Link: Adam Shostack has been a fixture of threat modeling for nearly 2 decades. He wrote the 'threat modeling' bible that many people consult when they need to do threat modeling properly. We discuss the different threat modeling types (STRIDE, DREAD, Trike, PASTA) and which ones Adam enjoys using. Mr. Boettcher asks how to handle when people believe an OS is better than another, how to do...


2017-SPECIAL004- SOURCE Conference Seattle 2017

After last year's SOURCE Conference, I knew I needed to go again, not just because it was a local (Seattle) infosec conference, but because of the caliber of speakers and the range of topics that were going to be covered. I got audio from two of the speakers at the SOURCE conference (@sourceconf) on Twitter Lee Fisher and Paul English from PreOS Security about UEFI security and methods to secure your devices Joe Basirico discusses the proper environment to get...



Direct Link: We are back this week after a bit of time off, and we getting right back into it... What happens after you enact your business continuity plan? Many times, it can cause you to have to change processes, procedures... you may not even be doing business in the same country or datacenter, and you may be needing to change the way business is done. We also talk a bit about 3rd party...


2017-SPECIAL003-Audio from Derbycon 2017!

Direct Link: Mr. Boettcher, Ms. Berlin, and I went to Derbycon. In addition to the podcast with podcasters we did during the 3 days, I managed to grab another whole hour of audio from various people at the conference, just to give you an idea of the vibe of the conference, in case you were unable to attend. We talked to the FOOOLs (, and how they have done the lockpick village...


2017-034-Preston_Pierce, recruiting, job_descriptions

*Apologies for the continuity this was recorded before we went to Derbycon 2017.* Preston Pierce is a recruiter. We wanted to have him on to discuss some issues with our industry. So we had him on to discuss hiring practices, how a recruiter can help a company recruiter better talent, and how to stop companies looking for the 'unicorn' candidate. Preston is a great guy and we learned a lot about how the recruiting process works, and how Preston's company work differently from other,...


2017-SPECIAL002-Derbycon-podcast with podcasters (NSF Kids/Work)

Direct Link: SUPER NOT SAFE for kids (and probably adults, come to think of it). Really this is just us riffing about derbycon (and I really love @oncee, and wished I'd gone to his stable talk (which you can listen/watch here: We actually did talk about the skills gap, resume workshop held...


2017-033- Zane Lackey, Inserting security into your DevOps environment

Zane Lackey (@zanelackey on Twitter) loves discussing how to make the DevOps, and the DevSecOps (or is it 'SecDevOps'... 'DevOpsSec'?) So we talk to him about the best places to get the most bang for your buck getting security into your new DevOps environment. What is the best way to do that? Have a listen... Direct Link: RSS: Youtube Channel:...


See More