Try Premium for 30 days

Live games for all NFL, MLB, NBA, & NHL teams
Commercial-Free Music
No Display Ads
Brakeing Down Security Podcast-logo

Brakeing Down Security Podcast

162 Favorites

More Information


United States






2017-042-Jay beale, Hushcon, Apple 0Day, and BsidesWLG audio

Ms. Berlin and Mr. Boettcher are on holiday this week, and I (Bryan) went to Hushcon ( last week (8-9 Dec 2017). Lots of excellent discussion and talks. While there, our friend Jay Beale (@jaybeale) came on to discuss Hushcon, as well as some recent news. Google released an 0day for Apple iOS, and we talk about how jailbreaking repos seem to be shuttering, because there have not been as many as vulns found to allow for jailbreaking iDevices. We also went back and discussed...

Duration: 01:06:29

2017-041- DFIR Hierarchy of Needs, and new malware attacks

Maslow's Hierarchy of needs was developed with the idea that the most basic needs should be satisfied to allow for continued successful development of the person and the community inevitably created by people seeking the same goals. DFIR is also much the same way in that there are certain necessary basics needed to ensure that you can detect, respond, and reduce possible damage inflicted by an attack. In my searching, we saw a tweet about a #github from Matt Swann (@MSwannMSFT) with just...

Duration: 01:02:16


With Mr. Boettcher out this week due to family illness, Ms. Berlin and I discussed a little bit of what is going on in the world. Expensify unveiled a new 'feature' where random people would help train their AI to better analyze receipts. Problem is that the random people could see medical receipts, hotel bills, and other PII. We discuss how they allowed this and the press surrounding it. We also discuss why these kinds of issues are prime reasons to do periodic vendor reviews. Our...

Duration: 00:47:25

2017-039-creating custom training for your org, and audio from SANS Berlin!

This week is a bit of a short show, as Ms. Berlin and Mr. Boettcher are out this week for the holiday. I wanted to talk about something that I've started doing at work... Creating training... custom training that can help your org get around the old style training. Also, we got some community audio from one of our listeners! "JB" went to a SANS event in Berlin, Germany a few weeks ago, and talked to some attendees, as well as Heather Mahalick (@HeatherMahalik), instructor of the FOR585...

Duration: 00:43:12

2017-038- Michael De Libero discusses building out your AppSec Team

Direct Link: Michael De Libero spends his work hours running an application security team at a gaming development company. I (Bryan) was really impressed at the last NCC Group Quarterly meetup when he gave a talk (not recorded) about how to properly build out your Application Security Team. So I asked him on, and we went over the highlights of his talk. Some of the topics included: Discussing with management your manpower issues Who to include in your...

Duration: 00:56:09

2017-037 - Asset management techniques, and it's importance, DDE malware

Direct Link: We started off the show talking to Mr. Boettcher about what DDE is and how malware is using this super legacy Windows component (found in Windows 2) to propogate malware in MS Office docs and spreadsheets. We also talk about how to protect your Windows users from this. We then get into discussing why it's so important to have proper asset management in place. Without knowing what is in your environment,...

Duration: 00:52:28

2017-036-Adam Shostack talks about threat modeling, and how to do it properly

Direct Link: Adam Shostack has been a fixture of threat modeling for nearly 2 decades. He wrote the 'threat modeling' bible that many people consult when they need to do threat modeling properly. We discuss the different threat modeling types (STRIDE, DREAD, Trike, PASTA) and which ones Adam enjoys using. Mr. Boettcher asks how to handle when people believe an OS is better than another, how to do...

Duration: 01:34:53

2017-SPECIAL004- SOURCE Conference Seattle 2017

After last year's SOURCE Conference, I knew I needed to go again, not just because it was a local (Seattle) infosec conference, but because of the caliber of speakers and the range of topics that were going to be covered. I got audio from two of the speakers at the SOURCE conference (@sourceconf) on Twitter Lee Fisher and Paul English from PreOS Security about UEFI security and methods to secure your devices Joe Basirico discusses the proper environment to get...

Duration: 00:48:08


Direct Link: We are back this week after a bit of time off, and we getting right back into it... What happens after you enact your business continuity plan? Many times, it can cause you to have to change processes, procedures... you may not even be doing business in the same country or datacenter, and you may be needing to change the way business is done. We also talk a bit about 3rd party...

Duration: 00:59:19

2017-SPECIAL003-Audio from Derbycon 2017!

Direct Link: Mr. Boettcher, Ms. Berlin, and I went to Derbycon. In addition to the podcast with podcasters we did during the 3 days, I managed to grab another whole hour of audio from various people at the conference, just to give you an idea of the vibe of the conference, in case you were unable to attend. We talked to the FOOOLs (, and how they have done the lockpick village...

Duration: 01:15:05

2017-034-Preston_Pierce, recruiting, job_descriptions

*Apologies for the continuity this was recorded before we went to Derbycon 2017.* Preston Pierce is a recruiter. We wanted to have him on to discuss some issues with our industry. So we had him on to discuss hiring practices, how a recruiter can help a company recruiter better talent, and how to stop companies looking for the 'unicorn' candidate. Preston is a great guy and we learned a lot about how the recruiting process works, and how Preston's company work differently from other,...

Duration: 01:02:05

2017-SPECIAL002-Derbycon-podcast with podcasters (NSF Kids/Work)

Direct Link: SUPER NOT SAFE for kids (and probably adults, come to think of it). Really this is just us riffing about derbycon (and I really love @oncee, and wished I'd gone to his stable talk (which you can listen/watch here: We actually did talk about the skills gap, resume workshop held...

Duration: 01:18:30

2017-033- Zane Lackey, Inserting security into your DevOps environment

Zane Lackey (@zanelackey on Twitter) loves discussing how to make the DevOps, and the DevSecOps (or is it 'SecDevOps'... 'DevOpsSec'?) So we talk to him about the best places to get the most bang for your buck getting security into your new DevOps environment. What is the best way to do that? Have a listen... Direct Link: RSS: Youtube Channel:...

Duration: 01:00:35

2017-032-incident response tabletops, equifax breach

Everyone should be doing incident response tabletops, even if it's not a dedicated task in your organization. It allows you to find out what you might be lacking in terms of processes, manpower, requirements, etc. This week, we discuss what you need to do to get ready for one, and how those should go in terms of helping your organization understand how to handle the aftermath. And in case you've been under a rock, #equifax was breached. 143 million credit records are in the ether. We...

Duration: 00:47:37


This week, we met up with Robert Sell to discuss competing in the DefCon Social Engineering CTF. You're gonna learn how he prepared for the competition, and learn about some of the tactics you could use to compete in future SE CTF events. Direct Link: RSS: Youtube Channel: #iTunes Store Link:...

Duration: 01:03:46

2017-030-Vulnerability OSINT, derbycon CTF walkthrough, and bsides Wellington!

This week, we discuss the lack of information and where you might find more information about certain vulnerabilities. Seems like many companies fail to give out necessary and actionable information without paying an arm and a leg. We also go over our DerbyCon CTF walkthrough, and discuss the steps to solve it. Direct Link: Ms. Berlin is going to be at Bsides Wellington! Get your...

Duration: 00:52:36

2017-029-CIS benchmarks, Windows Update reverts changes used to detect malware

This week was one heck of a show. If you are a blueteamer and make use of the "Windows Logging Cheat Sheet", you are no doubt aware of how important it is to log certain events, and to set hostile conditions to make malware/Trojans/virus have a harder time avoiding detection. What if I told you the same updates we suggested last week to NEVER delay actually undoes all your hardening on your system and leaves your logfiles set to defaults, all file associations for suspect files like pif,...

Duration: 01:17:40

2017-026-Machine_Learning-Market Hype, or infosec's blue team's newest weapon?

Direct Link: Ally Miller (@selenakyle) joined us this week to discuss Machine Learning and #Artificial #Intelligence. It seems like every new security product employs one or both of these terms. She did the keynote at Bsides Las Vegas on topics of #Machine #Learning and #Behavioral #Economics. We asked Ms. Miller to join us here to discuss what ML and AI are, how algorithms work to analyze the data to...

Duration: 01:09:01

2017-025-How will GDPR affect your Biz with Wendyck, and DerbyCon CTF info

Direct Link: GDPR (General Data Protection Regulation) is weighing on the minds and pocketbooks of a lot of European companies, but is the US as worried? If you read many of the news articles out there, it ranges from 'meh' to 'OMG, the sky, it is falling". GDPR will cause a lot of new issues in the way business is being done, not just in the realm of security, but in the...

Duration: 01:10:48


Direct Link: The infosec industry and the infosec culture is so diverse, with many different points of view, many different thoughts and opinions, and many of us deal with our own internal demons, like addictions, mental afflictions like depression or bipolar disorders. And 'imposter syndrome' is another thing that seems to add to the mix, making some believe they have to be constantly...

Duration: 01:30:55

See More