Tuesday, August 3, 2021
Home Podcasts Brakeing Down Security

Brakeing Down Security

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today’s workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

2021-027-Black Girls Hack COO Rebekah Skeete!

BlackGirlsHack was created to share knowledge and resources to help black girls and women breakthrough barriers to careers in information security and cyber security. The vision for Black Girls Hack (BGH) is to provide resources, training, mentoring, and access...

2021-026-Triaging threat research, Jira vulns, Serious Sam vuln, Systemd vulns, and HiveNightmare

https://www.mindtools.com/pages/article/newHTE_95.htm https://www.infoq.com/news/2021/07/microsoft-linux-builder-mariner/ https://www.productplan.com/glossary/action-priority-matrix/   More PrintNightmare issues: https://www.bleepingcomputer.com/news/microsoft/windows-10-july-security-updates-break-printing-on-some-systems/ “"After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are not compliant with section 3.2.1 of...

2021-025-Dan Borges, Author of Adversarial Techniques from Packt Publishing

Dan Borges - Author @1njection   Buy the book on Amazon: https://www.amazon.com/Adversarial-Tradecraft-Cybersecurity-real-time-computer-ebook-dp-B0957LV496/dp/B0957LV496?_encoding=UTF8&me=&qid=&linkCode=ll1&tag=bdspod-20&linkId=8f2daf0b3563cbbc2cee6a2d2138149d&language=en_US&ref_=as_li_ss_tl   https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/amp/   Cool near real time updates on the hack: https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://twitter.com/DAlperovitch/status/1412033278081708034 https://github.com/ahhh/Cybersecurity-Tradecraft/tree/main/   https://www.amazon.com/Network-Attacks-Exploitation-Matthew-Monte/dp/1118987128 https://en.wikipedia.org/wiki/Best_response https://labs.bishopfox.com/tech-blog/sliver https://www.amazon.com/Rootkits-Bootkits-Reversing-Malware-Generation/dp/1593277164   Www.Globalcptc.org  ...

2021-024-Dan Borges, Author of Adversarial Techniques from Packt Publishing

Dan Borges - Author @1njection   Buy the book on Amazon: https://www.amazon.com/Adversarial-Tradecraft-Cybersecurity-real-time-computer-ebook-dp-B0957LV496/dp/B0957LV496?_encoding=UTF8&me=&qid=&linkCode=ll1&tag=bdspod-20&linkId=8f2daf0b3563cbbc2cee6a2d2138149d&language=en_US&ref_=as_li_ss_tl   https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/amp/   Cool near real time updates on the hack: https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://twitter.com/DAlperovitch/status/1412033278081708034 https://github.com/ahhh/Cybersecurity-Tradecraft/tree/main/   https://www.amazon.com/Network-Attacks-Exploitation-Matthew-Monte/dp/1118987128  ...

2021-023-d3fend framework, DLL injection types, more solarwinds infections

Pihole setup Conference talk https://www.reuters.com/technology/microsoft-says-new-breach-discovered-probe-suspected-solarwinds-hackers-2021-06-25/ https://securityaffairs.co/wordpress/119425/apt/solarwinds-nobelium-ongoing-campaign.html https://www.ehackingnews.com/2021/06/attackers-pummelled-gaming-industry.html https://www.bleepingcomputer.com/news/microsoft/windows-11-wont-work-without-a-tpm-what-you-need-to-know/ https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows https://d3fend.mitre.org/ https://www.theregister.com/2021/06/15/zoll_defibrillator_dashboard_vulnerabilities/ https://twitter.com/Hexacorn https://www.ionos.com/digitalguide/server/configuration/winsxs-cleanup/ https://www.customink.com/fundraising/mental-health-hackers-7816 Buy @infoseccampout tickets: https://www.eventbrite.com/e/infosec-campout-2021-tickets-157561790557   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel!...

2021-022-github policy updates targeting harmful software, Ms. Berlin discusses WWHF, CVSS discussion

Ms. Berlin’s conference report WWFH (reno, NV) Her next appearances will be at Defcon 2021 and BlueTeam Con 2021! https://www.infosecurity-magazine.com/news/amazon-prime-day-phishing-deluge/ https://www.ehackingnews.com/2021/06/threat-actors-use-google-drives-and.html https://www.kennasecurity.com/blog/vulnerability-score-on-its-own-is-useless/ https://portswigger.net/daily-swig/nist-charts-course-towards-more-secure-supply-chains-for-government-software https://github.blog/2021-04-29-call-for-feedback-policies-exploits-malware/ https://github.com/github/site-policy/pull/397 https://twitter.com/vm_call/status/1405937492642123782?s=20  https://thenewstack.io/cvss-struggles-to-remain-viable-in-the-era-of-cloud-native-computing/ ZOMG BUY SHIRTS HERE ...

2021-021-Security Sphynx, ZeroTrust, implementation prep- part2

EO from President Biden asked for a plan to create Zerotrust implementation in the next 90 days (well, 70ish days now… as of 23 May) https://twitter.com/SecuritySphynx/status/1390475868032618496 @securitySphynx “CIO: Zero Trust is the way…” What is the optimal configuration...

2021-020: Security Sphinx, Preparing for ZeroTrust implementation – Part1

Full show notes are available here: https://docs.google.com/document/d/14dCpXeQ520IcZC3m007zVPhlIPXKgfv0LkqVnbDx0fc/edit?usp=sharing   EO from President Biden asked for a plan to create Zerotrust implementation in the next 90 days (well, 70ish days now… as of 23 May)https://twitter.com/SecuritySphynx/status/1390475868032618496   @securitySphynx   “CIO: Zero Trust...

2021-019-Joe Gray, OSINT CTFs, gamifying and motivating to do the right thing

part 2: CTF OSINT discussion How people will give additional information, even if they aren't receiving points for it. Gamifying and motivating people to 'do the right thing', like offering a chance to win a lottery for a covid...

2021-018-LawyerLiz, Pres. Biden's EO, and the clueless professor

Elizabeth Wharton: @lawyerliz on Twitter Executive Order: (https://www.americanbar.org/groups/public_education/publications/teaching-legal-docs/what-is-an-executive-order-/) “An executive order is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered consecutively, so executive orders...

2021-017-Joe Gray on his future book, the OSINT loop, motivators, and gamification – part1

Joe Gray @C_3PJoe   OSINTION https://theosintion.com  New book… ship date? How to get it? https://www.amazon.com/Practical-Social-Engineering-Joe-Gray/dp/171850098X/ https://nostarch.com/practical-social-engineering    "Gray provides a very accessible look at social engineering that should be essential reading for pentesters and ethical hackers."...

2021-016-researchers knowingly add vulnerable code to linux kernel, @pageinsec joins us to discuss -part2

Updates to the Linux kernel controversy: https://lwn.net/SubscriberLink/854645/334317047842b6c3/   @pageinSec on Twitter   Dan Kaminsky obit: https://www.theregister.com/2021/04/25/dan_kaminsky_obituary/   Spencer Geitzen: http://brakeingsecurity.com/2018-024-pacu-a-tool-for-pentesting-aws-environments   https://en.wikipedia.org/wiki/Milgram_experiment   https://lore.kernel.org/lkml/20210421130105.1226686-1-gregkh@linuxfoundation.org/   https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021 https://www.labbott.name/blog/2021/04/21/breakingtrust.html Seems like a number...

2021-015-researchers knowingly add vulnerable code to linux kernel, @pageinsec joins us to discuss -part1

@pageinSec on Twitter   Dan Kaminsky obit: https://www.theregister.com/2021/04/25/dan_kaminsky_obituary/   Spencer Geitzen: http://brakeingsecurity.com/2018-024-pacu-a-tool-for-pentesting-aws-environments   https://en.wikipedia.org/wiki/Milgram_experiment   https://lore.kernel.org/lkml/20210421130105.1226686-1-gregkh@linuxfoundation.org/   https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021 https://www.labbott.name/blog/2021/04/21/breakingtrust.html Seems like a number of patches were added (~190) and each...

2021-014-Slipstreaming blocked by Chrome, Slack being used for malware, plus dork and deskjockeys!

Chrome Blocks Port 10080 to Prevent Slipstreaming Hacks - E Hacking News - Latest Hacker News and IT Security News https://www.reddit.com/r/netsec/comments/jlu3cf/nat_slipstreaming/   Samy Kamkar - NAT Slipstreaming v2.0 Slack and Discord are Being Hijacked...

2021-013-Liana_McCrea-Garrison_Yap-cecil_hotel, Elisa_Lam-physical_security-part2

Reparations.tech *Public Safety Coordinators-Field Operations (Road Incidents)-Specialized Buildings (The Library, Medical Facilities, CCR)*Public Safety OfficersA. Discuss Training-SOP Creation *SOPs are very custom and dependent on the organization. There are no “NIST” standards.   *Think on your feet, many...

2018-020: NIST’s new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords

https://nostarch.com/packetanalysis3  -- Excellent Book! You must buy it.   DetSEC mention   ShowMe Con panel and keynote   SeaSec East standing room only. Crispin gave a great toalk about running as Standard user   Bsides Cleveland -   ...

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs

https://darknetdiaries.com/   Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...

BDIR-001: Credential stealing emails, How do you protect against it?

BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO   Join us for Episode-001,...
TechRepublic

Beef up security in Firefox with Fission

Jack Wallen shows you how to enable Fission. Firefox developers understand web browser security is at a premium, so they've rolled out a site isolation feature.
TechRepublic

Cybersecurity professionals: Positive reinforcement works wonders with users

The blame game is not working; experts suggest using positive reinforcement to improve employee attitude and performance.
SecurityWeek

Google Patches High-Risk Android Security Flaws

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks. The latest Android update provides documentation on 33 security bugs, some serious...

Awful transaction and timing: AT&T finally ditches DirecTV

Enlarge (credit: Getty Images | Ronald Martinez) AT&T has completed its spinoff of DirecTV after six years of mismanagement in which nearly 10 million customers ditched the company's pay-TV services. AT&T bought DirecTV for $49 billion ($67 billion including...
SecurityWeek

Mismanagement Driving Cybersecurity Skills Gap: Research

“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.” read more