Saturday, November 17, 2018
Home Podcasts Brakeing Down Security

Brakeing Down Security

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today’s workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

2018-039-Ian Coldwater, kubernetes, container security

Ian Coldwater- @IanColdwater  https://www.redteamsecure.com/ *new gig*   So many different moving parts Plugins Code Hardware She’s working on speaking schedule for 2019 How would I use these at home?     https://kubernetes.io/docs/setup/minikube/   Kubernetes - up and running     ...

2018-038-InfosecSherpa, security culture,

@InfoSecSherpa - Tracy Z. Maleeff (surname is pronounced like “may-leaf.”)   I have two talks coming up: Empathy as a Service to Create a Culture of Security at the Cofense Submerge conference Deep Dive into Social Media as an...

2018-037-iWatch save man’s life, Alexa detects your mood, and post-derby discussion

Health & Tech? https://arstechnica.com/gadgets/2018/10/amazon-patents-alexa-tech-to-tell-if-youre-sick-depressed-and-sell-you-meds/   https://hackaday.io/project/151388-minder (774 results for “health” on hackaday)   (def don’t need to talk about, but still funny AF) https://hackaday.io/project/11407-myflow   https://9to5mac.com/2017/12/15/apple-watch-saves-life-managing-heart-attack/   https://www.adheretech.com/ Privacy implications? Microsoft healthcare initiative - https://enterprise.microsoft.com/en-us/industries/health/ Apple...

2018-036-Derbycon 2018 Audio with Cheryl Biswas and Tomasz Tula

Derbycon is probably one of the best infosec conferences of the calendar year. The podcast always has so much fun meeting listeners, meeting new people, and getting some audio to share with folks who can't be there. This year,...

2018-035-software bloat is forever; malicious file extensions; WMIC abuses

Pizza Party Link - https://www.eventbrite.com/e/brakesec-derbycon-pizza-meetup-tickets-50719385046   News stories-   Software/library bloat   http://tonsky.me/blog/disenchantment/   https://hackernoon.com/how-it-feels-to-learn-javascript-in-2016-d3a717dd577f   https://gbhackers.com/hackers-abusing-windows-management-interface-command-tool-to-deliver-malware-that-steal-email-account-passwords/     https://hackerhurricane.blogspot.com/2016/09/avoiding-ransomware-with-built-in-basic.html   https://www.zdnet.com/article/windows-utility-used-by-malware-in-new-information-theft-campaigns/   https://attack.mitre.org/wiki/Technique/T1170  - HTA file malware examples   https://nakedsecurity.sophos.com/2018/09/26/finally-a-fix-for-the-encrypted-webs-achilles-heel/   https://www.bbc.com/news/technology-45686890 - (facebook...

2018-034-Pentester_Scenario

Interesting email from one of our listeners. Detailing an issue that came up on a client engagement. We walk through best ways to store information post-engagement, and what you need to do to document test procedures so you don't...

2018–033-Chris_Hadnagy-SE-OSINT-vishing-phishing-book_interview-pt2

Part 2 of our interview with Chris Hadnagy Discuss more about his book, best ways to setup your pre-text in an engagement how you might read someone on a poker table a great story about Chris's favorite person “Neil...

2018-032-chris Hadnagy, discusses his new book, OSINT and SE Part 1

Christopher Hadnagy Interview: Origin story connoisseur  of moonshine Social Engineering: The Science of Human Hacking 2nd Edition Sponsored Link (paperback on Amazon): https://amzn.to/2NKxLD9 SEORG book list: https://www.social-engineer.org/resources/seorg-book-list/ Chris’ Podcast: https://www.social-engineer.org/podcast/   SECTF at Derby (contestants...

2018-031-Derbycon ticket CTF, Windows Event forwarding, SIEM collection, and missing events… oh my!

We are back with a new episode this week! We got over our solutions for some of the #derbyCon ticket #CTF challenges and include links to some of the challenges. We talk about Windows Event Forwarder, and all log...

2018-030: Derbycon CTF and Auction info, T-mobile breach suckage, and lockpicking

CTF information:     Official site: https://scoreboard.totallylegitsite.com (thanks Matt Domko (@hashtagcyber) for hosting and allowing us to use his employee discount!)     Please do not pentest the environment, not DDoS, nor cause anything undesirable to happen to the site. View...

2018-029-postsummercamp-future_record_breached-vulns_nofix

Post-Hacker Summercamp   IppSec Walkthroughs Brakesec Derbycon ticket CTF -   Drama - (hotel room search gate)   AirconditionerGate   Personal privacy   Ask for ID   Call the front desk   Use the deadbolt - can be bypassed...

2018-018-runkeys, DNS Logging, derbycon Talks

HTTPS on www.brakeingsecurity.com, Libsyn RSS syncing of itunes/google Play is over TLS   Amanda giving a talk at Diana Initiative Derbycon Talk - mental health Volunteer/Topic request form - https://goo.gl/forms/wAiLW5Dh5h0MR5bO2   http://www.hexacorn.com/blog/2018/07/29/beyond-good-ol-run-key-part-82/   https://blogs.technet.microsoft.com/teamdhcp/2015/11/23/network-forensics-with-windows-dns-analytical-logging/   https://blogs.technet.microsoft.com/secadv/2018/01/22/parsing-dns-server-log-to-track-active-clients/...

2018-027-Godfrey Daniels talks about his book about the Mojave Phonebooth

Godfrey Daniels - author of "Adventures with the Mojave Phone Booth" Mojave phonebooth   Mojavephonebooth.com - book is on sale - at mojavephoneboothbook.com   https://en.wikipedia.org/wiki/Mojave_phone_booth https://www.tripsavvy.com/the-mojave-phone-booth-1474047   https://www.dailydot.com/debug/mojave-phone-booth-back-number/   https://www.npr.org/2014/08/22/342430204/the-mojave-phone-booth   https://www.reddit.com/r/UnresolvedMysteries/comments/7wjq4a/cipher_broadcast_the_mojave_phone_booth_is_back/   https://twitter.com/mojavefonebooth...

2018-026-insurers gathering data, netflix released a new DFIR tool, and google no longer gets phished?

Stories and topics we covered: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/   https://osquery.io/   https://www.propublica.org/article/health-insurers-are-vacuuming-up-details-about-you-and-it-could-raise-your-rates   https://medium.com/netflix-techblog/netflix-sirt-releases-diffy-a-differencing-engine-for-digital-forensics-in-the-cloud-37b71abd2698   Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions,...

2015-025-BsidesSPFD, threathunting, assessing risk

Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery. Bryan B. got back from BsidesSPFD,...

2018-020: NIST’s new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords

https://nostarch.com/packetanalysis3  -- Excellent Book! You must buy it.   DetSEC mention   ShowMe Con panel and keynote   SeaSec East standing room only. Crispin gave a great toalk about running as Standard user   Bsides Cleveland -   ...

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs

https://darknetdiaries.com/   Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...

BDIR-001: Credential stealing emails, How do you protect against it?

BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO   Join us for Episode-001,...
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.