Friday, June 5, 2020
Home Podcasts Brakeing Down Security

Brakeing Down Security

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today’s workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

2020-021- Derek Rook, redteam tactics, blue/redteam comms, and detection of testing

**If Derek told you about us at SANS, send a DM to @brakeSec or email bds.podcast@gmail.com for an invite to our slack** OSCP/HtB/VulnHub is a game... designed to have a tester find a specific nugget of information to pivot...

2020-020-Andrew Shikiar – FIDO Alliance – making Cybersecurity more secure

 Andrew Shikiar, executive director and CMO of the (Fast IDentity Online) FIDO Alliance.   What is FIDO? “ open industry association launched in February 2013 whose mission is to develop and promote authentication standards that help reduce the world’s...

2020-016-

Masha Sedova - Founder, Elevate Security   Topic ideas from the PR company:   Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data...

2020-017-Cameron Smith, business decisions, and how it affects Security

Cameron Smith @Secnomancer   Layer8conference is virtual (https://layer8conference.com/layer-8-is-online-this-year/) https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final   CMMC:https://info.summit7systems.com/blog/cmmc https://www.comptia.org/certifications/project - Project+ Cameron’s Smith = www.twitter.com/secnomancer Cybersmith.com - Up by 14 April   Ask@thecybersmith.com Cameron@thecybersmith.com https://en.wikipedia.org/wiki/Christopher_Voss https://www.amazon.com/Never-Split-Difference-Negotiating-Depended/dp/0062407805 https://www.masterclass.com/classes/chris-voss-teaches-the-art-of-negotiation https://www.masterclass.com/   https://www.autopsy.com/support/training/covid-19-free-autopsy-training/ https://www.youtube.com/playlist?list=PLg_QXA4bGHpvsW-qeoi3_yhiZg8zBzNwQ   “There is nothing noble in...

2020-016-Cameron Smith, Business decisions and their (in)secure outcomes – Part 1

Cameron Smith @Secnomancer   Layer8conference is virtual (https://layer8conference.com/layer-8-is-online-this-year/) https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final   CMMC:https://info.summit7systems.com/blog/cmmc https://www.comptia.org/certifications/project - Project+ Cameron’s Smith = www.twitter.com/secnomancer Cybersmith.com - Up by 14 April   Ask@thecybersmith.com Cameron@thecybersmith.com https://en.wikipedia.org/wiki/Christopher_Voss https://www.amazon.com/Never-Split-Difference-Negotiating-Depended/dp/0062407805 https://www.masterclass.com/classes/chris-voss-teaches-the-art-of-negotiation https://www.masterclass.com/   https://www.autopsy.com/support/training/covid-19-free-autopsy-training/ https://www.youtube.com/playlist?list=PLg_QXA4bGHpvsW-qeoi3_yhiZg8zBzNwQ...

2020-015-Tanya_Janca-Using Github Actions in your Devops Environment, workflow automation

Github actions - https://github.com/features/actions How are these written?  It looks like a marketplace format? How do they maintain code quality? What does it take setup the actions? It looks like IFTTT for DevOps? What kind of integrations does it...

Pwnysec tutorial on all things XSS

Brakesec contributor @Pwnysec on Twitter has created a new video highlighting the importance of testing for XSS in your environment, also: Discusses the different types of XSS you can find (stored, reflected, and DOM) Tools you can employ...

2020-014-Server Side Request Forgery defense, Tanya Janca, AppSec discussion

Tanya's AppSec Course https://www.shehackspurple.dev/server-side-request-forgery-ssrf-defenses https://www.shehackspurple.dev Server-side request forgery - https://portswigger.net/web-security/ssrf What are differences between Stored XSS and SSRF?  This requires a MITM type of issue? Doesn’t stored XSS get stored on the server? What conditions must exist for...

2020-013- part 2, education security, ransomware, april mardock, Nathan McNulty, and Jared folkins

April Mardock - CISO - Seattle Public Schools Jared Folkins - IT Engineer - Bend La Pine Schools Nathan McNulty - Information Security Architect - Beaverton School District   OpSecEdu - https://www.opsecedu.com/ Slack   https://www.a4l.org/default.aspx    https://clever.com/    BEC - https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec) ...

2020-013-part2- education security, ransomware, vendor assessments, April Mardock, Jared Folkins, Nathan McNulty

April Mardock - CISO - Seattle Public Schools Jared Folkins - IT Engineer - Bend La Pine Schools, Oregon Nathan McNulty - Information Security Architect - Beaverton, Oregon School District   OpSecEdu - https://www.opsecedu.com/ Slack https://www.a4l.org/default.aspx  https://clever.com/  BEC - https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)   ...

2020-012-April Mardock, Nathan McNulty, Jared Folkins, school security, ransomware attacks

April Mardock - CISO - Seattle Public Schools Jared Folkins - IT Engineer - Bend La Pine Schools Nathan McNulty - Information Security Architect - Beaverton School District   OpSecEdu - https://www.opsecedu.com/ Slack   https://www.a4l.org/default.aspx    https://clever.com/    BEC...

2020-011-Alyssa miller, deep fakes, threatmodeling for Devops environments, and virtual conferences

https://twitter.com/AlyssaM_InfoSec/status/1159877471161839617?s=19   Looking forward to sharing my vision for ending the 60 year cycle of bad defense strategies in #infosec and my challenge to think about security in a more effective way. https://sched.co/TAqU @dianainitiative #DianaInitiative2019 ...

2020-010-Dave Kennedy, offensive security tool release, Derbycom, and Esports

Dave Kennedy (@hackingDave) TrustedSec Released SEToolkit, Pentester Framework (PTF) PoC release for “Shitrix” bug (was disclosed after Google zero initiative India group) Jeff Snover, Lee Holmes - Powershell gods Arguments against release Tools are released are utilized by the...

2020-009-Dave Kennedy, Offensive Tool release (Part 1)

Dave Kennedy (@hackingDave) TrustedSec Released SEToolkit, Pentester Framework (PTF) PoC release for “Shitrix” bug (was disclosed after Google zero initiative India group) Jeff Snover, Lee Holmes - Powershell gods Arguments against release Tools are released are utilized by the...

2018-020: NIST’s new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords

https://nostarch.com/packetanalysis3  -- Excellent Book! You must buy it.   DetSEC mention   ShowMe Con panel and keynote   SeaSec East standing room only. Crispin gave a great toalk about running as Standard user   Bsides Cleveland -   ...

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs

https://darknetdiaries.com/   Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...

BDIR-001: Credential stealing emails, How do you protect against it?

BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO   Join us for Episode-001,...
The Register

British Army pulls up its SOC: New regiment to do infosec work even civvies will recognise

That's Systems Operating Centre to you. Chuffed with that, says Royal Signals brigadier The British Army has raised a new regiment that will take charge of its in-house security operations centre, a move calculated to make cyber defence a...

FTC Slams Children’s App Developer for COPPA Violations

Children's app developer HyperBeard must pay $150,000 after the FTC claimed it violated privacy laws.
SecurityWeek

Business Services Provider Conduent Hit by Ransomware

Business process services provider Conduent has been the victim of a ransomware attack that appears to be the work of Maze operators. Formed in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company offers digital platforms...
SC Magazine

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a...

Electrolux, Others Conned Out of Big Money by BEC Scammer

Kenenty Hwan Kim has pleaded guilty to swindling the appliance giant and other companies in a set of elaborate schemes.