Brakeing Down Security

Ian Coldwater- @IanColdwater  https://www.redteamsecure.com/ *new gig*   So many different moving parts Plugins Code Hardware She’s working on speaking schedule for 2019 How would I use these at home?     https://kubernetes.io/docs/setup/minikube/   Kubernetes - up and running     ...

@InfoSecSherpa - Tracy Z. Maleeff (surname is pronounced like “may-leaf.”)   I have two talks coming up: Empathy as a Service to Create a Culture of Security at the Cofense Submerge conference Deep Dive into Social Media as an...

Health & Tech? https://arstechnica.com/gadgets/2018/10/amazon-patents-alexa-tech-to-tell-if-youre-sick-depressed-and-sell-you-meds/   https://hackaday.io/project/151388-minder (774 results for “health” on hackaday)   (def don’t need to talk about, but still funny AF) https://hackaday.io/project/11407-myflow   https://9to5mac.com/2017/12/15/apple-watch-saves-life-managing-heart-attack/   https://www.adheretech.com/ Privacy implications? Microsoft healthcare initiative - https://enterprise.microsoft.com/en-us/industries/health/ Apple...

Derbycon is probably one of the best infosec conferences of the calendar year. The podcast always has so much fun meeting listeners, meeting new people, and getting some audio to share with folks who can't be there. This year,...

Pizza Party Link - https://www.eventbrite.com/e/brakesec-derbycon-pizza-meetup-tickets-50719385046   News stories-   Software/library bloat   http://tonsky.me/blog/disenchantment/   https://hackernoon.com/how-it-feels-to-learn-javascript-in-2016-d3a717dd577f   https://gbhackers.com/hackers-abusing-windows-management-interface-command-tool-to-deliver-malware-that-steal-email-account-passwords/     https://hackerhurricane.blogspot.com/2016/09/avoiding-ransomware-with-built-in-basic.html   https://www.zdnet.com/article/windows-utility-used-by-malware-in-new-information-theft-campaigns/   https://attack.mitre.org/wiki/Technique/T1170  - HTA file malware examples   https://nakedsecurity.sophos.com/2018/09/26/finally-a-fix-for-the-encrypted-webs-achilles-heel/   https://www.bbc.com/news/technology-45686890 - (facebook...

Interesting email from one of our listeners. Detailing an issue that came up on a client engagement. We walk through best ways to store information post-engagement, and what you need to do to document test procedures so you don't...

Part 2 of our interview with Chris Hadnagy Discuss more about his book, best ways to setup your pre-text in an engagement how you might read someone on a poker table a great story about Chris's favorite person “Neil...

Christopher Hadnagy Interview: Origin story connoisseur  of moonshine Social Engineering: The Science of Human Hacking 2nd Edition Sponsored Link (paperback on Amazon): https://amzn.to/2NKxLD9 SEORG book list: https://www.social-engineer.org/resources/seorg-book-list/ Chris’ Podcast: https://www.social-engineer.org/podcast/   SECTF at Derby (contestants...

We are back with a new episode this week! We got over our solutions for some of the #derbyCon ticket #CTF challenges and include links to some of the challenges. We talk about Windows Event Forwarder, and all log...

CTF information:     Official site: https://scoreboard.totallylegitsite.com (thanks Matt Domko (@hashtagcyber) for hosting and allowing us to use his employee discount!)     Please do not pentest the environment, not DDoS, nor cause anything undesirable to happen to the site. View...

Post-Hacker Summercamp   IppSec Walkthroughs Brakesec Derbycon ticket CTF -   Drama - (hotel room search gate)   AirconditionerGate   Personal privacy   Ask for ID   Call the front desk   Use the deadbolt - can be bypassed...

HTTPS on www.brakeingsecurity.com, Libsyn RSS syncing of itunes/google Play is over TLS   Amanda giving a talk at Diana Initiative Derbycon Talk - mental health Volunteer/Topic request form - https://goo.gl/forms/wAiLW5Dh5h0MR5bO2   http://www.hexacorn.com/blog/2018/07/29/beyond-good-ol-run-key-part-82/   https://blogs.technet.microsoft.com/teamdhcp/2015/11/23/network-forensics-with-windows-dns-analytical-logging/   https://blogs.technet.microsoft.com/secadv/2018/01/22/parsing-dns-server-log-to-track-active-clients/...

Godfrey Daniels - author of "Adventures with the Mojave Phone Booth" Mojave phonebooth   Mojavephonebooth.com - book is on sale - at mojavephoneboothbook.com   https://en.wikipedia.org/wiki/Mojave_phone_booth https://www.tripsavvy.com/the-mojave-phone-booth-1474047   https://www.dailydot.com/debug/mojave-phone-booth-back-number/   https://www.npr.org/2014/08/22/342430204/the-mojave-phone-booth   https://www.reddit.com/r/UnresolvedMysteries/comments/7wjq4a/cipher_broadcast_the_mojave_phone_booth_is_back/   https://twitter.com/mojavefonebooth...

Stories and topics we covered: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/   https://osquery.io/   https://www.propublica.org/article/health-insurers-are-vacuuming-up-details-about-you-and-it-could-raise-your-rates   https://medium.com/netflix-techblog/netflix-sirt-releases-diffy-a-differencing-engine-for-digital-forensics-in-the-cloud-37b71abd2698   Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions,...

Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery. Bryan B. got back from BsidesSPFD,...

https://nostarch.com/packetanalysis3  -- Excellent Book! You must buy it.   DetSEC mention   ShowMe Con panel and keynote   SeaSec East standing room only. Crispin gave a great toalk about running as Standard user   Bsides Cleveland -   ...

https://darknetdiaries.com/   Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...

BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO   Join us for Episode-001,...