Bsides Seattle and Austin, SecureBoot patch, and more
BrakeSec Show Outline – No Guest Show Topic Summary (less than 300 words) Bsides Seattle and Bsides Austin ...
lynsey wolf, conducting insider threat investigations, CASB and UEBA utlization to good use.
Show Topic Summary (less than 300 words) Insider threat still exists, Lynsey Wolf talks with us about HR’s role in insider threat, how prevalent investigations...
3CX supply chain attack, Mark Russinovich and Sysinternals, CISA ransomware notifications, and emotional intelligence
Show Topic Summary (less than 300 words) 3CX supply chain attack, Mark Russinovich and Sysinternals, ransomware notifications from CISA, and emotional ...
Dish Network is still busted, John Deere avoiding OSS requests, Is DAST dead?
Show Topic Summary (less than 300 words) Dish Network is still busted due to ransomware, your Pixel phone baseband RCE, Nothing runs like...
Nickolas Means talks about Security, Devops velocity, blameless orgs, and conferences infosec should attend
Guest info Name and Title: Nickolas Means, VP of Engineering at SYM Email/Social...
SPECIAL INTERVIEW: John Aron and Jerod Brennen
BrakeSec Show Outline (all links valid as of 27 Jan 2023, subject to change) Is it scheduled? Yes || No|| Completed ...
Layoff discussions, another TMO breach, OneNote Malware, and more!
Lots of Layoffs (meta, Microsoft, Amazon, Sophos, Alphabet, Google) talk about the future effects of that, did it affect security? Attack surface management is risk management, Breaches and the TSA no-fly list leaked, and more!...
GPS car hacks, Google Threat report, notable topics of 2020, satellite threat modelling, twitter breach(?)
topics What were the biggest stories of 2022? Any notable trends that you saw https://acut3.github.io/bug-bounty/2023/01/03/fetch-diversion.html (fetch Diversion)...
Josh-Whalen-risk-management-data_visualization-tools, value-creating activities -p2
Full stream video on Youtube: https://youtu.be/i1xpAfNFCvY John's Youtube channel, to find more training/contact information: https://www.youtube.com/channel/UC3ctyx980M8jLa_cEiQveLQ https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration ADKAR model: https://www.prosci.com/methodology/adkar CCE framework: https://inl.gov/cce/ Dashboard (non-sponsored link): https://monday.com Diagrammming tool: https://figma.com https://www.sciencedirect.com/topics/computer-science/system-analysis Amazon book: https://www.amazon.com/Engineering-Safer-World-Systems-Thinking/dp/0262533693
John Whalen, data visualization tools, risk management, handling org risk-p1
https://en.wikipedia.org/wiki/Capability_Maturity_Model_Integration ADKAR model: https://www.prosci.com/methodology/adkar CCE framework: https://inl.gov/cce/ Dashboard (non-sponsored link): https://monday.com Diagrammming tool: https://figma.com https://www.sciencedirect.com/topics/computer-science/system-analysis Amazon book: https://www.amazon.com/Engineering-Safer-World-Systems-Thinking/dp/0262533693
Interview with Infrared – one of the Seattle Community Network organizers
https://youtu.be/iW39Mugj4OM -Full stream video (interview starts at 28m22s) Broadcasted live on Twitch -- Watch live at https://www.twitch.tv/brakesec Seattle Community Network - https://seattlecommunitynetwork.org/ https://medium.com/seattle-community-network/
JAMBOREE – an Android App testing platform from @operat0r -part2
introducing @operat0r talked a bit about mobile device hacking and rooting/jailbreaking phones for testing Grab the powershell script here: https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy Check out the Youtube videos, including demo! Part2 is here: https://www.youtube.com/watch?v=RXgwUWpRuYA
JAMBOREE – an Android App testing platform from @operat0r
introducing @operat0r talked a bit about mobile device hacking and rooting/jailbreaking phones for testing Grab the powershell script here: https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy Check out the Youtube videos, including demo! Part 2 will be available soon! Part 1: https://youtu.be/U5SFav9h1L4
07-oct-news-twitch streaming
https://www.bnbchain.org/en/blog/bnb-chain-ecosystem-update/ https://medium.com/@johnblatt23/uber-hack-reveals-weakness-in-the-human-firewall-8b44a87d43b4 https://securityintelligence.com/articles/what-to-know-honda-key-fob-vulnerability/ https://www.theregister.com/2022/10/07/binance_hack_566m/ https://www.bnbchain.org/en/blog/bnb-chain-ecosystem-update/ https://www.bbc.com/news/business-58193396 https://www.theverge.com/2022/4/18/23030754/beanstalk-cryptocurrency-hack-182-million-dao-voting https://www.coindesk.com/business/2022/10/06/celsius-top-execs-cashed-out-17m-in-crypto-before-bankruptcy/ https://jpgormally.medium.com/cybersecurity-is-a-successfully-failure-9bcf92a1bc88 https://www.bitsight.com/blog/zero-50k-infections-pseudomanuscrypt-sinkholing-part-1
Uber Breach, MFA fatigue, who can help communicate biz risk?
https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell https://www.zdnet.com/article/uber-security-breach-looks-bad-potentially-compromising-all-systems/ https://twitter.com/RachelTobac/status/1571542949606957057 Twitter: @boettcherpwned @infosystir @brakeSec @bryanbrake www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec
2018-020: NIST’s new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords
https://nostarch.com/packetanalysis3 -- Excellent Book! You must buy it. DetSEC mention ShowMe Con panel and keynote SeaSec East standing room only. Crispin gave a great toalk about running as Standard user Bsides Cleveland - ...
2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs
https://darknetdiaries.com/ Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...
BDIR-001: Credential stealing emails, How do you protect against it?
BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO Join us for Episode-001,...