Info

Brakeing Down Security podcast

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
RSS Feed Subscribe in iTunes
Brakeing Down Security podcast
2017
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


All Episodes
Archives
Now displaying: May, 2014
May 27, 2014

As promised, I am posting a video I made explaining how to setup Kismet to do wireless scans.

The only pre-requisites you need are Vmware (it will work the same in VirtualBox), and a VM of Kali linux. The only real difference is the message that asks where the wireless adapter should connect to.

It's my first attempt editing a video, so please be kind

May 26, 2014

Mr. Boettcher and I had a great time this week.  We talked all about doing wireless audits for PCI using Kismet and Aircrack-ng, and talked about some capabilities of both.

 

Alfa AWUS051NH (works in Kali/Backtrack) (no sponsor link): http://www.amazon.com/gp/offer-listing/B002BFO490/ref=dp_olp_0?ie=UTF8&condition=all

kismetwireless.net

 Using Karma with a pineapple to fool clients into connecting unencrypted: http://www.troyhunt.com/2013/04/your-mac-iphone-or-ipad-may-have-left.html

Tutorial on hacking various wireless: http://cecs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm

 

Premium content by Bryan! I made a video as well that describes using your wireless dongle to make your Kali Linux into a powerful areal wireless sniffer.  http://brakeingsecurity.com/bonus-kismet-video

 

 

Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/
May 18, 2014

Sharing information between people and organizations can be a sensitive issue, especially if the information being shared is of mutual importance. 

This week, we break down PGP and it's open source cousin GPG.  We discuss how last week's podcast about hashing, encoding, and encryption are all bundled up neatly with PGP, and give you some examples of software you can use on Mac, Windows, and Linux.

 

GPG4Win - http://www.gpg4win.org/

GPG Suite (Mac OS) - https://gpgtools.org/

public PGP key server - pgp.mit.edu

NoStarch Press book: http://www.nostarch.com/pgp.htm

gpg commandline tutorial - http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/gpg-cs.html

 

Icon courtesy of NoStarch Press

Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/
May 13, 2014

Ever heard someone mention AES Encoding, or MD5 Encryption?

 

Many people in IT, Infosec, and Software development get confused about what Hashing, Encrypting, and Encoding.  We hack through the definition forest, looking for that Sequoia of understanding.

We also talk about Symantec's remarks that 'Antivirus is dead' and 'not a moneymaker', and what that means to the industy as a whole.

 

"Enkrypto" is the program I mentioned in the podcast.  It would appear that either s/he fixed it.  Still shouldn't be using an 'encoding' method to store SMS if they are of a sensitive nature... The screen shots still clearly show a Base64 encoded SMS, and still show it as a 'secured' message. :( plus, with a the option to allow an encrypted PIN with 4 characters, it would be trivial to crack even an AES encrypted message

Do not buy this app...

https://play.google.com/store/apps/details?id=org.enkrypto.sms

 

 

icon courtesy of http://www.differencebetween.info
Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

 

May 5, 2014

This week, we find ways to increase security when browsing the EWW (Evil Wide Web).

We give a shout-out to WhiteHatSec's Aviator browser as a way for everyone to have an eleveated security posture with very little configuration required. And Mr. Boettcher and I talk about some of the plugins we use to make ourselves more secure.

And Mr. Boettcher surprises me with his proclivities toward farmyard animals.

 

Aviator Browser: https://www.whitehatsec.com/aviator/

Sandboxie: http://www.sandboxie.com/

Browser plugins:

Firefox --- Request Policy: https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/

Google --- Notscript: http://www.dedoimedo.com/computers/google-chrome-notscript.html

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

1