Info

Brakeing Down Security Podcast

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
RSS Feed Subscribe in Apple Podcasts
Brakeing Down Security Podcast
2017
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


All Episodes
Archives
Now displaying: September, 2014
Sep 29, 2014

We finished up our odyssey with Marcus J. Carey this week.  We picked his brain about how he feel about China, the coming cyberwar, and what kinds of tools he uses in his toolbox (hint: he doesn't use Kali).

We also talk a bit about the entitlement of people, and what makes folks in poorer countries turn to hacking. We really enjoyed hearing his take on certifications and education. He's a Ruby nut, but suggests that people learn Python. He also talks about how he teaches people about security. The little everyday things that show you do security.

A thought provoking interview that will definitely inspire you to pour yourself into a Python book, or to grab a Raspberry Pi and start learning.

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Sep 28, 2014

This month, I wanted to go over a piece of software that seems to give a lot of people problems. In business, there is always a need for sending secure communications, whether because a client asked for it, or because sending sensitive information unencrypted could result in loss of profit, competitve edge, reputation, or all of the above.

 

This month's tutorial is on setting up PGP or GPG to be able to be more secure when sending emails. I show you commands that allow you to create public/private key pairs, and also discuss the software to be used on either Windows, Linux, and Mac OS.I mentioned signing and encrypting email attachments, and also explain that your headers are still unencrypted, so email metadata tracking is still possible.

 

Brakeing Security Podcast on PGP/GPG: http://brakeingsecurity.com/pgp-and-gpg-protect-your-data

Windows GPG solution: http://www.gpg4win.org

Mac GPG solution: https://gpgtools.org/

Kali/Linux RNG daemon instructions:

1. apt-get install rngd

2. rngd -r /dev/urandom (should make PGP creation on Kali much faster)

 

Sep 22, 2014

Marcus J. Carey, a security research and software developer came on to talk to us about FireDrill.me, a tool used to help people work out their Incident Response muscles.  He is also the creator of threatagent.com.

Marcus is well known in Security circles, and after we talked to him about FireDrill and ThreatAgent, we got his opinion of other subjects that interested us in the Infosec industry. Marcus is a man of his own mind, and he certainly did not disappoint. Hope you enjoy Part 1 of our conversation with him.

We also asked him about the celebrity that many in the industry face, and how it should be handled by people in the industry.

HoneyDocs - http://www.pcworld.com/article/2048881/honeydocs-lays-irresistible-bait-for-hackers.html

Malcolm Gladwell - http://en.wikipedia.org/wiki/Malcolm_Gladwell

http://www.firedrill.me

http://www.threatagent.com

 

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Sep 15, 2014

While I'm stuck at work, Mr. Boettcher went to the Austin Hackformers and snagged an interview with Mr. Ed Skoudis, of InGuardians and of the SANS Institute, a top flight training academy.  He is to be one of the keynote speakers at DerbyCon this year. He gives us a peek about his keynote, and Mr. Boettcher asks his thoughts on the industry as a whole, SCADA security, Mr. Skoudis' opinion on Infosec as a whole.

 

Hackformers Austin: http://www.hackformers.org/

Ed Skoudis bio: http://www.sans.org/instructors/ed-skoudis

 

Bad Guys are Winning - Part 1: link

Bad Guys are Winning - Part 2: link

Bad Guys are Winning - Part 3: link

Bad Guys are Winning - Part 4: link

Bad Guys are Winning - Part 5: link

Netwars: Cybercity - http://www.sans.org/netwars/cybercity

Google Car: http://www.nbcbayarea.com/news/local/Google-to-Test-Self-Driving-Car-Without-Backup-Driver-275033691.html

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Sep 8, 2014

We're back with part 2 of our discussion with Michael Gough.  Not only do we discuss more about malware, but we also ask Michael's opinion on how commercialized conventions like Black Hat and Defcon have gotten, how good threat intelligence feeds are, and why there aren't more defensive talks at cons.

Michael is currently slated to give a talk on logging at DerbyCon September 24th, 2014 on how logging can help to mitigate malware infections.

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Sep 1, 2014

Brian and I managed to get an interview with Michael Gough. If you remember, Michael was on to discuss Malware infections back in February, and we decided it was time to check up on him and his newly named 'Malware Sentinel'. This is part 1, where we discuss some of the recent malware infections, and where you need to look for new file creation, and what you can be looking for in your windows logs that are excellent indicators of malware compromise.

 

Windows logging cheat sheet - http://sniperforensicstoolkit.squarespace.com/storage/logging/Windows%20Logging%20Cheat%20Sheet%20v1.1.pdf

 

Malware Management Framework - http://sniperforensicstoolkit.squarespace.com/malwaremanagementframework

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

1