Info

Brakeing Down Security Podcast

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
RSS Feed Subscribe in iTunes
Brakeing Down Security Podcast
2017
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


All Episodes
Archives
Now displaying: October, 2014
Oct 25, 2014

In an effort to educate ourselves for an upcoming interview, we sat down and talked about SNMP (Simple Network Management Protocol). We get into the basics, the ins and outs of the protocol, the different tools that use (or exploit) SNMP, and we talk about how to better secure your SNMP implementation. YOu should listen to this, because next week's interview will knock your socks off. :)

Finally, We end with a DerbyCon interview Mr. Boettcher snagged with our friend Mr. Kevin Johnson about how we need to regulate ourselves with regard to a code of ethics, before someone regulates us... When one 'white hat' can run code on a server he/she doesn't control (unpatched Shellshock) and thinks it's okay, where do we draw the line from what is right, and what violates the CFAA? Mr. Johnson looks for an answer with our Mr. Boettcher. 

Wikipedia SNMP article:http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

SNMP Primer: http://www.tcpipguide.com/free/t_SNMPProtocolOverviewHistoryandGeneralConcepts.htm

SNMP OIDS and MIBS: http://kb.paessler.com/en/topic/653-how-do-snmp-mibs-and-oids-work

SNMP vulnserabilities - http://packetstormsecurity.com/search/?q=snmp

SNMP Primer (IBM):http://pic.dhe.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_put.cur%2Fgtpc1%2Fpdus.html

SNMP amplification attacks: http://www.pcworld.com/article/2159060/ddos-attacks-using-snmp-amplification-on-the-rise.html

Securing SNMPv3: http://www.sans.org/reading-room/whitepapers/networkdevs/securing-snmp-net-snmp-snmpv3-1051

 

 

 

Kevin Johnson/James Jardine DerbyCon Talk: http://www.irongeek.com/i.php?page=videos/derbycon4/t308-ethical-control-ethics-and-privacy-in-a-target-rich-environment-kevin-johnson-and-james-jardine

 

 

 Image courtesy of Wikipedia.de

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Oct 20, 2014

Tcpdump is just one of the tools that will make troubleshooting network issues, or testing applications, or even finding out what traffic is being generated on a host all that much easier.  This podcast is to help you understand the Tcpdump program, and how powerful it is...

 

http://danielmiessler.com/study/tcpdump/

http://www.thegeekstuff.com/2010/08/tcpdump-command-examples/

http://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/

http://www.amazon.com/TCP-Illustrated-Vol-Addison-Wesley-Professional/dp/0201633469

http://www.computerhope.com/unix/tcpdump.htm

http://www.commandlinefu.com/commands/using/tcpdump  -- excellent examples

http://www.amazon.com/Practical-Packet-Analysis-Wireshark-Real-World/dp/1593272669/

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Oct 13, 2014

Part 2 of our interview with Jarrod Frates (FRAY-tes). We ask him about the value that a pentest can create, the way that that 'perfect' pentest can change culture and help create dialogue.

Also, we talk about how to take your automated testing info and then shift gears to manual testing... when to stop doing automated testing, and do the manual testing.

Hope you enjoy, have a great week!

 

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Oct 6, 2014

We went a little off the beaten path this week. I wanted to talk to Mr. Boettcher about his experience at DerbyCon, and we ended up having another friend of ours who also attended DerbyCon, Jarrod Frates, join us for a bit of discussion. We discussed several talks, and even spent a little bit of time talking about ShellShock and it's larger implications for those programs that are ubiquitous, yet are not being audited, like bash.  (The llama graphic will make more sense next week...) :)

http://www.irongeek.com/i.php?page=videos/derbycon4/t109-et-tu-kerberos-christopher-campbell

http://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-white

http://www.irongeek.com/i.php?page=videos/derbycon4/t210-around-the-world-in-80-cons-jayson-e-street

http://www.irongeek.com/i.php?page=videos/derbycon4/t216-once-upon-a-time-infosec-history-101-jack-daniel

http://askubuntu.com/questions/529511/explanation-of-the-command-to-check-shellshock

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

1