Info

Brakeing Down Security Podcast

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
RSS Feed Subscribe in iTunes
Brakeing Down Security Podcast
2017
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


All Episodes
Archives
Now displaying: September, 2016
Sep 28, 2016

Mr. Brian Boettcher and I had a great time at DerbyCon. We met so many people and it really was excellent meeting all the fans who came up and said "Hello" or that they really enjoyed the #podcast.  It is truly a labor of love and something that we hope everyone can learn something from.

We got some audio while at lunch at #Gordon #Biersch talking about log monitoring inspired by @dualcore's talk on #Anti-Forensics talk (http://www.irongeek.com/i.php?page=videos/derbycon6/310-anti-forensics-af-int0x80-of-dual-core) and how to evade log monitoring with Mr. Brian Boettcher and Michael Gough. (shout-out to @mattifestation, @dualcore, @baywolf88, @carlos_perez)

We sat down with Mr. Osman (@surkatty) from the Sound Security Podcast (@SoundSec), who was a first time attendee to #DerbyCon. We get his thoughts about DerbyCon and what talks he enjoyed.

Finally, our 2nd Annual podcast with our fellow podcasters was on. We had it in Bill Gardner's room (ReBoot-It podcast) (@oncee), Amanda Berlin (@infosystir) from #Hurricane #Labs Podcast, Jerry Bell (@MaliciousLink) from #Defensive #Security Podcast, Ben Heise (@benheise) from Rally #Security Podcast, Tim DeBlock (@TimothyDeBlock) from Exploring Information Security Podcast, and SciaticNerd (@sciaticnerd) from Security Endeavors podcast

IronGeek's website has all the videos available to listen to here: http://www.irongeek.com/i.php?page=videos/derbycon6/mainlist

 

Whiskey Bent Valley Boys:  http://whiskeybentvalley.tumblr.com/ or iTunes: https://itunes.apple.com/us/artist/whiskey-bent-valley-boys/id318874442

 

 

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-038-Derbycon_podcast.mp3

iTunes: https://itunes.apple.com/us/podcast/2016-038-derbycon-audio-2nd/id799131292?i=1000375934157&mt=2

YouTube: https://www.youtube.com/watch?v=W7ylsfwGyhc

 

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Facebook: https://www.facebook.com/BrakeingDownSec/

#Tumblr: http://brakeingdownsecurity.tumblr.com/

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582

 

 

Sep 14, 2016

Have you ever found a #vulnerability and wondered if it was worth the time and effort to reach back to the company in question to get the fix in?

This week, we have a story with Mr. "B1ack0wl" who found a vulnerability with certain #Belkin #embedded network devices for end users...  We also find out how B1ack0wl learned his stock and trade.

https://www.exploit-db.com/exploits/40332/

Find out how he discovered it, and what steps he took to disclose the steps, and what ended up happening to the finding.

http://www.devttys0.com/  -- #embedded device hacking blog

http://io.netgarage.org/ -- #wargame site #B1ack0wl mentioned

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-037-b1ack0wl_responsible_disclosure-belkin_routers.mp3

iTunes: https://itunes.apple.com/us/podcast/2016-037-b1ack0wl-responsible/id799131292?i=1000375462991&mt=2

YouTube: https://www.youtube.com/attribution_link?a=kChiecG0Sv4&u=/watch%3Fv%3D9_qS2s3GrT4%26feature%3Dem-upload_owner

 

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Facebook: https://www.facebook.com/BrakeingDownSec/

#Tumblr: http://brakeingdownsecurity.tumblr.com/

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582

 

 

Sep 11, 2016

Nick Selby (@nselby on Twitter) is an independent consultant who works a wide variety of jobs.  During a recent engagement, he ran into an interesting issue after a company called him in to handle an incident response. It's not the client, it was with the Managed Security Service Provider (#MSSP). His blog post about the incident made big news on Twitter and elsewhere.

Nick's Blog Post: https://nselby.github.io/When-Security-Monitoring-Provides-Neither-Security-Nor-Monitoring/

So, we wanted to have Nick on to discuss any updates that occurred, and also asked an MSSP owner, Kevin Johnson, from SecureIdeas (@secureideas on Twitter), as Kevin is well versed with both sides, being a customer, and running an MSSP with his product, Scout (https://secureideas.com/scout/index.php)

We go over what an MSSP is (or what each person believes an MSSP is), we discuss the facts from Nick and his client's side, we try and put ourselves in the shoes of the MSSP, and if they handled the issue properly.

We also find out how Nick managed to save the day, the tools they used to solve the problem.  We did a whole podcast on it, and maybe it's time to re-visit that...

Finally, we discuss the relationship between an MSSP and the customer, what expectations each party should see from each other, and what are the real questions each should ask one another when you're searching out an MSSP.

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-036-mssp-nick_selby-kevin_johnson.mp3

iTunes: https://itunes.apple.com/us/podcast/2016-036-mssp-pitfalls-nick/id799131292?i=1000375157370&mt=2

YouTube:  https://www.youtube.com/watch?v=b1rEpaBAKpQ

 

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Facebook: https://www.facebook.com/BrakeingDownSec/

#Tumblr: http://brakeingdownsecurity.tumblr.com/

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582

 

Sep 6, 2016

Paul Coggin is my SME when I need to know about anything network #security related. And this time, we wanted to have him on our show to discuss Software Defined Networking (#SDN)

Software defined networking allows for applications to make connections, manage devices and even control the network using #APIs. It in effect allows any developer become a network engineer.  Obviously this could be a recipe for disaster if the dev is not fully understanding of the rammifiications.

And there's more good news (if you're a black hat), there's no role based security, parts of the #specification isn't fully fleshed out yet, and there are vendor specific frameworks of their own, that may not be fully interoperable with each other...

Paul talks to us about some background of #SDN, some of the pitfalls and what you need to think about when implementing Software Defined Networking.

 

Links referred to in the Show:

https://www.rsaconference.com/writable/presentations/file_upload/tech-r03-sdn-security-v3.pdf

https://www.blackhat.com/docs/eu-14/materials/eu-14-Pickett-Abusing-Software-Defined-Networks-wp.pdf

http://onosproject.org/2015/04/03/sdn-and-security-david-jorm/

https://people.eecs.berkeley.edu/~rishabhp/publications/Sphinx.pdf

https://www.opendaylight.org/

https://www.opennetworking.org/certification

Ras Pi as an OpenFlow controller: https://faucet-sdn.blogspot.com/2016/06/raucet-raspberry-pi-faucet-controlling.html

Zodiac FX SDN boards (Excellent customer service!):  http://northboundnetworks.com/

Excellent site discussing SDN:  http://www.ipspace.net/Main_Page

Coursera SDN course:  https://www.coursera.org/learn/sdn

 

Brakeing Down Security RSS: http://www.brakeingsecurity.com/rss

Direct Link:  http://traffic.libsyn.com/brakeingsecurity/2016-035-Paul_Coggin_SDN.mp3

iTunes: https://itunes.apple.com/us/podcast/2016-035-paul-coggin-discusses/id799131292?i=1000374972931&mt=2

YouTube: https://www.youtube.com/watch?v=YuuNzeiexUY

 

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security #Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Facebook: https://www.facebook.com/BrakeingDownSec/

#Tumblr: http://brakeingdownsecurity.tumblr.com/

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582

1