Jul 31, 2016
In the last few years, security researchers and hacker have found an easy way of gaining access to passwords without the use of dumping the Windows hash table.
When improperly configured, the passwords are stored in memory, often in plain text.
This week, we discuss Mimikatz, and methods by which you can protect your...
Jul 25, 2016
Jarrod Frates (@jarrodfrates on Twitter) has been doing pentests as a red-team member for a long time. His recent position at #InGuardians sees him engaging many companies who have realized that a typical 'pentest #puppymill' or pentest from certain companies just isn't good enough.
Jarrod has also gone on more than a...
Jul 17, 2016
Long time listeners will remember Ms. Cheryl #Biswas as one of the triumvirate we had on to discuss #mainframes and mainframe #security. (http://traffic.libsyn.com/brakeingsecurity/2016-008-mainframe_secruity.mp3)
I was interested in the goings on at BlackHat/DefCon/BsidesLV, and heard about #TiaraCon (@tiarac0n on...
Jul 10, 2016
Mr. Boettcher is back! We talked about his experiences with the #DFIR conference, and we get into a discussion about the gap between when incident response is and when you're using #digital #forensics. Mr. Boettcher and I discuss what is needed to happen before #incident #response is required.
We also discuss the...
Jul 3, 2016
Adam Crompton (@3nc0d3r) and Tyler Robinson (@tyler_robinson) from Inguardians came by to fill in for my co-host this week. We talk about things a company should do to protect themselves against data exfil.
Adam then shows us a tool he's created to help automate data exfil out of an environment. It's called 'Naisho',...