Preview Mode Links will not work in preview mode

Aug 29, 2017

This week, we discuss the lack of information and where you might find more information about certain vulnerabilities. Seems like many companies fail to give out necessary and actionable information without paying an arm and a leg.

We also go over our DerbyCon CTF walkthrough, and discuss the steps to solve it.


Direct Link: 


Ms. Berlin is going to be at Bsides Wellington!  Get your Tickets NOW!





Youtube Channel:

#iTunes Store Link: 

#Google Play Store:



Join our #Slack Channel! Sign up at

#iHeartRadio App:


Comments, Questions, Feedback:

Support Brakeing Down Security Podcast on #Patreon:

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM :

#Stitcher Network:

#TuneIn Radio App:

--show notes--


NCC group talks in Seattle

NIST guidelines - no security questions, no SMS based 2fa




Sites have information like Spokeo…



Take Java for example (CVE-2017-10102): info is sparse

Other sites have more - worse than Oracle’s site (impressive crappery)

Some are better: RHEL is fairly decent

Ubuntu has some different tidbits

Arch has info

Point is, just because you use a specific OS, don’t limit yourself… other OSes may contain more technical info. Some maintainers like to dig, like you. - gives value of finding such a PoC for a vuln (5-25K USD for 2017-10102)


Derbycon CTF walkthrough


Looking for an instructor for an ‘intro to RE’ course.

Dr. Pulaski = Diana Maldaur

Dr. Crusher = Gates McFadden