Preview Mode Links will not work in preview mode

Nov 8, 2017

Direct Link:

We started off the show talking to Mr. Boettcher about what DDE is and how malware is using this super legacy Windows component (found in Windows 2) to propogate malware in MS Office docs and spreadsheets. We also talk about how to protect your Windows users from this.

We then get into discussing why it's so important to have proper asset management in place. Without knowing what is in your environment, you could suffer gaps in coverage of your anti-virus/EDR software, unable to patch systems properly and even make it easier for lateral movement.

Finally, we discuss our recent "Introduction to Reverse Engineering" course with Tyler Hudak (@secshoggoth), and Ms. Berlin's upcoming trip to New Zealand.


Youtube Channel:

#iTunes Store Link: 

#Google Play Store:


Join our #Slack Channel! Sign up at or DM us on Twitter, or email us.

#iHeartRadio App:


Comments, Questions, Feedback:

Support Brakeing Down Security Podcast on #Patreon:

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM :

#Stitcher Network:

#TuneIn Radio App:



Oreilly con report

Malware report from Mr. Boettcher

DDE (Dynamic Data Exchange), all the rage


Why asset management?

Know what’s in your environment

CIS Top wait, it’s the TOP THREE of the 20.

It all builds on this…

Know what’s in your environment <- NetDisco (great for network equipment)


Where do you store that data? Or is it just enough to know where to get it?

Systems you can pull asset data from:

Patching systems



FIM systems


DLP systems

Vuln Scanners

AV/EDR management

router/switch tables


Asset management systems are a gold mine for an attacker



email addresses


Coverage gaps in these systems will cause you to lose asset visibility