Preview Mode Links will not work in preview mode

Feb 14, 2018

Direct Link:


Discussion of Ms. Berlin's course

CAPEC discussion

RTF malware MS Office

A Phishing story...

Mobile Supply Chain Security

CMS Supply Chain Security

Ms. Berlin’s course - recap of 2nd session


Brakeing Down IR -date?


Any malware of note?

Upgrade your Office!  Just double-clicked, used rtf and document never opened, just the script ran.


Supply chain isn’t just Hardware… software stacks abound and not followed


Wordpress plugins, CMS plugins/themes… not monitored, weakly secure

Keeping track is as important as asset management

Do you know what your CMS is running, plugin wise?

And if plugins aren’t bad enough, you have PHP to deal with



Buy plugins - you get what you pay for

Check what support  you get (always a good idea)

Require reviews for new plugins, and old ones, esp if they haven’t updated in a while

Are they still maintained? (abandonware bad)

New owners? (many plugins and apps get bought and then start changing permissions, or worse, serving malware)


Joomla -

Vulnerable Extensions list -

Wordpress - WPScan


CCleaner -


Adversary generation systems

Red Baron -

Quickly building Redteam Infrastructure

If you have an interesting security talk and fancy visiting Amsterdam in the spring, then submit your talk to the Hack In The Box #HITB Amsterdam conference, which will take place between 9 and 13 April 2018. Tickets are already on sale,  And using the checkout code 'brakeingsecurity' discount code gets you a 10% discount". Register at





#Youtube Channel:

#iTunes Store Link:

#Google Play Store:

Our main site:


Join our #Slack Channel! Email us at

or DM us on Twitter @brakesec

#iHeartRadio App:


Comments, Questions, Feedback:

Support Brakeing Down Security Podcast by using our #Paypal OR our #Patreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM :

#Stitcher Network:

#TuneIn Radio App: