Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
2021-002-Elastic Search license changes, Secure RPC patching for windows, ironkey traps man's $270 million in Bitcoin
Microsoft's Secure RPC patch will potentially break domains on 09 February ElasticSearch is changing licenses to SSPL Man has $270 million in BTC trapped on an Ironkey USB drive
Jan 18
46 min
2021-001-news, youtuber 'dream' doxxed, solarwind passwords bruteforced, malware attacks
Dream Doxxed: Password Guessing Used as a Weapon by SolarWinds Hackers to Breach Targets - E Hacking News - Latest Hacker News and IT Security News Hackers target cryptocurrency users with new ElectroRAT malware | ZDNet
Jan 12
46 min
2020-046-solarwinds-fireeye-breaches-GE-medical-device-issues-and-2021_predictions
End of year podcast   Blumeria sponsorship NEWS:   IT company SolarWinds says it may have been hit in 'highly sophisticated' hack | Reuters   FireEye hacked: US cybersecurity firm FireEye hit by 'state-sponsored' attack - BBC News     https://krypt3ia.wordpress.com/ - 16 december 2020   Microsoft flexing muscle to shutdown c2: Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach - GeekWire   Little-known SolarWinds gets scrutiny over hack, stock sales (apnews.com)   FireEye, GoDaddy,and Microsoft create kill switch for SolarWinds backdoorSecurity Affairs   US Gov has hacked: US government agencies hacked; Russia a possible culprit (apnews.com)   Not mentioned during the podcast: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor | FireEye Inc   Not trying to spread FUD, but would infiltration by using FOSS tools be easier than Solarwinds?   Time to remove Nano Adblocker and Defender from your browsers (except Firefox) - gHacks Tech News   System oriented programming - Cloud-Sliver (cloud-sliver.com)  Google Cloud (over)Run: How a free trial experiment ended with a $72,000 bill overnight • The Register   G’bye Flash… Adobe releases final Flash Player update, warns of 2021 kill switch (bleepingcomputer.com) IT workers worried about AI making them obsolete…  IT Workers Fear Becoming Obsolete in Cyber Roles - Infosecurity Magazine (infosecurity-magazine.com)   Vulnerabilities Found in Multiple GE Imaging Systems - Infosecurity Magazine (infosecurity-magazine.com)   Qbot malware switched to stealthy new Windows autostart method (bleepingcomputer.com) https://www.atlasobscura.com/places/encryption-lava-lamps - “The randomness of this wall of lava lamps helps encrypt up to 10 percent of the internet. “   It’s been the year of the business continuity program this year… and how agile yours is. --thoughts?   Future? Bryan: Companies that are ‘all in’ on remote work will back track. Amanda: I think we’ll see way more keep the wfh now that they realize it saves $$   heck out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonMusic: https://brakesec.com/amazonmusic  #Brakesec Store!: https://brakesec.com/teepub  #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Dec 16, 2020
52 min
SPONSORED- Nathanael Iversen from Illumio, future of microsegmentation,
What is the difference between having a proactive vs. reactive security strategy? What does micro-segmentation adoption look like as we head into the new year? What is the future of micro-segmentation?  Segmentation of database areas? Logs?
Dec 7, 2020
36 min
2020-045-Marco Salvati, supporting open source devs, incentivizing leeching companies who don't give back- part2
What is Porchetta Industries? What is the current problem with supporting opensource projects? How are you working to solve the problem
Dec 6, 2020
44 min
2020-044-Marcello Salvati (@byt3bl33d3r), porchetta industries, supporting opensource tool creators, sponsorship model
What is Porchetta Industries? What is the current problem with supporting opensource projects? How are you working to solve the problem
Dec 1, 2020
29 min
2020-043-Software_Defined_Radio-Sebastien_dudek-RF-attacks- IoT and car RF attacks
Why we are here today? What kind of hardware or software do you need? Why would a security professional want to know how to use SDR tools and attacks? What other kinds of attacks can be launched? What are the current limitations to testing wireless and RF related systems? What about custom wireless implementations? I’m a wireless manufacturer of some kind of device. What are some things I could do to ensure that the types of attacks we discussed here cannot affect me?
Nov 23, 2020
31 min
SPONSORED Podcast: Katey Wood from Illumio on deployment and using WIndows Filtering Platform
**Apologies on the Zoom issues** This is the 2nd of 3 sponsored podcast interviews with Illumio about Their zero trust product.  Katey Wood is the Director of Product Marketing at Illumio. https://www.linkedin.com/in/kateywood/ Topic: Conversation on segmentation and ransomware Topic Background:  The attack surface and vulnerabilities are on the rise, along with cyber attacks Why? Remote everything - cloud collaboration (including processing PII) is the new normal and that means the attack surface is heightened. This requires appropriate network, cloud, and endpoint security. Double ransom with #data #exfiltration -- more attackers are exfiltrating customer data from businesses and (if ransom is withheld) extorting consumers directly through bitcoin - often in the headlines. Privacy is a chief security concern now more than ever before, as remote everything continues and #cyberattacks and #ransomware attacks skyrocket. For businesses, Covid and the new WFH normal means even more vulnerabilities and greater incentive to pay an even higher ransom to avoid privacy law penalties and class-action litigation. Enter Segmentation. Perimeter security is important, but unfortunately, we all know that alone it’s not enough (i.e. breach, after breach, after high-profile breach). #ZeroTrust the assume breach mentality/default deny are philosophies that take security deeper to protect organizations from a threat moving laterally within their environment. This is helpful because it’s often not the initial point of breach that causes so much damage – it’s the breach spreading to more critical data and assets that’s so destructive. #Network #segmentation is a crucial control to secure critical data and PII, by ring-fencing applications with patient or client data. Implementing Zero Trust security policies limits access to only allowed parties with a legitimate business purpose and stops the attacker from moving freely across the network to the most valuable data. #Illumio helps #healthcare, academic, and other critical industries keep their crown jewels safe through better, more scalable micro-segmentation that decouples Zero Trust from the constraints of the network by implementing it on the workload.   Vertical ‘Brakedown’ - Healthcare and Education Businesses in the healthcare and education industry often have large numbers of customers and employees, and handle large volumes of PII, are especially at risk. Both have already been under scrutiny for privacy concerns around PII for years, through regulations like #HIPAA in healthcare and #FERPA in education (and now #CCPA). Now that distance learning is the norm and medical records have gone largely electronic, it’s even easier for attackers to move between systems if there are no network segmentation access policies in place to prevent it.   Potential Questions:  Customer data cases:   ‘Dead data’   With today’s workforce largely remote, tell me what that means from a security standpoint. What challenges are businesses facing to protect important data/PII? What is that data “worth” and what are the consequences of falling victim to a ransomware attack or similar event from a bad actor? Talk to me about the “assume breach mentality.” What does that mean and how can you/why should you use this philosophy in your approach to security? How does segmentation relate to compliance? How do the two go hand in hand? How does segmentation protect organizations against large scale breaches? In terms of cost, is segmentation a sizable investment for SMBs? Is it a worthwhile investment, in terms of dollars saved from ransomware attacks? #Segmentation is often thought of as a big (perhaps cumbersome) project – how do you suggest organizations make it more scalable? How does segmentation protect end users?  
Nov 16, 2020
42 min
2020-042-Kim Crawley and Phillip Wylie discuss "Pentester Blueprint", moving into pentesting career
topics discussed: Why did you write the book? What is a pentester? Skills needed Education of hacker Building a lab Kali linux Pentester Framework Docker OWASP Juice Box Vulnhub Overthewire PicoCTF Developing a plan Gaining experience Gaining employment How companies can hire better qualified candidates
Nov 15, 2020
1 hr 10 min
2020-041- Conor Sherman, IR stories, cost of not prepping for an incident
man's search for meaning poor planning means poor performance in an incident SHIELD from MITRE RTO/RPO metrics 7 steps to building
Nov 9, 2020
1 hr 17 min
Load more