Brakeing Down Security Podcast

Brakeing Down Security Podcast

A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.... Show More

Episodes

August 9, 2020 83 min
Share
Mark as Played

WISP.org PSA at 35m56s - 37m 19s

 

Agenda:

Bio/background

Why are you here (topic discussion)

What is the Linux Security Summit North America



https://grsecurity.net/

 

Questions from the meeting invite:

 

This only affects people who want to use a custom kernel, correct? This doesn’t affect you if you are running bog-standard linux (debian, gentoo, Ubuntu) right?



What options do people have in cloud environments?

 

Does the use ...

Read more
Share
Mark as Played

Whitepaper: https://www.jsof-tech.com/ripple20/

[blog] Build your own custom TCP/IP stack: https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/

Another custom TCP/IP stack: https://github.com/tass-belgium/picotcp

RIPPLE 20 Whitepaper: https://drive.google.com/file/d/1d3NNVCRPVFk0-V0HUO5CxWWVn9pYIvmF/view?usp=sharing 

Agenda:

Part 1:

Background on the report

Why is it called RIPPLE20? What’s the RIPPLE about? 

Communi...

Read more
Share
Mark as Played

Whitepaper: https://www.jsof-tech.com/ripple20/

[blog] Build your own custom TCP/IP stack: https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/

Another custom TCP/IP stack: https://github.com/tass-belgium/picotcp

RIPPLE 20 Whitepaper: https://drive.google.com/file/d/1d3NNVCRPVFk0-V0HUO5CxWWVn9pYIvmF/view?usp=sharing 

Agenda:

Part 1:

Background on the report

Why is it called RIPPLE20? What’s the RIPPLE about? 

Commu...

Read more
Share
Mark as Played

James Nelson, VP of Infosec, Illumio

How has COVID-19 changed cybersecurity? Why is cyber resilience especially important now? What are the most important steps to ensure cyber-resiliency? How do you talk to business leaders about investing in cybersecurity to boost resiliency?

The best way for organizations to keep their ‘crown jewels’ secure is adopting a Zero Trust mindset. Organizations need to take advantage of adaptive securi...

Read more
Share
Mark as Played

Andrew Shikiar, executive director and CMO of the (Fast IDentity Online) FIDO Alliance.

 

What is FIDO?

“ open industry association launched in February 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. FIDO addresses the lack of interoperability among strong authentication devices and reduces the problems users face creating and remembering multiple usern...

Read more
Share
Mark as Played

**If Derek told you about us at SANS, send a DM to @brakeSec or email bds.podcast@gmail.com for an invite to our slack**

OSCP/HtB/VulnHub is a game... designed to have a tester find a specific nugget of information to pivot or gain access to greater power on the system. 

Far different in the 'real' world.

 

Privilege escalation in Windows:

*as of June 2020, many of these items still work, may not work completely in ...

Read more
Share
Mark as Played

 Andrew Shikiar, executive director and CMO of the (Fast IDentity Online) FIDO Alliance.

 

What is FIDO?

“ open industry association launched in February 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. FIDO addresses the lack of interoperability among strong authentication devices and reduces the problems users face creating and remembering multiple user...

Read more
Share
Mark as Played

Masha Sedova - Founder, Elevate Security

 

Topic ideas from the PR company:

 

  • Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this risk. But where do the vulnerabilities and strengths truly lie? 
  •  

    The secret is, security teams have installed tons of security tooling that can gi...

    Read more
    Share
    Mark as Played

    Masha Sedova - Founder, Elevate Security

    Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this risk. But where do the vulnerabilities and strengths truly lie? 

    The secret is, security teams have installed tons of security tooling that can give insights into how our employees are ...

    Read more
    Share
    Mark as Played

    Github actions - https://github.com/features/actions

    How are these written? 

    It looks like a marketplace format? How do they maintain code quality?

    What does it take setup the actions?

    It looks like IFTTT for DevOps?

    What kind of integrations does it allow for? Will it handle logins or API calls for you?

    Is it moderated in some way? What’s the acceptance criteria for these?

    What are you trying to accomplish by using Github Actions?
    ...

    Read more
    Share
    Mark as Played

    Tanya's AppSec Course

    https://www.shehackspurple.dev/server-side-request-forgery-ssrf-defenses

    https://www.shehackspurple.dev

    Server-side request forgery - https://portswigger.net/web-security/ssrf

    What are differences between Stored XSS and SSRF? 

    This requires a MITM type of issue?

    Doesn’t stored XSS get stored on the server?

    What conditions must exist for SSRF to be possible?

    What mitigations need to be in place for mitigat...

    Read more
    Share
    Mark as Played

    April Mardock - CISO - Seattle Public Schools

    Jared Folkins - IT Engineer - Bend La Pine Schools

    Nathan McNulty - Information Security Architect - Beaverton School District

     

    OpSecEdu - https://www.opsecedu.com/

    Slack

     

    https://www.a4l.org/default.aspx 

     

    https://clever.com/ 

     

    BEC - https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec) 

     

    https://www.k12cybersecurityconference.org/ 

     

    https://acpe...

    Read more
    Share
    Mark as Played

    April Mardock - CISO - Seattle Public Schools

    Jared Folkins - IT Engineer - Bend La Pine Schools

    Nathan McNulty - Information Security Architect - Beaverton School District

     

    OpSecEdu - https://www.opsecedu.com/

    Slack

     

    https://www.a4l.org/default.aspx 

     

    https://clever.com/ 

     

    BEC - https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec) 

     

    https://www.k12cybersecurityconference.org/ 

     

    https://acp...

    Read more
    Share
    Mark as Played

    https://twitter.com/AlyssaM_InfoSec/status/1159877471161839617?s=19

     

    Looking forward to sharing my vision for ending the 60 year cycle of bad defense strategies in #infosec and my challenge to think about security in a more effective way. https://sched.co/TAqU

    @dianainitiative

    #DianaInitiative2019 #cdwsocial

    @CDWCorp

     

    1961 - MIT - CTSS - https://en.wikipedia.org/wiki/Compatible_Time-Sharing_System

     

    Egg, coconut, ...

    Read more
    Share
    Mark as Played

    Chat About Brakeing Down Security Podcast

    Popular Podcasts

    Stuff You Should Know
    Crime Junkie
    Crime Junkie
    If you can never get enough true crime...
    Dateline NBC
    Dateline NBC
    Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
      Music, radio and podcasts, all free. Listen online or download the iHeartRadio App.

      Connect

      © 2020 iHeartMedia, Inc.