BrakeSec Education Podcast
472 episodes - English - Latest episode: about 1 month ago - ★★★★★ - 98 ratingsA podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
K12SIX's Eric Lankford and Doug Levin on helping schools get added security -p1
February 22, 2022 18:00 - 42 minutes - 34 MBThe K12 Security Information Exchange (K12 SIX) are a relatively new K12-specific ISAC – launched to help protect the US K12 sector from emerging cybersecurity risk. One of our signature accomplishments in our first year was the development and release of our ‘essential protections’ series – an effort to establish baseline cybersecurity standards for schools. See: https://www.k12six.org/essential-cybersecurity-protections https://www.grf.org/ Global Resilience Federation We will help ...
April Wright and Alyssa Miller - IoT platforms, privacy and security, embracing standards
February 15, 2022 03:49 - 41 minutes - 33.3 MBAlyssa Milller (@AlyssaM_InfoSec) April Wright (@Aprilwright) Open Source issues (quick discussion, because I value your opinions, and supply chain is important in the IoT world too.) Log4j and OSS software management and profitability Free as in beer, but you pay for the cup… (license costs $$, not the software). “If you make money using our software, you must buy a license” - not an end-user license Open source conference at Whitehouse: https://www.zdnet.com/article/log...
Alyssa Miller, April Wright, on IoT Privacy & Security, using tech for stalking, what could be done? Part1
February 07, 2022 19:49 - 34 minutes - 27.4 MBAlyssa Milller (@AlyssaM_InfoSec) April Wright (@Aprilwright) Talk about side projects, podcasts, speaking events, etc (if you want to) Open Source issues (quick discussion, because I value your opinions, and supply chain is important in the IoT world too.) Log4j and OSS software management and profitability Free as in beer, but you pay for the cup… (license costs $$, not the software). “If you make money using our software, you must buy a license” - not an end-user license ...
Bit of news, Belarus train system hack, VMware Horizon vulns, edge network device vulns
February 01, 2022 19:06 - 43 minutes - 35.2 MBNews articles we covered this week: https://www.wired.com/story/belarus-railways-ransomware-hack-cyber-partisans/ https://www.hackingarticles.in/linux-privilege-escalation-polkit-cve-2021-3560/ https://old.reddit.com/r/msp/comments/s48iji/vmware_horizon_servers_being_actively_hit_with/ https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/ Whimmery's Walkthroughs: Join @whimmery on her twitch or on the @brakesec Youtube cha...
April Wright and Alyssa Miller- Open Source sustainabilty
January 24, 2022 18:08 - 26 minutes - 21.5 MBAlyssa Milller (@AlyssaM_InfoSec) April Wright (@Aprilwright) 0. Open Source issues (quick discussion, because I value your opinions, and supply chain is important in the IoT world too.) Log4j and OSS software management and profitability Free as in beer, but you pay for the cup… (license costs $$, not the software). “If you make money using our software, you must buy a license” - not an end-user license Open source conference at Whitehouse: https://www.zdnet.com/article/log4j-afte...
Amélie Koran and Adam Baldwin discuss OSS sustainability, supply chain security,, governance, and outreach for popular applications - part2
January 18, 2022 19:50 - 46 minutes - 37.2 MBAdam Baldwin (@adam_baldwin) Amélie Koran (@webjedi) https://logging.apache.org/log4j/2.x/license.html https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/ https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/ F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS. https://twitter.com/BleepinComputer/status/1480182019854327808 https://www.bleepingcomputer.com/new...
OSS sustainability, log4j fallout, developer damages own code-p1
January 12, 2022 00:20 - 43 minutes - 35.1 MBAdam Baldwin (@adam_baldwin) Amélie Koran (@webjedi) Log4j vulnerability https://logging.apache.org/log4j/2.x/license.html https://www.theregister.com/2021/12/14/log4j_vulnerability_open_source_funding/ https://www.zdnet.com/article/security-firm-blumira-discovers-major-new-log4j-attack-vector/ F/OSS developer deliberately bricks his software in retaliation for big companies not supporting OSS. https://twitter.com/BleepinComputer/status/1480182019854327808 https:...
2021-046-Mick Douglas, Log4j vulnerabilities, egress mitigations- part2
December 23, 2021 03:37 - 40 minutes - 32.7 MBIntroduction Overview of Log4j vuln (as of 16 December 2021) Why is it a big deal? (impact/criticality/risk) Talk about patching vs. mitigation why wasn’t this given the same visibility in 2009? Because it’s Oracle or Java? Good callout is building slides to brief org leadership, detections, and other educational tools. Vuln fatigue (Java vulns in 2009 and pretty much forever cause us fatigue) Are there other technologies like log4j that prop up the entire world, and we jus...
2021-045-Mick Douglas, Log4j vulnerabilities, egress mitigations- part1
December 16, 2021 05:01 - 36 minutes - 28.8 MBIntroduction Overview of Log4j vuln (as of 16 December 2021) Why is it a big deal? (impact/criticality/risk) Talk about patching vs. mitigation why wasn’t this given the same visibility in 2009? Because it’s Oracle or Java? Good callout is building slides to brief org leadership, detections, and other educational tools. Vuln fatigue (Java vulns in 2009 and pretty much forever cause us fatigue) Are there other technologies like log4j that prop up the entire world, and we just do...
2021-044-Litmoose discusses stalking and protecting yourself
December 13, 2021 22:11 - 59 minutes - 47.6 MBNew $3 patron! 🎉Thank you John K.! National Domestic Violence Hotline at 1-800-799-7233, or by online chat. National Sexual Assault Hotline at 1-800-656-4673, or by online chat. https://www.stalkingawareness.org/wp-content/uploads/2019/01/SPARC_StalkngFactSheet_2018_FINAL.pdf TALKING VICTIMIZATION An estimated 6-7.5 million people are #stalked in a one year period in the United States. Nearly 1 in 6 women and 1 in 17 men have experienced stalking victimization at some point i...
2021-043- Fred Jennings, Vuln Disclosure policy, VEP, and 0day disclosure - p2
November 21, 2021 00:56 - 39 minutes - 31.6 MBhttps://twitter.com/Esquiring - Fred Jennings Vulnerabilities Equity program (VEP), vuln disclosure program (VDP), and what is the a way for disclosure of 0day? (‘proper’ is different and dependent) This show was inspired by this Tweet thread from @k8em0 and @_MG_ https://twitter.com/k8em0/status/1459715464691535877 https://twitter.com/_MG_/status/1459718518346174465 Legal Safe Harbor? Copy-left for security researchers…? What is a VEP? Not a new concept (2014) https:...
2021-042- Fred Jennings, VDP, Vuln Equity, And 0day disclosure - p1
November 21, 2021 00:54 - 36 minutes - 28.9 MBhttps://twitter.com/Esquiring - Fred Jennings Vulnerabilities Equity program (VEP), vuln disclosure program (VDP), and what is the best way for disclosure of 0day? (‘proper’ is different and dependent) This show was inspired by this Tweet thread from @k8em0 and @_MG_ https://twitter.com/k8em0/status/1459715464691535877 https://twitter.com/_MG_/status/1459718518346174465 Legal Safe Harbor? Copy-left for security researchers…? What is a VEP? Not a new concept (2014) https://ob...
Blumira Sponsor #3 - Emily Eubanks, more actionable events, incident response help, and more
November 21, 2021 00:53 - 53 minutes - 42.8 MBIn this sponsored BDS episode, Bryan Brake and Amanda Berlin interview Emily Eubanks, a Security Operations Analyst for #Blumira. We discuss common business risks like IT staff turnover, a lack of Incident Response procedures, choosing not to follow PowerShell best practices, and MFA use for critical or sensitive applications. We also discuss ways to improve security posture to mitigate these risks as well as how Blumira can help organizations in light of these common business challenges. ...
2021-041-0day disclosure, Randori, FBI email server pwnage
November 16, 2021 05:47 - 36 minutes - 29.6 MBhttps://www.bleepingcomputer.com/news/security/us-education-dept-urged-to-boost-k-12-schools-ransomware-defenses/ https://securityaffairs.co/wordpress/124570/cyber-crime/fbi-hacked-email-server.html https://www.zdnet.com/article/security-company-faces-backlash-for-waiting-12-months-to-disclose-palo-alto-0-day/ https://www.randori.com/blog/why-zero-days-are-essential-to-security/ https://twitter.com/_MG_/status/1459024603263557633 “Hey... did anyone notice that PAN 0day was fix...
2021-040-Sweden's parents rebel over poor App design, US government forcing patching of systems, and Vuln chaining
November 08, 2021 21:35 - 36 minutes - 29.6 MBNews stories covered this week, as well as links of note: https://www.wired.co.uk/article/sweden-stockholm-school-app-open-source https://curtbraz.medium.com/a-konami-code-for-vuln-chaining-combos-1a29d0a27c2a https://docs.google.com/presentation/d/17gISafUZzEyjV7wkdHaTQZmtxstBqECa/edit#slide=id.p4 https://www.securityweek.com/braktooth-new-bluetooth-vulnerabilities-could-affect-millions-devices https://offsec.almond.consulting/intro-to-file-operation-abuse-on-Win...
2021-039-Minimum Viable vendor security sheet, Federal logging requirements, and more!
November 02, 2021 23:42 - 55 minutes - 44.1 MBhttps://securityaffairs.co/wordpress/123948/security/2021-list-of-most-common-hardware-weaknesses.html? https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf https://www.darkreading.com/application-security/tech-companies-create-security-baseline-for-enterprise-software https://security.googleblog.com/2021/10/launching-collaborative-minimum.html ...
SPONSOR-Blumira's Nato Riley on Log Classification, Security Maturity,
November 01, 2021 20:56 - 44 minutes - 35.4 MBFrom Nato’s email: Hi Bryan, Discussing the challenges that come with not having good logging in place could be a great topic! We could make it partly about how security maturity works, in the idea that security generally starts with awareness and visibility. The topic sort of gets into the idea that knowing is half the battle, so logging can be transformative for helping a company properly secure themselves from online risks! What do you think of this topic idea? ...
2021-038-Liz Saling, 5 pillars of building a good team
October 25, 2021 23:30 - 1 hour - 53.9 MBBlog post that inspired this episode: https://lizsaling.com/SWE-team-five-pillars/ Liz Saling (@lizsaling) https://www.mindtools.com/pages/article/newLDR_86.htm http://www.mspguide.org/tool/tuckman-forming-norming-storming-performing https://michaelhyatt.com/3-roadblocks-to-avoid-for-optimal-team-performance Erin meyer is the one who did the netflix study! https://bigthink.com/the-present/high-performing-teams/ https://alicedartnell.com/blog/why-smart-goals-are-stup...
2021-037-Tony Robinson, leveraging your home lab for job success - Part2
October 17, 2021 22:48 - 57 minutes - 46.3 MBTony Robinson (@da_667) Thought we’d put in a little news to round out the show https://www.bbc.com/news/world-us-canada-58863678 - nuclear secrets hidden in a peanut butter sandwich https://www.theregister.com/2018/04/20/rsa_security_conference_insecure_mobile_app/ https://www.vice.com/en/article/jg8w9b/the-twitch-hack-is-worse-for-streamers-than-for-twitch https://nakedsecurity.sophos.com/2021/10/08/apache-patch-proves-patchy-now-you-need-to-patch-the-patch/ https://www.sec...
2021-036-Tony Robinson, twtich breach, @da_667 lab setup new book edition! -part1
October 14, 2021 02:23 - 53 minutes - 42.9 MBTony Robinson (@da_667) Thought we’d put in a little news to round out the show https://www.bbc.com/news/world-us-canada-58863678 - nuclear secrets hidden in a peanut butter sandwich https://www.theregister.com/2018/04/20/rsa_security_conference_insecure_mobile_app/ https://www.vice.com/en/article/jg8w9b/the-twitch-hack-is-worse-for-streamers-than-for-twitch https://nakedsecurity.sophos.com/2021/10/08/apache-patch-proves-patchy-now-you-need-to-patch-the-patch/ https://www.sec...
2021-035-GRC selection discussion, TechSecChix, and the 'job description problem'
September 29, 2021 15:55 - 1 hour - 53.6 MBGRC tools (Governance Risk and Compliance) @ki_twyce_ @TechSecChix INfosec unplugged Security Happy Hour Eric’s cyberpoppa show Cyber Insight show - cohost Blumira is hiring https://www.blumira.com/careers/ https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html https://www.oxial.com/all/how-to-go-about-cho...
2021-034-Khalilah Scott, good GRC tool practices - part1
September 29, 2021 04:47 - 43 minutes - 35.2 MBGRC tools (Governance Risk and Compliance) @ki_twyce_ @TechSecChix INfosec unplugged Security Happy Hour Eric’s cyberpoppa show Cyber Insight show - cohost Blumira is hiring https://www.blumira.com/careers/ https://www.cio.com/article/3206607/what-is-grc-and-why-do-you-need-it.html https://www.pwc.ch/en/insights/fs/10-pitfalls-when-implementing-grc-technology-and-how-to-avoid-them.html https://www.oxial.com/all/how-to-go-about-cho...
2021-033-Kim_Crawley, 8 steps to better security-Part2
September 20, 2021 00:56 - 41 minutes - 47.8 MB8 Steps to Better Security: A Simple Cyber Resilience Guide to Business is done all final editing and will be published by @WileyTech on October 5th. Pre-orders are available now via Amazon, Barnes & Noble, and other retailers. Sponsored Link: https://amzn.to/3k3pDAN Amazon teaser: “Harden your business against internal and external cybersecurity threats with a single accessible resource. In 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business, ...
SPONSOR: Blumira's Patrick Garrity
September 16, 2021 18:25 - 48 minutes - 44.1 MBBlumira- Per crunchbase: “Blumira's end-to-end platform offers both automated threat detection and response, enabling organizations of any size to more efficiently defend against cybersecurity threats in near real-time. It eases the burden of alert fatigue, complexity of log management and lack of IT visibility. Blumira's cloud SIEM can be deployed in hours with broad integration coverage across cloud, endpoint protection, firewall and identity providers including Office 365, G Suite, Cro...
2021-032--Author_Kim_crawley-8-Simple_Rules_for_Cybersecurity
September 14, 2021 03:55 - 42 minutes - 48.2 MB8 Steps to Better Security: A Simple Cyber Resilience Guide to Business is done all final editing and will be published by @WileyTech on October 5th. It is available now via Kindle. Pre-orders are available now via Amazon, Barnes & Noble, and other retailers. Sponsored Link: https://amzn.to/3k3pDAN Amazon teaser: “Harden your business against internal and external cybersecurity threats with a single accessible resource. In 8 Steps to Better Security: A Simple Cyber ...
2021-031- back in the saddle, conference discussion, company privacy
September 03, 2021 03:31 - 1 hour - 71.1 MB"bel paese, ma più caldo del buco del culo di Satana" https://www.theverge.com/22648265/apple-employee-privacy-icloud-id https://mysudo.com/ https://arstechnica.com/information-technology/2021/09/npm-package-with-3-million-weekly-downloads-had-a-severe-vulnerability/ https://www.bleepingcomputer.com/news/security/bluetooth-braktooth-bugs-could-affect-billions-of-devices/ www.infoseccampout.com www.log-md.com @infosystir @bryanbrake @brakesec @hackershealth @boettcher...
2021-030-incident response, business goal alignment, showing value in IR -p2
August 22, 2021 17:00 - 45 minutes - 52.6 MBhttps://blog.teamascend.com/6-phases-of-incident-response https://www.securitymetrics.com/blog/6-phases-incident-response-plan Recent vulnerabilities got Bryan thinking about incident response. Are organizations speedy enough to keep up? If the spate of vulns continue, what can we do to ensure we are dealing with the most important issues? How do we communicate those issues to management? How should we handle the workload? Testing of your IR costs money, do you have budget fo...
2021-029- incident response, PICERL cycle, showing value in IR, aligning with business goals -p1
August 15, 2021 17:00 - 40 minutes - 45.9 MBhttps://blog.teamascend.com/6-phases-of-incident-response https://www.securitymetrics.com/blog/6-phases-incident-response-plan Recent vulnerabilities got Bryan thinking about incident response. Are organizations speedy enough to keep up? If the spate of vulns continue, what can we do to ensure we are dealing with the most important issues? How do we communicate those issues to management? How should we handle the workload? Testing of your IR costs money, do you have budget f...
2021-028-Rebekah Skeete - social engineering techniques and influences
August 08, 2021 18:32 - 53 minutes - 61.2 MBBlackGirlsHack was created to share knowledge and resources to help black girls and women breakthrough barriers to careers in information security and cyber security. The vision for Black Girls Hack (BGH) is to provide resources, training, mentoring, and access to black girls and women and increase representation and diversity in the cyber security field and in the executive suites. Rebekah Skeete CyberBec @rebekahskeete Tennisha Martin ~@misstennish https://blackgirlshack.org/ ...
2021-027-Black Girls Hack COO Rebekah Skeete!
August 02, 2021 03:48 - 1 hour - 78.9 MBBlackGirlsHack was created to share knowledge and resources to help black girls and women breakthrough barriers to careers in information security and cyber security. The vision for Black Girls Hack (BGH) is to provide resources, training, mentoring, and access to black girls and women and increase representation and diversity in the cyber security field and in the executive suites. Rebekah Skeete CyberBec @rebekahskeete Tennisha Martin ~@misstennish https://blackgirlshack.org/ http...
2021-026-Triaging threat research, Jira vulns, Serious Sam vuln, Systemd vulns, and HiveNightmare
July 28, 2021 18:24 - 56 minutes - 64.8 MBhttps://www.mindtools.com/pages/article/newHTE_95.htm https://www.infoq.com/news/2021/07/microsoft-linux-builder-mariner/ https://www.productplan.com/glossary/action-priority-matrix/ More PrintNightmare issues: https://www.bleepingcomputer.com/news/microsoft/windows-10-july-security-updates-break-printing-on-some-systems/ “"After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are n...
2021-025-Dan Borges, Author of Adversarial Techniques from Packt Publishing
July 19, 2021 03:16 - 48 minutes - 55.2 MBDan Borges - Author @1njection Buy the book on Amazon: https://www.amazon.com/Adversarial-Tradecraft-Cybersecurity-real-time-computer-ebook-dp-B0957LV496/dp/B0957LV496?_encoding=UTF8&me=&qid=&linkCode=ll1&tag=bdspod-20&linkId=8f2daf0b3563cbbc2cee6a2d2138149d&language=en_US&ref_=as_li_ss_tl https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/amp/ Cool near real time updates on the hack: https://www.huntr...
2021-024-Dan Borges, Author of Adversarial Techniques from Packt Publishing
July 10, 2021 17:48 - 35 minutes - 40.2 MBDan Borges - Author @1njection Buy the book on Amazon: https://www.amazon.com/Adversarial-Tradecraft-Cybersecurity-real-time-computer-ebook-dp-B0957LV496/dp/B0957LV496?_encoding=UTF8&me=&qid=&linkCode=ll1&tag=bdspod-20&linkId=8f2daf0b3563cbbc2cee6a2d2138149d&language=en_US&ref_=as_li_ss_tl https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/amp/ Cool near real time updates on the hack: https://www.hun...
2021-023-d3fend framework, DLL injection types, more solarwinds infections
June 30, 2021 02:57 - 57 minutes - 66 MBPihole setup Conference talk https://www.reuters.com/technology/microsoft-says-new-breach-discovered-probe-suspected-solarwinds-hackers-2021-06-25/ https://securityaffairs.co/wordpress/119425/apt/solarwinds-nobelium-ongoing-campaign.html https://www.ehackingnews.com/2021/06/attackers-pummelled-gaming-industry.html https://www.bleepingcomputer.com/news/microsoft/windows-11-wont-work-without-a-tpm-what-you-need-to-know/ https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windo...
2021-022-github policy updates targeting harmful software, Ms. Berlin discusses WWHF, CVSS discussion
June 22, 2021 05:01 - 48 minutes - 55.4 MBMs. Berlin’s conference report WWFH (reno, NV) Her next appearances will be at Defcon 2021 and BlueTeam Con 2021! https://www.infosecurity-magazine.com/news/amazon-prime-day-phishing-deluge/ https://www.ehackingnews.com/2021/06/threat-actors-use-google-drives-and.html https://www.kennasecurity.com/blog/vulnerability-score-on-its-own-is-useless/ https://portswigger.net/daily-swig/nist-charts-course-towards-more-secure-supply-chains-for-government-software https://github.blog/...
2021-021-Security Sphynx, ZeroTrust, implementation prep- part2
June 16, 2021 01:52 - 54 minutes - 62.3 MBEO from President Biden asked for a plan to create Zerotrust implementation in the next 90 days (well, 70ish days now… as of 23 May) https://twitter.com/SecuritySphynx/status/1390475868032618496 @securitySphynx “CIO: Zero Trust is the way…” What is the optimal configuration (read: easiest) zero trust config? Are there different ways to implement Zero Trust?` https://solutions.pyramidci.com/blog/posts/2021/february/the-swiss-cheese-approach/ https://tulsaworld.com/opinion/col...
2021-020: Security Sphinx, Preparing for ZeroTrust implementation - Part1
June 06, 2021 18:19 - 42 minutes - 48.8 MBFull show notes are available here: https://docs.google.com/document/d/14dCpXeQ520IcZC3m007zVPhlIPXKgfv0LkqVnbDx0fc/edit?usp=sharing EO from President Biden asked for a plan to create Zerotrust implementation in the next 90 days (well, 70ish days now… as of 23 May) https://twitter.com/SecuritySphynx/status/1390475868032618496 @securitySphynx “CIO: Zero Trust is the way…” What is the optimal configuration (read: easiest) zero trust config? Are there different wa...
2021-020: Security Sphynx, Preparing for ZeroTrust implementation - Part1
June 06, 2021 18:19 - 42 minutes - 48.8 MBFull show notes are available here: https://docs.google.com/document/d/14dCpXeQ520IcZC3m007zVPhlIPXKgfv0LkqVnbDx0fc/edit?usp=sharing EO from President Biden asked for a plan to create Zerotrust implementation in the next 90 days (well, 70ish days now… as of 23 May) https://twitter.com/SecuritySphynx/status/1390475868032618496 @securitySphynx “CIO: Zero Trust is the way…” What is the optimal configuration (read: easiest) zero trust config? Are there different wa...
2021-019-Joe Gray, OSINT CTFs, gamifying and motivating to do the right thing
May 28, 2021 18:35 - 47 minutes - 54 MBpart 2: CTF OSINT discussion How people will give additional information, even if they aren't receiving points for it. Gamifying and motivating people to 'do the right thing', like offering a chance to win a lottery for a covid vaccine, or free sports tickets to get a shot, or gift cards when reporting phishes. Joe Gray @C_3PJoe OSINTION https://theosintion.com New book… ship date? How to get it? https://www.amazon.com/Practical-Social-Engineering-Joe-Gray/dp/1718500...
2021-018-LawyerLiz, Pres. Biden's EO, and the clueless professor
May 22, 2021 02:10 - 1 hour - 73.3 MBElizabeth Wharton: @lawyerliz on Twitter Executive Order: (https://www.americanbar.org/groups/public_education/publications/teaching-legal-docs/what-is-an-executive-order-/) “An executive order is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered consecutively, so executive orders may be referenced by their assigned number, or their topic. Other presidential documents are sometimes simil...
2021-017-Joe Gray on his future book, the OSINT loop, motivators, and gamification - part1
May 18, 2021 02:45 - 46 minutes - 53.5 MBJoe Gray @C_3PJoe OSINTION https://theosintion.com New book… ship date? How to get it? https://www.amazon.com/Practical-Social-Engineering-Joe-Gray/dp/171850098X/ https://nostarch.com/practical-social-engineering "Gray provides a very accessible look at social engineering that should be essential reading for pentesters and ethical hackers." — Ian Barker, BetaNews Story (Bryan: found my shipmate from the Navy) Gathering OSINT (what is ethically too far?) ...
2021-016-researchers knowingly add vulnerable code to linux kernel, @pageinsec joins us to discuss -part2
May 05, 2021 05:30 - 45 minutes - 51.9 MBUpdates to the Linux kernel controversy: https://lwn.net/SubscriberLink/854645/334317047842b6c3/ @pageinSec on Twitter Dan Kaminsky obit: https://www.theregister.com/2021/04/25/dan_kaminsky_obituary/ Spencer Geitzen: http://brakeingsecurity.com/2018-024-pacu-a-tool-for-pentesting-aws-environments https://en.wikipedia.org/wiki/Milgram_experiment https://lore.kernel.org/lkml/[email protected]/ https://cse.umn.edu/cs/stat...
2021-015-researchers knowingly add vulnerable code to linux kernel, @pageinsec joins us to discuss -part1
April 27, 2021 06:41 - 47 minutes - 54.3 MB@pageinSec on Twitter Dan Kaminsky obit: https://www.theregister.com/2021/04/25/dan_kaminsky_obituary/ Spencer Geitzen: http://brakeingsecurity.com/2018-024-pacu-a-tool-for-pentesting-aws-environments https://en.wikipedia.org/wiki/Milgram_experiment https://lore.kernel.org/lkml/[email protected]/ https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021 https://www.labbott.name/blog/2021/04/21/breakingtrust....
2021-014-Slipstreaming blocked by Chrome, Slack being used for malware, plus dork and deskjockeys!
April 13, 2021 03:48 - 51 minutes - 59.5 MBChrome Blocks Port 10080 to Prevent Slipstreaming Hacks - E Hacking News - Latest Hacker News and IT Security News https://www.reddit.com/r/netsec/comments/jlu3cf/nat_slipstreaming/ Samy Kamkar - NAT Slipstreaming v2.0 Slack and Discord are Being Hijacked by Hackers to Distribute Malware - E Hacking News - Latest Hacker News and IT Security News Texan's alleged Amazon bombing effort fizzles: Militia man wanted to take out 'about 70 per cent of the internet' • The Register ...
2021-013-Liana_McCrea-Garrison_Yap-cecil_hotel, Elisa_Lam-physical_security-part2
April 07, 2021 16:57 - 58 minutes - 67 MBReparations.tech *Public Safety Coordinators -Field Operations (Road Incidents) -Specialized Buildings (The Library, Medical Facilities, CCR) *Public Safety Officers A. Discuss Training -SOP Creation *SOPs are very custom and dependent on the organization. There are no “NIST” standards. [IN CYBER: Frameworks for Physical Security ---> ] *Think on your feet, many plans often get thrown out the window. *Creating policies due to unforeseen incidents -Physical Security Assessmen...
2021-012-physical security discussion with @geecheethreat and @garrisony75 -pt1
March 30, 2021 05:02 - 33 minutes - 37.9 MBBios for guests Reparations.tech *Public Safety Coordinators -Field Operations (Road Incidents) -Specialized Buildings (The Library, Medical Facilities, CCR) *Public Safety Officers A. Discuss Training -SOP Creation *SOPs are very custom and dependent on the organization. There are no “NIST” standards. [IN CYBER: Frameworks for Physical Security ---> ] *Think on your feet, many plans often get thrown out the window. *Creating policies due to unforeseen incidents ...
2021-010- Dr. Catherine J Ullman, the art of communication in an Incident - Part 2
March 21, 2021 21:36 - 45 minutes - 41.7 MBIn this episode: knowing your audience - discussing the IR impact how did this happen? how deep do you want to tailor your potential discussion? Every level must be asking "what, when, why, how?", not just those in the trenches does the level of incident mean that communication scales accordingly? And much more! Dr. Catherine J. Ullman (@investigatorchi) Incident Response communications Reminders: Patreon Jeff T. just became a $2 patron! Accepted to CircleCityCon on IR co...
2021-011- Dr. Catherine J Ullman, the art of communication in an Incident - Part 2
March 21, 2021 21:36 - 45 minutes - 41.7 MBIn this episode: knowing your audience - discussing the IR impact how did this happen? how deep do you want to tailor your potential discussion? Every level must be asking "what, when, why, how?", not just those in the trenches does the level of incident mean that communication scales accordingly? And much more! Dr. Catherine J. Ullman (@investigatorchi) Incident Response communications Reminders: Patreon Jeff T. just became a $2 patron! Accepted to CircleCityCon on IR co...
2021-010- Dr. Catherine J Ullman, the art of communication in an Incident - Part 1
March 17, 2021 04:05 - 34 minutes - 31.2 MBDr. Catherine J. Ullman (@investigatorchi) Incident Response communications Reminders: Patreon Jeff T. just became a $2 patron! Accepted to CircleCityCon on IR communications! Bsides Rochester Security B-Sides Rochester Spoke at SeaSec meetups: Qualys Update on Accellion FTA Security Incident | Qualys Security Blog Security Advisory | SolarWinds Family Educational Rights and Privacy Act (FERPA) It’s important to share necessary information with senio...
2021-009-Jasmine_Jackson-TheFluffy007-analyzing_android_apps-FRida-Part2
March 07, 2021 19:13 - 50 minutes - 45.8 MB@thefluffy007 A Bay Area Native (Berkeley) I always tell people my computer journey started at 14, but it really started at 5th grade (have a good story to tell about this) Was a bad student in my ninth grade year - almost kicked out of high school due to cutting. Had a 1.7 GPA. After my summer internship turned it around to a 4.0. Once I graduated from high school, I knew I wanted to continue on the path of computers. Majored in Computer Science Graduated with Bachelors and Master...