BrakeSec Education Podcast
472 episodes - English - Latest episode: about 1 month ago - ★★★★★ - 98 ratingsA podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
2015-007-SANS_Top20_14and15--Proving_Grounds_Microcast with Megan Wu!
February 10, 2015 04:44 - 53 minutes - 36.8 MBExtra special treat this week! We do a continuation of our review of the Top 20 Security Controls, in which we do #14 and #15, which all of you will find very interesting. But the real reason we are posting this today is the Call for Papers and Call for Mentors for the Bsides Las Vegas Proving Grounds! We invited Magen Wu (@tottenkoph) on to discuss. If you've ever asked yourself "I'd like to give a talk, but they'd never put me on" NOW IS YOUR CHANCE! :) This is a great opportunity i...
2015-006- Is your ISP doing a 'man-in-the-middle' on you?
February 07, 2015 04:40 - 59 minutes - 40.8 MBDuring our research with Lee Brotherston, who we had on last week for our podcast on threat modeling, we got to listen to one of his talks about how his ISP in Canada was actively doing a Man-in-Middle injection of a banner into sites that he visited. We were intrigued, and also gobsmacked (I can say that, right?) about the brashness of an ISP not apparently understanding the security implications of this, so we had him back on totalk about the finer points of his research. The bad ne...
2015-005: Threat Modeling with Lee Brotherston
February 01, 2015 02:25 - 45 minutes - 31 MBThreat Modeling... ranks right up there with Risk Assessments in importance... You gotta figure out how the applications you're creating or the systems you're engineering are secure. It really takes knowing your application and really, knowing the enemies/factors that can cause your application to fail, from santizing inputs on a web app, to making sure that your code doesn't have use-after-free bugs. Brakeing Down Security talked about conducting threat modeling and application reviews w...
2015-004-SANS Top 20: 20 to 16
January 25, 2015 19:44 - 58 minutes - 40.5 MBMr. Boettcher and I went over the bottom 5 of the SANS Top 20 security controls that businesses should implement. When put into the right order, you should be able to have an environment that is able to withstand most any attack. We also talk about 5 'Quick Fixes' that will put you on the right track with becoming more secure. You may be surprised at what is considered a priority... have a listen: (QR code links to the mp3) Show notes: https://docs.google.com/document/d/1JuRJ-RPTmw...
All About Tor
January 17, 2015 07:43 - 40 minutes - 28.1 MBBrakeing Down Security tackles the 'Deep Web' this week... yep, we talk about Tor. If you don't have a lot of experience with this or wonder how it works, we give you a little history and help you understand the traffic flow works. We even give you some advice on de-identification and things you shouldn't allow when traveling the Deep Web, like Javascript, Flash, and Java. Show Notes: https://docs.google.com/document/d/1vBI_bg_0RzF_sSNMj84xQpEZGUrxtAkB8SxZ08MzUi0/edit?usp=sharing ...
Episode 2: Big Trouble in Small Businesses
January 10, 2015 08:04 - 35 minutes - 24.6 MBSecurity's the same, the world around... and is a necessity in businesses of all sizes, from the mega-corporations, all the way down to the business with 10 employees in a garage in suburbia. This week, Mr. Boettcher and I discuss security in small businesses. What is needed to make security part of the culture of a new company. We discuss some open source tools to ensure that networks are monitored properly, logs are collected, collated, and analyzed. And better yet, these are on the chea...
2015-001- "unhackable" or "attacker debt"
January 04, 2015 04:43 - 10 minutes - 7.35 MBThis is a quick little podcast I did without Mr. Boettcher about a Twitter discussion that occurred when Dr. Neil Degrasse Tyson mentioned that we should just make computers 'unhackable'. The first episode of the 2015 season of Brakeing Down Security is here! Tweet from Dr. Neil Degrasse Tyson https://twitter.com/neiltyson/status/551378648578916353 Rebuttal from Kevin Johnson https://twitter.com/secureideas/status/551510885441998848 ...
Is Compliance running or ruining Security Programs?
December 26, 2014 06:28 - 32 minutes - 22.5 MBWe at Brakeing Down Security world headquarters don't understand the concept of 'End of the Year' podcast, so consider this the "End-End of the Year" podcast. We talked about the order of things... whether Compliance is a detriment to Security, and who should be running who. So pull up a glass of eggnog, grabbing another cookie, and put another log on the fire, cause Brakeing Down Security is throwing out one more for the year! Happy Holidays... all of them... :)
Brakeing Down/Defensive Security Mashup!
December 21, 2014 20:16 - 1 hour - 59.4 MBIt's a Super Deluxe sized Brakeing Down Security this week... It's something you've dreamed of forever (or not), but Jerry Bell and Andrew Kalat from Defensive Security Podcast stopped by and we made ourselves a podcast baby... Boy, was it ugly :) I'm just kidding, we had a great time discussing some news, and going over what we learned... and any good end-of-year podcast must have predictions... We also discussed Sony, caused it's huge news of the year, and talked about Target, because...
Tyler Hudak (@secshoggoth) Discusses incident respose, and DIY malware research
December 15, 2014 00:32 - 41 minutes - 28.7 MBThis week, Tyler gave us a great deal of information on where to start if you wanted to become a malware researcher. He also gave us websites where you can get malware and ways to analyze it. We asked Tyler what blue teams can do when they are infected, and he gave us some excellent advice... I also recite some prose from a classic horror author, so come for the malware, stay for the prose! :) ***NOTE: I guess now would be a good time to mention that many of the links below have unsafe s...
Tyler Hudak discusses malware analysis
December 08, 2014 01:21 - 39 minutes - 27.1 MBTyler Hudak (@secshoggoth) came to discuss with us the process of doing analysis on malware binaries. We talk about MASTIFF, his malware framework. We also discuss how to gain information from malware program headers, and some software that is used to safely analyze it. Helpful Links: Ida Pro: https://www.hex-rays.com/products/ida/ Process Monitor - http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Mastiff White Paper: http://digital-forensics.sans.org/blog/2013/05/07/mastif...
Part 2 w/ Ben Donnelly -- Introducing Ball and Chain (making password breaches a thing of the past)
December 01, 2014 01:50 - 37 minutes - 25.9 MBLast week, we talked with Ben Donnelly about ADHD (Active Defense Harbinger Distro). But Ben isn't a one trick pony, oh no... this young punk is trying to solve fundamental problems in the business industry, in particular securing passwords. That's why he's been working with Tim Tomes (@lanmaster53)invented 'Ball and Chain', which is a large (>2TB) file that can be used to help generate passwords and entropy. Intro "Private Eye", transition "Mining by Moonlight", and Outro "Hon...
New Tumblr Post
November 30, 2014 06:49It's a bit meta, cause this will show up there in a few minutes, but Brakeing Down Security now has a Tumblr... Don't know why it took so long... We'll be posting from other Tumblr blogs, and our episodes will post there... I hope you will spread the word... http://brakeingdownsecurity.tumblr.com/
Thank you from Brakeing Down Security
November 27, 2014 18:46When Mr. Boettcher and I started the Brakeing Down Security Podcast, we really did it for 2 reasons: 1. We wanted to educate people and ourselves about information security topics, and do it in a way that was fun 2. Educate ourselves about some topics that we were not familar with, because infosec and compliance is such a vast range of topics and skills Mr. Boettcher and I want to extend a warm and hearty THANK YOU SO MUCH for inviting us into your podcasting listening device. We reali...
Active Defense and the ADHD Distro with Ben Donnelly
November 22, 2014 19:03 - 44 minutes - 30.7 MBWe snagged an interview with Benjamin Donnelly, a maintainer of the Active Defense Harbinger Distribution (ADHD). version 0.60 A thoroughly enjoyable conversation with a new up-and-coming security professional. He's the future, and he is already contributing a lot of great info to the infosec industry. Part 1 is all about ADHD, next week, we discuss his talk about a project he's working on that will remove the threat of password breaches using 'Ball and Chain'. And it's all open sou...
WebGoat install video with Mr. Boettcher!
November 20, 2014 16:58 - 5 minutes - 21.4 MB VideoMy man Mr. Boettcher posted up a video on how to install OWASP's WebGoat Vulnerable web application! He walks you through WebGoat 5.4, and even gives you some tips on solving issues that he'd found. And to make it even easier, he's given you some instructions below. Hope you enjoy, especially if you've had issues setting up WebGoat in the past. Webgoat 5.4 instructions ======================== 1. search google and download the war file (From Bryan: Here's the link -- h...
Active Defense: It ain't 'hacking the hackers'
November 18, 2014 03:51 - 49 minutes - 33.9 MBActive Defense... It conjures images of the lowly admin turning the tables on the evil black hat hackers, and giving them a dose of their own medicine by hacking their boxes and getting sweet, sweet revenge... But did you know that kind of 'revenge' is also rife with legal rammifications, even bordering on being illegal?? This week, Mr. Boettcher and I tackle this prickly subject, and discuss some software you can use to 'deter, prevent, and dissuade' potential bad guys... ADHD Training (...
Interview Part 2 with Paul Coggin: Horror stories
November 09, 2014 22:39 - 39 minutes - 26.8 MBIf you think Halloween was scary, Paul Coggin gives us another reason to curl up in the fetal position as he goes explains Lawful Intercept, and Route Maps. And what's worse, your 3rd party auditors are starting to get the tools that will make you address network protocol issues. Lots of great material here below in our show notes, including some tools (free) that you can use to get yourself schooled on network protocols http://www.zdnet.com/researcher-describes-ease-to-detect-derail...
Interview with Paul Coggin (part 1)
November 03, 2014 01:46 - 42 minutes - 28.9 MBOne of the talks my colleague got to see was Paul Coggin's talk about Internetworking routing and protocols. In this interview, we dicsuss some tools of the trade, how MPLS isn't secure, and why you should be doing end-to-end encryption without allowing your VPN or circuit provider to do it for you... If you have any interest in network security, including the higher order network protocols like BGP, MPLS, ATM, etc... You'll want to check out his DerbyCon talk, and our interview... Pa...
Learning about SNMP, and microinterview with Kevin Johnson
October 25, 2014 17:27 - 41 minutes - 28.4 MBIn an effort to educate ourselves for an upcoming interview, we sat down and talked about SNMP (Simple Network Management Protocol). We get into the basics, the ins and outs of the protocol, the different tools that use (or exploit) SNMP, and we talk about how to better secure your SNMP implementation. YOu should listen to this, because next week's interview will knock your socks off. :) Finally, We end with a DerbyCon interview Mr. Boettcher snagged with our friend Mr. Kevin Johnson about ...
Keep Calm and take a tcpdump! :)
October 20, 2014 04:22 - 38 minutes - 26.3 MBTcpdump is just one of the tools that will make troubleshooting network issues, or testing applications, or even finding out what traffic is being generated on a host all that much easier. This podcast is to help you understand the Tcpdump program, and how powerful it is... http://danielmiessler.com/study/tcpdump/ http://www.thegeekstuff.com/2010/08/tcpdump-command-examples/ http://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/ http://www.amazon.com/TCP-Illustrated-Vol-A...
Part 2 with Jarrod Frates - how pentesting is important
October 13, 2014 00:13 - 31 minutes - 21.7 MBPart 2 of our interview with Jarrod Frates (FRAY-tes). We ask him about the value that a pentest can create, the way that that 'perfect' pentest can change culture and help create dialogue. Also, we talk about how to take your automated testing info and then shift gears to manual testing... when to stop doing automated testing, and do the manual testing. Hope you enjoy, have a great week! Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin...
DerbyCon report and Shellshock news
October 06, 2014 06:16 - 40 minutes - 28.1 MBWe went a little off the beaten path this week. I wanted to talk to Mr. Boettcher about his experience at DerbyCon, and we ended up having another friend of ours who also attended DerbyCon, Jarrod Frates, join us for a bit of discussion. We discussed several talks, and even spent a little bit of time talking about ShellShock and it's larger implications for those programs that are ubiquitous, yet are not being audited, like bash. (The llama graphic will make more sense next week...) :) htt...
Marcus J. Carey Interview Part 2 - China, IP, coming cyber war
September 29, 2014 03:54 - 47 minutes - 32.4 MBWe finished up our odyssey with Marcus J. Carey this week. We picked his brain about how he feel about China, the coming cyberwar, and what kinds of tools he uses in his toolbox (hint: he doesn't use Kali). We also talk a bit about the entitlement of people, and what makes folks in poorer countries turn to hacking. We really enjoyed hearing his take on certifications and education. He's a Ruby nut, but suggests that people learn Python. He also talks about how he teaches people about secur...
Video: Using GPG and PGP
September 28, 2014 05:51 - 20 minutes - 76 MB VideoThis month, I wanted to go over a piece of software that seems to give a lot of people problems. In business, there is always a need for sending secure communications, whether because a client asked for it, or because sending sensitive information unencrypted could result in loss of profit, competitve edge, reputation, or all of the above. This month's tutorial is on setting up PGP or GPG to be able to be more secure when sending emails. I show you commands that allow you to create publi...
Marcus J. Carey, FireDrillMe, and the Rockstars of Infosec
September 22, 2014 09:30 - 35 minutes - 24.5 MBMarcus J. Carey, a security research and software developer came on to talk to us about FireDrill.me, a tool used to help people work out their Incident Response muscles. He is also the creator of threatagent.com. Marcus is well known in Security circles, and after we talked to him about FireDrill and ThreatAgent, we got his opinion of other subjects that interested us in the Infosec industry. Marcus is a man of his own mind, and he certainly did not disappoint. Hope you enjoy Part 1 of ou...
Mr. Boettcher interviewed Ed Skoudis!
September 15, 2014 09:30 - 44 minutes - 30.2 MBWhile I'm stuck at work, Mr. Boettcher went to the Austin Hackformers and snagged an interview with Mr. Ed Skoudis, of InGuardians and of the SANS Institute, a top flight training academy. He is to be one of the keynote speakers at DerbyCon this year. He gives us a peek about his keynote, and Mr. Boettcher asks his thoughts on the industry as a whole, SCADA security, Mr. Skoudis' opinion on Infosec as a whole. Hackformers Austin: http://www.hackformers.org/ Ed Skoudis bio: http://www.s...
Malware, Threat Intelligence, and Blue Team talks at cons -- with Michael Gough Pt.2
September 08, 2014 09:00 - 36 minutes - 25 MBWe're back with part 2 of our discussion with Michael Gough. Not only do we discuss more about malware, but we also ask Michael's opinion on how commercialized conventions like Black Hat and Defcon have gotten, how good threat intelligence feeds are, and why there aren't more defensive talks at cons. Michael is currently slated to give a talk on logging at DerbyCon September 24th, 2014 on how logging can help to mitigate malware infections. Intro "Private Eye", transition "Mining by Mo...
Malware, and Malware Sentinel -- with Michael Gough Pt.1
September 01, 2014 10:00 - 36 minutes - 25.3 MBBrian and I managed to get an interview with Michael Gough. If you remember, Michael was on to discuss Malware infections back in February, and we decided it was time to check up on him and his newly named 'Malware Sentinel'. This is part 1, where we discuss some of the recent malware infections, and where you need to look for new file creation, and what you can be looking for in your windows logs that are excellent indicators of malware compromise. Windows logging cheat sheet - http://s...
Reconnaissance: Finding necessary info during a pentest
August 25, 2014 09:30 - 48 minutes - 33.4 MBI had a healthy debate with Mr. Boettcher this week about the merits of doing recon for a pentest. Mr. Boettcher is a heavy duty proponent of it, and I see it as a necessary evil, but not one that I consider important. We hash it out, and find some common ground this week. People search links: Spokeo - http://www.spokeo.com/ Pipl - https://pipl.com/ Sec Filings site: http://www.sec.gov/edgar/searchedgar/webusers.htm Intro "Private Eye", transition "Mining by Moonlight", and Outro...
Mr. Boettcher made a thing! Setting up a proper Debian install!
August 23, 2014 03:09 - 19 minutes - 72.2 MB VideoMr. Boettcher made a thing! He created a video that highlights how to install Linux securely in a VM. His next video will be how to setup OWASP's WebGoat to test for vulnerable web apps. He noticed that documentation is a bit sparse, and often contradictory, so he wanted to help other folks who are having issues to get a proper install. You will need an Network Install ISO of Debian, and you will need either VMware Player or Workstation. His notes are below... Enjoy! Secure the Goat...
Ratproxy and on being a better Infosec Professional
August 18, 2014 09:30 - 37 minutes - 25.6 MBThis week, we go into a proxy program called "Ratproxy", discussed it's ins and outs. Plus, Mr. Boettcher and I have a discussion about how we as infosec people should work with developers and IT professionals to provide them training and understanding of security concepts. https://code.google.com/p/ratproxy/ http://blog.secureideas.com/2012/07/how-to-setup-ratproxy-on-windows.html Ratproxy icon courtesy of honeytech and flicker Intro "Private Eye", transition "Mining by Moo...
Introduction to Nmap, Part 2
August 10, 2014 17:56 - 19 minutes - 193 MB VideoHere is Part 2 of our video for understanding the basics of Nmap. I discuss some of the logging output, the scripts found in Nmap, and the output that Nmap gives you for reporting or comparison later. I really did want to go more into the Lua portion of the scripting engine, and perhaps make a simple script, but time constraints halted that. I hope to get more adept at video creation and hopefully editing, to make a more concise video tutorial. Nmap target specifications: http://nmap.o...
Risk Management discussion with Josh Sokol - Part 2
August 10, 2014 05:20 - 32 minutes - 22.6 MBThis week we take some time to talk about risk management with Josh Sokol. This is part 2 from our interview with him last week... We talk some more about Simple Risk from the POV of Risk Management, as well as the licensing/modification of Simple Risk. Mr. Boettcher and Josh discuss the merits of Qualitative vs. Quantitative Risk Analysis, and which one is better... We also discuss NIST 800 series guidelines, and how he used those to excellent effect in Simple Risk. Josh also discusses ...
Interview with creator of Simple Risk, Josh Sokol! (Part 1)
August 04, 2014 04:41 - 27 minutes - 19.1 MBJosh Sokol is on the International OWASP board of directors in addition to being the Information Security Program Owner at National Instruments in Austin, Texas. This week, he sat down with Brakeing Down Security to talk about Simple Risk, his homebrew application that assists people and organizations in managing their business risk, and at a much nicer cost that other GRC applications (it's free!) Check out Part 1 below. If you're at BlackHat 2014 this year, he will be showcasing it at Arse...
Flashback: Sqlmap - a little how-to, and getting your developers involved in using it.
July 28, 2014 04:42 - 45 minutes - 36.2 MBThis is a flashback from July 2015. Mr. Boettcher and I discussed SQLMAP, a tool that can automate the process of pentesting databases and even registries on Windows. We discuss some functions of the program and why developers should get training on these. Mr. Boettcher and I talk about how Infosec professionals should help to educate QA and Developers to be able to look at their processes and incorporate security testing, using tools like sqlmap in the Software lifecycle. SQLMAP lin...
Part 2 with Georgia Weidman!
July 21, 2014 04:02 - 46 minutes - 36.9 MBIt only gets better in Part 2 of our Interview with Georgia Weidman, Author, Security Researcher and Creator of the Smartphone Pentesting Framework. She talks about how people underestimate the mobile platform for pentesting purposes, and we even find out that in addition to Teaching a class on exploit development at BlackHat this year, she's going to be helping a great organization overseas. We also got her talking about some do's and don'ts of pentesting! ;) Please enjoy! Georgia...
Nmap (pt1)
July 14, 2014 05:01 - 17 minutes - 195 MB VideoSo, I uploaded this little tutorial of nmap, a very nice tool I use on a regular basis, both at home and at work. I did some basic scans, showed off the command line and the Windows 'Zenmap' version, as well as discussed some regularly used switches. The next video I do about nmap will discuss more switches, the Nmap Scripting Engine (NSE), and how to format reports and the output nmap provides. Nmap icon courtesy of livehacking.com
Part 1 with Author and Mobile Security Researcher Georgia Weidman!
July 14, 2014 02:35 - 42 minutes - 33.8 MBWe have a real treat the next two weeks. Author and Mobile Security Researcher Georgia Weidman, who we also found out will be providing exploit development training at Black Hat this year. She is the author of an awesome book "Penetration Testing: A Hands-On Introduction to Hacking" (http://www.amazon.com/Penetration-Testing-Hands-On-Introduction-Hacking/dp/1593275641/ref=sr_1_1?ie=UTF8&qid=1405304124&sr=8-1&keywords=georgia+weidman) She sat down with us over Skype and gave a nice talk ab...
Establishing your Information Security Program - Part 2
July 07, 2014 04:41 - 26 minutes - 21.6 MBThis is the continuation of our podcast from last week with Phil Beyer. We started out talking about risk registers, and we end the podcast with a little Q&A about positions in companies (Chief Risk Officer, Chief Data Protection Officer), and whether these positions are useful. Risk registers - http://en.wikipedia.org/wiki/Risk_register Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Co...
Choose your adventure!
July 03, 2014 17:42Hello valued Listener! I want to do another video, and I thought that you might want to decide which one piece of software I highlight. So here are three options: 1. Nikto 2. Nmap 3. OpenVAS You can send me your choice to my twitter (@bryanbrake) or to my gmail account ([email protected]). I will be taking input until 0000 UTC on Sunday July 6th (1800 Saturday 5 July US/Eastern). You can only vote once.
Establishing your Information Security Program - Part 1
June 30, 2014 02:29 - 28 minutes - 23 MBEstablishing an Information Security program can make or break an organization. So what do you need to get that started? We have friend of the show Phil Beyer come in and discuss with us the five steps of the creation of an Information Security Program. Join us for Part 1, and next week, we'll finish up with a little Q&A, as well as what a 'risk register' is. Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Co...
OWASP Top Ten: 1-5
June 23, 2014 04:10 - 49 minutes - 39.9 MBWe finished up the OWASP Top Ten List. We discussed Injection, XSS, and other goodness. Find out what makes the Top 5 so special. http://risky.biz/fss_idiots - Risky Business Interview concerning Direct Object Reference and First State Superannuation http://oauth.net/2/ - Great information on OAUTH 2.0. Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0 http://creativecommons.org/lic...
OWASP Top Ten: Numbers 6 - 10
June 16, 2014 17:21 - 45 minutes - 36.3 MBAs we wade through the morass of the Infosec swamp, we come across the OWASP 2013 report of web app vulnerabilities. Since Mr. Boettcher and I find ourselves often attempting to explain these kinds of issues to people on the Internet and in our daily lives, we thought it would be prudent to help shed some light on these. So this week, we discuss the lower of the top 10, the ones that aren't as glamorous or as earth shaking as XSS or SQLI, but are gotchas that will bite thine ass just as har...
Talk with Guillaume Ross - Part 2 (all things cloud)
June 09, 2014 04:29 - 36 minutes - 29.4 MBThis is part 2 of our podcast interview with Guillaume Ross, Infosec professional who is well versed with the intricacies of various cloud architectures, whether they are IaaS, PaaS, or SaaS. This part of the podcast discussed how contracts are established, and we ask if smaller cloud providers have a chance against behemoths like Google, Amazon, and Microsoft. Links brought up during the interview: Rich Mogull's $500 Epic fail - https://securosis.com/blog/my-500-cloud-security-scre...
It all goes in "the cloud" (Part 1)
June 01, 2014 09:00 - 36 minutes - 29.2 MBBrian and I interviewed Mr. Guillaume Ross (@gepeto42), an Information Security professional who helps organizations get themselves situated into cloud based solutions. We get a better understanding of why people would want to put their info into the 'cloud' and how they are different than traditional co-lo and datacenters. Guillaume's Blog: http://blog.binaryfactory.ca/ AWS (amazon) Security Best Practices WhitePaper: http://aws.amazon.com/whitepapers/aws-security-best-practices/ A...
Video 2: BONUS!!!! Kismet Video!
May 27, 2014 04:00 - 14 minutes - 56 MB VideoAs promised, I am posting a video I made explaining how to setup Kismet to do wireless scans. The only pre-requisites you need are Vmware (it will work the same in VirtualBox), and a VM of Kali linux. The only real difference is the message that asks where the wireless adapter should connect to. It's my first attempt editing a video, so please be kind
Wireless scans with Kismet and Aircrack-ng
May 26, 2014 22:18 - 40 minutes - 32.6 MBMr. Boettcher and I had a great time this week. We talked all about doing wireless audits for PCI using Kismet and Aircrack-ng, and talked about some capabilities of both. Alfa AWUS051NH (works in Kali/Backtrack) (no sponsor link): http://www.amazon.com/gp/offer-listing/B002BFO490/ref=dp_olp_0?ie=UTF8&condition=all kismetwireless.net Using Karma with a pineapple to fool clients into connecting unencrypted: http://www.troyhunt.com/2013/04/your-mac-iphone-or-ipad-may-have-left.html Tu...
PGP and GPG -- protect your data
May 18, 2014 21:58 - 41 minutes - 18.6 MBSharing information between people and organizations can be a sensitive issue, especially if the information being shared is of mutual importance. This week, we break down PGP and it's open source cousin GPG. We discuss how last week's podcast about hashing, encoding, and encryption are all bundled up neatly with PGP, and give you some examples of software you can use on Mac, Windows, and Linux. GPG4Win - http://www.gpg4win.org/ GPG Suite (Mac OS) - https://gpgtools.org/ public PGP ...
clearing up some terminology (hashing, encryption, encoding)
May 13, 2014 02:00 - 33 minutes - 15.3 MBEver heard someone mention AES Encoding, or MD5 Encryption? Many people in IT, Infosec, and Software development get confused about what Hashing, Encrypting, and Encoding. We hack through the definition forest, looking for that Sequoia of understanding. We also talk about Symantec's remarks that 'Antivirus is dead' and 'not a moneymaker', and what that means to the industy as a whole. "Enkrypto" is the program I mentioned in the podcast. It would appear that either s/he fixed it. ...