Brakeing Down Security Podcast
Summary: A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
- Visit Website
- RSS
- Artist: Bryan Brake, Amanda Berlin, Brian Boettcher
- Copyright: Copyright 2020. All rights reserved
Podcasts:
Fortnite accounts and how much are they worth to darkweb dealers Suggestion to setup 2fa on Fortnite accounts Blog post about the intersection of Project Management and Change Management
Garmin ransomware - and who paid? Tesla employee thwarted industrial espionage Slack payouts for bad vulnerabilities seems a bit.. lacking? Mental Health Hacker is sending out "Feel Good Boxes" Infosec Campout 2021 is set - we got the venue!
More SBOM goodness If companies can't do it, should someother organization be helping? What does the future look like with or without SBOM or software transparency?
What is NTIA? What is SBOM? Why do we need one? Is it poor communications between vendors? Is there any difference between “Software transparency” and “Software bill of materials”? How do you make an SBOM? What does a company do with an SBOM? Where in the development (hardware or software) would you be creating an SBOM? Can you give us an example of a high level SBOM, versus a more detailed one? Does it become a risk/reward effort concerning detail? and so much more!
WISP.org PSA Mick Douglas talks about offensive security tool release Brian Boettcher talks about Log-MD and SRUM log analysis
Brad Spengler from Grsecurity discusses advances in the Linux kernel in the last 10 years, including some of the background on how changes get added to the kernel.
Full show notes at https://www.brakeingsecurity.com Supply chain issues What should companies do when they don’t know what’s in their own tech stack? Vendor Contact Are some devices and systems more vulnerable than others? What’s the initial email look like when you tell a company “you’re vulnerable to X”? How did you tailor your initial response when you learned of the position of the person? Was it worth the effort coordinating with Treck?
Agenda: RIPPLE 20 report background How did JSOF approach Treck Supply chain security tools used to analyze the TCP/IP stack Discussion of reasons for custom TCP/IP stacks OEM reaction Why supply chain security matters NIST guidelines on supply chain security https://www.brakeingsecurity.com
WISP.org PSA from Rachel Tobac on the #shareTheMicInCyber initiative F5 BIG-IP vulnerability Redux of PAN-OS SAML vuln CVSS scoring blunders Advice on a problem in a Tweet And more!
0. Update on Palo Alto vulnerability mentioned later in the show 1. How was Mr. Boettcher's vacation? 2. Thank you to Marcus Carey for his leadership and friendship 3. Discussion of the recent Cognizant Breach of employee data 4. Maze ransomware discussion 5. Palo Alto PAN-OS vulnerability (CVE-2020-2021) 6. SAML auth discussion 7. End of show Full show notes at www.brakeingsecurity.com. Search for show "2020-025"
Ms. Berlin's oldest heads off to the Marines! Ripple 20 report discussed major vulns in #IoT #security TCP/IP stacks Bad Actors are using CAPTCHAs to evade analysis Much more!
James discusses how companies need to adopt a 'zero trust' model going forward, and how you measure the effectiveness of your training and controls to ensure that you get the most out of your company's technology.
2020-022-Andrew Shikiar, FIDO Alliance, removing password from IoT, and discussing FIDO implementation
Derek Rook and our team discusses red team methodology, how it differs from CTF and OSCP methodologies, and what red teams can do to make the whole process better for MSSPs, SOC, and blueteams members.
2020-020-Andrew Shikiar - FIDO Alliance - making Cybersecurity more secure