Brakeing Down Security Podcast

Brakeing Down Security Podcast A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today’s workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

  • 2021-025-Dan Borges, Author of Adversarial Techniques from Packt Publishing
    by Dan Borges, Brian Boettcher, Amanda Berlin, and Bryan Brake on July 19, 2021 at 3:16 am

    Dan Borges – Author @1njection   Buy the book on Amazon: https://www.amazon.com/Adversarial-Tradecraft-Cybersecurity-real-time-computer-ebook-dp-B0957LV496/dp/B0957LV496?_encoding=UTF8&me=&qid=&linkCode=ll1&tag=bdspod-20&linkId=8f2daf0b3563cbbc2cee6a2d2138149d&language=en_US&ref_=as_li_ss_tl   https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/amp/   Cool near real time updates on the hack: https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://twitter.com/DAlperovitch/status/1412033278081708034 https://github.com/ahhh/Cybersecurity-Tradecraft/tree/main/   https://www.amazon.com/Network-Attacks-Exploitation-Matthew-Monte/dp/1118987128 https://en.wikipedia.org/wiki/Best_response https://labs.bishopfox.com/tech-blog/sliver https://www.amazon.com/Rootkits-Bootkits-Reversing-Malware-Generation/dp/1593277164   Www.Globalcptc.org   Virtual CCDC:  How easy was the process working with Packt?  Did they approach you or vice versa? 5 D’s of Physical Security The five D’s of security seek to do one or more of the following: Deter, Detect, Delay, Deny and Defend. https://www.securitymagazine.com/articles/82833-the-5-ds-of-outdoor-perimeter-security Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected] #AmazonMusic: https://brakesec.com/amazonmusic  #Spotify: https://brakesec.com/spotifyBDS#Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: [email protected] Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

  • 2021-024-Dan Borges, Author of Adversarial Techniques from Packt Publishing
    by Brian Brake, Dan Borges, and Brian Boettcher on July 10, 2021 at 5:48 pm

    Dan Borges – Author @1njection   Buy the book on Amazon: https://www.amazon.com/Adversarial-Tradecraft-Cybersecurity-real-time-computer-ebook-dp-B0957LV496/dp/B0957LV496?_encoding=UTF8&me=&qid=&linkCode=ll1&tag=bdspod-20&linkId=8f2daf0b3563cbbc2cee6a2d2138149d&language=en_US&ref_=as_li_ss_tl   https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/amp/   Cool near real time updates on the hack: https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://twitter.com/DAlperovitch/status/1412033278081708034 https://github.com/ahhh/Cybersecurity-Tradecraft/tree/main/   https://www.amazon.com/Network-Attacks-Exploitation-Matthew-Monte/dp/1118987128   https://en.wikipedia.org/wiki/Best_response   https://labs.bishopfox.com/tech-blog/sliver   https://www.amazon.com/Rootkits-Bootkits-Reversing-Malware-Generation/dp/1593277164   Www.Globalcptc.org   Virtual CCDC:  How easy was the process working with Packt?  Did they approach you or vice versa? 5 D’s of Physical Security The five D’s of security seek to do one or more of the following: Deter, Detect, Delay, Deny and Defend. https://www.securitymagazine.com/articles/82833-the-5-ds-of-outdoor-perimeter-security Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected] #AmazonMusic: https://brakesec.com/amazonmusic  #Spotify: https://brakesec.com/spotifyBDS#Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: [email protected] Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec  

  • 2021-023-d3fend framework, DLL injection types, more solarwinds infections
    by Brian Boettcher, Bryan Brake, and Amanda Berlin on June 30, 2021 at 2:57 am

    Pihole setup Conference talk https://www.reuters.com/technology/microsoft-says-new-breach-discovered-probe-suspected-solarwinds-hackers-2021-06-25/ https://securityaffairs.co/wordpress/119425/apt/solarwinds-nobelium-ongoing-campaign.html https://www.ehackingnews.com/2021/06/attackers-pummelled-gaming-industry.html https://www.bleepingcomputer.com/news/microsoft/windows-11-wont-work-without-a-tpm-what-you-need-to-know/ https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows https://d3fend.mitre.org/ https://www.theregister.com/2021/06/15/zoll_defibrillator_dashboard_vulnerabilities/ https://twitter.com/Hexacorn https://www.ionos.com/digitalguide/server/configuration/winsxs-cleanup/ https://www.customink.com/fundraising/mental-health-hackers-7816 Buy @infoseccampout tickets: https://www.eventbrite.com/e/infosec-campout-2021-tickets-157561790557   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected] #AmazonMusic: https://brakesec.com/amazonmusic  #Spotify: https://brakesec.com/spotifyBDS#Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: [email protected] Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

  • 2021-022-github policy updates targeting harmful software, Ms. Berlin discusses WWHF, CVSS discussion
    by Brian Boettcher, Bryan Brake, and Amanda Berlin on June 22, 2021 at 5:01 am

    Ms. Berlin’s conference report WWFH (reno, NV) Her next appearances will be at Defcon 2021 and BlueTeam Con 2021! https://www.infosecurity-magazine.com/news/amazon-prime-day-phishing-deluge/ https://www.ehackingnews.com/2021/06/threat-actors-use-google-drives-and.html https://www.kennasecurity.com/blog/vulnerability-score-on-its-own-is-useless/ https://portswigger.net/daily-swig/nist-charts-course-towards-more-secure-supply-chains-for-government-software https://github.blog/2021-04-29-call-for-feedback-policies-exploits-malware/ https://github.com/github/site-policy/pull/397 https://twitter.com/vm_call/status/1405937492642123782?s=20  https://thenewstack.io/cvss-struggles-to-remain-viable-in-the-era-of-cloud-native-computing/ ZOMG BUY SHIRTS HERE https://www.customink.com/fundraising/mental-health-hackers-7816 Buy @infoseccampout tickets: https://www.eventbrite.com/e/infosec-campout-2021-tickets-157561790557   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected] #AmazonMusic: https://brakesec.com/amazonmusic  #Spotify: https://brakesec.com/spotifyBDS#Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: [email protected] Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

  • 2021-021-Security Sphynx, ZeroTrust, implementation prep- part2
    by Brian Boettcher, Amanda Berlin, and Bryan Brake on June 16, 2021 at 1:52 am

    EO from President Biden asked for a plan to create Zerotrust implementation in the next 90 days (well, 70ish days now… as of 23 May) https://twitter.com/SecuritySphynx/status/1390475868032618496 @securitySphynx “CIO: Zero Trust is the way…” What is the optimal configuration (read: easiest) zero trust config? Are there different ways to implement Zero Trust?` https://solutions.pyramidci.com/blog/posts/2021/february/the-swiss-cheese-approach/ https://tulsaworld.com/opinion/columnists/zero-trust-security-assume-that-everyone-and-everything-on-the-internet-is-out-to-get/article_f6bdbfad-1aae-5063-8ac0-6a1faf5a244c.html https://www.reddit.com/r/devops/comments/bqo6kp/open_source_or_cheap_zero_trust_beyondcorp/ https://opensource.com/article/17/6/4-easy-ways-work-toward-zero-trust-security-model https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf What is ZTA? Who are your users? What Devices in use? Device attestation/health checks Applications exist? Connections exist? Not just into/out of the traditional LAN network – do you understand dependencies of applications and databases and how the traffic flows? Where is the data/traffic? coming from? Going to? When is this activity occurring and what is expected? WHY: Need to balance the access to technical resources in a rapidly evolving and dynamic business landscape that ceases to exist within the confines of normal security perimeters. Mobile workforce – how much work can you get done without ever getting on the VPN? Blockers Technical Debt IT Hygiene Zero Trust REQUIRES the pre-work of establishing baselines. You cannot detect abnormality in the absence of normality. Policy should exist to drive what the specifications of a baseline system, server, application, etc will be. Network traffic, endpoint performance, SIEM tuning, endpoint agent/software accountability ZTA is less useful if you’re not doing basic patching, application updates, and allowing local admin on the system level). Legacy Systems: Not designed with this approach in mind, and often costly to modernize. Asset Management Where are your assets and how are they used? A “rough estimate” of endpoints is never good enough. What are you logging? What AREN’T you logging? User rights auditing Stale accounts, service accounts, HR Workflows for onboarding/offboarding Limitations of admin rights Local admin/password expiration issues for sales/travelling employees Human resources/talent Politics: Getting support/$$$/Buy-in for retrofitting applications that are “working just fine” is a huge political/business hurdle. Where to go from here: SaaS/PaaS/etc offerings What can you move from traditional off-prem solutions to cloud-based services (more up to date, regularly reviewed for security vulnerabilities, offloading responsibility of maintenance, SSO capabilities) AAA requirements MFA is a MUST. No, it’s not perfect, but it is one more layer in efficacy. Have discussions around REAL RBAC needs BEFORE implementing a solution. It is easier to expand permissions than it is to take them away. Resist the idea that the easy button of broad stroke permissions is always the right choice. Identify data owners, make them responsible for RBAC development with technical departments. Quantify risk associated with mishandled resources for crown jewels (see previous section on politics). Change control around permissions, access Security as an active participant in the development/acquisition of new products, software, services, or organizations Like remodeling a house, it is much easier to build security into the process than hire someone to retrofit it later.. What auditing are you doing? Have you baselined behavior? Where are your logs going, and WHO IS RESPONSIBLE FOR REVIEWING THEM. Manage the Endpoint: Stop thinking about the perimeter as your weakest point. The endpoint is critical and increasingly vulnerable, mobile, out of traditional “control”. Real time, actionable data and capabilities are critical to remediation and progress. Asset Inventory (again)… Then… HIDS/Firewall Patch Applocker/Application Controls Lather, rinse, repeat. DLP Classification It’s hard, it’s time-consuming, and it requires a LOT of support for business unit owners. Capture metrics, then set KPIs and regular check ins to reduce MTTP/MTTR/MTTD Would you like to know more? https://www.beyondtrust.com/blog/entry/why-zero-trust-is-an-unrealistic-security-model

Share This Information.

Leave a Reply

Your email address will not be published. Required fields are marked *