Sunday, September 17, 2017

2017-033- Zane Lackey, Inserting security into your DevOps environment


Zane Lackey (@zanelackey on Twitter) loves discussing how to make the DevOps, and the DevSecOps (or is it 'SecDevOps'... 'DevOpsSec'?)

So we talk to him about the best places to get the most bang for your buck getting security into your new DevOps environment. What is the best way to do that? Have a listen...

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-033-Zane_Lackey_inserting_security_into_your_DevOps.mp3

RSS: http://www.brakeingsecurity.com/rss

Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

#iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 

#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

 

 

Join our #Slack Channel! Sign up at https://brakesec.signup.team

#iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

--SHOW NOTES--

 

Security shifts from being a gatekeeper to enabling teams to be secure by default

Require a culture shift

Should that be implemented before the shift to CI/CD, or are we talking ‘indiana jones and the rock in the temple’?


How?

Secure coding?

Hardening boxes/Systems?

 

If it’s just dev -> prod, where does security have the chance to find issues (i.e. test and QA belong there)?

 

We used to have the ability for a lot of security injection points, but no longer

 

Lowers the number of people we have to harangue to be secure…?

 

Security success = baked in to DevOps

 

Shift from a ‘top down’ to ‘bottom up’

Eliminate FPs, and forward on real issues to devs

Concentrate on one or two types of vulnerabilities

Triage vulns from most important to least important

 

Go for ‘quick wins’, or things that don’t take a lot of time for devs to fix.

Grepping for ‘system(), or execve()’

Primitives (hashing, encryption, file system operations)

How do you stop a build going to production if it’s going out like that?

Do we allow insecurity to go to Production?

Or would it be too late to ‘stop the presses’?

“We’ll fix it in post…”


Instead of the ‘guardrail not speedbump’ you are the driving instructor...

 

But where does security get in to be able to talk to devs about data flow, documentation of processes?

5 Y’s - Why are you doing that?

 

Setup things like alerting on git repos, especially for sensitive code

Changing a sensitive bit of code or file may notify people

Will make people think before making changes

Put controls in terms of how they enable velocity

 

You like you some bug bounties, why?

 

Continuous feedback

 

Learn to find/detect attackers as early in the attack chain

 

Refine your vuln triage/response

 

Use bug reports as IR/DFIR...

 

https://www.youtube.com/watch?v=ORtYTDSmi4U

 

https://www.slideshare.net/zanelackey/how-to-adapt-the-sdlc-to-the-era-of-devsecops

 

http://www.slideshare.net/zanelackey/building-a-modern-security-engineering-organization

 

 

 

In SAST, a modern way to decide what to test is start with a small critical vuln, like OS command injection.  Find those and get people to fix it.  BUT don’t developers or project teams get unhappy [sic] if you keep "moving the goal post" as you add in the next SAST test and the next SAST test.  How do you do that and not piss people off?

 

[15:16]

How do you make development teams self sufficient when it comes to writing a secure application?  Security is a road block during a 3 month release schedule….getting "security approval" in a 3 day release cycle is impossible.

 

[15:17]

But then…what is the job for the security team?  If DevOps with security is done right, do you still need a security team, if so what do they do????  Do they write more code???

I don't think your Dev'ops'ing security out of a job...but where does security see itself in 5 years?

Last one if there is time and interest.  If Zane Lackey was a _maintainer_ of an open source project, what dev ops sec lessons would he apply to that dev model…to the OpenSource model?

(We've got internal projects managed with the open source model...so im interested in this one)

Even with out any of those questions the topics he covered in his black hat talk are FULL of content to talk about.  Heck, even bug bounties are a topic of conversation.

The idea of a feedback loop to dev...where an application under attack in a pen test can do fixes live....how that is possible is loads of content.

 


Here is a new episode of Brakeing Down Security Podcast!

Monday, September 11, 2017

2017-032-incident response tabletops, equifax breach


Everyone should be doing incident response tabletops, even if it's not a dedicated task in your organization. It allows you to find out what you might be lacking in terms of processes, manpower, requirements, etc.

This week, we discuss what you need to do to get ready for one, and how those should go in terms of helping your organization understand how to handle the aftermath.

And in case you've been under a rock, #equifax was breached.  143 million credit records are in the ether. We discuss the facts as of 9 September 2017, and what this means to the average user.

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-032-incident_response-equifax-done.mp3

 

RSS: http://www.brakeingsecurity.com/rss

Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

#iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 

#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

 

 

Join our #Slack Channel! Sign up at https://brakesec.signup.team

#iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

 

 

 

 

---SHOW NOTES---

Incident response

 

Must go beyond ‘threats’.

What is in your environment

Struts aren’t a threat, or are they?

Equifax didn’t think so at the time…

Insider threat

External entities

Libraries

plugins/themes used (Wordpress)

 

Risk analysis

Qualitative

Quantitative

 

What makes a good incident response exercise (

 

 

 

Following the creation and implementation of security controls around use cases, can be the testing of tabletop exercises and drills as a proof of concept. A tabletop exercise is a meeting of key stakeholders and staff that walk step by step through the mitigation of some type of disaster, malfunction, attack, or other emergency in a low stress situation. A drill is when staff carries out as many of the processes, procedures, and mitigations that would be performed during one of the emergencies as possible.
While drills are limited in scope, they can be very useful to test specific controls for gaps and possible improvements. A disaster recovery plan can be carried out to some length, backups can be tested with the restoration of files, and services can be failed over to secondary cluster members.
Tabletop exercises are composed of several key groups or members.


  • During a tabletop exercise there should be a moderator or facilitator that will deliver the scenario to be played out. This moderator can answer “what if ” questions about the imaginary emergency as well as lead discussion, pull in additional resources, and control the pace of the exercise. Inform the participants that it is perfectly acceptable to not have answers to questions during this exercise. The entire purpose of tabletops is to find the weaknesses in current processes to mitigate them prior to an actual incident.
    • A member of the exercise should also evaluate the overall performance of the exercise as well as create an after-action report. This evaluator should take meticulous notes as well as follow along any runbook to ensure accuracy. While the evaluator will be the main notetaker, other groups and individuals may have specific knowledge and understanding of situations. In this case having each member provide the evaluator with their own notes at the conclusion of the tabletop is a good step.
    • Participants make up the majority of this exercise. Included should be groups such as Finance, HR, Legal, Security (both physical and information), Management, Marketing, and any other key group that may be required. Participants should be willing to engage in the conversation, challenge themselves and others politely, and work within the parameters of the exercise.


What to include in the tabletop:
• A handout to participants with the scenario and room for notes.
• Current runbook of how security situations are handled.
• Any policy and procedure manuals.
• List of tools and external services.


Post-exercise actions and questions:
• What went well?
• What could have gone better?
• Are any services or processes missing that would have improved resolution time or accuracy?
• Are any steps unneeded or irrelevant?
• Identify and document issues for corrective action.
• Change the plan appropriately for next time.


Tabletop Template
The Federal Emergency Management Agency (FEMA) has a collection of different scenarios, presentations, and tabletops that can be used as templates.

 

Derbycon channel on Slack

Intro to RE class

 

https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax

 

https://hackernoon.com/a-series-of-unfortunate-events-or-how-equifax-fire-eye-threw-oil-on-the-fire-c19285f866ed


Here is a new episode of Brakeing Down Security Podcast!

Sunday, September 3, 2017

2017-031-Robert_Sell-Defcon_SE_CTF-OSINT_source


This week, we met up with Robert Sell to discuss competing in the DefCon Social Engineering CTF. You're gonna learn how he prepared for the competition, and learn about some of the tactics you could use to compete in future SE CTF events.

Direct Link:  http://traffic.libsyn.com/brakeingsecurity/2017-031-Robert_Sell-Defcon-SE-CTF.mp3

 

 

RSS: http://www.brakeingsecurity.com/rss

Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

#iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 

#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

 

 

Join our #Slack Channel! Sign up at https://brakesec.signup.team

#iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/


Here is a new episode of Brakeing Down Security Podcast!

Monday, August 28, 2017

2017-030-Vulnerability OSINT, derbycon CTF walkthrough, and bsides Wellington!


This week, we discuss the lack of information and where you might find more information about certain vulnerabilities. Seems like many companies fail to give out necessary and actionable information without paying an arm and a leg.

We also go over our DerbyCon CTF walkthrough, and discuss the steps to solve it.

 

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-030-vulnerability_OSINT-derbycon_CTF_walkthrough.mp3 

 

Ms. Berlin is going to be at Bsides Wellington!  Get your Tickets NOW!

https://twitter.com/bsideswlg

https://www.bsides.nz/

 

 

 

RSS: http://www.brakeingsecurity.com/rss

Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

#iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 

#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

 

 

Join our #Slack Channel! Sign up at https://brakesec.signup.team

#iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

--show notes--

 

NCC group talks in Seattle

NIST guidelines - no security questions, no SMS based 2fa

 

Vuln OSINT

 

Sites have information like Spokeo…

Breadcrumbs

 

Take Java for example (CVE-2017-10102): info is sparse

Other sites have more

https://tools.cisco.com/security/center/viewAlert.x?alertId=54521 - worse than Oracle’s site (impressive crappery)

Some are better: RHEL is fairly decent

https://access.redhat.com/errata/RHSA-2017:2424

Ubuntu has some different tidbits

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-10102.html

Arch has info

https://security.archlinux.org/CVE-2017-10102

Point is, just because you use a specific OS, don’t limit yourself… other OSes may contain more technical info. Some maintainers like to dig, like you.

 

https://vuldb.com/ - gives value of finding such a PoC for a vuln (5-25K USD for 2017-10102)

 

Derbycon CTF walkthrough

 

Looking for an instructor for an ‘intro to RE’ course.

Dr. Pulaski = Diana Maldaur

Dr. Crusher = Gates McFadden

 


Here is a new episode of Brakeing Down Security Podcast!

Saturday, August 19, 2017

2017-029-CIS benchmarks, Windows Update reverts changes used to detect malware


This week was one heck of a show. If you are a blueteamer and make use of the "Windows Logging Cheat Sheet", you are no doubt aware of how important it is to log certain events, and to set hostile conditions to make malware/Trojans/virus have a harder time avoiding detection.

What if I told you the same updates we suggested last week to NEVER delay actually undoes all your hardening on your system and leaves your logfiles set to defaults, all file associations for suspect files like pif, bat, scr, bin, are set back to defaults, allow your users to be victims again, even after you've assured them they are safe to update?

After a sequence of tweets from Michael Gough about just this exact thing, we laid out all the information, how and what get reverted that will open you back up to possible infections, as well as how some hardening standards actually make it harder to be secure.

Finally, we discuss the CIS benchmarks, and how many of the settings in them are largely outdated and why they need to be updated.

 

Direct Download: http://traffic.libsyn.com/brakeingsecurity/2017-029-windows_updates_clobbers_security__settings_CIS_hardening_needs_an_update.mp3

RSS: http://www.brakeingsecurity.com/rss

Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

#iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 

#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

 

 

Join our #Slack Channel! Sign up at https://brakesec.signup.team

#iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

 

--SHOW NOTES--

 

Gough says ‘something is bad about CIS’

 

CIS benchmarks need revamping -- BrBr

/var, /var/log in separate partitions?

Password to access grub?

Disable root login to serial pty?

Many cloud instances and VMs don’t have serial ports (not in a traditional sense)

 

What’s the use case for using them? What problem will they solve?

Misconfiguration?

Proper logging?

NTP sources?

 

So many, dilution possible

SCAP

OVAL

STIG (complex as well)

CIS

 

Infosec: how do we get IT past the “that’s good enough”, as many customers and compliance frameworks want to see ‘hardening’ done.

What is a good baseline?

Write your own?

 

How do we tell them that it’s not going to stop ‘bad guys’ ( or anyone really)? It’s not ‘security’, and it’s technically not even ‘best practices’ anymore (not all of it, anyway)

On windows, they are needlessly complicated and cause more problems

Roles have to be created “backup admin”

Can cause unintended issues

 

https://twitter.com/HackerHurricane/status/898629567056797696

 

https://twitter.com/HackerHurricane/status/892838553528479745

 

Category            Sub Category                                      7/2008  8.1     2012    Win-7   Win-8.1 WLCS    ThisPC  Notes

 

Detailed Tracking   Process Termination                       NA      NA      NA      NA      NA      S/F     S

Object Access       File Share                                           NA      NA      NA      NA      NA      S/F     S/F    

Object Access       File System                                         NA      NA      NA      F       NA         S       S/F    

Object Access       Filtering Platform Connection           NA      NA      NA      NA      NA      S       S      

Object Access       Filtering Platform Packet Drop          NA      NA      NA      NA      NA      NA      NA

 

Log Sizes:

-------------

Security - 1 GB

Application – 256MB

System – 256MB

PowerShell/Operational – 512MB – 1 GB v5

Windows PowerShell – 256MB

TaskScheduler – 256MB

 

Log Process Command Line                                             (5)     (5)     (5)     (5)     (5)     Yes     Yes

-------------------------------------------------------------------------------------------------------------------------

PowerShell Logging v5                                                    (5)     (5)     (5)     (5)     (5)     Yes     Yes

-------------------------------------------------------------------------------------------------------------------------

TaskScheduler Log                                                          (5)     (5)     (5)     (5)     (5)     (1)     Yes

-----------------------------------------------------------------------------------------------------------------

 

(5) - CIS Benchmarks, USGCB, and AU ACSC do not cover this critical auditing item


Here is a new episode of Brakeing Down Security Podcast!

Saturday, August 12, 2017

2017-028-disabling WU?, Comcast wireless hack, and was it irresponsible disclosure?


 This week went in a different direction from what we normally do. We discussed some news, a twitter conversation about someone from the 'ahem' "media" that suggests that you disable Windows Update on your home devices. We discuss the pros and mostly cons of doing that, and alternatives to protect your home and work devices from that.

We talked about the Comcast Xfinity applicances and how they have a vulnerability that could make it appear that traffic created by people outside of your house could look like it was coming from your home network.

We discuss the public disclosure of Carbon Black's architecture and seeming sharing of customer events to 3rd parties... it's not all black and white, and we discuss those here.

 

RSS: http://www.brakeingsecurity.com/rss

Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

#iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 

#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

 

 

Join our #Slack Channel! Sign up at https://brakesec.signup.team

#iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

 

 

 

---SHOW NOTES---

Twitter discussion -

https://twitter.com/Computerworld/status/894611609355603968

 

http://www.computerworld.com/article/3214146/microsoft-windows/it-s-time-to-check-your-windows-machines-and-temporarily-turn-off-automatic-update.html

 

[sic] “tons of problems with Automatic Update patches so far this year”

[sic] “if you’re savvy enough to be reading this, you should consider turning Auto Update off, too”

 

Advocating disabling auto-updates in an OS is reckless.

Home networks for majority of users is completely flat

One Vlan (e.g. 192.168.1.0/24)

‘Savvy’ = technical

Which many of our users are not

 

Probable scenario: Bad guy targets you or family through a phish. They gain access to family computers, and pivot through those to your office computer

 

Blue teamers: suggest backups and backup options to keep their data safe and allow them to feel safer with automatic updates enabled, and VLANs if possible

 

Typically enterprises will hold off a few days or a week to push out Windows patches; Auto-updates are controlled.

The twitter guy said that in more recent Windows versions, WU take precedence over WSUS… need to confirm that… -- brbr

Confirmed… you can override WU… https://blogs.technet.microsoft.com/wsus/2017/08/04/improving-dual-scan-on-1607/

 

http://www.computerworld.com/article/3213929/microsoft-windows/the-case-against-windows-automatic-update.html

http://www.csoonline.com/article/3214487/security/pentest-firm-calls-carbon-black-worlds-largest-pay-for-play-data-exfiltration-botnet.html#tk.twt_cso

--this-- not because of title, but because of people jumping to conclusions (example of irresponsible disclosure)

Agreed… that shiz is damaging -- brbr

 

 

 

NoStarch TCP guide - https://www.nostarch.com/tcpip.htm

IPV4 -https://en.wikipedia.org/wiki/IPv4

 

[graphic of IPv4 header from wikipedia article]

 

IHL - size of the header (minimum of 5)

DSCP - has to do with traffic shaping and QoS

ECN - notifies the network of congestion and allows infrastructure to implement congestion controls to compensate

Must be supported by both ends, and completely optional to enforce

Total Length - total size of the packet

Identification - interesting field, you can use it to hide data (Covert_TCP), otherwise, it’s used for ‘used for uniquely identifying the group of fragments of a single IP datagram”

 

https://github.com/tcstool/Fireaway

 

http://www.securityweek.com/coolest-talk-defcon-25-no-one-writing-about

 


Here is a new episode of Brakeing Down Security Podcast!

Thursday, August 3, 2017

2017-026-Machine_Learning-Market Hype, or infosec's blue team's newest weapon?


Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-026-Ally_miller_machine-learning-AI.mp3

Ally Miller (@selenakyle) joined us this week to discuss Machine Learning and #Artificial #Intelligence. It seems like every new security product employs one or both of these terms. She did the keynote at Bsides Las Vegas on topics of #Machine #Learning and #Behavioral #Economics.

We asked Ms. Miller to join us here to discuss what ML and AI are, how algorithms work to analyze the data to come to the right conclusion. What is required to get a useful algorithm, and how much or little human interaction is required?

We also discuss a bit of history with her, how IDS/IPS were just dumber versions of machine learning, with 'tweaks' being new Yara or snort rules to tell the machine what to allow/disallow. 

Finally, we discussed how people who are doing our 2017 DerbyCon CTF, instructions on how to win are in the show, so please take a listen.

 

RSS: http://www.brakeingsecurity.com/rss

Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

#iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 

#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

 

 

Join our #Slack Channel! Sign up at https://brakesec.signup.team

#iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

 

 

 

 

 

show notes

 

what is the required amount of data required to properly train the algorithms

 

how do you ensure that the training data is clean (or perhaps how do you determine what causes a false positive or negative)

 

Xoke Soru: "why are you trying to make skynet and kill us all?  Do you hate humanity?"

 

Who will ML replace? Who in security?

 

Ask why people get confused between AI and Machine learning, and where the fine line is between the two or is one actually a subset of the other.

 

Basically.. "in what way/how do you see ML being used in an offensive capacity in the future (or now)"

 

https://en.wikipedia.org/wiki/Artificial_neural_network

 

https://en.wikipedia.org/wiki/Machine_learning

 

https://en.wikipedia.org/wiki/Portal:Machine_learning

 

https://www.slideshare.net/allyslideshare/something-wicked-78511887

 

https://www.slideshare.net/allyslideshare/201209-a-million-mousetraps-using-big-data-and-little-loops-to-build-better-defenses

 

https://conferences.oreilly.com/velocity/vl-ca/public/schedule/detail/61751

 

O’Reilly Conference 31 October

 

Mick douglas class

Derbycon CTF

Book club

 

Patreon

slack


Here is a new episode of Brakeing Down Security Podcast!