Thursday, August 16, 2018

2018-029-postsummercamp-future_record_breached-vulns_nofix


Post-Hacker Summercamp

 

IppSec Walkthroughs

Brakesec Derbycon ticket CTF -

 

Drama - (hotel room search gate)

  AirconditionerGate

  Personal privacy

  Ask for ID

  Call the front desk

  Use the deadbolt - can be bypassed

  Plug the peephole with TP

        Hotel rooms aren’t secure (neither are the safes)

            Probably the most hostile environment infosec people go into to try and be secure/private

 

https://247wallst.com/technology-3/2018/08/13/25-of-known-computer-security-vulnerabilities-have-no-fix/

  • This is the company behind a sort-of threat intel site (vulnDB)
  • The original marketing site
    • I figured it was marketing… it smacked of a ‘buy our product’ site\, but we don’t have to mention vulnDB

 

https://www.informationsecuritybuzz.com/expert-comments/over-146-billion-records/

    Based on study by Juniper Research

 

https://www.teepublic.com/user/bdspodcast

 

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Wednesday, August 8, 2018

2018-018-runkeys, DNS Logging, derbycon Talks


HTTPS on www.brakeingsecurity.com, Libsyn RSS syncing of itunes/google Play is over TLS

 

Amanda giving a talk at Diana Initiative

Derbycon Talk - mental health

Volunteer/Topic request form - https://goo.gl/forms/wAiLW5Dh5h0MR5bO2

 

http://www.hexacorn.com/blog/2018/07/29/beyond-good-ol-run-key-part-82/

 

https://blogs.technet.microsoft.com/teamdhcp/2015/11/23/network-forensics-with-windows-dns-analytical-logging/

 

https://blogs.technet.microsoft.com/secadv/2018/01/22/parsing-dns-server-log-to-track-active-clients/

 

https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/tracelo

 

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

 


Here is a new episode of Brakeing Down Security Podcast!

Tuesday, July 31, 2018

2018-027-Godfrey Daniels talks about his book about the Mojave Phonebooth


Godfrey Daniels - author of "Adventures with the Mojave Phone Booth"

Mojave phonebooth

 

Mojavephonebooth.com - book is on sale - at mojavephoneboothbook.com

 


https://en.wikipedia.org/wiki/Mojave_phone_booth

https://www.tripsavvy.com/the-mojave-phone-booth-1474047

 

https://www.dailydot.com/debug/mojave-phone-booth-back-number/

 

https://www.npr.org/2014/08/22/342430204/the-mojave-phone-booth

 

https://www.reddit.com/r/UnresolvedMysteries/comments/7wjq4a/cipher_broadcast_the_mojave_phone_booth_is_back/

 

https://twitter.com/mojavefonebooth

 

https://www.google.com/maps/place/Mojave+Phone+Booth/@35.2873088,-115.6911087,3155m/data=!3m1!1e3!4m5!3m4!1s0x80c587e7172e7259:0xbc30709b3558dd90!8m2!3d35.2856782!4d-115.6844312

 

https://www.theatlantic.com/technology/archive/2017/02/object-lesson-phone-booth/515385/

http://deathvalleyjim.com/cima-cinder-mine-mojave-national-preserve/

https://twitter.com/_noid_?lang=en

 

https://www.monoprice.com/product?p_id=8136&gclid=CjwKCAjwy_XaBRAWEiwApfjKHuwvafwlgj6K3bNw6Qoy06i0KlXrTcPu8RLUSnhdEur5Y8PlVNaB1hoClJoQAvD_BwE

 

http://www.mojavephonebooth.com/

 

 

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Thursday, July 26, 2018

2018-026-insurers gathering data, netflix released a new DFIR tool, and google no longer gets phished?


Stories and topics we covered:

https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/

 

https://osquery.io/

 

https://www.propublica.org/article/health-insurers-are-vacuuming-up-details-about-you-and-it-could-raise-your-rates

 

https://medium.com/netflix-techblog/netflix-sirt-releases-diffy-a-differencing-engine-for-digital-forensics-in-the-cloud-37b71abd2698

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

 


Here is a new episode of Brakeing Down Security Podcast!

Wednesday, July 18, 2018

2015-025-BsidesSPFD, threathunting, assessing risk


Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery.

Bryan B. got back from BsidesSPFD, MO this week, after what was a well-received talk on building community. Lots of other excellent talks from speakers like Ms. Sunny Wear , and impromptu panel with Ben Miller and a whole host of others, including:

@icssec
@bethayoung
@ViciousData
@killianditch
@fang0654
@SunnyWear
@awsmhacks
@sysopfb
@killamjr

We started talking about malware, and we ended up discussing a new channel in the BrakeSec Slack on #threatHunting. Appears there's a lot of information out there on the topic, so much so, that SANS is having a whole conference around it.

https://www.sans.org/event/threat-hunting-and-incident-response-summit-2018

@icssec
@bethayoung
@bryanbrake
@ViciousData
@killianditch
@fang0654
@SunnyWear
@awsmhacks
@sysopfb
@killamjr


Here is a new episode of Brakeing Down Security Podcast!

Wednesday, July 11, 2018

2018-024- Pacu, a tool for pentesting AWS environments


Ben Caudill @rhinosecurity

Spencer Gietzen @spengietz

 

Rhino Security - https://rhinosecuritylabs.com/blog/

 

AWS escalation and mitigation blog - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/

 

What is the difference between this and something like Scout or Lynis?

 

Is it a forensic or IR tool?

 

How might offensive people use this tool? What is possible when you’re using this as a ‘redteam’ or ‘pentesting’ tool?

 

S3 bucket perms?

 

Security Group policy fails

 

Some of the hardening policies for Security groups?

RDS?

 

Where are you speaking… BSLV? DefCon?


https://aws.amazon.com/whitepapers/aws-security-best-practices/

 

https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

 

https://aws.amazon.com/whitepapers/

 

https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/

 

https://aws.amazon.com/blogs/security/how-to-enable-mfa-protection-on-your-aws-api-calls/


Slack

Patreon

Bsides Springfield

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Sunday, July 1, 2018

2018-023: Cydefe interview-DNS enumeration-CTF setup & prep


Raymond Evans - CTF organizer for nolacon and Founder of CyDefe Labs

    @cydefe

  • CTF setup / challenges of setting up a CTF.
  • Beginners & CTFs
  • Types
  • tips/tricks
  • Biggest downfalls of CTF development

 

https://www.heroku.com/

www.exploit-db.com


BrakeSec DerbyCon

   

@dragosinc dragos.com


DNS Enumeration:

https://github.com/nixawk/pentest-wiki/blob/master/1.Information-Gathering/How-to-gather-dns-information.md

 

DNS Tools:

https://dnsdumpster.com/

https://tools.kali.org/information-gathering/theharvester

 

DNS Tutorial

https://www.youtube.com/watch?v=4ZtFk2dtqv0 (A cat explains DNS)

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!