Sunday, November 30, 2014

Part 2 w/ Ben Donnelly -- Introducing Ball and Chain (making password breaches a thing of the past)

Last week, we talked with Ben Donnelly about ADHD (Active Defense Harbinger Distro). But Ben isn't a one trick pony, oh no... this young punk is trying to solve fundamental problems in the business industry, in particular securing passwords.  That's why he's been working with Tim Tomes (@lanmaster53)invented 'Ball and Chain', which is a large (>2TB) file that can be used to help generate passwords and entropy.

We discuss


Here is a new episode of Brakeing Down Security!

Saturday, November 29, 2014

New Tumblr Post

It's a bit meta, cause this will show up there in a few minutes, but Brakeing Down Security now has a Tumblr...

Don't know why it took so long...  We'll be posting from other Tumblr blogs, and our episodes will post there... I hope you will spread the word...

http://brakeingdownsecurity.tumblr.com/


Here is a new episode of Brakeing Down Security!

Thursday, November 27, 2014

Thank you from Brakeing Down Security

When Mr. Boettcher and I started the Brakeing Down Security Podcast, we really did it for 2 reasons:

1. We wanted to educate people and ourselves about information security topics, and do it in a way that was fun

2. Educate ourselves about some topics that we were not familar with, because infosec and compliance is such a vast range of topics and skills

 

Mr. Boettcher and I want to extend a warm and hearty THANK YOU SO MUCH for inviting us into your podcasting listening device. We realize there are a ton of infosec podcasts out there, and you allowing us to share space with them makes us so happy.

Look for more podcasts in December, and in the new year, look for more videos and excellent interviews.

 

As we've always said, we do this podcast for you, and we want to know what you want to hear or see.  If you have a topic you'd love to have us talk about, or you'd like to come on our podcast and talk about something you're working on, please let us know.  We want input, so please leave us some feedback on iTunes, or tweet our podcast to your friends

 

Happy Thanksgiving to our US fans, Happy Thursday for the rest of the world...

 

Bryan Brake

Creator, Co-Host of the Brakeing Down Security podcast

@bryanbrake

@boettcherpwned

Website: www.brakeingsecurity.com

RSS: brakeingsecurity.libsyn.com/rss

iTunes:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2

EMAIL: bds.podcast@gmail.com

 


Here is a new episode of Brakeing Down Security!

Saturday, November 22, 2014

Active Defense and the ADHD Distro with Ben Donnelly


We snagged an interview with Benjamin Donnelly, a maintainer of the Active Defense Harbinger Distribution (ADHD). version 0.60

 

A thoroughly enjoyable conversation with a new up-and-coming security professional. He's the future, and he is already contributing a lot of great info to the infosec industry.

 

Part 1 is all about ADHD, next week, we discuss his talk about a project he's working on that will remove the threat of password breaches using 'Ball and Chain'.  And it's all open source...

 

 

 

ADHD ISO:  http://sourceforge.net/projects/adhd/


CryptoLocked:   https://bitbucket.org/Zaeyx/cryptolocked


Here is a new episode of Brakeing Down Security!

Thursday, November 20, 2014

WebGoat install video with Mr. Boettcher!


My man Mr. Boettcher posted up a video on how to install OWASP's WebGoat Vulnerable web application!

He walks you through WebGoat 5.4, and even gives you some tips on solving issues that he'd found.  And to make it even easier, he's given you some instructions below.

Hope you enjoy, especially if you've had issues setting up WebGoat in the past.

 

 

Webgoat 5.4 instructions
========================
1. search google and download the war file

            (From Bryan: Here's the link -- https://code.google.com/p/webgoat/downloads/list )


2. install tomcat
    sudo apt-get install tomcat7
3. move the war file to tomcat webapp directory
    sudo mv ~/Downloads/WebGoat-5.4.war /var/lib/tomcat7/webapps/WebGoat.war
4. edit tomcat-users.xml by adding the content below
    sudo vi /var/lib/tomcat7/conf/tomcat-users.xml
5. restart tomcat
        sudo /etc/init.d/tomcat7 restart
6. in your browser, type localhost:8080/WebGoat/attack

<role rolename="webgoat_basic"/>
<role rolename="webgoat_user"/>
<role rolename="webgoat_admin"/>
<user username="basic" password="basic" roles="webgoat_basic,webgoat_user"/>
<user username="guest" password="guest" roles="webgoat_user"/>
<user username="webgoat" password="webgoat" roles="webgoat_admin"/>
<user username="admin" password="admin" roles="webgoat_admin"/>


Here is a new episode of Brakeing Down Security!

Monday, November 17, 2014

Active Defense: It ain't 'hacking the hackers'


Active Defense... It conjures images of the lowly admin turning the tables on the evil black hat hackers, and giving them a dose of their own medicine by hacking their boxes and getting sweet, sweet revenge... But did you know that kind of 'revenge' is also rife with legal rammifications, even bordering on being illegal??

This week, Mr. Boettcher and I tackle this prickly subject, and discuss some software you can use to 'deter, prevent, and dissuade' potential bad guys...

 ADHD Training (courtesy of Paul's Security Weekly Podcast): http://blip.tv/securityweekly/active-defense-harbinger-distribution-release-party-7096833

Artillery - https://www.binarydefense.com/project-artillery/

DenyHosts - http://denyhosts.sourceforge.net/

Nova:  http://www.sans.org/reading-room/whitepapers/detection/implementing-active-defense-systems-private-networks-34312

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/


Here is a new episode of Brakeing Down Security!

Sunday, November 9, 2014

Interview Part 2 with Paul Coggin: Horror stories


If you think Halloween was scary, Paul Coggin gives us another reason to curl up in the fetal position as he goes explains Lawful Intercept, and Route Maps. And what's worse, your 3rd party auditors are starting to get the tools that will make you address network protocol issues.

 

Lots of great material here below in our show notes, including some tools (free) that you can use to get yourself schooled on network protocols

 

http://www.zdnet.com/researcher-describes-ease-to-detect-derail-and-exploit-nsas-lawful-interception-7000025073/

 

BGPmon - http://www.bgpmon.net/Renesys (now Dyn Research) http://research.dyn.com/

BGP Play - http://bgplay.routeviews.org/

BGP Looking glass servers - http://www.bgp4.as/looking-glasses

yersinia - http://www.yersinia.net/

Fx Twitter handle - https://twitter.com/41414141

ernw - https://www.ernw.de/

Cisco Route Maps - http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/49111-route-map-bestp.html

Paul's Bsides Nashville talk - http://www.irongeek.com/i.php?page=videos/bsidesnashville2014/300-bending-and-twisting-networks-paul-coggin

Huawei ENSP - http://enterprise.huawei.com/en/products/network-management/automation-tools/tools/hw-201999.htm

NRL Core - http://www.nrl.navy.mil/itd/ncs/products/core

NRL Mgen - http://www.nrl.navy.mil/itd/ncs/products/mgen

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/


Here is a new episode of Brakeing Down Security!

Sunday, November 2, 2014

Interview with Paul Coggin (part 1)


One of the talks my colleague got to see was Paul Coggin's talk about Internetworking routing and protocols.  In this interview, we dicsuss some tools of the trade, how MPLS isn't secure, and why you should be doing end-to-end encryption without allowing your VPN or circuit provider to do it for you...

If you have any interest in network security, including the higher order network protocols like BGP, MPLS, ATM, etc...  You'll want to check out his DerbyCon talk, and our interview...

 

Paul's Derbycon 2014 talk - http://www.irongeek.com/i.php?page=videos/derbycon4/t319-bending-and-twisting-networks-paul-coggins

Hacking SNMP tips and tricks: http://securityreliks.securegossip.com/2011/04/hacking-snmp-in-a-few-simple-steps/

SNMPBlow: http://www.stoptheplague.com/?p=19

ERNW: https://www.ernw.de/research-community/index.html

Fx paper on Lawful Intercept: http://phenoelit.org/stuff/CSLI.pdf

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/


Here is a new episode of Brakeing Down Security!