Blog talking about security, privacy, legal, and compliance topics, as well as follow-on content from the 'Brake'ing Down Security Podcast...
Monday, December 21, 2015
2015-053: 2nd annual podcaster party
This week, we went off the tracks a bit with our friends at Defensive Security Podcast, and PVC Security Podcast. We discussed a bit of news, talked about how our podcasts differ from one another, the 'lack of infosec talent', and sat around talking about anything we wanted to.
Sit back with some eggnog, and let your ears savor the sounds of the season. Many thanks to Andrew Kalat, Jerry Bell, Edgar Rojas, Paul Jorgensen, and co-host Brian Boettcher for getting together for some good natured fun.
WARNING: There is adult language, and themes, so if you have little ones around, you might want to skip this one until after bedtime.
Happy Holidays from Brakeing Down Security Podcast.
Here is a new episode of Brakeing Down Security!
Wednesday, December 16, 2015
2015-052: Wim Remes-ISC2 board member
I got a hold of Mr. Wim Remes, because he was elected to the ISC board in November 2015. Having certified as a CISSP myself, and having seen a lot of changes in the way that the CISSP has changed.
Recent changes to the CISSP included changing the long-standing 10 domains down to 8 domains, plus a major revamp to all of them.
I wanted to know what Mr. Remes' plans were for the coming term, how the board works, and how organizations like ISC2 drive change in the industry. I also asked Wim how he is trying to ensure that CISSP and the other certs are going to remain current and competitive.
This is a great interview if you're looking to get your #CISSP or any other ISC2 cert, or you currently have an #ISC2 #certification and want to get knowledge of the workings of ISC2 and the board.
Mr. #Remes' Twitter: @wimremes
ISC2 official site: http://www.isc2.org
Direct Link:
iTunes:
TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
BrakeSec Podcast Twitter: http://www.twitter.com/brakesec
Join our Patreon!: https://www.patreon.com/bds_podcast
Comments, Questions, Feedback: bds.podcast@gmail.com
Here is a new episode of Brakeing Down Security!
Wednesday, December 9, 2015
2015-051-MITRE's ATT&CK Matrix
#MITRE has a Matrix that classifies the various ways that your network can be compromised. It shows all the post-exploitation categories from 'Persistence' to 'Privilege Escalation'. It's a nice way to organize all the information.
This week, Mr. Boettcher and I go over "#Persistence" and "#Command and #Control" sections of the Matrix.
Every person who attacks you has a specific method that they use to get and keep access to your systems, it's as unique as a fingerprint. Threat intelligence companies call it TTP (#Tactics, #Techniques, and #Procedures), we also discuss the Cyber #KillChain, and where it came from.
#ATT&CK Matrix: https://attack.mitre.org/wiki/Main_Page
Tactics, Techniques, and Procedures (shows patterns of behavior) https://en.wikipedia.org/wiki/Terrorist_Tactics,_Techniques,_and_Procedures
http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf -- Cyber Kill Chain paper that inspired the ATT&CK Matrix
Direct Link:
iTunes:
TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
BrakeSec Podcast Twitter: http://www.twitter.com/brakesec
Join our Patreon!: https://www.patreon.com/bds_podcast
Comments, Questions, Feedback: bds.podcast@gmail.com
Here is a new episode of Brakeing Down Security!
Labels:
APT,
C2,
CISSP,
command and control,
Intelligence,
kill chain,
malware,
matrix,
MITRE,
persistence,
podcast,
procedures,
tactics,
techniques,
Threat,
TTP
Thursday, December 3, 2015
2015-049-Can you achieve Security Through Obscurity?
That's the question many think is an automatic 'yes'. Whether your Httpd is running on port 82, or maybe your fancy #wordpress #module needs some cover because the code quality is just a little lower than where it should be, and you need to cover up some cruft
This week, Mr. Boettcher and I discuss reasons for obscuring for the sake of security, when it's a good idea, and when you shouldn't #obscure anything (hint: using #ROT-14, for example)
#encryption #security #infosec
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2015-049-Security_by_Obscurity.mp3
iTunes:
Mr. Boettcher's Twitter: http://www.twitter.com/boettcherpwned
Bryan's Twitter: http://www.twitter.com/bryanbrake
TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
BrakeSec Podcast Twitter: http://www.twitter.com/brakesec
Join our Patreon!: https://www.patreon.com/bds_podcast
Comments, Questions, Feedback: bds.podcast@gmail.com
Here is a new episode of Brakeing Down Security!
Labels:
blue team,
brakeing down security,
CISA,
CISM,
CISSP,
CPE,
encryption,
Infosec,
obscurity,
podcast,
wordpress
Subscribe to:
Posts (Atom)