Monday, February 29, 2016

2016-009-Brian Engle, Information Sharing, and R-CISC


We've reached peak "Br[i|y]an" this week when we invited our friend Brian Engle on to discuss what his organization does. Brian is the Executive Director of the Retail Cyber Intelligence Sharing Center.
"Created by retailers in response to the increased number and sophistication of attacks against the industry, the R-CISC provides another tool in retailers’ arsenal against cyber criminals by sharing leading practices and threat intelligence in a safe and secure way." -- R-CISC website
To learn more, visit https://r-cisc.org/ 
We discussed with Brian a bit of the history of the #R-CISC, and why his organization was brought into being. We ask Brian "How do you get companies who make billions of dollars a year to trust another competitor enough to share that they might have been compromised?" "And how do you keep the information sharing generic enough to not out a competitor by name, but still be actionable enough to spur members to do something to protect themselves?"


Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security using Patreon: https://www.patreon.com/bds_podcast
RSS FEED: http://www.brakeingsecurity.com/rss
Direct Download:
On #Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969
Player.FM : https://player.fm/series/brakeing-down-security-podcast
Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
iTunes:
#actionable, #brian, #engle, #cissp, #cpes, #data, #financial, #infections, #isac, #malware, #podcast, #rcisc, #retail, #security, #infosec, #threat #intelligence

Photo of Brian Engle courtesy of https://r-cisc.org

**I (Bryan) apologize for the audio. I did what I could to clean it up. Seriously don't know what happened to screw it up that badly. I can only imagine it was bandwidth issues on my Skype connection**

Here is a new episode of Brakeing Down Security Podcast!

Sunday, February 21, 2016

2016-008-Mainframe Security


This week's supersized episodes is brought to us thanks to previous guest Cheryl Biswas. You might remember her from our "Shadow IT" podcast a few months ago. She reached out to us to see if we were interested in doing a podcast on mainframe security with her and a couple of gentlemen that were not unknown to us.
Of course we jumped at the chance! You might know them as @mainframed767 and @bigendiansmalls (Chad) on Twitter. They've been trying to get people to be looking into mainframes and mainframe security for years. Mainframes are usually used by financial organizations, or older organizations. In many cases, these systems are managed by a handful of people, and you will have little or no help if you are a red teamer or pentester to make sure these systems are as secured as they possibly can.
So, Cheryl (@3ncr1pt3d), @bigendiansmalls, and @mainframed767 (Philip) walk us through how a mainframe functions. We discuss what you might see when a scan occurs, that if runs a mainframe OS, and a Linux 'interface' OS.
We also discuss methods you can use to protect your organization, and methods you can use as a redteamer to learn more about mainframes.
Chad's talk at DerbyCon 2015: https://www.youtube.com/watch?v=b5AG59Y1_EY
Chad discussing mainframe Security on Hak5: https://www.youtube.com/watch?v=YBhsWvlqLPo
Linux for mainframes: http://www-03.ibm.com/systems/linuxone/
Philip's talks on Youtube: https://www.youtube.com/playlist?list=PLBVy6TfEpKmEL56fb5AnZCM8pXXFfJS0n

Brian and I wish to thank Cheryl for all her help in making this happen. You can find her blog over at Alienvault's site... https://www.alienvault.com/blogs/author/cheryl-biswas

Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
BrakeSec Podcast Twitter: http://www.twitter.com/brakesec
Bryan's Twitter: http://www.twitter.com/bryanbrake
Brian's Twitter: http://www.twitter.com/boettcherpwned
Join our Patreon!: https://www.patreon.com/bds_podcast
Tumblr: http://brakeingdownsecurity.tumblr.com/
RSS FEED: http://www.brakeingsecurity.com/rss
Comments, Questions, Feedback: bds.podcast@gmail.com
**NEW** Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969
**NEW** Listen to us on Player.FM!! : https://player.fm/series/brakeing-down-security-podcast

Here is a new episode of Brakeing Down Security Podcast!

Saturday, February 13, 2016

2015-007-FingerprinTLS profiling application with Lee Brotherston


We first heard about FingerprinTLS from our friend Lee Brotherston at DerbyCon last September. Very intrigued by how he was able to fingerprint client applications being used, we finally were able to get him on to discuss this.
We do a bit of history about #TLS, and the versions from 1.0 to 1.2
Lee gives us some examples on how FingerprintTLS might be used by red teamers or pentest agents to see what applications a client has on their system, or if you're a blue team that has specific application limitations, you can find out if someone has installed an unauthorized product, or you could even block unknown applications using this method by sensing the application and then creating an IPS rule from the fingerprint.
Finally, something a bit special... we have a demo on our Youtube site that you can view his application in action!
Video demo: https://youtu.be/im6un0cB3Ns


https://upload.wikimedia.org/wikipedia/commons/thumb/4/46/Diffie-Hellman_Key_Exchange.svg/2000px-Diffie-Hellman_Key_Exchange.svg.png
http://blog.squarelemon.com/tls-fingerprinting/
https://github.com/LeeBrotherston/tls-fingerprinting
http://www.slideshare.net/LeeBrotherston/tls-fingerprinting-sectorca-edition
https://www.youtube.com/watch?v=XX0FRAy2Mec
http://2015.video.sector.ca/video/144175700
Cisco blog on malware using TLS... http://blogs.cisco.com/security/malwares-use-of-tls-and-encryption

Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
BrakeSec Podcast Twitter: http://www.twitter.com/brakesec
Bryan's Twitter: http://www.twitter.com/bryanbrake
Brian's Twitter: http://www.twitter.com/boettcherpwned
Join our Patreon!: https://www.patreon.com/bds_podcast
Tumblr: http://brakeingdownsecurity.tumblr.com/
RSS FEED: http://www.brakeingsecurity.com/rss
Comments, Questions, Feedback: bds.podcast@gmail.com
**NEW** Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969
**NEW** Listen to us on Player.FM!! : https://player.fm/series/brakeing-down-security-podcast

Here is a new episode of Brakeing Down Security Podcast!

Sunday, February 7, 2016

2016-006-Moxie_vs_Mechanism-Dependence_On_Tools


This week starts with an apology to Michael Gough about comments I (Bryan) mangled on the "Anti-Virus... What is it good for?" podcast. Then we get into the meat of our topic...
Automation is a great thing. It allows us to do a lot more work with less personnel, run mundane tasks without having to think about them, and even allow us to do security scans on web applications and assets in your enterprise.
But is our dependence on these tools making us lazy, or giving us a false sense of security? What is the 'happy medium' that we should find when deciding to spend the GDP of a small country for the latest compliance busting tool, or spend the necessary Operational Expenditure (OpEx) for a couple of junior personnel or a seasoned professional.
Mr. Boettcher and I discuss over reliance, blindly trusting results, and what can happen when you have too much automation, and not enough people around to manage those tools.

Here is a new episode of Brakeing Down Security Podcast!

Wednesday, February 3, 2016

Brakeing Down Security interviewed on "Building a Life and Career in Security" podcast!

After we interviewed Jay Schulman on our podcast, Mr. Boettcher and I did his podcast!  Listen to both of us share our bios and learn how Mr. Boettcher and I met, and how our unorthodox ways of getting into information security can show that anyone can move into that space...

https://www.jayschulman.com/episode15/

 

Jay has conducted other interviews with some great people, and he creates some great blog posts. Please check out his site at https://www.jayschulman.com

You can also hear our discuss BSIMM and learn a bit more about Jay from our podcast as well...

http://brakeingsecurity.com/2016-001-jay-schulmann-explains-bsimm-usage-in-the-sdlc


Here is a new episode of Brakeing Down Security Podcast!