Brakeing Down Security Podcast Blog

Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery.

Bryan B. got back from BsidesSPFD, MO this week, after what was a well-received talk on building community. Lots of other excellent talks from speakers like Ms. Sunny Wear , and impromptu panel with Ben Miller and a whole host of others, including:

@icssec
@bethayoung
@ViciousData
@killianditch
@fang0654
@SunnyWear
@awsmhacks
@sysopfb
@killamjr

We started talking about malware, and we ended up discussing a new channel in the BrakeSec Slack on #threatHunting. Appears there's a lot of information out there on the topic, so much so, that SANS is having a whole conference around it.

https://www.sans.org/event/threat-hunting-and-incident-response-summit-2018

@icssec
@bethayoung
@bryanbrake
@ViciousData
@killianditch
@fang0654
@SunnyWear
@awsmhacks
@sysopfb
@killamjr

Here is a new episode of Brakeing Down Security Podcast!

Posted by Unknown at 11:13 PM No comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: CISA, CISSP, computer security, CPE, information security, Infosec, interviews, ISSA, leadership, network security, OWASP, physical security, podcast, security, web application security

Wednesday, July 11, 2018

2018-024- Pacu, a tool for pentesting AWS environments

Ben Caudill @rhinosecurity

Spencer Gietzen @spengietz

Rhino Security - https://rhinosecuritylabs.com/blog/

AWS escalation and mitigation blog - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/

What is the difference between this and something like Scout or Lynis?

Is it a forensic or IR tool?

How might offensive people use this tool? What is possible when you’re using this as a ‘redteam’ or ‘pentesting’ tool?

S3 bucket perms?

Security Group policy fails

Some of the hardening policies for Security groups?

RDS?

Where are you speaking… BSLV? DefCon?

https://aws.amazon.com/whitepapers/aws-security-best-practices/

https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

https://aws.amazon.com/whitepapers/

https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/

https://aws.amazon.com/blogs/security/how-to-enable-mfa-protection-on-your-aws-api-calls/

Slack

Patreon

Bsides Springfield

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Here is a new episode of Brakeing Down Security Podcast!

Posted by Unknown at 7:04 AM No comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: CISA, CISSP, computer security, CPE, information security, Infosec, interviews, ISSA, leadership, network security, OWASP, physical security, podcast, security, web application security

Sunday, July 1, 2018

2018-023: Cydefe interview-DNS enumeration-CTF setup & prep

Raymond Evans - CTF organizer for nolacon and Founder of CyDefe Labs

@cydefe

CTF setup / challenges of setting up a CTF.
Beginners & CTFs
Types
tips/tricks
Biggest downfalls of CTF development

https://www.heroku.com/

www.exploit-db.com

BrakeSec DerbyCon

@dragosinc dragos.com

DNS Enumeration:

https://github.com/nixawk/pentest-wiki/blob/master/1.Information-Gathering/How-to-gather-dns-information.md

DNS Tools:

https://dnsdumpster.com/

https://tools.kali.org/information-gathering/theharvester

DNS Tutorial

https://www.youtube.com/watch?v=4ZtFk2dtqv0 (A cat explains DNS)

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Here is a new episode of Brakeing Down Security Podcast!

Posted by Unknown at 10:48 PM No comments:

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

Labels: CISA, CISSP, computer security, CPE, information security, Infosec, interviews, ISSA, leadership, network security, OWASP, physical security, podcast, security, web application security

Newer Posts Older Posts Home

Blog Archive

► 2020 (25)
- ► June (4)
- ► May (4)
- ► April (5)
- ► March (5)
- ► February (4)
- ► January (3)

► 2019 (48)
- ► December (4)
- ► November (4)
- ► October (5)
- ► September (3)
- ► August (3)
- ► July (5)
- ► June (4)
- ► May (4)
- ► April (4)
- ► March (5)
- ► February (4)
- ► January (3)

▼ 2018 (46)
- ► December (4)
- ► November (4)
- ► October (1)
- ► September (4)
- ► August (4)
- ▼ July (5)
- ► June (4)
- ► May (4)
- ► April (4)
- ► March (5)
- ► February (3)
- ► January (4)

► 2017 (46)
- ► December (3)
- ► November (4)
- ► October (5)
- ► September (4)
- ► August (4)
- ► July (4)
- ► June (4)
- ► May (3)
- ► April (4)
- ► March (4)
- ► February (4)
- ► January (3)

► 2016 (53)
- ► December (4)
- ► November (5)
- ► October (4)
- ► September (4)
- ► August (4)
- ► July (5)
- ► June (4)
- ► May (5)
- ► April (3)
- ► March (4)
- ► February (5)
- ► January (6)

► 2015 (54)
- ► December (4)
- ► November (4)
- ► October (4)
- ► September (4)
- ► August (6)
- ► July (4)
- ► June (4)
- ► May (6)
- ► April (4)
- ► March (4)
- ► February (5)
- ► January (5)

► 2014 (54)
- ► December (4)
- ► November (8)
- ► October (4)
- ► September (6)
- ► August (6)
- ► July (6)
- ► June (5)
- ► May (5)
- ► February (4)
- ► January (6)

► 2013 (10)
- ► December (1)
- ► November (1)
- ► October (1)
- ► September (3)
- ► August (4)

About Me

Unknown

View my complete profile