Info

Brakeing Down Security Podcast

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
RSS Feed Subscribe in iTunes
Brakeing Down Security Podcast
2017
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


All Episodes
Archives
Now displaying: November, 2014
Nov 22, 2014

We snagged an interview with Benjamin Donnelly, a maintainer of the Active Defense Harbinger Distribution (ADHD). version 0.60

 

A thoroughly enjoyable conversation with a new up-and-coming security professional. He's the future, and he is already contributing a lot of great info to the infosec industry.

 

Part 1 is all about ADHD, next week, we discuss his talk about a project he's working on that will remove the threat of password breaches using 'Ball and Chain'.  And it's all open source...

 

 

 

ADHD ISO:  http://sourceforge.net/projects/adhd/


CryptoLocked:   https://bitbucket.org/Zaeyx/cryptolocked

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Nov 20, 2014

My man Mr. Boettcher posted up a video on how to install OWASP's WebGoat Vulnerable web application!

He walks you through WebGoat 5.4, and even gives you some tips on solving issues that he'd found.  And to make it even easier, he's given you some instructions below.

Hope you enjoy, especially if you've had issues setting up WebGoat in the past.

 

 

Webgoat 5.4 instructions
========================
1. search google and download the war file

            (From Bryan: Here's the link -- https://code.google.com/p/webgoat/downloads/list )


2. install tomcat
    sudo apt-get install tomcat7
3. move the war file to tomcat webapp directory
    sudo mv ~/Downloads/WebGoat-5.4.war /var/lib/tomcat7/webapps/WebGoat.war
4. edit tomcat-users.xml by adding the content below
    sudo vi /var/lib/tomcat7/conf/tomcat-users.xml
5. restart tomcat
        sudo /etc/init.d/tomcat7 restart
6. in your browser, type localhost:8080/WebGoat/attack

<role rolename="webgoat_basic"/>
<role rolename="webgoat_user"/>
<role rolename="webgoat_admin"/>
<user username="basic" password="basic" roles="webgoat_basic,webgoat_user"/>
<user username="guest" password="guest" roles="webgoat_user"/>
<user username="webgoat" password="webgoat" roles="webgoat_admin"/>
<user username="admin" password="admin" roles="webgoat_admin"/>

Nov 18, 2014

Active Defense... It conjures images of the lowly admin turning the tables on the evil black hat hackers, and giving them a dose of their own medicine by hacking their boxes and getting sweet, sweet revenge... But did you know that kind of 'revenge' is also rife with legal rammifications, even bordering on being illegal??

This week, Mr. Boettcher and I tackle this prickly subject, and discuss some software you can use to 'deter, prevent, and dissuade' potential bad guys...

 ADHD Training (courtesy of Paul's Security Weekly Podcast): http://blip.tv/securityweekly/active-defense-harbinger-distribution-release-party-7096833

Artillery - https://www.binarydefense.com/project-artillery/

DenyHosts - http://denyhosts.sourceforge.net/

Nova:  http://www.sans.org/reading-room/whitepapers/detection/implementing-active-defense-systems-private-networks-34312

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Nov 9, 2014

If you think Halloween was scary, Paul Coggin gives us another reason to curl up in the fetal position as he goes explains Lawful Intercept, and Route Maps. And what's worse, your 3rd party auditors are starting to get the tools that will make you address network protocol issues.

 

Lots of great material here below in our show notes, including some tools (free) that you can use to get yourself schooled on network protocols

 

http://www.zdnet.com/researcher-describes-ease-to-detect-derail-and-exploit-nsas-lawful-interception-7000025073/

 

BGPmon - http://www.bgpmon.net/

Renesys (now Dyn Research) http://research.dyn.com/

BGP Play - http://bgplay.routeviews.org/

BGP Looking glass servers - http://www.bgp4.as/looking-glasses

yersinia - http://www.yersinia.net/

Fx Twitter handle - https://twitter.com/41414141

ernw - https://www.ernw.de/

Cisco Route Maps - http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/49111-route-map-bestp.html

Paul's Bsides Nashville talk - http://www.irongeek.com/i.php?page=videos/bsidesnashville2014/300-bending-and-twisting-networks-paul-coggin

Huawei ENSP - http://enterprise.huawei.com/en/products/network-management/automation-tools/tools/hw-201999.htm

NRL Core - http://www.nrl.navy.mil/itd/ncs/products/core

NRL Mgen - http://www.nrl.navy.mil/itd/ncs/products/mgen

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Nov 3, 2014

One of the talks my colleague got to see was Paul Coggin's talk about Internetworking routing and protocols.  In this interview, we dicsuss some tools of the trade, how MPLS isn't secure, and why you should be doing end-to-end encryption without allowing your VPN or circuit provider to do it for you...

If you have any interest in network security, including the higher order network protocols like BGP, MPLS, ATM, etc...  You'll want to check out his DerbyCon talk, and our interview...

 

Paul's Derbycon 2014 talk - http://www.irongeek.com/i.php?page=videos/derbycon4/t319-bending-and-twisting-networks-paul-coggins

Hacking SNMP tips and tricks: http://securityreliks.securegossip.com/2011/04/hacking-snmp-in-a-few-simple-steps/

SNMPBlow: http://www.stoptheplague.com/?p=19

ERNW: https://www.ernw.de/research-community/index.html

Fx paper on Lawful Intercept: http://phenoelit.org/stuff/CSLI.pdf

 

 

Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

1