
BrakeSec Education Podcast
A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
Latest episodes

Jan 10, 2015 • 36min
Episode 2: Big Trouble in Small Businesses
Security's the same, the world around... and is a necessity in businesses of all sizes, from the mega-corporations, all the way down to the business with 10 employees in a garage in suburbia.
This week, Mr. Boettcher and I discuss security in small businesses. What is needed to make security part of the culture of a new company. We discuss some open source tools to ensure that networks are monitored properly, logs are collected, collated, and analyzed. And better yet, these are on the cheap, which is helpful for a small business on a tight budget.
QR code links directly to the episode...
http://www.ihotdesk.co.uk/article/801717385/Most-small-businesses-have-faced-InfoSec-breach-recently
https://blog.whitehatsec.com/infosec-europe-wrapup/
http://www.infosectoday.com/Articles/DRPlanning.htm
"Dirty Rhodes" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Jan 4, 2015 • 11min
2015-001- "unhackable" or "attacker debt"
This is a quick little podcast I did without Mr. Boettcher about a Twitter discussion that occurred when Dr. Neil Degrasse Tyson mentioned that we should just make computers 'unhackable'.
The first episode of the 2015 season of Brakeing Down Security is here!
Tweet from Dr. Neil Degrasse Tyson
https://twitter.com/neiltyson/status/551378648578916353
Rebuttal from Kevin Johnson
https://twitter.com/secureideas/status/551510885441998848
"Dirt Rhodes"
Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/

Dec 26, 2014 • 33min
Is Compliance running or ruining Security Programs?
We at Brakeing Down Security world headquarters don't understand the concept of 'End of the Year' podcast, so consider this the "End-End of the Year" podcast.
We talked about the order of things... whether Compliance is a detriment to Security, and who should be running who.
So pull up a glass of eggnog, grabbing another cookie, and put another log on the fire, cause Brakeing Down Security is throwing out one more for the year! Happy Holidays... all of them... :)

Dec 21, 2014 • 1h 26min
Brakeing Down/Defensive Security Mashup!
It's a Super Deluxe sized Brakeing Down Security this week...
It's something you've dreamed of forever (or not), but Jerry Bell and Andrew Kalat from Defensive Security Podcast stopped by and we made ourselves a podcast baby... Boy, was it ugly :)
I'm just kidding, we had a great time discussing some news, and going over what we learned... and any good end-of-year podcast must have predictions...
We also discussed Sony, caused it's huge news of the year, and talked about Target, because we love dissing PCI... ;)
There might be a few bad words, so if you have small ears around, be advised...
When you're done, check out the other 96 episodes of Defensive Security, and check out our 55 other episodes..
http://www.defensivesecurity.org/
Twitter handles:
Andrew Kalat: https://twitter.com/lerg
Jerry Bell: https://twitter.com/Maliciouslink
Icon provided by DefensiveSecurity.org... I'd imagine they'd let us use it, since they were on the podcast ;)
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Dec 15, 2014 • 42min
Tyler Hudak (@secshoggoth) Discusses incident respose, and DIY malware research
This week, Tyler gave us a great deal of information on where to start if you wanted to become a malware researcher. He also gave us websites where you can get malware and ways to analyze it.
We asked Tyler what blue teams can do when they are infected, and he gave us some excellent advice...
I also recite some prose from a classic horror author, so come for the malware, stay for the prose! :)
***NOTE: I guess now would be a good time to mention that many of the links below have unsafe software and actual malware payloads, so use with extreme caution. Especially do not download anything from these sites unless it's in a VM that is not on your companies assets.***
http://www.hopperapp.com/ - Disassemble OSA binaries
http://en.wikibooks.org/wiki/X86_Disassembly/Disassemblers_and_Decompilers - other Disassemblers
http://vxheaven.org/ - Virus Heaven
http://www.malwaredomainlist.com/ - Find websites serving malware
http://oc.gtisc.gatech.edu:8080/ - Georgia Tech malware repository
Sandboxie - http://www.sandboxie.com/
KoreLogic - http://www.korelogic.com/ (lots of great tools here)
http://secshoggoth.blogspot.com/ - Tyler's Blog

Dec 8, 2014 • 39min
Tyler Hudak discusses malware analysis
Tyler Hudak (@secshoggoth) came to discuss with us the process of doing analysis on malware binaries. We talk about MASTIFF, his malware framework. We also discuss how to gain information from malware program headers, and some software that is used to safely analyze it.
Helpful Links:
Ida Pro: https://www.hex-rays.com/products/ida/
Process Monitor - http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
Mastiff White Paper: http://digital-forensics.sans.org/blog/2013/05/07/mastiff-for-auto-static-malware-analysis
Mastiff latest: http://sourceforge.net/projects/mastiff/files/mastiff/0.6.0/
cuckoo sandbox: www.cuckoosandbox.org
Anubis: https://anubis.iseclab.org/
PE Headers: http://en.wikipedia.org/wiki/Portable_Executable
ELF: http://fr.wikipedia.org/wiki/Executable_and_Linkable_Format
REMnux- reverse engineering linux distro:https://remnux.org/
Inetsim: http://www.inetsim.org/
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Dec 1, 2014 • 38min
Part 2 w/ Ben Donnelly -- Introducing Ball and Chain (making password breaches a thing of the past)
Last week, we talked with Ben Donnelly about ADHD (Active Defense Harbinger Distro). But Ben isn't a one trick pony, oh no... this young punk is trying to solve fundamental problems in the business industry, in particular securing passwords. That's why he's been working with Tim Tomes (@lanmaster53)invented 'Ball and Chain', which is a large (>2TB) file that can be used to help generate passwords and entropy.
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Nov 22, 2014 • 45min
Active Defense and the ADHD Distro with Ben Donnelly
We snagged an interview with Benjamin Donnelly, a maintainer of the Active Defense Harbinger Distribution (ADHD). version 0.60
A thoroughly enjoyable conversation with a new up-and-coming security professional. He's the future, and he is already contributing a lot of great info to the infosec industry.
Part 1 is all about ADHD, next week, we discuss his talk about a project he's working on that will remove the threat of password breaches using 'Ball and Chain'. And it's all open source...
ADHD ISO: http://sourceforge.net/projects/adhd/
CryptoLocked: https://bitbucket.org/Zaeyx/cryptolocked
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Nov 20, 2014 • 5min
WebGoat install video with Mr. Boettcher!
My man Mr. Boettcher posted up a video on how to install OWASP's WebGoat Vulnerable web application!
He walks you through WebGoat 5.4, and even gives you some tips on solving issues that he'd found. And to make it even easier, he's given you some instructions below.
Hope you enjoy, especially if you've had issues setting up WebGoat in the past.
Webgoat 5.4 instructions========================1. search google and download the war file
(From Bryan: Here's the link -- https://code.google.com/p/webgoat/downloads/list )
2. install tomcat sudo apt-get install tomcat73. move the war file to tomcat webapp directory sudo mv ~/Downloads/WebGoat-5.4.war /var/lib/tomcat7/webapps/WebGoat.war4. edit tomcat-users.xml by adding the content below sudo vi /var/lib/tomcat7/conf/tomcat-users.xml 5. restart tomcat sudo /etc/init.d/tomcat7 restart6. in your browser, type localhost:8080/WebGoat/attack

Nov 18, 2014 • 49min
Active Defense: It ain't 'hacking the hackers'
Active Defense... It conjures images of the lowly admin turning the tables on the evil black hat hackers, and giving them a dose of their own medicine by hacking their boxes and getting sweet, sweet revenge... But did you know that kind of 'revenge' is also rife with legal rammifications, even bordering on being illegal??
This week, Mr. Boettcher and I tackle this prickly subject, and discuss some software you can use to 'deter, prevent, and dissuade' potential bad guys...
ADHD Training (courtesy of Paul's Security Weekly Podcast): http://blip.tv/securityweekly/active-defense-harbinger-distribution-release-party-7096833
Artillery - https://www.binarydefense.com/project-artillery/
DenyHosts - http://denyhosts.sourceforge.net/
Nova: http://www.sans.org/reading-room/whitepapers/detection/implementing-active-defense-systems-private-networks-34312
Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/