This browser doesn't support Spotify Web Player. Switch browsers or download Spotify for your desktop.

Brakeing Down Security Podcast

By Brian Boettcher, Amanda Berlin, and Bryan Brake

A podcast all about the world of Security, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.

  1. 1.
    2019-033-Part 2 of the Kubernetes security audit discussion (Jay Beale & Aaron Small)09/16/2019
    44:24
  2. 2.
    the last Derbycon Brakesec podcast09/07/2019
    50:42
  3. 3.
    2019-032-kubernetes security audit dicussion with Jay Beale and Aaron Small08/31/2019
    47:12
  4. 4.
    2019-031- Dissecting a Social engineering attack (Part 2)08/16/2019
    50:04
  5. 5.
    2019-030-news, breach of PHI, sephora data breach08/09/2019
    53:53
  6. 6.
    2019-029-dissecting a real Social engineering attack (part 1)08/01/2019
    47:06
  7. 7.
    2019-028-fileless_malware_campaign,privacy issues with email integration-new_zip_bomb_record07/24/2019
    59:50
  8. 8.
    2019-027-GDPR fines for British Airways, FTC fines Facebook, Zooma-palooza07/14/2019
    43:22
  1. 9.
    2019-026-Ben Johnson discusses hanging your shingle, going independent07/09/2019
    38:11
  2. 10.
    2019-025-Ben Johnson discusses identity rights management, and controlling your AuthN/AuthZ issues07/02/2019
    41:42
  3. 11.
    2019-024-Tanya_Janca-mentorship-WoSec_organizations_what-makes-a-good-mentor06/24/2019
    53:52
  4. 12.
    2019-023-Tanya Janca, Dev Slop, DevOps tools for free or cheap06/18/2019
    40:36
  5. 13.
    2019-022-Chris Sanders-Rural_Tech_Fund-embracing_the_ATT&CK_Matrix06/09/2019
    1:01:08
  6. 14.
    2019-021-Chris Sanders discusses a cognitive crisis, mental models, and dependence on tools06/04/2019
    47:54
  7. 15.
    2019-020-email_security_controls-windows_scheduler05/29/2019
    1:03:00
  8. 16.
    2019-019-Securing your RDP and ElasticSearch, InfoSec Campout news05/20/2019
    53:10
  9. 17.
    2019-018-Lesson's I learned, github breach, ransoming github repos05/14/2019
    39:47
  10. 18.
    2019-017-K8s Security, Kamus, interview with Omer Levi Hevroni05/05/2019
    49:48
  11. 19.
    2019-016-Conference announcement, and password spray defense04/29/2019
    46:10
  12. 20.
    2019-015-Kevin_johnson-incident_response_aftermath04/22/2019
    1:24:26
  13. 21.
    2019-014-Tesla fails encryption, Albany and Sammamish ransomware attacks.04/15/2019
    50:40
  14. 22.
    2019-013-ASVSv4 discussion with Daniel Cuthbert and Jim Manico - Part 204/07/2019
    56:34
  15. 23.
    2019-012: OWASP ASVSv4 discussion with Daniel Cuthbert and Jim Manico - Part 104/01/2019
    51:50
  16. 24.
    2019-011-part 2 of our interview with Brian "Noid" Harden03/24/2019
    47:12
  17. 25.
    2019-010-Zach_Ruble-building_a_better_cheaper_C2_infra03/18/2019
    1:12:03
  18. 26.
    2019-009- Log-MD story, Noid, communicating with Devs and security people-part103/12/2019
    50:59
  19. 27.
    2019-008-windows retpoline patches, PSremoting, underthewire, thunderclap vuln03/04/2019
    56:00
  20. 28.
    2019-007-bsides_seattle_recap-new_phishing_vector-Kernel_use_after_free_vuln02/25/2019
    44:44
  21. 29.
    2019-006: CSRF, XSS, infosec hypocrites, and the endless cycle02/18/2019
    40:38
  22. 30.
    2019-005: Security Researcher attack, disabling SPECTER, and Systemd discussion02/11/2019
    55:22
  23. 31.
    2019-004-ShmooCon, and Bsides Leeds discussion, Facetime bug (with update), a town for ransom02/04/2019
    44:50
  24. 32.
    2019-003-Liz Rice, creating processes to shift security farther left in DevOps01/28/2019
    1:03:33
  25. 33.
    2019-002-part 2 of the OWASP IoT Top 10 with Aaron Guzman01/22/2019
    46:03
  26. 34.
    2019-001: OWASP IoT Top 10 discussion with Aaron Guzman01/14/2019
    36:53
  27. 35.
    2018-045: end of the year podcast!12/27/2018
    1:11:25
  28. 36.
    2018-044: Mike Samuels discusses NodeJS hardening initiatives12/18/2018
    56:10
  29. 37.
    2018-043-Adam-Baldwin, npmjs Director of Security, event stream post mortem, and making your package system more secure12/11/2018
    1:11:14
  30. 38.
    2018-042-Election security processes in the state of Ohio12/03/2018
    1:24:49
  31. 39.
    2018-041: part 2 of Kubernetes security insights w/ ian Coldwater11/26/2018
    44:56
  32. 40.
    2018-040- Jarrod Frates discusses pentest processes11/19/2018
    1:21:17
  33. 41.
    2018-039-Ian Coldwater, kubernetes, container security11/12/2018
    50:15
  34. 42.
    2018-038-InfosecSherpa, security culture,11/05/2018
    59:11
  35. 43.
    2018-037-iWatch save man's life, Alexa detects your mood, and post-derby discussion10/22/2018
    44:30
  36. 44.
    2018-036-Derbycon 2018 Audio with Cheryl Biswas and Tomasz Tula10/15/2018
    39:56
  37. 45.
    2018-035-software bloat is forever; malicious file extensions; WMIC abuses10/01/2018
    52:42
  38. 46.
    2018-034-Pentester_Scenario09/25/2018
    40:02
  39. 47.
    2018--033-Chris_Hadnagy-SE-OSINT-vishing-phishing-book_interview-pt209/15/2018
    1:00:27
  40. 48.
    2018-032-chris Hadnagy, discusses his new book, OSINT and SE Part 109/08/2018
    37:51
  41. 49.
    2018-031-Derbycon ticket CTF, Windows Event forwarding, SIEM collection, and missing events... oh my!09/01/2018
    1:08:26
  42. 50.
    2018-030: Derbycon CTF and Auction info, T-mobile breach suckage, and lockpicking08/26/2018
    1:01:34
  43. 51.
    2018-030: Derbycon CTF and Auction info, T-mobile breach suckage, and lockpicking08/26/2018
    1:01:34
  44. 52.
    2018-029-postsummercamp-future_record_breached-vulns_nofix08/17/2018
    55:30
  45. 53.
    2018-028-runkeys, DNS Logging, derbycon Talks08/09/2018
    50:35
  46. 54.
    2018-027-Godfrey Daniels talks about his book about the Mojave Phonebooth08/01/2018
    37:45
  47. 55.
    2018-026-insurers gathering data, netflix released a new DFIR tool, and google no longer gets phished?07/27/2018
    43:51
  48. 56.
    2018-025-BsidesSPFD, threathunting, assessing risk07/19/2018
    34:52
  49. 57.
    2018-024- Pacu, a tool for pentesting AWS environments07/11/2018
    55:19
  50. 58.
    2018-023: Cydefe interview-DNS enumeration-CTF setup & prep07/02/2018
    55:24
  51. 59.
    2018-022-preventing_insider_threat06/26/2018
    47:31
  52. 60.
    2018-021-TLS 1.3 discussion, Area41 report, wireshark goodness06/20/2018
    42:42
  53. 61.
    2018-020: NIST's new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords06/13/2018
    36:43
  54. 62.
    2018-019-50 good ways to protect your network, brakesec summer reading program06/06/2018
    47:20
  55. 63.
    2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs05/30/2018
    34:14
  56. 64.
    2018-017- threat models, vuln triage, useless scores, and analysis tools05/23/2018
    39:37
  57. 65.
    2018-016- Jack Rhysider, DarkNet Diaries, and a bit of infosec history (Part 1)05/15/2018
    37:12
  58. 66.
    2018-015-Data labeling, data classification, and GDPR issues05/07/2018
    52:06
  59. 67.
    2018-014- Container Security with Jay Beale04/29/2018
    1:05:29
  60. 68.
    2018-013-Sigma_malware_report, Verizon_DBIR discussion, proper off-boarding of employees04/20/2018
    1:05:19
  61. 69.
    2018-012: SIEM tuning, collection, types of SIEM, and do you even need one?04/11/2018
    1:00:42
  62. 70.
    2018-011: Creating a Culture of Neurodiversity04/04/2018
    1:10:35
  63. 71.
    2018-010 - The ransoming of Atlanta, Facebook slurping PII, Dridex variants03/27/2018
    37:45
  64. 72.
    2018-009- Retooling for new infosec jobs, sno0ose, Jay Beale, and mentorship03/19/2018
    1:12:02
  65. 73.
    BDIR-001: Credential stealing emails, How do you protect against it?03/12/2018
    1:35:36
  66. 74.
    2018-008- ransomware rubes, Defender does not like Kali, proper backups03/12/2018
    58:11
  67. 75.
    2018-007- Memcached DDoS, Secure Framework Documentation, and chromebook hacking03/05/2018
    45:58
  68. 76.
    2018-006- NPM is whacking boxes, code signing, and stability of code02/26/2018
    46:17
  69. 77.
    2018-005-Securing_your_mobile_devices_and_CMS_against_plugin_attacks02/14/2018
    48:23
  70. 78.
    2018-004 - Discussing Bsides Seattle, and Does Autosploit matter?02/05/2018
    38:38
  71. 79.
    BDIR-000 ; The Beginning01/29/2018
    1:04:53
  72. 80.
    2018-003-Privacy Issues using Crowdsourced services,01/27/2018
    1:06:29
  73. 81.
    2018-002-John_Nye-Healthcare's_biggest_issues-ransomware01/20/2018
    1:03:27
  74. 82.
    2018-001- A new year, new changes, same old trojan malware01/12/2018
    1:05:36
  75. 83.
    2017-SPECIAL005-End of year Podcast with podcasters12/23/2017
    1:25:49
  76. 84.
    2017-042-Jay beale, Hushcon, Apple 0Day, and BsidesWLG audio12/16/2017
    1:06:29
  77. 85.
    2017-041- DFIR Hierarchy of Needs, and new malware attacks12/08/2017
    1:02:17
  78. 86.
    2017-040-Expensify_privacy_issues-Something_is_rotten_at_Apple11/30/2017
    47:26
  79. 87.
    2017-039-creating custom training for your org, and audio from SANS Berlin!11/23/2017
    43:12
  80. 88.
    2017-038- Michael De Libero discusses building out your AppSec Team11/15/2017
    56:09
  81. 89.
    2017-037 - Asset management techniques, and it's importance, DDE malware11/08/2017
    52:28
  82. 90.
    2017-036-Adam Shostack talks about threat modeling, and how to do it properly10/29/2017
    1:34:53
  83. 91.
    2017-SPECIAL004- SOURCE Conference Seattle 201710/22/2017
    48:08
  84. 92.
    2017-035-Business_Continuity-After_the_disaster10/16/2017
    59:19
  85. 93.
    2017-SPECIAL003-Audio from Derbycon 2017!10/07/2017
    1:15:05
  86. 94.
    2017-034-Preston_Pierce, recruiting, job_descriptions10/02/2017
    1:02:05
  87. 95.
    2017-SPECIAL002-Derbycon-podcast with podcasters (NSF Kids/Work)09/27/2017
    1:18:30
  88. 96.
    2017-033- Zane Lackey, Inserting security into your DevOps environment09/17/2017
    1:00:35
  89. 97.
    2017-032-incident response tabletops, equifax breach09/12/2017
    47:37
  90. 98.
    2017-031-Robert_Sell-Defcon_SE_CTF-OSINT_source09/04/2017
    1:03:46
  91. 99.
    2017-030-Vulnerability OSINT, derbycon CTF walkthrough, and bsides Wellington!08/29/2017
    52:36
  92. 100.
    2017-029-CIS benchmarks, Windows Update reverts changes used to detect malware08/20/2017
    1:17:40
  93. 101.
    2017-028-disabling WU?, Comcast wireless hack, and was it irresponsible disclosure?08/12/2017
    54:44
  94. 102.
    2017-026-Machine_Learning-Market Hype, or infosec's blue team's newest weapon?08/03/2017
    1:09:01
  95. 103.
    2017-025-How will GDPR affect your Biz with Wendyck, and DerbyCon CTF info07/22/2017
    1:10:48
  96. 104.
    2017-024-infosec_mental_health_defcon_contest-with-rand0h-and-tottenkoph07/16/2017
    1:30:55
  97. 105.
    2017-023-Jay_Beale_Securing Linux-LXC-Selinux-Apparmor-Jails_and_more07/10/2017
    1:09:43
  98. 106.
    2017-022-Windows Hardening, immutable laws of security admins, and auditpol07/03/2017
    53:47
  99. 107.
    2017-SPECIAL- Michael Gough and Brian Boettcher discuss specific ransomware06/30/2017
    19:25
  100. 108.
    2017-021-small_biz_outreach-614con-prenicious_kingdoms-ransomware-bonus06/22/2017
    1:18:46
  101. 109.
    2017-020-Hector_Monsegur_DNS_OSINT_Outlaw_Tech_eClinicalWorks_fine06/14/2017
    1:16:36
  102. 110.
    2017-019-Ms. Jessy Irwin, Effective Training in Small/Medium Businesses06/06/2017
    1:11:33
  103. 111.
    2017-018-SANS_course-EternalBlue_and_Samba_vulnerabilities-DerbyCon contest details05/30/2017
    50:39
  104. 112.
    2017-017-Zero_Trust_Networking_With_Doug_Barth,_and_Evan_Gilman05/09/2017
    1:25:45
  105. 113.
    2017-016-Fileless_Malware, and reclassifying malware to suit your needs05/02/2017
    1:05:42
  106. 114.
    2017-015-Being a 'security expert' vs. 'security aware'04/27/2017
    44:42
  107. 115.
    2017-014-Policy_writing_for_the_masses-master_fingerprints_and_shadowbrokers04/20/2017
    1:00:11
  108. 116.
    2017-013-Multi-factor Auth implementations, gotchas, and solutions with Matt04/13/2017
    48:43
  109. 117.
    2017-012-UK Gov Apprenticeship infosec programs with Liam Graves04/05/2017
    54:12
  110. 118.
    2017-011-Software Defined Perimeter with Jason Garbis03/29/2017
    52:40
  111. 119.
    2017-010-Authors Amanda Berlin and Lee Brotherston of the "Defensive Security Handbook"03/22/2017
    1:13:41
  112. 120.
    2017-009-Dave Kennedy talks about CIAs 'Vault7', ISC2, and Derbycon updates!03/14/2017
    1:15:17
  113. 121.
    2017-008-AWS S3 outage, how it should color your IR scenarios, and killing the 'whiteboard' interview03/06/2017
    1:14:22
  114. 122.
    2017-007- Audio from Bsides Seattle 201703/01/2017
    35:42
  115. 123.
    2017-006- Joel Scambray, infosec advice, staying out from in front of the train, and hacking exposed02/19/2017
    1:05:44
  116. 124.
    2017-005-mick douglas, avoid bad sales people, blue team defense tools02/14/2017
    1:03:57
  117. 125.
    2017-004-sandboxes, jails, chrooting, protecting applications, and analyzing malware02/06/2017
    52:24
  118. 126.
    2017-003-Amanda Berlin at ShmooCon01/29/2017
    30:45
  119. 127.
    2017-002: Threat Lists, IDS/IPS rules, and mentoring01/21/2017
    1:05:40
  120. 128.
    2017-001: A New Year, malware legislation, and a new cast member!01/12/2017
    43:43
  121. 129.
    2016-051: Steps to fixing risks you found, and the State of the Podcast12/25/2016
    41:29
  122. 130.
    2016-050: Holiday Spectacular with a little help from our friends!12/21/2016
    1:14:53
  123. 131.
    2016-049-Amanda Berlin, the art of the sale, and Decision making trees12/15/2016
    56:46
  124. 132.
    2016-048: Dr. Gary McGraw, Building Security into your SDLC, w/ Special guest host Joe Gray!12/03/2016
    1:11:06
  125. 133.
    2016-047: Inserting Security into the SDLC, finding Privilege Escalation in poorly configured Linux systems11/28/2016
    19:49
  126. 134.
    2016-046: BlackNurse, Buenoware, ICMP, Atombombing, and PDF converter fails11/21/2016
    44:49
  127. 135.
    2016-045: Aamir Lakhani discusses the dark web, creating a reputation, and is all the content bad?11/14/2016
    1:01:45
  128. 136.
    2016-044: Chain of Custody, data and evidence integrity11/07/2016
    47:03
  129. 137.
    2016-043: BSIMMv7, a teachable moment, and our new Slack Channel!11/01/2016
    1:14:09
  130. 138.
    2016-042-Audio from Source Seattle 2016 Conference10/24/2016
    1:32:52
  131. 139.
    2016-041- Ben Johnson, company culture shifts, job descriptions, cyber self-esteem10/17/2016
    1:11:22
  132. 140.
    2016-040: Gene_Kim, Josh_Corman, helping DevOps and Infosec to play nice10/10/2016
    1:01:39
  133. 141.
    2016-039-Robert Hurlbut, Threat Modeling and Helping Devs Understand Vulnerabilities10/04/2016
    1:14:59
  134. 142.
    2016-038-Derbycon Audio and 2nd Annual Podcast with Podcasters!09/28/2016
    1:24:13
  135. 143.
    2016-037: B1ack0wl, Responsible Disclosure, and embedded device security09/14/2016
    1:06:50
  136. 144.
    2016-036: MSSP pitfalls, with Nick Selby and Kevin Johnson09/11/2016
    1:08:11
  137. 145.
    2016-035-Paul Coggin discusses the future with Software Defined Networking09/06/2016
    1:13:27
  138. 146.
    2016-034: Sean Malone from FusionX explains the Expanded Cyber Kill Chain08/28/2016
    1:40:43
  139. 147.
    2016-033: Privileged Access Workstations (PAWs) and how to implement them08/22/2016
    57:32
  140. 148.
    2016-032-BlackHat-Defcon-Debrief, Brakesec_CTF_writeup, and blending in while traveling08/15/2016
    59:55
  141. 149.
    2016-031:DFIR rebuttal and handling incident response08/08/2016
    58:59
  142. 150.
    2016-030: Defending Against Mimikatz and Other Memory based Password Attacks07/31/2016
    35:00
  143. 151.
    2016-029: Jarrod Frates, steps when scheduling a pentest, and the questions you forgot to ask...07/25/2016
    1:22:39
  144. 152.
    2016-028: Cheryl Biswas discusses TiaraCon, Women in Infosec, and SCADA headaches07/17/2016
    1:00:23
  145. 153.
    2016-027: DFIR conference, DFIR policy controls, and a bit of news07/10/2016
    45:01
  146. 154.
    2016-026-powershell exfiltration and hiring the right pentest firm07/03/2016
    1:14:54
  147. 155.
    2016-025-Windows Registry, Runkeys, and where malware likes to hide06/27/2016
    50:47
  148. 156.
    2016-024: Kim Green, on CISOaaS, the Redskins Laptop, and HIPAA06/20/2016
    1:13:19
  149. 157.
    2016-023- DNS_Sinkholing06/13/2016
    39:20
  150. 158.
    2016-022: Earl Carter dissects the Angler Exploit Kit06/06/2016
    57:39
  151. 159.
    2016-021: Carbon Black's CTO Ben Johnson on EDR, the layered approach, and threat intelligence05/29/2016
    57:37
  152. 160.
    2016-020-College Vs. Certifications Vs. Self-taught05/21/2016
    54:19
  153. 161.
    2016-019-Creating proper business cases and justifications05/16/2016
    54:42
  154. 162.
    2016-018-software restriction policies and Applocker05/09/2016
    1:00:00
  155. 163.
    2016-017-The Art of Networking, Salted Hashes, and the 1st annual Podcast CTF!05/02/2016
    1:02:25
  156. 164.
    2016-016-Exploit Kits, the "Talent Gap", and buffer overflows04/25/2016
    1:00:13
  157. 165.
    2016-015-Dr. Hend Ezzeddine, and changing organizational security behavior04/16/2016
    1:10:43
  158. 166.
    2016-014-User_Training,_Motivations,_and_Speaking_the_Language04/08/2016
    41:16
  159. 167.
    2016-013-Michael Gough, the ISSM reference model, and the 5 P's03/26/2016
    58:51
  160. 168.
    2016-012-Ben Caudill on App Logic Flaws, and Responsible Disclosure03/19/2016
    51:46
  161. 169.
    2016-011-Hector Monsegur, deserialization, and bug bounties03/14/2016
    1:12:25
  162. 170.
    2016-010-DNS_Reconnaissance03/07/2016
    49:53
  163. 171.
    2016-009-Brian Engle, Information Sharing, and R-CISC02/29/2016
    1:05:56
  164. 172.
    2016-008-Mainframe Security02/22/2016
    1:47:01
  165. 173.
    2016-007-FingerprinTLS profiling application with Lee Brotherston02/14/2016
    1:11:06
  166. 174.
    2016-006-Moxie_vs_Mechanism-Dependence_On_Tools02/08/2016
    54:05
  167. 175.
    2016-005-Dropbox Chief of Trust and Security Patrick Heim!01/30/2016
    46:37
  168. 176.
    2016-004-Bill_Gardner01/24/2016
    1:19:05
  169. 177.
    2016-003-Antivirus (...what is it good for... absolutely nothing?)01/18/2016
    54:33
  170. 178.
    2016-002-Cryptonite- or how to not have your apps turn to crap01/11/2016
    1:03:14
  171. 179.
    2016-001: Jay Schulmann explains how to use BSIMM in your environment01/03/2016
    1:02:16
  172. 180.
    2015-054: Dave Kennedy12/27/2015
    51:52
  173. 181.
    2015-053: 2nd annual podcaster party12/22/2015
    1:17:42
  174. 182.
    2015-052: Wim Remes-ISC2 board member12/17/2015
    46:51
  175. 183.
    2015-051-MITRE's ATT&CK Matrix12/10/2015
    48:22
  176. 184.
    2015-049-Can you achieve Security Through Obscurity?12/04/2015
    42:18
  177. 185.
    2015-048: The rise of the Shadow... IT!11/27/2015
    43:51
  178. 186.
    2015-047-Using BSIMM framework to measure the maturity of your software security lifecycle11/21/2015
    46:44
  179. 187.
    2015-046: Getting Security baked in your web app using OWASP ASVS11/10/2015
    36:47
  180. 188.
    2015-045: Care and feeding of Devs, podcast edition, with Bill Sempf!11/04/2015
    46:25
  181. 189.
    2015-044-A MAD, MAD, MAD, MAD Active Defense World w/ Ben Donnelly!10/30/2015
    55:47
  182. 190.
    2015-043: WMI, WBEM, and enterprise asset management10/22/2015
    44:54
  183. 191.
    2015-042: Log_MD, more malware archaeology, and sifting through the junk10/14/2015
    1:11:57
  184. 192.
    Derbycon Audio - post-Derby interviews!10/10/2015
    1:04:09
  185. 193.
    Derbycon - A podcast with Podcasters! *explicit*09/30/2015
    1:00:09
  186. 194.
    2015-040; Defending against HTML 5 vulnerabilities09/21/2015
    30:58
  187. 195.
    2015-039: Hazards of HTML509/14/2015
    33:28
  188. 196.
    2015-038-Influence Vs. Mandate and Guardrails vs. Speedbumps09/07/2015
    53:35
  189. 197.
    2015-037-making patch management work08/31/2015
    45:39
  190. 198.
    2015-036: Checkbox security, or how to make companies go beyond compliance08/24/2015
    53:10
  191. 199.
    2015-035: Cybrary.it training discussion and Bsides Austin Panel08/16/2015
    40:55
  192. 200.
    Flashback: 2014-001_Kicking some Hash08/15/2015
    39:54

Listen to Brakeing Down Security Podcast now.

Listen to Brakeing Down Security Podcast in full in the Spotify app