Download - 2018-001- A new year, new changes, same old trojan malware

Discover

Podcast Features
Your all-in-one podcasting solution.

Blog to Podcast
Turn your blog into an engaging podcast.
Livestream
High-performing audio live, without limits.

Podcast Studio
Easy-to-use audio recorder app.
Podbean AI
AI-Enhanced Audio Quality and Content Generation.

Podcast App
The best podcast player & podcast app.

Ads Marketplace
Join Ads Marketplace to earn money
through sponsorship on your podcast.

PodAds
Manage your ads with dynamic ad insertion capability.
Apple Podcasts Subscriptions Integration
Effortlessly publish and manage exclusive episodes for your
Apple Podcasts subscribers directly from Podbean.
Live Streaming
Receive livestream rewards from your audience and earn
recurring income from your Fan Club membership.

All Arts Business Comedy Education
Fiction Government Health & Fitness History Kids & Family
Leisure Music News Religion & Spirituality Science
Society & Culture Sports Technology True Crime TV & Film
Live

How to Start a Podcast
How to Start a Live Podcast
How to Monetize a podcast
How to Promote Your Podcast
How to Use Group Recording

Log in
Start your podcast for free

Podcasting
Monetization
Advertisers
Enterprise
Pricing
Discover

BrakeSec Education Podcast

News:Tech News

2018-001- A new year, new changes, same old trojan malware

2018-01-12

Download Right click and do "save link as"

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2018-001-A_new_year-new_changes-same_old_malware.mp3

The first show of our 2018 season brings us something new (some awesome new additions to our repertoire), and something old (ransomware).

Michael Gough is joining us to discuss a new a partnership with BrakeSec Podcast (you'll have to listen to find out, or wait a few weeks :D )

We discuss #Spectre and #meltdown vulnerabilities, wonder about the criticality of the vulnerabilities and mitigation of them, and debate why the patching was handled in such a poor manner.

We also discuss a news story about a school that spent an exorbitant amount of money to remove a trojan that Mr. Boettcher (@boettcherpwned) and Mr. Gough (@hackerhurricane) believe to be very simply handled. We talk about the need for state and local governments and institutions to have a some way to call for breaches or 'cyber' crisis that would have a no-blame assistance helpline.

I did a quick video, which has a demonstration of Dave Kennedy's security tool "Pentester Framework" (PTF). There's even a video of the demo on our Youtube Channel (https://youtu.be/sIc1ljkwE5Q)

Finally, we discuss our upcoming training with Ms. Berlin (@infosystir) "Disrupting the Cyber Kill Chain", which will start the first week of February and go for 4 weeks. More details next week!

#Spotify: https://brakesec.com/spotifyBDS

RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

From our friends at Hack In the Box Amsterdam:

"We are gearing up for the Hack In The Box Amsterdam 2018, which is now on its 9th edition, and will take place between the 9th and 13th April at the same venue as last year, the Grand Krasnapolsky hotel in the center of Amsterdam: https://conference.hitb.org/hitbsecconf2018ams/ The list of trainings is already published and looking as awesome as ever: https://conference.hitb.org/hitbsecconf2018ams/training The CFP is open and the review board is already hard at work with the first submissions."

"If you have an interesting security talk and fancy visiting Amsterdam in the spring, then submit your talk to the Hack In The Box Amsterdam conference, which will take place between 9 and 13 April 2018. The Call For Papers is open until the end of December, submission details can be found at https://cfp.hackinthebox.org/. Tickets are already on sale, with early bird prices until December 31st. And the 'brakeingsecurity' discount code gets you a 10% discount".

---Show Notes---

Music change

Couldn’t remember where I got the other music

Little more news than we used to

Try to shy away from news everyone will talk about

Brakeing Down Incident Response (BD-IR) podcast

Hosted by Mr. Boettcher and Michael Gough

Vendor talks

Sponsors (provisionally)

News:

http://www.zdnet.com/article/wpa3-wireless-standard-tougher-wifi-security-revealed/

https://threatpost.com/new-rules-announced-for-border-inspection-of-electronic-devices/129361/

https://www.tripwire.com/state-of-security/latest-security-news/school-district-spend-314k-rebuilding-servers-malware-attack/

Upcoming Training:

Amanda? - Cyber KillChain training

Dates: Feb 5-26 Mondays at 9:30pm (4 - 1 hour)

Matt Miller - Reverse Engineering course

More advanced, still working on details with him (no promises yet)

Michael Gough - Malware Archaeology

Austin - Feb or March - 1 Day Logging training - see AustinISSA.Org

Houston - April 3rd - 1 Day - HouSecCon

Preparing and Responding to an endpoint incident, what to configure, and look for

Tulsa - April 11-12th - 2 Days - BSides Oklahoma

Introduction to responding to an endpoint incident, Malware Discovery, what to configure, and look for

Job postings on our Slack

Sr. Manager, Vuln Mgmt, Amazon (Herndon, VA)

Michael Fourdraine @mfourdraine has several positions on his team in Bellevue, WA

He’s on Twitter (https://twitter.com/mfourdraine) or join us in our Slack

Many positions he has will relocate you to lovely Bellevue, WA

MG just posted “James Avery Information Security Manager”

Teaching a mentor course in Seattle (SEC504) starting March 1st.

Great if you work a job where you get called a lot

Less likely to have to get up during class and walk away…

Bit of a technical discussion - PTF (pentester framework)

Setup, install software

Lighter than Kali

Works on debian, ubuntu, pretty much any linux

Slack

Invite only

Slack bot died

A new link every month is a bit of a PITA

Being popular invites bots… would like to reduce that risk by broadcasting an invite

Friend of mine was invited to speak on “A man’s view of women in technology” O.o (http://www.cmhwit.org/)

“ John ---- Actually, my plan at this point is to interview several of the successful woman I know in technology, followed by personal observations of how I've seen them become well respected leaders in the field.”