Listen Now

This week Amanda, Brian, and Bryan discuss sysmon, how it works to detect IOCs in your org, and how it extends beyond regular Windows event monitoring.   oh... and it's available for Linux too! BrakeSec is: Amanda Berlin @infosystir Brian Boettcher @boettcherpwned Bryan Brake @bryanbrake https://www.brakeingsecurity.com   Our #twitch stream can be found at: Https://twitch.tv/brakesec (subscription is req'd to see full videos)

Tanya Janca, also known as @SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives. https://wehackpurple.com   BrakeSec is: Amanda Berlin @infosystir Brian Boettcher @boettcherpwned Bryan Brake @bryanbrake www.brakeingsecurity.com https://twitch.tv/brakesec  

Tanya Janca, also known as @SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.   https://shehackspurple.ca/   BrakeSec is: Amanda Berlin @infosystir Brian Boettcher @boettcherpwned Bryan Brake @bryanbrake www.brakeingsecurity.com

Full #twitch VOD here (prime sub or paid sub required):  https://www.twitch.tv/videos/1528342722 https://github.com/untitaker/python-atomicwrites https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html Twitch streams (175+ hours of content!): Https://twitch.tv/brakesec www.brakeingsecurity.com Twitter: @infosystir @boettcherpwned @brakesec @bryanbrake

JW Goerlich -  “Wolfgang is a cyber security strategist and an active part of the Michigan security community. He co-founded the OWASP Detroit chapter and organizes the annual Converge and BSides Detroit conferences. Wolfgang has held roles such as the Vice President of Consulting, Security Officer, and Vice President of Technology Services. He regularly advises clients on topics ranging from risk management, incident response, business continuity, secure development life cycles, and more.”   https://jwgoerlich.com/   RSA talks and discussion Phishing tests -  https://www.securityweek.com/research-simulated-phishing-tests-make-organizations-less-secure https://hbr.org/2021/04/phishing-tests-are-necessary-but-they-dont-need-to-be-evil What are the goal of these tests?     That someone will click and activate (is that not a given?) What made them popular in the first place? Is this an example of management not taking security seriously, so we needed proof?   https://www.csoonline.com/article/3619610/best-practices-for-conducting-ethical-and-effective-phishing-tests.html FTA: “This will only undermine the efforts of cybersecurity teams as a whole, alienating the very people they aim to engage with, Barker adds. “People generally don’t like to be tricked, and they don’t usually trust the people who trick them. One counterargument I often hear is that criminals use emotive lures in a phish, so why shouldn’t we? Well, criminals also cause physical damage to property, take systems offline, and disrupt services, but physical social engineers and pen-testers don’t—for good reason. Simulations should not cause active harm.””   Is this part of a larger issue? Why do we treat these tests the way we do? Typical scenario?Mgmt does not believe or trust their internal people to tell them what is wrong, and takes a 3rd party source/product to tell them the same thing.     Are these stories Apocryphal? Or just my experience?

Author of the #noStarch book "The Art of Cyberwarfare" (https://nostarch.com/art-cyberwarfare)  Topics: discusses his book,  threat intel as a service,  why people enjoy malware analysis? Should people 'hack back' and what legal issues are around that? How do you soften the messaging if you have an insider threat team? www.infoseccampout.com for more information about our 2022 conference in Seattle, WA on 26-28 August 2022! Our full 90 minute stream with Jon, including 30 minutes of audio you won't get on the audio podcast is available at the $5 USD Patreon level, or via our VOD at our Twitch Broadcast site (https://twitch.tv/brakesec) Twitch VOD Link: https://www.twitch.tv/videos/1308277609 Thank you to our Patreon and Twitch supporters for their generous donations and subs and bits!

Author of the #noStarch book "The Art of Cyberwarfare" (https://nostarch.com/art-cyberwarfare)  Topics: discusses his book,  threat intel as a service,  why people enjoy malware analysis? Should people 'hack back' and what legal issues are around that? How do you soften the messaging if you have an insider threat team? www.infoseccampout.com for more information about our 2022 conference in Seattle, WA on 26-28 August 2022! Our full 90 minute stream with Jon, including 30 minutes of audio you won't get on the audio podcast is available at the $5 USD Patreon level, or via our VOD at our Twitch Broadcast site (https://twitch.tv/brakesec) Twitch VOD Link: https://www.twitch.tv/videos/1308277609 Thank you to our Patreon and Twitch supporters for their generous donations and subs and bits!

https://www.reuters.com/technology/tesla-cars-bluetooth-locks-vulnerable-hackers-researchers-2022-05-17/ https://portswigger.net/daily-swig/us-revises-policy-regarding-computer-fraud-and-abuse-act-will-not-prosecute-good-faith-research https://www.securityweek.com/conti-ransomware-operation-shut-down-after-brand-becomes-toxic https://portswigger.net/daily-swig/chicago-public-schools-data-breach-blamed-on-ransomware-attack-on-supplier https://www.helpnetsecurity.com/2022/05/23/protect-kubernetes-cluster/ https://www.darkreading.com/application-security/malicious-package-python-repository-cobalt-strike-windows-macos-linux   https://www.bleepingcomputer.com/news/security/fake-windows-exploits-target-infosec-community-with-cobalt-strike/ https://www.darkreading.com/application-security/6-scary-tactics-used-in-mobile-app-attacks  

Full VOD here (must subscribe to Twitch): https://www.twitch.tv/videos/1478955254   Mieng Lim, VP of Product at Digital Defense by HelpSystems Topic she will discuss: Outsmarting RaaS: Strategies to Implement Before, During, and After a Ransomware Attack Webinar: https://www.digitaldefense.com/resources/videos/webinar-outsmarting-raas-strategies-against-ransomware-attacks/ https://www.digitaldefense.com/blog/infographic-the-latest-ransomware-facts/ https://www.digitaldefense.com/wp-content/uploads/2020/07/Digital-Defense-Inc.-Ransomware-Infographic-070621.jpg https://www.digitaldefense.com/blog/the-terrifying-truth-about-ransomware/ Prepared questions from Mieng: Belief that “malicious actors today are using cutting edge techniques for the majority of attacks” Belief that “majority of compromises are via zero-day vulnerabilities” Organizations continue to leave systems unpatched with years old vulnerabilities Belief that “my organization doesn’t have anything a malicious actor would be interested in…I’m not a target” My organization has cyber insurance and that’s enough. “I don’t have budget to buy all the products/hire the staff needed to protect my network.” https://www.techrepublic.com/article/initial-access-brokers-how-are-iabs-related-to-the-rise-in-ransomware-attacks/   https://www.pandasecurity.com/en/mediacenter/security/ransomware-statistics/ As new approaches to ransomware like double extortion continue to pay off, attackers are demanding higher ransom payouts than ever before. The average ransom demand in the first half of 2021 amounted to $5.3 million — a 518% increase compared to 2020. The average ransom payment has also increased by 82% since 2020, reaching a whopping $570,000 in the first half of 2021 alone. The FBI’s Internet Crime Complaint Center (IC3) received 2,084 ransomware complaints in the first half of 2021. (FBI and CISA) At least one employee downloaded a malicious mobile application in 46% of organizations in 2021. (Check Point) https://www.marsh.com/us/services/cyber-risk/insights/ransomware-paying-cyber-extortion-demands-in-cryptocurrency.html @infosystir @boettcherpwned @bryanbrake (on Mastodon & Twitter) @brakeSec   Discord Invite! "please click OK to accept the Code of Conduct in the 'Rules-and-info' channel" https://discord.gg/brakesec #AmazonMusic: https://brakesec.com/amazonmusic  #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast Apple Podcasts: https://podcasts.apple.com/us/podcast/brakeing-down-security-podcast/id799131292 #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec #Patreon:  https://brakesec.com/BDSPatreon #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Mieng Lim, VP of Product at Digital Defense by HelpSystems Topic she will discuss: Outsmarting RaaS: Strategies to Implement Before, During, and After a Ransomware Attack Webinar: https://www.digitaldefense.com/resources/videos/webinar-outsmarting-raas-strategies-against-ransomware-attacks/ https://www.digitaldefense.com/blog/infographic-the-latest-ransomware-facts/ https://www.digitaldefense.com/wp-content/uploads/2020/07/Digital-Defense-Inc.-Ransomware-Infographic-070621.jpg https://www.digitaldefense.com/blog/the-terrifying-truth-about-ransomware/ Prepared questions from Mieng: Belief that “malicious actors today are using cutting edge techniques for the majority of attacks” Belief that “majority of compromises are via zero-day vulnerabilities” Organizations continue to leave systems unpatched with years old vulnerabilities Belief that “my organization doesn’t have anything a malicious actor would be interested in…I’m not a target” My organization has cyber insurance and that’s enough. “I don’t have budget to buy all the products/hire the staff needed to protect my network.” https://www.techrepublic.com/article/initial-access-brokers-how-are-iabs-related-to-the-rise-in-ransomware-attacks/   https://www.pandasecurity.com/en/mediacenter/security/ransomware-statistics/ As new approaches to ransomware like double extortion continue to pay off, attackers are demanding higher ransom payouts than ever before. The average ransom demand in the first half of 2021 amounted to $5.3 million — a 518% increase compared to 2020. The average ransom payment has also increased by 82% since 2020, reaching a whopping $570,000 in the first half of 2021 alone. The FBI’s Internet Crime Complaint Center (IC3) received 2,084 ransomware complaints in the first half of 2021. (FBI and CISA) At least one employee downloaded a malicious mobile application in 46% of organizations in 2021. (Check Point) https://www.marsh.com/us/services/cyber-risk/insights/ransomware-paying-cyber-extortion-demands-in-cryptocurrency.html @infosystir @boettcherpwned @bryanbrake (on Mastodon & Twitter) @brakeSec   Discord Invite! "please click OK to accept the Code of Conduct in the 'Rules-and-info' channel" https://discord.gg/brakesec #AmazonMusic: https://brakesec.com/amazonmusic  #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast Apple Podcasts: https://podcasts.apple.com/us/podcast/brakeing-down-security-podcast/id799131292 #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec #Patreon:  https://brakesec.com/BDSPatreon #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

@bettersafetynet @infosystir @boettcherpwned @bryanbrake @brakeSec   Discord Invite! "please click OK to accept the Code of Conduct in the 'Rules-and-info' channel" https://discord.gg/jhzm4bK9 #AmazonMusic: https://brakesec.com/amazonmusic  #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora  #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast Apple Podcasts: https://podcasts.apple.com/us/podcast/brakeing-down-security-podcast/id799131292 #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec #Patreon:  https://brakesec.com/BDSPatreon #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

https://www.cyberscoop.com/dhs-bug-bounty-122-vulnerabilities-27-critical-hackers/ https://securityaffairs.co/wordpress/130564/hacking/atlassian-jira-authentication-bypass-issue.html     https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html https://www.coalfire.com/the-coalfire-blog/research-reveals-cyber-risk-is-the-best-language https://www.securityweek.com/audio-codec-made-apple-introduced-serious-vulnerabilities-millions-android-phones https://www.cnet.com/tech/mobile/verizon-wireless-customers-report-outages-across-us/ https://www.infosecurity-magazine.com/news/fbi-warns-us-farmers-of-ransomware/ https://www.bleepingcomputer.com/news/security/3-reasons-connected-devices-are-more-vulnerable-than-ever/ https://www.bleepingcomputer.com/news/security/third-npm-protestware-event-source-polyfill-calls-russia-out/ https://securityaffairs.co/wordpress/130497/security/cyber-insurance-global-riskenvironment.html https://securityaffairs.co/wordpress/130443/hacking/cisco-umbrella-default-ssh-key.html https://www.helpnetsecurity.com/2022/04/19/open-source-usage-trends/ https://gizmodo.com/cia-nsa-spies-tracked-anomaly-6-product-demo-1848830150 https://www.infosecurity-magazine.com/news/hackers-gain-admin-rights-with/ https://scottbarrykaufman.com/podcast/ Discord invite (must read and heed the Code of Conduct before admittance to the Discord. https://discord.gg/38eEBYNJ7B (good for 100 invites) Twitch stream: https://twitch.tv/brakesec    

https://what2log.com/ https://twitch.tv/brakesec https://www.brakeingsecurity.com     @bettersafetynet @infosystir @boettcherpwned @bryanbrake @brakeSec

https://twitch.tv/brakesec www.brakeingsecurity.com @infosystir on Twitter @bryanbrake @boettcherpwned

https://twitch.tv/brakesec www.brakeingsecurity.com @infosystir on Twitter @bryanbrake @boettcherpwned

Shannon Noonan and Stacey Cameron - QoS Consulting https://www.bizagi.com/en/blog/digital-process-automation/4-ways-to-deliver-change-management-for-process-automation https://www.forrester.com/blogs/the-new-change-management-automated-and-decentralized/   https://www.tibco.com/reference-center/what-is-process-automation   https://kissflow.com/workflow/workflow-automation/an-8-step-checklist-to-get-your-workflow-ready-for-automation/   https://www.malwarearchaeology.com/cheat-sheets   https://overapi.com/   https://www.darkreading.com/attacks-breaches/8-character-passwords-can-be-cracked-in-less-than-60-minutes

https://www.twitch.tv/brakesec Youtube video (full version): https://www.youtube.com/watch?v=eRwYB22XMNw Shannon Noonan and Stacey Cameron - QoS Consulting https://www.bizagi.com/en/blog/digital-process-automation/4-ways-to-deliver-change-management-for-process-automation https://www.forrester.com/blogs/the-new-change-management-automated-and-decentralized/   https://www.tibco.com/reference-center/what-is-process-automation   https://kissflow.com/workflow/workflow-automation/an-8-step-checklist-to-get-your-workflow-ready-for-automation/   https://www.malwarearchaeology.com/cheat-sheets   https://overapi.com/   https://www.darkreading.com/attacks-breaches/8-character-passwords-can-be-cracked-in-less-than-60-minutes

For context, we at the K12 Security Information Exchange (K12 SIX) are a relatively new K12-specific ISAC – launched to help protect the US K12 sector from emerging cybersecurity risk. One of our signature accomplishments in our first year was the development and release of our ‘essential protections’ series – an effort to establish baseline cybersecurity standards for schools. See: https://www.k12six.org/essential-cybersecurity-protections https://www.grf.org/ Global Resilience Federation We will help your industry develop or enhance a trusted threat information sharing community, obtain actionable intelligence, and support you in emergencies.   We all count on the resiliency of essential services - services from the electricity powering our homes and the connectivity of entertainment apps, to the legal systems and financial pipelines driving the global economy. But this infrastructure faces constant threats from hacktivists, criminals, and rogue states, and they are growing in sophistication.   Leveraging nearly 20 years of ISAC and ISAO expertise, GRF is a non-profit created to connect sharing communities, for mutual defense.     https://static1.squarespace.com/static/5e441b46adfb340b05008fe7/t/611d5fceff375d79ff4507c7/1629315022292/K12+SIX+Essential+Cybersecurity+Protections+2021+2022.pdf   https://theconversation.com/cybercriminals-use-pandemic-to-attack-schools-and-colleges-167619   https://edscoop.com/texas-school-paid-547k-ransomware-jam/    https://statescoop.com/ransomware-allen-texas-school-district-email-parents/    https://www.toptal.com/insights/innovation/cybersecurity-in-higher-education   https://www.highereddive.com/spons/inside-higher-educations-ransomware-crisis-how-colleges-and-universities/609688/   https://www.cnn.com/2022/01/07/politics/ransomware-schools-website/index.html https://www.13abc.com/2021/02/22/toledo-public-school-students-seeing-effects-of-massive-data-breach/ 2020 report: https://k12cybersecure.com/wp-content/uploads/2021/03/StateofK12Cybersecurity-2020.pdf   85-89% are underneath 2,500 students Omg: https://www.edweek.org/leadership/education-statistics-facts-about-american-schools/2019/01   https://www.youtube.com/watch?v=otv0KzkfLSc –Florida mom, daughter accused of rigging homecoming queen votes break silence l GMA   There are 130,930 public and private K-12 schools in the U.S., according to 2017-18 data from the National Center for Education Statistics (NCES). Here’s how they break down:   All: 130,930 Elementary schools: 87,498 Secondary schools: 26,727 Combined schools: 15,804 Other: 901 What are some of the ways you go about addressing the challenge of even reaching smaller schools? Does the isac help?   How do you communicate major security events like log4j? Do you keep track of complications with certain software stacks?   Someone listening might say “hey, I’d love to help…” what/if any opportunities can the larger infosec community do to help your org?

The K12 Security Information Exchange (K12 SIX) are a relatively new K12-specific ISAC – launched to help protect the US K12 sector from emerging cybersecurity risk. One of our signature accomplishments in our first year was the development and release of our ‘essential protections’ series – an effort to establish baseline cybersecurity standards for schools. See: https://www.k12six.org/essential-cybersecurity-protections https://www.grf.org/ Global Resilience Federation We will help your industry develop or enhance a trusted threat information sharing community, obtain actionable intelligence, and support you in emergencies.   We all count on the resiliency of essential services - services from the electricity powering our homes and the connectivity of entertainment apps, to the legal systems and financial pipelines driving the global economy. But this infrastructure faces constant threats from hacktivists, criminals, and rogue states, and they are growing in sophistication.   Leveraging nearly 20 years of ISAC and ISAO expertise, GRF is a non-profit created to connect sharing communities, for mutual defense.     https://static1.squarespace.com/static/5e441b46adfb340b05008fe7/t/611d5fceff375d79ff4507c7/1629315022292/K12+SIX+Essential+Cybersecurity+Protections+2021+2022.pdf   https://theconversation.com/cybercriminals-use-pandemic-to-attack-schools-and-colleges-167619   https://edscoop.com/texas-school-paid-547k-ransomware-jam/    https://statescoop.com/ransomware-allen-texas-school-district-email-parents/    https://www.toptal.com/insights/innovation/cybersecurity-in-higher-education   https://www.highereddive.com/spons/inside-higher-educations-ransomware-crisis-how-colleges-and-universities/609688/   https://www.cnn.com/2022/01/07/politics/ransomware-schools-website/index.html https://www.13abc.com/2021/02/22/toledo-public-school-students-seeing-effects-of-massive-data-breach/ 2020 report: https://k12cybersecure.com/wp-content/uploads/2021/03/StateofK12Cybersecurity-2020.pdf   85-89% of school systems have 2,500 students or fewer Omg: https://www.edweek.org/leadership/education-statistics-facts-about-american-schools/2019/01   https://www.youtube.com/watch?v=otv0KzkfLSc –Florida mom, daughter accused of rigging homecoming queen votes break silence   There are 130,930 public and private K-12 schools in the U.S., according to 2017-18 data from the National Center for Education Statistics (NCES). Here’s how they break down:   All: 130,930 Elementary schools: 87,498 Secondary schools: 26,727 Combined schools: 15,804 Other: 901 What are some of the ways you go about addressing the challenge of even reaching smaller schools? Does the isac help?   How do you communicate major security events like log4j? Do you keep track of complications with certain software stacks?   Someone listening might say “hey, I’d love to help…” what/if any opportunities can the larger infosec community do to help your org?