LearnOutLoud.com Audio - Brakeing Down Security Podcast

Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more! (Sat, Jun 01, 2024)
Josh Grossman - building Appsec programs, bridging security and developer gaps (Mon, Apr 15, 2024)
Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox (Tue, Apr 09, 2024)
p2-accidentalCISO, building trust in new places (Tue, Feb 13, 2024)
AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec (Fri, Feb 02, 2024)
1st show of 2024! Our 10th Anniversary... (Tue, Jan 09, 2024)
Brakesec Call to Action 2023 (Mon, Dec 18, 2023)
How to get more headcount, BLUFFs Vulnerability, and Ranty Clause debuts! (Mon, Dec 04, 2023)
25Oct - okta breached (again), Energy company hit by supply chain attack, and you can help hire the best people (Thu, Oct 26, 2023)
Nicole Sundin - CPO at Axio - SEC compliance, usable security, setting up risk mgmt programs (Sat, Sep 23, 2023)
John Aron, letters of marque, what does a "junior" job look like with AI? (Sun, Sep 03, 2023)
Megan Roddie - co-author of "Practical Threat Detecion Engineering" (Fri, Aug 25, 2023)
meeting new people, walking on your keyboard causes issues, even google gets phone numbers wrong. (Fri, Jul 21, 2023)
Bsides Seattle and Austin, SecureBoot patch, and more (Sat, May 27, 2023)
lynsey wolf, conducting insider threat investigations, CASB and UEBA utlization to good use. (Sun, Apr 30, 2023)
3CX supply chain attack, Mark Russinovich and Sysinternals, CISA ransomware notifications, and emotional intelligence (Sat, Apr 08, 2023)
Dish Network is still busted, John Deere avoiding OSS requests, Is DAST dead? (Fri, Mar 24, 2023)
Nickolas Means talks about Security, Devops velocity, blameless orgs, and conferences infosec should attend (Sat, Mar 04, 2023)
SPECIAL INTERVIEW: John Aron and Jerod Brennen (Fri, Feb 10, 2023)
Layoff discussions, another TMO breach, OneNote Malware, and more! (Tue, Jan 24, 2023)
GPS car hacks, Google Threat report, notable topics of 2020, satellite threat modelling, twitter breach(?) (Tue, Jan 10, 2023)
Josh-Whalen-risk-management-data_visualization-tools, value-creating activities -p2 (Tue, Dec 20, 2022)
John Whalen, data visualization tools, risk management, handling org risk-p1 (Sun, Dec 11, 2022)
Interview with Infrared - one of the Seattle Community Network organizers (Tue, Nov 22, 2022)
JAMBOREE - an Android App testing platform from @operat0r -part2 (Mon, Nov 07, 2022)
JAMBOREE - an Android App testing platform from @operat0r (Sun, Oct 30, 2022)
07-oct-news-twitch streaming (Wed, Oct 12, 2022)
Uber Breach, MFA fatigue, who can help communicate biz risk? (Mon, Sep 19, 2022)
Manual Code reviews/analysis, post-infosec Campout discussion (Fri, Sep 02, 2022)
Amanda's Sysmon Talk -p2 (Mon, Aug 15, 2022)
Amanda's Sysmon Talk -p1 (Sun, Aug 07, 2022)
Tanya Janca, Securing APIs, finding Security Champions, and accepting Risk (Sat, Jul 30, 2022)
Tanya Janca on secure coding practices, Swagger docs, and why documentation matters (Sun, Jul 24, 2022)
PYPI enables 2FA, some devs have a problem with this (Thu, Jul 14, 2022)
JW Goerlich on Training, phishing exercises, security metrics,getting the most from user training (Tue, Jul 05, 2022)
RSA conference, Zero Trust, SSO, 2FA, and multi-cloud tenancy with J Goerlich (Sat, Jun 25, 2022)
jon-dimaggio-part2-threat intel-hacking back-analyzing malware (Thu, Jun 16, 2022)
Jon DiMaggio_Art-of-cyberwarfare_hacking_back-insider-threat-messaging_P1 (Thu, Jun 09, 2022)
news, infosystir's talk at RSA, conti has an 'image' problem (Tue, May 24, 2022)
Mieng Lim, Ransomware actions, using insurance to offset risk, good IR/PR comms (Sun, May 15, 2022)
Mieng-Lim-Ransomware-Best-Practices-p1 (Wed, May 11, 2022)
Mick Douglas on threat intel, customer worries about being hacked, and more (Wed, May 04, 2022)
news, farmers affected by ransomware, protestware for the 3rd time, trusting opensource (Tue, Apr 26, 2022)
Mick Douglas discusses What2Log, and guidance in light of Okta incident (Thu, Apr 21, 2022)
logging analysis, log correlation, and threat analysis dicussion continues - p2 (Sun, Apr 10, 2022)
Amanda and Bryan discusses log analysis, finding, IOCs, and what to do about them. (Tue, Apr 05, 2022)
Shannon Noonan and Stacey Cameron - process automation -p2 (Tue, Mar 22, 2022)
Shannon Noonan and Stacey Cameron - process automation (Sat, Mar 12, 2022)
K12SIX-project-Doug_Levin-Eric_Lankford-threat_intel-edusec-p2 (Tue, Mar 01, 2022)
K12SIX's Eric Lankford and Doug Levin on helping schools get added security -p1 (Tue, Feb 22, 2022)
April Wright and Alyssa Miller - IoT platforms, privacy and security, embracing standards (Tue, Feb 15, 2022)
Alyssa Miller, April Wright, on IoT Privacy & Security, using tech for stalking, what could be done? Part1 (Mon, Feb 07, 2022)
Bit of news, Belarus train system hack, VMware Horizon vulns, edge network device vulns (Tue, Feb 01, 2022)
April Wright and Alyssa Miller- Open Source sustainabilty (Mon, Jan 24, 2022)
Amélie Koran and Adam Baldwin discuss OSS sustainability, supply chain security,, governance, and outreach for popular applications - part2 (Tue, Jan 18, 2022)
OSS sustainability, log4j fallout, developer damages own code-p1 (Wed, Jan 12, 2022)
2021-046-Mick Douglas, Log4j vulnerabilities, egress mitigations- part2 (Thu, Dec 23, 2021)
2021-045-Mick Douglas, Log4j vulnerabilities, egress mitigations- part1 (Thu, Dec 16, 2021)
2021-044-Litmoose discusses stalking and protecting yourself (Mon, Dec 13, 2021)
2021-043- Fred Jennings, Vuln Disclosure policy, VEP, and 0day disclosure - p2 (Sun, Nov 21, 2021)
2021-042- Fred Jennings, VDP, Vuln Equity, And 0day disclosure - p1 (Sun, Nov 21, 2021)
Blumira Sponsor #3 - Emily Eubanks, more actionable events, incident response help, and more (Sun, Nov 21, 2021)
2021-041-0day disclosure, Randori, FBI email server pwnage (Tue, Nov 16, 2021)
2021-040-Sweden's parents rebel over poor App design, US government forcing patching of systems, and Vuln chaining (Mon, Nov 08, 2021)
2021-039-Minimum Viable vendor security sheet, Federal logging requirements, and more! (Tue, Nov 02, 2021)
SPONSOR-Blumira's Nato Riley on Log Classification, Security Maturity, (Mon, Nov 01, 2021)
2021-038-Liz Saling, 5 pillars of building a good team (Mon, Oct 25, 2021)
2021-037-Tony Robinson, leveraging your home lab for job success - Part2 (Sun, Oct 17, 2021)
2021-036-Tony Robinson, twtich breach, @da_667 lab setup new book edition! -part1 (Thu, Oct 14, 2021)
2021-035-GRC selection discussion, TechSecChix, and the 'job description problem' (Wed, Sep 29, 2021)
2021-034-Khalilah Scott, good GRC tool practices - part1 (Wed, Sep 29, 2021)
2021-033-Kim_Crawley, 8 steps to better security-Part2 (Mon, Sep 20, 2021)
SPONSOR: Blumira's Patrick Garrity (Thu, Sep 16, 2021)
2021-032--Author_Kim_crawley-8-Simple_Rules_for_Cybersecurity (Tue, Sep 14, 2021)
2021-031- back in the saddle, conference discussion, company privacy (Fri, Sep 03, 2021)
2021-030-incident response, business goal alignment, showing value in IR -p2 (Sun, Aug 22, 2021)
2021-029- incident response, PICERL cycle, showing value in IR, aligning with business goals -p1 (Sun, Aug 15, 2021)
2021-028-Rebekah Skeete - social engineering techniques and influences (Sun, Aug 08, 2021)
2021-027-Black Girls Hack COO Rebekah Skeete! (Mon, Aug 02, 2021)
2021-026-Triaging threat research, Jira vulns, Serious Sam vuln, Systemd vulns, and HiveNightmare (Wed, Jul 28, 2021)
2021-025-Dan Borges, Author of Adversarial Techniques from Packt Publishing (Mon, Jul 19, 2021)
2021-024-Dan Borges, Author of Adversarial Techniques from Packt Publishing (Sat, Jul 10, 2021)
2021-023-d3fend framework, DLL injection types, more solarwinds infections (Wed, Jun 30, 2021)
2021-022-github policy updates targeting harmful software, Ms. Berlin discusses WWHF, CVSS discussion (Tue, Jun 22, 2021)
2021-021-Security Sphynx, ZeroTrust, implementation prep- part2 (Wed, Jun 16, 2021)
2021-020: Security Sphynx, Preparing for ZeroTrust implementation - Part1 (Sun, Jun 06, 2021)
2021-019-Joe Gray, OSINT CTFs, gamifying and motivating to do the right thing (Fri, May 28, 2021)
2021-018-LawyerLiz, Pres. Biden's EO, and the clueless professor (Sat, May 22, 2021)
2021-017-Joe Gray on his future book, the OSINT loop, motivators, and gamification - part1 (Tue, May 18, 2021)
2021-016-researchers knowingly add vulnerable code to linux kernel, @pageinsec joins us to discuss -part2 (Wed, May 05, 2021)
2021-015-researchers knowingly add vulnerable code to linux kernel, @pageinsec joins us to discuss -part1 (Tue, Apr 27, 2021)
2021-014-Slipstreaming blocked by Chrome, Slack being used for malware, plus dork and deskjockeys! (Tue, Apr 13, 2021)
2021-013-Liana_McCrea-Garrison_Yap-cecil_hotel, Elisa_Lam-physical_security-part2 (Wed, Apr 07, 2021)
2021-012-physical security discussion with @geecheethreat and @garrisony75 -pt1 (Tue, Mar 30, 2021)
2021-011- Dr. Catherine J Ullman, the art of communication in an Incident - Part 2 (Sun, Mar 21, 2021)
2021-010- Dr. Catherine J Ullman, the art of communication in an Incident - Part 1 (Wed, Mar 17, 2021)
2021-009-Jasmine_Jackson-TheFluffy007-analyzing_android_apps-FRida-Part2 (Sun, Mar 07, 2021)
2021-008-Jasmine jackson - TheFluffy007, Bio and background, Android App analysis - part 1 (Tue, Mar 02, 2021)
2021-007-News-Google asking for OSS to embrace standards, insider threat at Yandex, Vectr Discussion (Sun, Feb 21, 2021)
2021-006-Ronnie Watson (@secopsgeek), building a security monitoring system with ELK, and Wazuh - part2 (Sun, Feb 14, 2021)
2021-005-Ronnie Watson (@secopsgeek), building a security monitoring system with ELK, and Wazuh (Tue, Feb 09, 2021)
2021-004-Danny Akacki talks about Mergers and Acquisitions - Part 2 (Wed, Feb 03, 2021)
2021-003- Danny Akacki, open communications, mergers&acquistions (Tue, Jan 26, 2021)
2021-002-Elastic Search license changes, Secure RPC patching for windows, ironkey traps man's $270 million in Bitcoin (Tue, Jan 19, 2021)
2021-001-news, youtuber 'dream' doxxed, solarwind passwords bruteforced, malware attacks (Tue, Jan 12, 2021)
2020-046-solarwinds-fireeye-breaches-GE-medical-device-issues-and-2021_predictions (Thu, Dec 17, 2020)
SPONSORED- Nathanael Iversen from Illumio, future of microsegmentation, (Mon, Dec 07, 2020)
2020-045-Marco Salvati, supporting open source devs, incentivizing leeching companies who don't give back- part2 (Mon, Dec 07, 2020)
2020-044-Marcello Salvati (@byt3bl33d3r), porchetta industries, supporting opensource tool creators, sponsorship model (Wed, Dec 02, 2020)
2020-043-Software_Defined_Radio-Sebastien_dudek-RF-attacks- IoT and car RF attacks (Tue, Nov 24, 2020)
SPONSORED Podcast: Katey Wood from Illumio on deployment and using WIndows Filtering Platform (Tue, Nov 17, 2020)
2020-042-Kim Crawley and Phillip Wylie discuss "Pentester Blueprint", moving into pentesting career (Sun, Nov 15, 2020)
2020-041- Conor Sherman, IR stories, cost of not prepping for an incident (Tue, Nov 10, 2020)
2020-040- Jeremy Mio, State of Ohio Election Security (Mon, Nov 02, 2020)
2020-039-Philip Beyer-leadership- making an impact (Wed, Oct 28, 2020)
SPONSORED PODCAST: Neil Patel, Illumio on Microsegmentation, and adopting the Zero Trust philosophy (Fri, Oct 23, 2020)
2020-038-Phil_Beyer-etsy-CISO-leadership-making-an-impact (Tue, Oct 20, 2020)
2020-037-Katie Moussouris, Implementing VCMM, diversity in job descriptions - Part 2 (Sun, Oct 11, 2020)
2020-036-Katie Moussouris, Vulnerability Coordination Maturity Model, when are you ready for a bug bounty - Part 1 (Tue, Oct 06, 2020)
2020-035-ransomware death in Germany, Zerologon woes, drovorub, and corp data on personal devices (Tue, Sep 29, 2020)
2020-034-Fortnite account selling, process change agility, IRS wanting to track the 'untrackable' (Mon, Sep 14, 2020)
2020-033-garmin hack, Tesla employee thwarted IP espionage, Slack RCE payout, and more! (Mon, Aug 31, 2020)
2020-032-Dr. Allan Friedman, SBOM, Software Transparency, and how the sausage is made - Part 2 (Mon, Aug 24, 2020)
2020-031-Allan Friedman, SBOM, software transparency, and knowing how the sausage is made (Tue, Aug 18, 2020)
2020-030- Mick Douglas, Defenses against powercat, offsec tool release, SRUM logs, and more! (Mon, Aug 10, 2020)
2020-029- Brad Spengler, Linux kernel security in the past 10 years, software dev practices in Linux, WISP.org PSA (Fri, Jul 31, 2020)
2020-028-Shlomi Oberman, RIPPLE20, supply chain security discussion, software bill of materials (Fri, Jul 24, 2020)
2020-027-RIPPLE20 Report, supply chain security, responsible disclosure, software development, and vendor care. (Thu, Jul 16, 2020)
2020-026- WISP PSA, PAN-OS vuln redux, F5 has a bad weekend, vuln scoring, Twitter advice, and more! (Wed, Jul 08, 2020)
2020-025-Cognizant breach, maze ransomware, PAN-OS CVE 2020-2021, SAML authentication walkthrough (Mon, Jun 29, 2020)
2020-024-Bit of news, Ripple20 vulns, IoT Security, windows error codes, captchas used for evil, Marine Momma (Wed, Jun 24, 2020)
2020-023-James Nelson from Illumio, cyber resilence, business continuity (Wed, Jun 17, 2020)
2020-022-Andrew Shikiar, FIDO Alliance, removing password from IoT, and discussing FIDO implementation (Wed, Jun 10, 2020)
2020-021- Derek Rook, redteam tactics, blue/redteam comms, and detection of testing (Mon, Jun 01, 2020)
2020-020-Andrew Shikiar - FIDO Alliance - making Cybersecurity more secure (Wed, May 27, 2020)
2020-019-Masha Sedova, customized training, phishing, ransomware, and privacy implications (Wed, May 20, 2020)
2020-018- Masha Sedova, bespoke security training, useful metrics to tailor training (Wed, May 13, 2020)
2020-017-Cameron Smith, business decisions, and how it affects Security (Tue, May 05, 2020)
2020-016-Cameron Smith, Business decisions and their (in)secure outcomes - Part 1 (Wed, Apr 29, 2020)
2020-015-Tanya_Janca-Using Github Actions in your Devops Environment, workflow automation (Tue, Apr 21, 2020)
2020-014-Server Side Request Forgery defense, Tanya Janca, AppSec discussion (Tue, Apr 14, 2020)
2020-013- part 2, education security, ransomware, april mardock, Nathan McNulty, and Jared folkins (Tue, Apr 07, 2020)
2020-012-April Mardock, Nathan McNulty, Jared Folkins, school security, ransomware attacks (Sun, Mar 29, 2020)
2020-011-Alyssa miller, deep fakes, threatmodeling for Devops environments, and virtual conferences (Wed, Mar 25, 2020)
2020-010-Dave Kennedy, offensive security tool release, Derbycom, and Esports (Thu, Mar 19, 2020)
2020-009-Dave Kennedy, Offensive Tool release (Part 1) (Thu, Mar 12, 2020)
2020-008-Nemesis_Taylor Mutch (Wed, Mar 04, 2020)
2020-007-Roberto_Rodriguez-threat_hunting-juypter_notebooks_data-science (Wed, Feb 26, 2020)
2020-006-Roberto Rodriguez, threat intel, threat hunting, hunter's forge, mordor setup (Wed, Feb 19, 2020)
2020-005-Marcus J Carey, red team automation, and Tribe of Hackers book series (Mon, Feb 10, 2020)
2020-004-Marcus Carey, ShmooCon Report, threat simulation (Wed, Feb 05, 2020)
2020-003- Liz Fong Jones, tracking Pentesters, setting up MFA for SSH, and Developer Advocates (Thu, Jan 30, 2020)
2020-002-Liz Fong-Jones discusses blog post about Honeycomb.io Incident Response (Thu, Jan 23, 2020)
2020-001- Android malware, ugly citrix bugs, and Snake ransomware (Mon, Jan 13, 2020)
2019-046-end of the year, end of the decade, predictions, and how we've all changed (Mon, Dec 23, 2019)
2019-045-Part 2-Noid, Dave Dittrich, empowered teams, features vs. security (Wed, Dec 18, 2019)
2019-044-Noid and Dave Dittrich discusses recent keybase woes - Part 1 (Tue, Dec 10, 2019)
2019-043-Bea Hughes, dealing with realistic threats in your org (Wed, Dec 04, 2019)
2019-042-CircuitSwan, Gitlabs, Job descriptions that don't suck, layer8con (Wed, Nov 27, 2019)
2019-041-circuitswan, diana initiative, diversity initiatives at conferences (Thu, Nov 21, 2019)
2019-040-vulns in cisco kit, google's project 'nightmare', healthcare data issues, TAGNW conference update (Tue, Nov 12, 2019)
2019-039-bluekeep_weaponized-npm_security_cracks-grrcon_report (Mon, Nov 04, 2019)
2019-038-Deveeshree_Nayak-risk_analysis, and OWASP WIA (Wed, Oct 30, 2019)
2019-038- Ethical dilemmas with offensive tools, powershell discussion with Lee Holmes - Part2 (Tue, Oct 22, 2019)
2019-037-Lee Holmes, Powershell logging, and why there's an 'execution bypass' (Thu, Oct 17, 2019)
2019-036-RvrShell-graphql_defense-Part2 (Wed, Oct 09, 2019)
2019-035-Matt_szymanski-attack and defense of GraphQL-Part1 (Wed, Oct 02, 2019)
2019-034- Tracy Maleeff, empathy as a service, derbycon discussion (Sun, Sep 22, 2019)
2019-033-Part 2 of the Kubernetes security audit discussion (Jay Beale & Aaron Small) (Mon, Sep 16, 2019)
the last Derbycon Brakesec podcast (Sat, Sep 07, 2019)
2019-032-kubernetes security audit dicussion with Jay Beale and Aaron Small (Sat, Aug 31, 2019)
2019-031- Dissecting a Social engineering attack (Part 2) (Fri, Aug 16, 2019)
2019-030-news, breach of PHI, sephora data breach (Fri, Aug 09, 2019)
2019-029-dissecting a real Social engineering attack (part 1) (Thu, Aug 01, 2019)
2019-028-fileless_malware_campaign,privacy issues with email integration-new_zip_bomb_record (Wed, Jul 24, 2019)
2019-027-GDPR fines for British Airways, FTC fines Facebook, Zooma-palooza (Sun, Jul 14, 2019)
2019-026-Ben Johnson discusses hanging your shingle, going independent (Tue, Jul 09, 2019)
2019-025-Ben Johnson discusses identity rights management, and controlling your AuthN/AuthZ issues (Tue, Jul 02, 2019)
2019-024-Tanya_Janca-mentorship-WoSec_organizations_what-makes-a-good-mentor (Mon, Jun 24, 2019)
2019-023-Tanya Janca, Dev Slop, DevOps tools for free or cheap (Tue, Jun 18, 2019)
2019-022-Chris Sanders-Rural_Tech_Fund-embracing_the_ATT&CK_Matrix (Sun, Jun 09, 2019)
2019-021-Chris Sanders discusses a cognitive crisis, mental models, and dependence on tools (Tue, Jun 04, 2019)
2019-020-email_security_controls-windows_scheduler (Wed, May 29, 2019)
2019-019-Securing your RDP and ElasticSearch, InfoSec Campout news (Mon, May 20, 2019)
2019-018-Lesson's I learned, github breach, ransoming github repos (Tue, May 14, 2019)
2019-017-K8s Security, Kamus, interview with Omer Levi Hevroni (Sun, May 05, 2019)
2019-016-Conference announcement, and password spray defense (Mon, Apr 29, 2019)
2019-015-Kevin_johnson-incident_response_aftermath (Mon, Apr 22, 2019)
2019-014-Tesla fails encryption, Albany and Sammamish ransomware attacks. (Mon, Apr 15, 2019)
2019-013-ASVSv4 discussion with Daniel Cuthbert and Jim Manico - Part 2 (Sun, Apr 07, 2019)
2019-012: OWASP ASVSv4 discussion with Daniel Cuthbert and Jim Manico - Part 1 (Mon, Apr 01, 2019)
2019-011-part 2 of our interview with Brian "Noid" Harden (Sun, Mar 24, 2019)
2019-010-Zach_Ruble-building_a_better_cheaper_C2_infra (Mon, Mar 18, 2019)
2019-009- Log-MD story, Noid, communicating with Devs and security people-part1 (Tue, Mar 12, 2019)
2019-008-windows retpoline patches, PSremoting, underthewire, thunderclap vuln (Mon, Mar 04, 2019)
2019-007-bsides_seattle_recap-new_phishing_vector-Kernel_use_after_free_vuln (Mon, Feb 25, 2019)
2019-006: CSRF, XSS, infosec hypocrites, and the endless cycle (Mon, Feb 18, 2019)
2019-005: Security Researcher attack, disabling SPECTER, and Systemd discussion (Mon, Feb 11, 2019)
2019-004-ShmooCon, and Bsides Leeds discussion, Facetime bug (with update), a town for ransom (Mon, Feb 04, 2019)
2019-003-Liz Rice, creating processes to shift security farther left in DevOps (Mon, Jan 28, 2019)
2019-002-part 2 of the OWASP IoT Top 10 with Aaron Guzman (Tue, Jan 22, 2019)
2019-001: OWASP IoT Top 10 discussion with Aaron Guzman (Mon, Jan 14, 2019)
2018-045: end of the year podcast! (Thu, Dec 27, 2018)
2018-044: Mike Samuels discusses NodeJS hardening initiatives (Tue, Dec 18, 2018)
2018-043-Adam-Baldwin, npmjs Director of Security, event stream post mortem, and making your package system more secure (Tue, Dec 11, 2018)
2018-042-Election security processes in the state of Ohio (Mon, Dec 03, 2018)
2018-041: part 2 of Kubernetes security insights w/ ian Coldwater (Mon, Nov 26, 2018)
2018-040- Jarrod Frates discusses pentest processes (Mon, Nov 19, 2018)
2018-039-Ian Coldwater, kubernetes, container security (Mon, Nov 12, 2018)
2018-038-InfosecSherpa, security culture, (Mon, Nov 05, 2018)
2018-037-iWatch save man's life, Alexa detects your mood, and post-derby discussion (Mon, Oct 22, 2018)(00:00:00 +0000, )
2018-036-Derbycon 2018 Audio with Cheryl Biswas and Tomasz Tula (Mon, Oct 15, 2018)
2018-035-software bloat is forever; malicious file extensions; WMIC abuses (Mon, Oct 01, 2018)
2018-034-Pentester_Scenario (Tue, Sep 25, 2018)
2018-031-Derbycon ticket CTF, Windows Event forwarding, SIEM collection, and missing events... oh my! (Sat, Sep 01, 2018)
2018-030: Derbycon CTF and Auction info, T-mobile breach suckage, and lockpicking (Sun, Aug 26, 2018)
2018-029-postsummercamp-future_record_breached-vulns_nofix (Fri, Aug 17, 2018)
2018-028-runkeys, DNS Logging, derbycon Talks (Thu, Aug 09, 2018)
2018-027-Godfrey Daniels talks about his book about the Mojave Phonebooth (Wed, Aug 01, 2018)
2018-026-insurers gathering data, netflix released a new DFIR tool, and google no longer gets phished? (Fri, Jul 27, 2018)
2018-025-BsidesSPFD, threathunting, assessing risk (Thu, Jul 19, 2018)
2018-024- Pacu, a tool for pentesting AWS environments (Wed, Jul 11, 2018)
2018-023: Cydefe interview-DNS enumeration-CTF setup & prep (Mon, Jul 02, 2018)
2018-022-preventing_insider_threat (Tue, Jun 26, 2018)
2018-021-TLS 1.3 discussion, Area41 report, wireshark goodness (Wed, Jun 20, 2018)
2018-020: NIST's new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords (Wed, Jun 13, 2018)
2018-019-50 good ways to protect your network, brakesec summer reading program (Wed, Jun 06, 2018)
2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs (Wed, May 30, 2018)
2018-017- threat models, vuln triage, useless scores, and analysis tools (Wed, May 23, 2018)
2018-016- Jack Rhysider, DarkNet Diaries, and a bit of infosec history (Part 1) (Tue, May 15, 2018)
2018-015-Data labeling, data classification, and GDPR issues (Mon, May 07, 2018)
2018-014- Container Security with Jay Beale (Sun, Apr 29, 2018)
2018-013-Sigma_malware_report, Verizon_DBIR discussion, proper off-boarding of employees (Fri, Apr 20, 2018)
2018-012: SIEM tuning, collection, types of SIEM, and do you even need one? (Wed, Apr 11, 2018)
2018-011: Creating a Culture of Neurodiversity (Wed, Apr 04, 2018)
2018-010 - The ransoming of Atlanta, Facebook slurping PII, Dridex variants (Tue, Mar 27, 2018)
2018-009- Retooling for new infosec jobs, sno0ose, Jay Beale, and mentorship (Mon, Mar 19, 2018)
BDIR-001: Credential stealing emails, How do you protect against it? (Mon, Mar 12, 2018)
2018-008- ransomware rubes, Defender does not like Kali, proper backups (Mon, Mar 12, 2018)
2018-007- Memcached DDoS, Secure Framework Documentation, and chromebook hacking (Mon, Mar 05, 2018)
2018-006- NPM is whacking boxes, code signing, and stability of code (Mon, Feb 26, 2018)
2018-005-Securing_your_mobile_devices_and_CMS_against_plugin_attacks (Wed, Feb 14, 2018)
2018-004 - Discussing Bsides Seattle, and Does Autosploit matter? (Mon, Feb 05, 2018)
BDIR-000 ; The Beginning (Mon, Jan 29, 2018)
2018-003-Privacy Issues using Crowdsourced services, (Sat, Jan 27, 2018)
2018-002-John_Nye-Healthcare's_biggest_issues-ransomware (Sat, Jan 20, 2018)
2018-001- A new year, new changes, same old trojan malware (Fri, Jan 12, 2018)
2017-SPECIAL005-End of year Podcast with podcasters (Sat, Dec 23, 2017)
2017-042-Jay beale, Hushcon, Apple 0Day, and BsidesWLG audio (Sat, Dec 16, 2017)
2017-041- DFIR Hierarchy of Needs, and new malware attacks (Fri, Dec 08, 2017)
2017-040-Expensify_privacy_issues-Something_is_rotten_at_Apple (Thu, Nov 30, 2017)
2017-039-creating custom training for your org, and audio from SANS Berlin! (Thu, Nov 23, 2017)
2017-038- Michael De Libero discusses building out your AppSec Team (Wed, Nov 15, 2017)
2017-037 - Asset management techniques, and it's importance, DDE malware (Wed, Nov 08, 2017)
2017-036-Adam Shostack talks about threat modeling, and how to do it properly (Sun, Oct 29, 2017)
2017-SPECIAL004- SOURCE Conference Seattle 2017 (Sun, Oct 22, 2017)
2017-035-Business_Continuity-After_the_disaster (Mon, Oct 16, 2017)
2017-SPECIAL003-Audio from Derbycon 2017! (Sat, Oct 07, 2017)
2017-034-Preston_Pierce, recruiting, job_descriptions (Mon, Oct 02, 2017)
2017-SPECIAL002-Derbycon-podcast with podcasters (NSF Kids/Work) (Wed, Sep 27, 2017)
2017-033- Zane Lackey, Inserting security into your DevOps environment (Sun, Sep 17, 2017)
2017-032-incident response tabletops, equifax breach (Tue, Sep 12, 2017)
2017-031-Robert_Sell-Defcon_SE_CTF-OSINT_source (Mon, Sep 04, 2017)
2017-030-Vulnerability OSINT, derbycon CTF walkthrough, and bsides Wellington! (Tue, Aug 29, 2017)
2017-029-CIS benchmarks, Windows Update reverts changes used to detect malware (Sun, Aug 20, 2017)
2017-028-disabling WU?, Comcast wireless hack, and was it irresponsible disclosure? (Sat, Aug 12, 2017)
2017-026-Machine_Learning-Market Hype, or infosec's blue team's newest weapon? (Thu, Aug 03, 2017)
2017-025-How will GDPR affect your Biz with Wendyck, and DerbyCon CTF info (Sat, Jul 22, 2017)
2017-024-infosec_mental_health_defcon_contest-with-rand0h-and-tottenkoph (Sun, Jul 16, 2017)
2017-023-Jay_Beale_Securing Linux-LXC-Selinux-Apparmor-Jails_and_more (Mon, Jul 10, 2017)
2017-022-Windows Hardening, immutable laws of security admins, and auditpol (Mon, Jul 03, 2017)
2017-SPECIAL- Michael Gough and Brian Boettcher discuss specific ransomware (Fri, Jun 30, 2017)
2017-021-small_biz_outreach-614con-prenicious_kingdoms-ransomware-bonus (Thu, Jun 22, 2017)
2017-020-Hector_Monsegur_DNS_OSINT_Outlaw_Tech_eClinicalWorks_fine (Wed, Jun 14, 2017)
2017-019-Ms. Jessy Irwin, Effective Training in Small/Medium Businesses (Tue, Jun 06, 2017)
2017-018-SANS_course-EternalBlue_and_Samba_vulnerabilities-DerbyCon contest details (Tue, May 30, 2017)
2017-017-Zero_Trust_Networking_With_Doug_Barth,_and_Evan_Gilman (Tue, May 09, 2017)
2017-016-Fileless_Malware, and reclassifying malware to suit your needs (Tue, May 02, 2017)
2017-015-Being a 'security expert' vs. 'security aware' (Thu, Apr 27, 2017)
2017-014-Policy_writing_for_the_masses-master_fingerprints_and_shadowbrokers (Thu, Apr 20, 2017)
2017-013-Multi-factor Auth implementations, gotchas, and solutions with Matt (Thu, Apr 13, 2017)
2017-012-UK Gov Apprenticeship infosec programs with Liam Graves (Wed, Apr 05, 2017)
2017-011-Software Defined Perimeter with Jason Garbis (Wed, Mar 29, 2017)
2017-010-Authors Amanda Berlin and Lee Brotherston of the "Defensive Security Handbook" (Wed, Mar 22, 2017)
2017-009-Dave Kennedy talks about CIAs 'Vault7', ISC2, and Derbycon updates! (Tue, Mar 14, 2017)
2017-008-AWS S3 outage, how it should color your IR scenarios, and killing the 'whiteboard' interview (Mon, Mar 06, 2017)
2017-007- Audio from Bsides Seattle 2017 (Wed, Mar 01, 2017)
2017-006- Joel Scambray, infosec advice, staying out from in front of the train, and hacking exposed (Sun, Feb 19, 2017)
2017-005-mick douglas, avoid bad sales people, blue team defense tools (Tue, Feb 14, 2017)
2017-004-sandboxes, jails, chrooting, protecting applications, and analyzing malware (Mon, Feb 06, 2017)
2017-003-Amanda Berlin at ShmooCon (Sun, Jan 29, 2017)
2017-002: Threat Lists, IDS/IPS rules, and mentoring (Sat, Jan 21, 2017)
2017-001: A New Year, malware legislation, and a new cast member! (Thu, Jan 12, 2017)
2016-051: Steps to fixing risks you found, and the State of the Podcast (Sun, Dec 25, 2016)
2016-050: Holiday Spectacular with a little help from our friends! (Wed, Dec 21, 2016)
2016-049-Amanda Berlin, the art of the sale, and Decision making trees (Thu, Dec 15, 2016)
2016-048: Dr. Gary McGraw, Building Security into your SDLC, w/ Special guest host Joe Gray! (Sat, Dec 03, 2016)
2016-047: Inserting Security into the SDLC, finding Privilege Escalation in poorly configured Linux systems (Mon, Nov 28, 2016)
2016-046: BlackNurse, Buenoware, ICMP, Atombombing, and PDF converter fails (Mon, Nov 21, 2016)
2016-044: Chain of Custody, data and evidence integrity (Mon, Nov 07, 2016)
2016-043: BSIMMv7, a teachable moment, and our new Slack Channel! (Tue, Nov 01, 2016)
2016-042-Audio from Source Seattle 2016 Conference (Mon, Oct 24, 2016)
2016-041- Ben Johnson, company culture shifts, job descriptions, cyber self-esteem (Mon, Oct 17, 2016)
2016-040: Gene_Kim, Josh_Corman, helping DevOps and Infosec to play nice (Mon, Oct 10, 2016)
2016-039-Robert Hurlbut, Threat Modeling and Helping Devs Understand Vulnerabilities (Tue, Oct 04, 2016)
2016-038-Derbycon Audio and 2nd Annual Podcast with Podcasters! (Wed, Sep 28, 2016)
2016-037: B1ack0wl, Responsible Disclosure, and embedded device security (Wed, Sep 14, 2016)
2016-036: MSSP pitfalls, with Nick Selby and Kevin Johnson (Sun, Sep 11, 2016)
2016-035-Paul Coggin discusses the future with Software Defined Networking (Tue, Sep 06, 2016)
2016-034: Sean Malone from FusionX explains the Expanded Cyber Kill Chain (Sun, Aug 28, 2016)
2016-033: Privileged Access Workstations (PAWs) and how to implement them (Mon, Aug 22, 2016)
2016-032-BlackHat-Defcon-Debrief, Brakesec_CTF_writeup, and blending in while traveling (Mon, Aug 15, 2016)
2016-031:DFIR rebuttal and handling incident response (Mon, Aug 08, 2016)
2016-030: Defending Against Mimikatz and Other Memory based Password Attacks (Sun, Jul 31, 2016)
2016-029: Jarrod Frates, steps when scheduling a pentest, and the questions you forgot to ask... (Mon, Jul 25, 2016)
2016-028: Cheryl Biswas discusses TiaraCon, Women in Infosec, and SCADA headaches (Sun, Jul 17, 2016)
2016-027: DFIR conference, DFIR policy controls, and a bit of news (Sun, Jul 10, 2016)
2016-026-powershell exfiltration and hiring the right pentest firm (Sun, Jul 03, 2016)
2016-025-Windows Registry, Runkeys, and where malware likes to hide (Mon, Jun 27, 2016)
2016-024: Kim Green, on CISOaaS, the Redskins Laptop, and HIPAA (Mon, Jun 20, 2016)
2016-023- DNS_Sinkholing (Mon, Jun 13, 2016)
2016-022: Earl Carter dissects the Angler Exploit Kit (Mon, Jun 06, 2016)
2016-021: Carbon Black's CTO Ben Johnson on EDR, the layered approach, and threat intelligence (Sun, May 29, 2016)
2016-020-College Vs. Certifications Vs. Self-taught (Sat, May 21, 2016)
2016-019-Creating proper business cases and justifications (Mon, May 16, 2016)
2016-018-software restriction policies and Applocker (Mon, May 09, 2016)
2016-017-The Art of Networking, Salted Hashes, and the 1st annual Podcast CTF! (Mon, May 02, 2016)
2016-016-Exploit Kits, the "Talent Gap", and buffer overflows (Mon, Apr 25, 2016)
2016-015-Dr. Hend Ezzeddine, and changing organizational security behavior (Sat, Apr 16, 2016)
2016-014-User_Training,_Motivations,_and_Speaking_the_Language (Fri, Apr 08, 2016)
2016-013-Michael Gough, the ISSM reference model, and the 5 P's (Sat, Mar 26, 2016)
2016-012-Ben Caudill on App Logic Flaws, and Responsible Disclosure (Sat, Mar 19, 2016)
2016-011-Hector Monsegur, deserialization, and bug bounties (Mon, Mar 14, 2016)
2016-010-DNS_Reconnaissance (Mon, Mar 07, 2016)
2016-009-Brian Engle, Information Sharing, and R-CISC (Mon, Feb 29, 2016)
2016-008-Mainframe Security (Mon, Feb 22, 2016)
2016-007-FingerprinTLS profiling application with Lee Brotherston (Sun, Feb 14, 2016)
2016-006-Moxie_vs_Mechanism-Dependence_On_Tools (Mon, Feb 08, 2016)
2016-005-Dropbox Chief of Trust and Security Patrick Heim! (Sat, Jan 30, 2016)
2016-004-Bill_Gardner (Sun, Jan 24, 2016)
2016-003-Antivirus (...what is it good for... absolutely nothing?) (Mon, Jan 18, 2016)
2016-002-Cryptonite- or how to not have your apps turn to crap (Mon, Jan 11, 2016)
2016-001: Jay Schulmann explains how to use BSIMM in your environment (Sun, Jan 03, 2016)
2015-054: Dave Kennedy (Sun, Dec 27, 2015)
2015-053: 2nd annual podcaster party (Tue, Dec 22, 2015)
2015-052: Wim Remes-ISC2 board member (Thu, Dec 17, 2015)
2015-051-MITRE's ATT&CK Matrix (Thu, Dec 10, 2015)
2015-049-Can you achieve Security Through Obscurity? (Fri, Dec 04, 2015)
2015-048: The rise of the Shadow... IT! (Fri, Nov 27, 2015)
2015-047-Using BSIMM framework to measure the maturity of your software security lifecycle (Sat, Nov 21, 2015)
2015-046: Getting Security baked in your web app using OWASP ASVS (Tue, Nov 10, 2015)
2015-045: Care and feeding of Devs, podcast edition, with Bill Sempf! (Wed, Nov 04, 2015)
2015-044-A MAD, MAD, MAD, MAD Active Defense World w/ Ben Donnelly! (Fri, Oct 30, 2015)
2015-043: WMI, WBEM, and enterprise asset management (Thu, Oct 22, 2015)
2015-042: Log_MD, more malware archaeology, and sifting through the junk (Wed, Oct 14, 2015)
Derbycon Audio - post-Derby interviews! (Sat, Oct 10, 2015)
Derbycon - A podcast with Podcasters! *explicit* (Wed, Sep 30, 2015)
2015-040; Defending against HTML 5 vulnerabilities (Mon, Sep 21, 2015)
2015-039: Hazards of HTML5 (Mon, Sep 14, 2015)
2015-038-Influence Vs. Mandate and Guardrails vs. Speedbumps (Mon, Sep 07, 2015)
2015-037-making patch management work (Mon, Aug 31, 2015)
2015-036: Checkbox security, or how to make companies go beyond compliance (Mon, Aug 24, 2015)(0000 , )
2015-035: Cybrary.it training discussion and Bsides Austin Panel (Sun, Aug 16, 2015)
Flashback: 2014-001_Kicking some Hash (Sat, Aug 15, 2015)
2015-034: SANS Top20 Security Controls #9 - CTFs - Derbycon dicsussion (Mon, Aug 10, 2015)
2015-033: Data anonymization and Valuation, Privacy, and Ethical medical research (Mon, Aug 03, 2015)
2015-032: Incident response, effective communication, and DerbyCon Contest (Sun, Jul 26, 2015)
2015-031: Fab and Megan-High_Math-Psychology_and Scarves (Sat, Jul 18, 2015)
2015-030: Bsides Austin panel Discussion (Red Team vs. Blue Team) (Mon, Jul 13, 2015)
2015-029: Big Brown cloud honeyblog with @theroxyd (Mon, Jul 06, 2015)
2015-028: using log analytics to discover Windows malware artifacts (Mon, Jun 29, 2015)
2015-027- detecting malware in Windows Systems with Michael Gough (Mon, Jun 22, 2015)
2015-026- Cloud Security discussion with FireHost (Sun, Jun 14, 2015)
2015-025: Blue Team Army, Powershell, and the need for Blue team education (Mon, Jun 08, 2015)
2015-024: Is a good defense the best offense? Interview w/ Mick Douglas! (Sun, May 31, 2015)
2015-023_Get to know a Security Tool: Security Onion! (Tue, May 26, 2015)
2015-022: SANS Top 25 Critical Security Controls-#10 and #11 (Sun, May 17, 2015)
2015-021: 24 Deadly Sins: Command injection (Sun, May 10, 2015)
2015-020 - Deadly Programming Sins - Buffer Underruns (Sun, May 03, 2015)
2015-018- How can ITIL help you flesh out your infosec program? (Sun, Apr 26, 2015)
2015-017: History of ITIL, and integrating Security (Sat, Apr 18, 2015)
2015-016: Special Interview: Cybrary.it (Tue, Apr 07, 2015)
2015-015: 2015 Verizon PCI report (Sat, Apr 04, 2015)
2015-014-SANS Top 20 Controls - #12 and #13 (Sat, Mar 28, 2015)
2015-013-Hackerspaces and their sense of community (Sat, Mar 21, 2015)
2015-012-Fill In podcast with Jarrod and Lee! (Sun, Mar 15, 2015)
2015-011- Why does BeEF and metadata tracking keep I2P developers up at night? (Sat, Mar 07, 2015)
2015-010 - How can you use I2P to increase your security and anonymity? (Sat, Feb 28, 2015)
2015-009-Part 2 with Pawel Krawczyk (Sat, Feb 21, 2015)
2015-008- Make your web Apps more secure with Content Security Policy (part 1) (Mon, Feb 16, 2015)
2015-007-SANS_Top20_14and15--Proving_Grounds_Microcast with Megan Wu! (Tue, Feb 10, 2015)
2015-006- Is your ISP doing a 'man-in-the-middle' on you? (Sat, Feb 07, 2015)
2015-005: Threat Modeling with Lee Brotherston (Sun, Feb 01, 2015)
2015-004-SANS Top 20: 20 to 16 (Sun, Jan 25, 2015)
All About Tor (Sat, Jan 17, 2015)
Episode 2: Big Trouble in Small Businesses (Sat, Jan 10, 2015)
2015-001- "unhackable" or "attacker debt" (Sun, Jan 04, 2015)
Is Compliance running or ruining Security Programs? (Fri, Dec 26, 2014)
Brakeing Down/Defensive Security Mashup! (Sun, Dec 21, 2014)
Tyler Hudak (@secshoggoth) Discusses incident respose, and DIY malware research (Mon, Dec 15, 2014)
Tyler Hudak discusses malware analysis (Mon, Dec 08, 2014)
Part 2 w/ Ben Donnelly -- Introducing Ball and Chain (making password breaches a thing of the past) (Mon, Dec 01, 2014)
Active Defense and the ADHD Distro with Ben Donnelly (Sat, Nov 22, 2014)
WebGoat install video with Mr. Boettcher! (Thu, Nov 20, 2014)
Active Defense: It ain't 'hacking the hackers' (Tue, Nov 18, 2014)
Interview Part 2 with Paul Coggin: Horror stories (Sun, Nov 09, 2014)
Interview with Paul Coggin (part 1) (Mon, Nov 03, 2014)
Learning about SNMP, and microinterview with Kevin Johnson (Sat, Oct 25, 2014)
Keep Calm and take a tcpdump! :) (Mon, Oct 20, 2014)
Part 2 with Jarrod Frates - how pentesting is important (Mon, Oct 13, 2014)
DerbyCon report and Shellshock news (Mon, Oct 06, 2014)
Marcus J. Carey Interview Part 2 - China, IP, coming cyber war (Mon, Sep 29, 2014)
Video: Using GPG and PGP (Sun, Sep 28, 2014)
Marcus J. Carey, FireDrillMe, and the Rockstars of Infosec (Mon, Sep 22, 2014)
Mr. Boettcher interviewed Ed Skoudis! (Mon, Sep 15, 2014)
Malware, Threat Intelligence, and Blue Team talks at cons -- with Michael Gough Pt.2 (Mon, Sep 08, 2014)
Malware, and Malware Sentinel -- with Michael Gough Pt.1 (Mon, Sep 01, 2014)
Reconnaissance: Finding necessary info during a pentest (Mon, Aug 25, 2014)
Mr. Boettcher made a thing! Setting up a proper Debian install! (Sat, Aug 23, 2014)
Ratproxy and on being a better Infosec Professional (Mon, Aug 18, 2014)
Introduction to Nmap, Part 2 (Sun, Aug 10, 2014)
Risk Management discussion with Josh Sokol - Part 2 (Sun, Aug 10, 2014)
Interview with creator of Simple Risk, Josh Sokol! (Part 1) (Mon, Aug 04, 2014)
Flashback: Sqlmap - a little how-to, and getting your developers involved in using it. (Mon, Jul 28, 2014)
Part 2 with Georgia Weidman! (Mon, Jul 21, 2014)
Nmap (pt1) (Mon, Jul 14, 2014)
Part 1 with Author and Mobile Security Researcher Georgia Weidman! (Mon, Jul 14, 2014)
Establishing your Information Security Program - Part 2 (Mon, Jul 07, 2014)
Establishing your Information Security Program - Part 1 (Mon, Jun 30, 2014)
OWASP Top Ten: 1-5 (Mon, Jun 23, 2014)
OWASP Top Ten: Numbers 6 - 10 (Mon, Jun 16, 2014)
Talk with Guillaume Ross - Part 2 (all things cloud) (Mon, Jun 09, 2014)
It all goes in "the cloud" (Part 1) (Sun, Jun 01, 2014)
Video 2: BONUS!!!! Kismet Video! (Tue, May 27, 2014)
Wireless scans with Kismet and Aircrack-ng (Mon, May 26, 2014)
PGP and GPG -- protect your data (Sun, May 18, 2014)
clearing up some terminology (hashing, encryption, encoding) (Tue, May 13, 2014)
Browsing more Securely (Mon, May 05, 2014)
Mandiant 2014 threat report (Mon, Apr 28, 2014)
Episode 13 - 2014 Verizon PCI Report (Mon, Apr 21, 2014)
Episode 12, Part 2 of our interview with Phil Beyer! (Tue, Apr 15, 2014)
Special Report: Heartbleednado-apoco-geddon (Mon, Apr 14, 2014)
Episode 11, Part 1: Interview with Phil Beyer (Mon, Apr 07, 2014)
Video1: quick renaming shortcut with Sed (Fri, Apr 04, 2014)
Phil Beyer's talk at Bsides Austin (Mon, Mar 31, 2014)
Episode 10: IDS/IPS (Mon, Mar 31, 2014)
Episode 9: Framework for Improving Critical Infrastructure Cybersecurity (Mon, Mar 24, 2014)
Episode 8: Why a simple password is not so simple... (Tue, Mar 18, 2014)
Episode 7, Part 2 with Kevin Johnson from SecureIdeas! (Sun, Mar 09, 2014)
Episode 7, Part 1 - Kevin Johnson of SecureIdeas! (Tue, Mar 04, 2014)
Episode 6 - Malware Interview with Michael Gough (Part 2) (Mon, Feb 24, 2014)
Episode 6 - Malware Interview Michael Gough (Part 1) (Mon, Feb 17, 2014)
Episode 5 - Interview with Frank Kim (Mon, Feb 10, 2014)
Episode 4: Origin stories, and talking about reconnaissance (Mon, Feb 03, 2014)
Episode 3 - Alerts, Events, and a bit of incident response (Mon, Jan 27, 2014)
Episode 2 -- Feeling Vulnerable? - Vulnerability scanners - Go Exploit Yourself (Mon, Jan 20, 2014)
Episode 1: Kicking some Hash! (Wed, Jan 15, 2014)