Preview Mode Links will not work in preview mode

Apr 20, 2017

So, I (Bryan) had a bit of a work issue to discuss. It has become one of my myriad jobs at work to write up some policies. In and of itself, it's not particularly fun work, and for whatever reason, this is causing me all kinds of issues. So this week we take a quick look at why I'm having these issues, if they are because I don't get it, or because the method I must follow is flawed.

After that, we add on to last week's show on #2FA and #MFA ( by discussing why scientists are trying to create a 'master fingerprint' capable of opening mobile devices. We talk about FAR and FRR (false acceptance/rejection rates), and why the scientists may actually be able to pull it off.

We discussed Ms. Berlin's trip to the AIDE conference (, a two day #DFIR conference held at Marshall University by our good friend Bill Gardner (@oncee on Twitter). She gave a great interactive talk on working through online wargames and CTFs, and we get her update on the conference.

Finally, we did discuss a bit about the #ShadowBroker dump of #NSA tools. We discussed how different people are taking this dump over the #Wikileaks #CIA dump.


Direct Link:

Youtube Channel:

iTunes Store Link: 



Jay Beale’s Class “aikido on the command line: hardening and containment”

JULY 22-23 & JULY 24-25    AT BlackHat 2017




Join our #Slack Channel! Sign up at


#Google Play Store:

#iHeartRadio App:


Comments, Questions, Feedback:

Support Brakeing Down Security Podcast on #Patreon:

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Player.FM :

#Stitcher Network:

#TuneIn Radio App:



--- show notes----


Discuss AIDE with Ms. Berlin posted their first video.


Fingerprint Masters (a case against biometrics):

Encrypted comms causing issues for employers:


ShadowBrokers dump

“Worst since Snowden”


Making policies, easier said than done

Discuss DefSec chapter on Policies

Difficulty: aligning policies with compliance standards

FedRamp, PCI, etc

Writing a good policy so that it follows the guidelines -- Defensive Security Handbook