Nov 15, 2017

Direct Link: https://brakesec.com/2017-038

Michael De Libero spends his work hours running an application security team at a gaming development company. I (Bryan) was really impressed at the last NCC Group Quarterly meetup when he gave a talk (not recorded) about how to properly build out your Application Security...

Nov 8, 2017

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-037-asset_management.mp3

We started off the show talking to Mr. Boettcher about what DDE is and how malware is using this super legacy Windows component (found in Windows 2) to propogate malware in MS Office docs and spreadsheets. We also talk about how to...

Oct 29, 2017

Direct Link:  http://traffic.libsyn.com/brakeingsecurity/2017-036-Adam_Shostack-threat_modeling.mp3

Adam Shostack has been a fixture of threat modeling for nearly 2 decades. He wrote the 'threat modeling' bible that many people consult when they need to do threat modeling properly.

We discuss the different threat...

Oct 22, 2017

After last year's SOURCE Conference, I knew I needed to go again, not just because it was a local (Seattle) infosec conference, but because of the caliber of speakers and the range of topics that were going to be covered.

I got audio from two of the speakers at the SOURCE conference (@sourceconf) on Twitter

Lee Fisher...

Oct 16, 2017

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-035-business_continuity-After_the_disaster.mp3

We are back this week after a bit of time off, and we getting right back into it...

What happens after you enact your business continuity plan? Many times, it can cause you to have to change processes,...