Podcast appearances and mentions of bruce potter

Overdrive: Tesla's Troubles, Touchscreen Backlash & Royal Recognition In this episode of Overdrive, David Brown and Paul Murrell unpack a mix of major shifts and motoring curiosities. From plummeting Tesla sales and BYD's meteoric rise, to Australia's evolving road rules and the debate over touchscreens in modern vehicles—this week covers the latest in transport, design, planning, and culture. ⚡ Tesla's Decline & BYD's Boom Tesla has taken a major hit in Australia with a 75% drop in April sales, influenced by expiring tax perks and consumer uncertainty. Plug-in hybrid sales also dipped to 2.9%. Meanwhile, Chinese EV giant BYD has overtaken Tesla globally. In the US, Tesla is sitting on 10,000 unsold Cybertrucks, raising concerns about demand for the futuristic model before its Australian debut.

Summary: In this episode of Overdrive, we delve into the evolving world of motoring and mobility—from high-tech pedestrian detection fabrics to nostalgic reflections on motoring larrikins. David Brown and Paul Murrell critique inconsistencies in safety tech, vehicle naming confusion, and the charm of classic cars. We also road test the Mazda CX-30 and examine whether EVs are truly delivering on sustainability promises. Plus, we pay tribute to rally legend Ed Mulligan. Program Links and Credits Overdrive is produced by David Brown with assistance from Paul Murrell, Graham Patterson, Bruce Potter, and Mark Wesley. More info and extended segments available at Cars Transport Culture, or search “Overdrive Radio” on your favourite podcast platform. First broadcast: 19 April 2025 Syndicated across Australia via the Community Radio Network.

Send us a text Bruce Potter, general manager at Blackjack Sporting clays in Sumterville Florida, joins us to discuss the upcoming Florida State Sporting Clays championship. We give you the 411 with everything you need to know about attending this amazing shoot!We are also joined by Michael Hampton Jr to bring us the latest with NSCA for this months segment. The NSCA is making big strides this year and this is a must listen to segment!- DEAD PAIR / KOLAR DRAWING - https://e.givesmart.com/events/HpS/i/_All/u1g0/?search=- Kolar Arms - https://www.kolararms.com- Fiocchi USA - https://fiocchiusa.com- Atlas Traps - https://www.atlastraps.com- Rhino Chokes - https://rhinochokes.com- Ranger Shooting Eyewear - https://www.reranger.comRanger 10% Discount = DEADPAIR - Taconic Distillery - https://www.spirits.taconicdistillery.com/  Discount code -DEADPAIR10- Long Range - https://www.longrangellc.com- Score Chaser - https://scorechaser.com/- National Sporting Clays Association - https://nssa-nsca.org/- Clay Range Design Works - https://traptowers.comSupport the showThe Dead Pair Podcast - https://thedeadpair.com FACEBOOK- https://www.facebook.com/Thedeadpair. INSTAGRAM- https://www.instagram.com/thedeadpairpodcast/YOUTUBE- https://youtube.com/channel/UCO1ePh4I-2D0EABDbKxEgoQ

Overdrive: Past car ads - the good, bad and ugly; Hyundai Kona EV; Misleading hybrid sale figures 1. Joke from a listener 2. An engineer turned comedian gives an example of the poor use of statistics 3. Why two-wheel-drive utes sell in small numbers 4. We review a historic film of road construction. How has the presentation of transport projects changed 5. A review of some specific aspects of the latest car sales figures 6. A road test the Hyundai Kona EV 7. An interview with Bruce Potter on past car advertising headlines that worked really well and those that did not. Web Site: Driven Media: drivenmedia.com.au Podcasts iTunes: Cars Transport Culture Spotify: Cars Transport Culture Or our social pages Facebook Cars Transport Culture Instagram Cars Transport Culture Or YouTube site Cars Transport Culture Search for Cars transport culture And this has been overdrive Thanks to • Paul Murrell • Bruce Potter • Listener Alfie • Hyundai Australia • Mark Wesley for their help with this program. Our web site is drivenmedia.com.au or search for cars, transport, culture for our longer version of the program as a podcast on iTunes and Spotify podcasts or for information including pictures on Facebook, Instagram or youtube. You can always make a suggest, comment or offer help by sending an email to feedback@drivenmedia.com.au Overdrive is syndicated across Australia on the Community Radio Network Originally broadcast 15 June 2024

G'Day and welcome to Overdrive a program that samples as much as it can of the thrill of cars and transport I'm David Brown Road test Mazda CX-90 – replacing the CX9 – it is more of a lounge car than an express Interview At our home station here for Overdrive, the most popular programme is the breakfast show presented by Bruce Potter. He's very kindly gives a preview the day before each Overdrive program goes to air, to what we're going to be talking about. And his listeners are now asking questions. Bruce joins us to answer the one about why birds crap on cars that have just been washed. For more information Web Site: Driven Media: drivenmedia.com.au Podcasts iTunes: Cars Transport Culture Spotify: Cars Transport Culture Facebook Cars Transport Culture Instagram Cars Transport Culture Our YouTube site Cars Transport Culture Originally broadcast 20 February 2024

Yep, Chukar hunting is hard after all. Big surprise I know. After the first stop on our B3 cross country road trip we sat down to tell the tale. Bruce Potter, Nate Burbach, Nick Schade and myself recount the lessons learned and calories burned in pursuit of one of the most extreme upland bird hunts that there is.

Bruce Potter, Extension Integrated Pet Management Specialist at the University of Minnesota, shares his perspective of the current state of corn rootworm management.

We want to thank our sponsors the Minnesota Soybean Research and Promotion Council, along with the Minnesota Corn Research and Promotion Council.Contact information for today's show:  Bruce Potter, Extension IPM Specialist - bpotter@umn.edu  Fei Yang, Extension Corn Entomologist - yang8905@umn.edu  Lizabeth Stahl, Extension Educator - crops - stah0012@umn.edu  MN Crop News:  Northern corn rootworm and extended diapause problems increase in areas of Minnesota – https://blog-crop-news.extension.umn.edu/2023/07/northern-corn-rootworm-and-extended.html Handy Bt Trait Table for 2023:https://www.texasinsects.org/uploads/4/9/3/0/49304017/bttraittable_march_2023.pdf Scouting for Corn Rootworm:https://extension.umn.edu/corn-pest-management/scouting-corn-rootworm Strategic Farming: Field Notes Podcast site -  https://strategicfarming.transistor.fm/ Recordings of sessions will be available as a podcast at: https://strategicfarming.transistor.fm/episodes  Subscribe and share this link with your networks: https://z.umn.edu/fieldnotespodcast Crops Team - Upcoming Events https://z.umn.edu/UMcropeventsCrop production website - https://z.umn.edu/cropsMN Crop News - https://z.umn.edu/cropnewsUMN Crops YouTube - https://www.youtube.com/user/UMNCrops/

Join us for this session when we welcome Dr. Ian MacRae  and Bruce Potter, Extension entomologists, as they discuss the reemergence of a small grain pest, the cereal leaf beetle, and armyworms. The weekly Wednesday program will feature a live webinar with interactive discussion with attendees, addressing in-season cropping issues as they arise. Weekly sessions  may include topics related to soil fertility, agronomics, pest management, equipment, and more.We want to thank our sponsors the Minnesota Soybean Research and Promotion Council, along with the Minnesota Corn Research and Promotion Council.Contact information for today's show:  Ian MacRae - imacrae@umn.edu Bruce Potter - bpotter@umn.edu Anthony Hanson - han4022@umn.edu  Cereal leaf beetle: a new insect pest in Northwest Minnesota - https://blog-crop-news.extension.umn.edu/2023/06/cereal-leaf-beetle-new-insect-pest-in.html Armyworm - https://extension.umn.edu/corn-pest-management/armyworm Black cutworm - https://extension.umn.edu/corn-pest-management/black-cutworm Strategic Farming: Field Notes Podcast site -  https://strategicfarming.transistor.fm/ U of MN Cover Crop Website:  https://extension.umn.edu/soil-and-water/cover-crops Cover Crop Termination article:  https://blog-crop-news.extension.umn.edu/2023/04/what-are-my-best-options-for.htmlMidwest Cover Crop Tool:  https://midwestcovercrops.org/covercroptool/Recordings of sessions will be available as a podcast at: https://strategicfarming.transistor.fm/episodes  Subscribe and share this link with your networks: https://z.umn.edu/fieldnotespodcast Crops Team - Upcoming Events https://z.umn.edu/UMcropeventsCrop production website - https://z.umn.edu/cropsMN Crop News - https://z.umn.edu/cropnewsUMN Crops YouTube - https://www.youtube.com/user/UMNCrops/

Dave Nicolai and Dr. Seth Naeve talk about agronomic issues from the recent heavy rains in early May 2023 and early-season insect issues with Bruce Potter, IPM Extension Specialist based out of Lamberton, MN. Potter has been monitoring black cutworm and true armyworm flights as well as alfalfa weevil that may be affecting crops in upcoming weeks. Diseases to watch out for in flooded or wet soils include soybean sudden death syndrome, Pythium, and Fusarium.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel: CVE-2023-23397: A zero-touch exploit that affects all versions of Windows Outlook. (Sigma rule) CVE-2023-24880: An unpatched security bypass in Microsoft's SmartScreen security feature.Mandiant observes China-nexus threat actors targeting technologies that do not normally support endpoint detection and response solutions.Kaspersky recently conducted an analysis of 155 dark web forums from January 2020 to June 2022. Threat groups are offering $240k salaries to tech jobseekers.And an interview with Heidi and Bruce Potter, ShmooCon organizers. ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software, and hardware solutions, and open discussions of critical infosec issues.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Host Bob St.Pierre is joined in KFAN's Twin Cities studios for a conversation with Birds, Booze, and Buds podcaster Tyler Webster and his buddy Bruce Potter as they kick off a bird hunting adventure that will take them to Alaska in search of ptarmigan for the country's earliest upland opener. The duo then plans to drive south to Oregon in pursuit of mountain quail and valley quail before swinging east toward Montana where they'll hunt dusky, ruffed, sage, and sharp-tailed grouse. Episode Highlights: • The guys talk about Webster's donation of an Arizona Mearns' quail hunt to the organization's National Pheasant Fest & Quail Classic banquet fundraising in 2022 and he commits a follow-up adventure for the organization's 2023 event. • A North Dakota native, Webster also provides a first-hand report about the state's habitat conditions and the upland bird broods he's observed so far this summer. • Bob asks the guys to share the single experience they are most-excited about occurring during their upcoming adventure, along with the single element that causes them trepidation.

Bruce Potter, IPM Specialist with the University of Minnesota discusses CRW and other pest projections for the 2022 growing season.

Steve Hiniker, Farm Manager with Hertz Farm Management in Mankato, MN and Bruce Potter, Integrated Pest Management Specialist with the University of MN Extension join us to recap the Southern Minnesota growing season and update us on harvest progress and issues in that region.

  Kayle Browning has trained her whole life for the Olympics. All her passion, training and dedication has finally paid off,  as she has now earned a Silver medal in the recent Olympic games for shooting! Listen in as we talk to her about her journey,  a few surprises along the way,  and what it means to her to have accomplished all of this. Plus, we put her on the spot for her future plans!  We have a new segment for Barepelt, and this months Barepelt shooter is Bruce Potter. Bruce is now the manager at BlackJack sporting clays in Florida. Although his current position takes most of his time, he still finds time to compete in the sport he loves so very much! We catch up with him and ask him about his vest, what he loves about it, why he decided to buy it and more!   We think you will like this new segment, and what its all about.   Take a listen to this informative and entertaining episode!-Kaylee Browning -booking@cypresscreekshooting.com-Rhino Chokes - https://rhinochokes.com-Chad  Roberts email-bpsipro@gmail.com-RE Ranger-https://www.reranger.com-BAREPELT-https://barepelt.com-GAMEGORE US-https://www.gameboreus.com-ATLAS TRAPS-https://www.atlastraps.com-NEGRINI CASES-https://negrinicases.com/the-dead-pair/

Today is August 4, 2021, and earlier this morning we recorded another episode of the Strategic Farming: Field Notes program.  The Field Notes program is a weekly update on the current crop situation and crop management considerations. Today's session was moderated by U of MN Extension Crops Educators Anthony Hanson and Ryan Miller.  This episode featured Dr. Ken Ostlie, Corn Extension Entomologist, and Dr. Bob Koch, Soybean Extension Entomologist, both with the University of Minnesota Department of Entomology as well as Bruce Potter, IPM Extension Specialist based out of Lamberton, MN. Drought conditions during the growing season have exacerbated some pest issues, such as spider mites. Soybean aphid so far has only been found at low densities in most fields across the state, but there is still potential for aphid populations to reach damaging levels in August. Growers have reported corn rootworm adults at noticeable densities, and pests such as armyworms have been moving into corn from nearby grasses.Link to Crop Management Pest tour registration for 8/10/21

All links and images for this episode can be found on CISO Series Managing my own risk is tough enough, but now I have to worry about my partners' risk and their partners' risk? I don't even know what's easier to manage: the risk profile of all my third parties or all the exclusions I've got to open up to let third parties into my system. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Bruce Potter (@gdead), CISO, Expel. Thanks to our podcast sponsor, Expel Expel offers companies of all shapes and sizes the capabilities of a modern Security Operations Center without the cost and headache of managing one. In this episode: What's easier to manage, 3rd party risk profiles or exclusions? Do you need a Git repository to apply for a job? What else? What's in your happy-grab-bag for hybrid work environments? Is there anything new to say about ransomware strategy?  

Today is July 16, 2021, and earlier this morning we recorded another episode of the Strategic Farming: Field Notes program.  The Field Notes program is a weekly update on the current crop situation and crop management considerations.  Today's session was moderated by U of MN Extension Crops Educators David Nicolai and Jared Goplen.  The special guests included Dr. Debalin Sarangi, Extension weed management specialist, Dr. Tom Peters, Extension sugarbeet agronomist, Dr. Seth Naeve, Extension soybean agronomist, and Bruce Potter, Integrated Pest Management Specialist, to discuss cupped soybean leaves. The fact that many fields of Enlist and other traited soybeans are showing these symptoms has many wondering if dicamba drift or volatilization may be to blame. Yet, reports of isolated soybean fields that have been sprayed with simple one-product herbicides and now show symptoms abound. So, what is to blame for all this cupping in drought-stricken regions of Minnesota and the Dakotas in 2021?

Today is June 30, 2021, and earlier this morning we recorded another episode of the Strategic Farming: Field Notes program.  The Field Notes program is a weekly update on the current crop situation and crop management considerations.  Today's session was moderated by U of MN Extension Crops Educators Jared Goplen and Anthony Hanson.  The special guests included Dr. Ian MacRae, University of Minnesota Extension Entomologist, and Bruce Potter, Extension IPM specialist, to discuss insect management issues to be on the lookout for this year. Hot and dry conditions can mean we may see different pest complexes than most years, such as spider mites and grasshoppers. Regulatory changes for insecticides, such as chlorpyrifos, are also pending and could significantly affect what insecticide options growers have left to use this year.

Today is June 16, 2021, and earlier this morning we recorded another episode of the Strategic Farming: Field Notes program.  The Field Notes program is a weekly update on the current crop situation and crop management considerations.  Today's session was moderated by U of MN Extension Crops Educators Ryan Miller and Dave Nicolai.  The special guests included Dr. Dennis Todey, Director of the USDA Midwest Climate Hub, and Bruce Potter, Extension IPM specialist, to discuss weather and pest updates. Dr. Todey discussed the current, short- and medium-range outlooks for precipitation and temperature. Bruce Potter gave updates on pest activity, including alfalfa weevil, corn rootworm, soybean gall midge and spider mites, and gave a preview of SWROC's June 23rd Pest resistance webinar.

Today is May 5, 2021, and earlier this morning we recorded the second episode of the Strategic Farming: Field Notes program.  The Field Notes program is a weekly update on the current crop situation and crop management considerations.  Today's session was moderated by U of MN Extension Crops Educators Jared Goplen and Anthony Hanson.  The special guests included Bruce Potter, Integrated Pest Management Specialist with the University of Minnesota and Stephan Melson, a crop consultant with United AgTech, LLC in Trimont, MN to discuss how the growing season is progressing as well as pest and agronomic issues that are cropping up so far this year.  Transcript

Dr. Ken Ostlie and Bruce Potter discuss corn insects and outlooks for 2021. This episode was part of an interactive webinar series, Strategic Farming: Let's Talk Crops where farmers and other ag. professionals could ask researchers questions they had.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/a-phish-so-insidious-you-cant-help-but-be-jealous/) Wait, that's a phish even I'd fall for. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Matt Crouse, CISO, Taco Bell. Huge thanks to our sponsor, CloudKnox. CloudKnox Security is the market leader within Gartner’s newly defined Cloud Infrastructure Entitlement Management (CIEM) segment. CloudKnox transforms how organizations implement the principle of least privilege in the cloud and empowers security teams to proactively address accidental and malicious credential misuse by continuously detecting and mitigating insider risks. On this week's episode Here’s some surprising research Here's a depressing statistic. Ninety four percent of security and business leaders say they've suffered "one or more business-impacting cyberattacks in the last year — that is, an attack resulting in a loss of customer, employee, or other confidential data; interruption of day-to-day operations; ransomware payout; financial loss or theft; and/or theft of intellectual property." This according to a Forrester Consulting study sponsored by Tenable. Do we accept the sobering fact that a business-impacting cyberattack is an annual inevitability? And if so, what percentage of a CISO's job is putting systems in place to minimize damage, and what are ways you do that? If you're not paranoid yet here’s your chance Get ready for a really nasty phishing attack. Craig Hays, bug bounty hunter particularly interested in phishing, tells a story of a wormable phish that after taking over one user's email account began to reply to legitimate email threads from that account. The phisher would actually read the thread and create a relevant response, but with a phishing link which would then compromise another user's email account in the same way. And the phisher would repeat the process from yet another account, causing this wormable phish to spread not just through the initially targeted company, but through their partners, suppliers, and their partners and suppliers. At the time Craig's company didn't have multi-factor authentication (MFA) implemented to which Craig realizes that would stop such an attack. Yet, in the end he was very impressed with this type of attack because it has so many indicators of legitimacy. Have we experienced a similar attack and/or do we have a "favorite" phishing attack in terms of its effectiveness? What's Worse?! Audit season is about to begin. What would you advise? On the Cybersecurity subreddit, GenoSecurity asks, "What types of projects would look good on a resume since I have no work experience. I am also open to projects that might not look as good but are good for beginners since I’m currently working on my Net+ cert." Close your eyes and visualize the perfect engagement Last Friday we had an online after party using a new tool called Toucan which simulates a real party in a virtual setting. We've also used a platform called Icebreaker that allows for one-on-one random meetups. And last week I participated in a table top cyberthreat exercise with Bruce Potter of Expel and Shmoocon that ran like a Dungeons and Dragons role playing game. All were fun and had their value. Since the launch of the pandemic, how have we been able to socialize and stay connected in fun and unique ways?

While giants like the Washington Post were busy focusing on the international market, InsideNova stuck to the local communities. They knew there's more to news than just politics, but also roads, schools, employment, etc. And today in these tough times, it is paying them off just right. Situated around Northern Virginia, this media house has a huge presence with around 100k followers, an email list of 80k+ subscribers and 0.5 to 1 million unique visitors on the website every month. Their CEO Bruce Potter joined us for a conversation and answered tons of our questions around how have they transitioned from being a conventional newspaper to going absolutely digital, their advertising revenue getting affected this pandemic, the various silver linings that they have found for themselves, and what are some trends that he thinks are never going to come back once this pandemic gets over.

Brakesec Podcast is now on Pandora!  Find us here: https://pandora.app.link/p9AvwdTpT3 Book club Book club is starting up again with Hands-On AWS penetration testing with Kali Linux from Gilbert and Caudill. You read and get together to discuss or demo every Monday. Get the book, start reading and meet us for the kick off Monday the 24 at 10pm eastern. The book club meets virtually on zoom, and organizes on slack..get invited like this.”   Book: https://smile.amazon.com/Hands-Penetration-Testing-Kali-Linux/dp/1789136725   NolaCon Training: https://nolacon.com/training/2020/security-detect-and-defense-ttx Roberto Rodriguez    Bio @Cyb3rWard0g on Twitter Threat Intel vs. Threat Hunting = what’s the difference?   What datasets are you using?    Did you start with any particular dataset, or created your own?   Technique development - what skills are needed?     C2 setup     Detection mechanisms     Honeypots   How can people get involved?   Blacksmith - create ‘mordor’ environment to push scripts to setup honeypot/nets   https://Threathunterplaybook.com    https://github.com/hunters-forge/ThreatHunter-Playbook    https://threathunterplaybook.com/notebooks/windows/08_lateral_movement/lateral_movement/WIN-190815181010.html   https://medium.com/threat-hunters-forge/threat-hunter-playbook-mordor-datasets-binderhub-open-infrastructure-for-open-8c8aee3d8b4   https://medium.com/threat-hunters-forge/writing-an-interactive-book-over-the-threat-hunter-playbook-with-the-help-of-the-jupyter-book-3ff37a3123c7    https://www.exploit-db.com/exploits/47995 - Sudo buffer overflow   Mordor: The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption.    YAML Example: https://github.com/hunters-forge/ThreatHunter-Playbook/blob/master/playbooks/WIN-190810201010.yaml   Notebook Example: https://threathunterplaybook.com/notebooks/windows/08_lateral_movement/lateral_movement/WIN-190810201010.html    Jupyter notebook - Definition: https://jupyter-notebook-beginner-guide.readthedocs.io/en/latest/what_is_jupyter.html    Lateral Movement - WMI - IMAGE Below SIGMA?   What is a Notebook? Think of a notebook as a document that you can access via a web interface that allows you to save input (i.e live code) and output (i.e code execution results / evaluated code output) of interactive sessions as well as important notes needed to explain the methodology and steps taken to perform specific tasks (i.e data analysis). https://medium.com/threat-hunters-forge/threat-hunter-playbook-mordor-datasets-binderhub-open-infrastructure-for-open-8c8aee3d8b4 Have a goal for expanding to other parts of ATT&CK?   Threat Hunter Playbook - Goals Expedite the development of techniques an hypothesis for hunting campaigns. Help Threat Hunters understand patterns of behavior observed during post-exploitation. Reduce the number of false positives while hunting by providing more context around suspicious events. Share real-time analytics validation examples through cloud computing environments for free. Distribute Threat Hunting concepts and processes around the world for free. Map pre-recorded datasets to adversarial techniques. Accelerate infosec learning through open source resources. Sub-techniques:   https://medium.com/mitre-attack/attack-sub-techniques-preview-b79ff0ba669a   Slack Channel:   https://launchpass.com/threathunting   Twitter; https://twitter.com/mattifestation https://twitter.com/tifkin_ https://twitter.com/choldgraf https://twitter.com/Cyb3rPandaH   on Brakeing Down Security Podcast on #Pandora- https://www.pandora.com/podcast/brakeing-down-security-podcast/PC:27866 Marcus Carey https://twitter.com/marcusjcarey  Prolific Author, Defender, Enterprise Architect at ReliaQuest   https://twitter.com/egyp7    https://www.darkreading.com/vulnerabilities---threats/reliaquest-acquires-threatcare/d/d-id/1335950   “GreyMatter integrates security data from security incident and event manager (SIEM), endpoint detection and response (EDR), firewalls, threat intelligence feeds, and other security tools, and includes analysis functions and automation. Threatcare's technology — which will become a new feature on the platform — simulates how a specific threat or attack could target an organization's network in order to determine whether its security tools and settings are or are not actually working to thwart the threats.”   Security model - everyone’s is diff     How do you work with your threat model?     A proper threat model   Attack Simulation -      How is this different from doing a typical Incident Response tabletop? Threat modeling systems?     How is this different than a pentest?     Is this automated red teaming? How effective can automated testing be?     Is this like some kind of constant scanning system?     How does this work with threat intel feeds?      Can it simulate ransomware, or any attacks?   Hedgehog principles     A lot of things crappily, and nothing good   Mr. Boettcher: “Why suck at everything…”   Atomic Red Team - https://github.com/redcanaryco/atomic-red-team  ATT&CK Matrix - https://attack.mitre.org/matrices/enterprise/    Tribe of Hackers  https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189 -  Red Book   The Tribe of Hackers team is back with a new guide packed with insights from dozens of the world’s leading Red Team security specialists. With their deep knowledge of system vulnerabilities and innovative solutions for correcting security flaws, Red Team hackers are in high demand. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity takes the valuable lessons and popular interview format from the original Tribe of Hackers and dives deeper into the world of Red Team security with expert perspectives on issues like penetration testing and ethical hacking.  This unique guide includes inspiring interviews from influential security specialists, including David Kennedy, Rob Fuller, Jayson E. Street, and Georgia Weidman, who share their real-world learnings on everything from Red Team tools and tactics to careers and communication, presentation strategies, legal concerns, and more Learn what it takes to secure a Red Team job and to stand out from other candidates Discover how to hone your hacking skills while staying on the right side of the law Get tips for collaborating on documentation and reporting Explore ways to garner support from leadership on your security proposals Identify the most important control to prevent compromising your network Uncover the latest tools for Red Team offensive security https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1119643376 - Yellow Book   Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street. Get the scoop on the biggest cybersecurity myths and misconceptions about security Learn what qualities and credentials you need to advance in the cybersecurity field Uncover which life hacks are worth your while Understand how social media and the Internet of Things has changed cybersecurity Discover what it takes to make the move from the corporate world to your own cybersecurity venture Find your favorite hackers online and continue the conversation   https://smile.amazon.com/Tribe-Hackers-Security-Leaders-Cybersecurity/dp/1119643775 - Green Book (Next out!) Information security is becoming more important and more valuable all the time. Security breaches can be costly, even shutting businesses and governments down, so security leadership is a high-stakes game. Leading teams of hackers is not always easy, but the future of your organization may depend on it. In this book, the world’s top security experts answer the questions that Chief Information Security Officers and other security leaders are asking, including: What’s the most important decision you’ve made or action you’ve taken to enable a business risk? How do you lead your team to execute and get results? Do you have a workforce philosophy or unique approach to talent acquisition? Have you created a cohesive strategy for your information security program or business unit?   https://smile.amazon.com/Tribe-Hackers-Blue-Team-Cybersecurity/dp/1119643414 - Blue Book (OUT SOON!) Tribe of Hackers Blue Team goes beyond the bestselling, original Tribe of Hackers book and delves into detail on defensive and preventative techniques. Learn how to grapple with the issues that hands-on security experts and security managers are sure to build into their blue team exercises. Discover what it takes to get started building blue team skills Learn how you can defend against physical and technical penetration testing Understand the techniques that advanced red teamers use against high-value targets Identify the most important tools to master as a blue teamer Explore ways to harden systems against red team attacks Stand out from the competition as you work to advance your cybersecurity career Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec  

Brakeing Down Security Podcast on #Pandora- https://www.pandora.com/podcast/brakeing-down-security-podcast/PC:27866 Marcus Carey https://twitter.com/marcusjcarey  Prolific Author, Defender, Enterprise Architect at ReliaQuest   https://twitter.com/egyp7    https://www.darkreading.com/vulnerabilities---threats/reliaquest-acquires-threatcare/d/d-id/1335950   “GreyMatter integrates security data from security incident and event manager (SIEM), endpoint detection and response (EDR), firewalls, threat intelligence feeds, and other security tools, and includes analysis functions and automation. Threatcare's technology — which will become a new feature on the platform — simulates how a specific threat or attack could target an organization's network in order to determine whether its security tools and settings are or are not actually working to thwart the threats.”   Security model - everyone’s is diff     How do you work with your threat model?     A proper threat model   Attack Simulation -      How is this different from doing a typical Incident Response tabletop? Threat modeling systems?     How is this different than a pentest?     Is this automated red teaming? How effective can automated testing be?     Is this like some kind of constant scanning system?     How does this work with threat intel feeds?      Can it simulate ransomware, or any attacks?   Hedgehog principles     A lot of things crappily, and nothing good   Mr. Boettcher: “Why suck at everything…”   Atomic Red Team - https://github.com/redcanaryco/atomic-red-team  ATT&CK Matrix - https://attack.mitre.org/matrices/enterprise/    Tribe of Hackers  https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189 -  Red Book   The Tribe of Hackers team is back with a new guide packed with insights from dozens of the world’s leading Red Team security specialists. With their deep knowledge of system vulnerabilities and innovative solutions for correcting security flaws, Red Team hackers are in high demand. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity takes the valuable lessons and popular interview format from the original Tribe of Hackers and dives deeper into the world of Red Team security with expert perspectives on issues like penetration testing and ethical hacking.  This unique guide includes inspiring interviews from influential security specialists, including David Kennedy, Rob Fuller, Jayson E. Street, and Georgia Weidman, who share their real-world learnings on everything from Red Team tools and tactics to careers and communication, presentation strategies, legal concerns, and more Learn what it takes to secure a Red Team job and to stand out from other candidates Discover how to hone your hacking skills while staying on the right side of the law Get tips for collaborating on documentation and reporting Explore ways to garner support from leadership on your security proposals Identify the most important control to prevent compromising your network Uncover the latest tools for Red Team offensive security https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1119643376 - Yellow Book   Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street. Get the scoop on the biggest cybersecurity myths and misconceptions about security Learn what qualities and credentials you need to advance in the cybersecurity field Uncover which life hacks are worth your while Understand how social media and the Internet of Things has changed cybersecurity Discover what it takes to make the move from the corporate world to your own cybersecurity venture Find your favorite hackers online and continue the conversation   https://smile.amazon.com/Tribe-Hackers-Security-Leaders-Cybersecurity/dp/1119643775 - Green Book (Next out!) Information security is becoming more important and more valuable all the time. Security breaches can be costly, even shutting businesses and governments down, so security leadership is a high-stakes game. Leading teams of hackers is not always easy, but the future of your organization may depend on it. In this book, the world’s top security experts answer the questions that Chief Information Security Officers and other security leaders are asking, including: What’s the most important decision you’ve made or action you’ve taken to enable a business risk? How do you lead your team to execute and get results? Do you have a workforce philosophy or unique approach to talent acquisition? Have you created a cohesive strategy for your information security program or business unit?   https://smile.amazon.com/Tribe-Hackers-Blue-Team-Cybersecurity/dp/1119643414 - Blue Book (OUT SOON!) Tribe of Hackers Blue Team goes beyond the bestselling, original Tribe of Hackers book and delves into detail on defensive and preventative techniques. Learn how to grapple with the issues that hands-on security experts and security managers are sure to build into their blue team exercises. Discover what it takes to get started building blue team skills Learn how you can defend against physical and technical penetration testing Understand the techniques that advanced red teamers use against high-value targets Identify the most important tools to master as a blue teamer Explore ways to harden systems against red team attacks Stand out from the competition as you work to advance your cybersecurity career Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

  Marcus Carey https://twitter.com/marcusjcarey  Prolific Author, Defender, Enterprise Architect at ReliaQuest https://twitter.com/egyp7  https://www.darkreading.com/vulnerabilities---threats/reliaquest-acquires-threatcare/d/d-id/1335950   “GreyMatter integrates security data from security incident and event manager (SIEM), endpoint detection and response (EDR), firewalls, threat intelligence feeds, and other security tools, and includes analysis functions and automation. Threatcare's technology — which will become a new feature on the platform — simulates how a specific threat or attack could target an organization's network in order to determine whether its security tools and settings are or are not actually working to thwart the threats.”   Security model - everyone’s is diff     How do you work with your threat model?     A proper threat model   Attack Simulation -      How is this different from doing a typical Incident Response tabletop? Threat modeling systems?     How is this different than a pentest?     Is this automated red teaming? How effective can automated testing be?     Is this like some kind of constant scanning system?     How does this work with threat intel feeds?      Can it simulate ransomware, or any attacks?   Hedgehog principles     A lot of things crappily, and nothing good   Mr. Boettcher: “Why suck at everything…”   Atomic Red Team - https://github.com/redcanaryco/atomic-red-team  ATT&CK Matrix - https://attack.mitre.org/matrices/enterprise/    Tribe of Hackers  https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189 -  Red Book   The Tribe of Hackers team is back with a new guide packed with insights from dozens of the world’s leading Red Team security specialists. With their deep knowledge of system vulnerabilities and innovative solutions for correcting security flaws, Red Team hackers are in high demand. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity takes the valuable lessons and popular interview format from the original Tribe of Hackers and dives deeper into the world of Red Team security with expert perspectives on issues like penetration testing and ethical hacking.  This unique guide includes inspiring interviews from influential security specialists, including David Kennedy, Rob Fuller, Jayson E. Street, and Georgia Weidman, who share their real-world learnings on everything from Red Team tools and tactics to careers and communication, presentation strategies, legal concerns, and more Learn what it takes to secure a Red Team job and to stand out from other candidates Discover how to hone your hacking skills while staying on the right side of the law Get tips for collaborating on documentation and reporting Explore ways to garner support from leadership on your security proposals Identify the most important control to prevent compromising your network Uncover the latest tools for Red Team offensive security https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1119643376 - Yellow Book   Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street. Get the scoop on the biggest cybersecurity myths and misconceptions about security Learn what qualities and credentials you need to advance in the cybersecurity field Uncover which life hacks are worth your while Understand how social media and the Internet of Things has changed cybersecurity Discover what it takes to make the move from the corporate world to your own cybersecurity venture Find your favorite hackers online and continue the conversation   https://smile.amazon.com/Tribe-Hackers-Security-Leaders-Cybersecurity/dp/1119643775 - Green Book (Next out!) Information security is becoming more important and more valuable all the time. Security breaches can be costly, even shutting businesses and governments down, so security leadership is a high-stakes game. Leading teams of hackers is not always easy, but the future of your organization may depend on it. In this book, the world’s top security experts answer the questions that Chief Information Security Officers and other security leaders are asking, including: What’s the most important decision you’ve made or action you’ve taken to enable a business risk? How do you lead your team to execute and get results? Do you have a workforce philosophy or unique approach to talent acquisition? Have you created a cohesive strategy for your information security program or business unit?   https://smile.amazon.com/Tribe-Hackers-Blue-Team-Cybersecurity/dp/1119643414 - Blue Book (OUT SOON!) Tribe of Hackers Blue Team goes beyond the bestselling, original Tribe of Hackers book and delves into detail on defensive and preventative techniques. Learn how to grapple with the issues that hands-on security experts and security managers are sure to build into their blue team exercises. Discover what it takes to get started building blue team skills Learn how you can defend against physical and technical penetration testing Understand the techniques that advanced red teamers use against high-value targets Identify the most important tools to master as a blue teamer Explore ways to harden systems against red team attacks Stand out from the competition as you work to advance your cybersecurity career Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

All images and links for this episode can be found on CISO Series (https://cisoseries.com/serious-hackers-wear-two-black-hoodies/) We're doubling down and embracing the absolute worst of hacker tropes. Put on your black hoodie and then a second one. Boot up your Matrix screensaver and listen to the latest episode of CISO/Security Vendor Relationship Podcast. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our sponsored guest this week is Bruce Potter (@gdead), CISO, Expel. Here are the links to the items Bruce mentioned on the show: Expel's third-party assessment framework NIST CSF (and soon to be PF) self assessment tool Oh Noes! The incident response role playing game Thanks to this week's podcast sponsor Expel Expel is flipping today’s managed security model on its head (Ouch!) for on-prem and cloud, taking a technology-driven approach that lets analysts focus on what humans do best: exercise judgment and manage relationships. The company offers 24x7 monitoring through its security operations center-as-a-service, using the security tools customers already have. On this week's episode We’ve got listeners, and they’ve got questions A listener, who wishes to remain anonymous asks, "I am a one person security organization, and I get frustrated reading industry news and even listening to the CISO Series (love the show). My frustration is that so very often articles, blogs and podcasts assume that you/your organization has a security TEAM... How do you thrive and not just survive as a security shop of one?" What can a one-person shop expect to do, and not do? Let's dig a little deeper Bruce is also the founder of the Shmoo Group and his wife is the organizer for the annual ShmooCon which is a hacker conference held in DC every year. I'm stunned that his 2200-person event sells out in less than 20 seconds. There is obviously huge demand to attend and speak at your event. This year's event he had 168 submitted talks and 41 were accepted. Bruce tells us what makes a great ShmooCon submission and what were the most memorable talks from ShmooCon. "What's Worse?!" Today's game probably speaks to the number one problem with every company's security program. Hey, you're a CISO, what's your take on this? An issue that comes up in security all the time is "how do you do more with less." Are there ways to advance your security program when you don't have more budget or more people to do so? Study after study shows a top priority for cloud users is having visibility into application and data traffic. But most are not getting it. Nine out of ten respondents believe that access to packet data is needed for effective monitoring. So even though the cloud providers maintain the fortress, the enterprise still needs to see what’s going on. They’re ultimately responsible, after all. Cloud needs its own approach to monitoring, more closely based on how cloud customers interact with their data. It needs its own tools and greater level of communication between them and their providers. More on CISO Series. Check out lots more cloud security tips sponsored by OpenVPN, provider of next-gen secure and scalable communication software. OpenVPN Access Server keeps your company’s data safe with end-to-end encryption, secure remote access, and extension for your centralized UTM. Why is everybody talking about this now? We have talked in the past about the tired and negative image of the hacker in the black hoodie. It's pretty much all you see in stock photos. And since that's all any media outlet uses, that image just keeps getting reinforced. Poking fun and I think truly trying to find a better hacker image meme, Casey Ellis, founder of Bugcrowd, challenged others on LinkedIn to find a better "hacker stock photo" than the one he posted of hands coming out of a screen and typing on your keyboard with a cat looking on. We debate the truly worst hacker images we've seen and we propose a possible new stock image of the hacker.

In this installment of the Gopher Coffee Shop podcast, Extension Educators Ryan Miller and Brad Carlson sit down with Bruce Potter, Integrated Pest Management Specialist, to discuss crop and pest management in MN. In this episode we discuss IPM and how are people making crop and pest management decisions. Topics included in the discussion: White mold, soybean aphid biology and management, and soybean gall midge (a new and emerging pest of soybeans in MN). Enjoy!Follow Bruce on twitter: @SWMNpest Read his newsletter here: https://swroc.cfans.umn.edu/ag/pest-managementListen to the podcastThe Gopher Coffee Shop Podcast is available on Stitcher and iTunes.  For a chance to read about various crop management topics, please see ourMinnesota Crop News blog: https://z.umn.edu/cropnewsSign up to receive Minnesota Crop News: https://z.umn.edu/CropNewsSignupFor more information, visit University of Minnesota Extension Crop Production at http://z.umn.edu/crops. 

Marcus Carey: Tribe of Hackers There are already hundreds of thousands of cybersecurity professionals and according to some sources, there is a shortage of several more hundreds of thousands. With his new book Tribe of Hackers, Marcus Carey wants to change that. Tribe of Hackers is a collection of industry, career, and personal insights from 70 cybersecurity luminaries. In this week’s episode of InSecurity, Matt Stephenson sits down with world renowned hacker Marcus Carey, CEO of Threatcare, to talk about talk about his new book, Tribe of Hackers as well as mentors from his past who have influenced him and, by extension, influenced the world of cybersecurity. About Tribe of Hackers These are the wisdom and perspectives of real-life hackers and cybersecurity practitioners, including David Kennedy, Wendy Nather, Lesley Carhart, and Bruce Potter. Threatcare will be giving away three copies per day (fifteen total) at the RSA Conference. Follow Threatcare on Twitter and Sign Up for the Risk Report to learn more about the details. All proceeds from the book will go towards Bunker Labs, Sickle Cell Disease Association of America, Rainforest Partnership, and Start-Up! Kid’s Club. About Marcus Carey Marcus Carey is renowned in the cybersecurity industry and has spent his more than 20-year career working in penetration testing, incident response, and digital forensics with federal agencies such as NSA, DC3, DIA, and DARPA. He started his career in cryptography in the U.S. Navy and holds a Master’s degree in Network Security from Capitol College. Marcus regularly speaks at security conferences across the country. Currently, working as founder and CEO of cybersecurity company Threatcare, Marcus is passionate about giving back to the community through things like mentorship, hackathons, and speaking engagements, and is a voracious reader in his spare time. Tribe of Hackers is his first published book, but will definitely not be his last. About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceTV Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line. Can’t get enough of Insecurity? You can find us wherever you get your podcasts including Spotify, Stitcher, SoundCloud, I Heart Radio as well as ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste Make sure you Subscribe, Rate and Review!

Episode 1. May 22, 2018 black cutworm update with Bruce Potter.

Bruce Potter is the Founder and an organizer of ShmooCon, a long-running, yearly hacker convention in Washington, D.C. He also serves as the CTO of KeyW Corporation and Ponte Technologies. Bruce talks about his security journey, and the political climate as it relates to cybersecurity. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode497#Interview:_Bruce_Potter.2C_Shmoocon_-_7:00PM-7:30PM Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Bruce Potter is the Founder and an organizer of ShmooCon, a long-running, yearly hacker convention in Washington, D.C. He also serves as the CTO of KeyW Corporation and Ponte Technologies. Bruce talks about his security journey, and the political climate as it relates to cybersecurity. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode497#Interview:_Bruce_Potter.2C_Shmoocon_-_7:00PM-7:30PM Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly

Jason Blanchard of SANS and Bruce Potter of ShmooCon join us, and we discuss the security news for this week. Stay tuned!

Jason Blanchard of SANS and Bruce Potter of ShmooCon join us, and we discuss the security news for this week. Stay tuned!

And That's How I Lost My Other Eye: Further Explorations In Data Destruction Zoz Robotics Engineer and Security Researcher How much more paranoid are you now than you were four years ago? Warrantless surveillance and large-scale data confiscation have brought fear of the feds filching your files from black helicopter territory into the mainstream. Recent government snatch-and-grabs have run the gamut from remotely imaging foreign servers to straight up domestic coffeeshop muggings, so if you think you might need to discard a lot of data in hurry you're probably right. In their legendary DEF CON 19 presentation Shane Lawson, Bruce Potter and Deviant Ollam kicked off the discussion, and now it's time for another installment. While purging incriminating material residing on spinning disks remains the focus, the research has been expanded to encompass solid state storage and mobile solutions to your terabyte trashing needs. With best efforts to comply with the original constraints, the 2015 update features more analysis of the efficacy of kinetic projectiles, energetic materials and high voltages for saving your freedom at the potential cost of only a redundant body part... or two. Zoz is a robotics engineer, rapid prototyping specialist and lifelong enthusiast of the pyrotechnic arts. Once he learned you could use a flamethrower and a coffee creamer bomb to fake a crop circle for TV he realized there are really no limits to creative destruction.

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Bruce-Potter-Hackers-Guide-to-Risk.pdf A Hacker’s Guide to Risk Bruce Potter The Shmoo Group When the latest and greatest vulnerability is announced, the media and PR frenzy can be dizzying. However, when the dust settles, how do we actually measure the risk represented by a given vulnerability. When pen testers find holes in an organization, is it really “ZOMG, you’re SO 0WNED!” or is it something more manageable and controlled? When you’re attempting to convince the boss of the necessity of the latest security technology, how do really rank the importance of the technology against the threats facing the organization. Understanding risk can be tricky, especially in an industry that often works on gut feelings and values quantity over quality. But risk and risk management doesn’t need to be complicated. With a few basic formulas and access to some simple models, understanding risk can be a straightforward process. This talk will discuss risk, why its important, and the poor job the hacker community has done when it comes to properly assessing risk. It will also touch on some existing risk assessment and management systems, as well as provide worked examples of real world vulnerabilities and systems and the risks they pose. Finally, this talk will examine some practical guidance on how you, as hackers, security researchers, and security practitioners can better measure risk in your day to day life Bruce Potter is the founder of The Shmoo Group, one of the organizers of ShmooCon, and a director at KEYW Corporation. Bruce's lack of degrees and certifications hasn't stopped him from discussing infosec in numerous articles, books, and presentations. Bruce has been in the computer security field for nearly 2 decades which means he is getting old and increasingly jaded. His primary focus areas are trusted computing, cyber security risk management (yikes!), and large scale vulnerability analysis. Bruce believes that while attackers have the upper hand, we can still do better with the tools we have than most people realize. Bruce also believes in using fake names when ordering coffee but occasionally uses his real name to throw people off his scent. Twitter: @gdead

Security Weekly 335 (Part 1) Special Segment with Dave "Rel1k" Kennedy: Connecting the Dots on Bypassing AV CycleOverride with JP Bourget and Bruce Potter

We have JP Bourget and Bruce Potter on the show to announce their ball busting ride across the USA, CycleOverride . CycleOverride is planning a series of rides over the coming years that revolve around information security and fundraising for organizations important to the infosec community. Support the EFF in support of Cycle Override

Bruce Potter comes on the show to talk about the death of defense in depth, full disclosure, netflow analysis, trusted computing, and Lard. Because sometimes you just need pure lard. Full Show Notes Hosts: Larry "HaxorTheMatrix" Pesce, Paul Asadoorian, John Strand, Mick Douglas, Carlos "Dark0perator" Perez

During this inaugural webcast, Jeff Moss provided an overview of prevailing security trends and technologies and was joined by several of the world's leading security minds who will each provide a brief preview of the topics they presented at the Black Hat Briefings & Trainings in August 2008. The presenters were: Bruce Potter with Malware Detection Through Flow Analysis Fyodor Vaskovich with Nmap - Scanning the Internet Shawn Moyer and Nathan Hamiel with Satan is on My Friends List: Attacking Social Networks Nate McFeters, John Heasman and Rob Carter with The Internet is Broken: beyond Document.Cookie - Extreme Client-Side Exploitation Mike Reavey, Steve Adegbite and katie Moussouris with Secure the Planet! new Strategic Initiatives from Microsoft to Rock your World.

Trusted computing is considered a dirty word by many due to its use for Digital Rights Management (DRM). There is a different side of trusted computing, however, that can solve problems information security professionals have been attempting to solve for more than three decades. Large scale deployment of trusted computing will fundamentally change the threat model we have been using for years when building operating systems, applications, and networks. This talk will examine the history of trusted computing and the current mindset of information security. From there, we will attempt to demystify the trusted computing architecture and give examples of where trusted computing is being used today. Then, we'll discuss how security constructs that we know an love today (such as firewalls and SSL transactions) fundamentally change when a trusted hardware component is added. Finally, new tools will be released to allow users to examine trusted components in their system. Bruce Potter is the founder of the Shmoo Group of security professionals, a group dedicated to working with the community on security, privacy, and crypto issues. His areas of expertise include wireless security, software assurance, pirate songs, and restoring hopeless vehicles. Mr. Potter has co-authored several books including "802.11 Security" and "Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X Security" by New Riders. Mr. Potter was trained in computer science at the University of Alaska, Fairbanks. Bruce Potter is a Senior Associate with Booz Allen Hamilton."

"In the last 3 years, Bluetooth has gone from geeky protocol to an integral part of our daily life. From cars to phones to laptops to printers, Bluetooth is everywhere. And while the state of the art with respect to Bluetooth attack has been progressing, Bluetooth defense has been lagging. For many vendors, the solution to securing Bluetooth is to simply "turn it off." There are very few tools and techniques that can be used today to secure a Bluetooth interface without resorting to such extreme measures. This talk will examine contemporary Bluetooth threats including attack tools and risk to the user. The meat of this talk will focus on practical techniques that can be employed to lock down Bluetooth on Windows and Linux. Some of these techniques will be configuration changes, some will be proper use of helper applications, and some will be modifications to the Bluez Bluetooth stack designed to make the stack more secure. Finally, we will release the Bluetooth Defense Kit (BTDK), a tool geared towards the end user designed to make Bluetooth security easy to install and maintain on Bluetooth enabled workstations. Ultimately, security tools need to be usable to be useful, and BTDK has been designed with usability in mind. Bruce Potter is the founder of the Shmoo Group of security professionals, a group dedicated to working with the community on security, privacy, and crypto issues. His areas of expertise include wireless security, software assurance, pirate songs, and restoring hopeless vehicles. Mr. Potter has co-authored several books including "802.11 Security" and "Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X Security" by New Riders. Mr. Potter was trained in computer science at the University of Alaska, Fairbanks. Bruce Potter is a Senior Associate with Booz Allen Hamilton."

"Trusted computing is considered a dirty word by many due to its use for Digital Rights Management (DRM). There is a different side of trusted computing, however, that can solve problems information security professionals have been attempting to solve for more than three decades. Large scale deployment of trusted computing will fundamentally change the threat model we have been using for years when building operating systems, applications, and networks. This talk will examine the history of trusted computing and the current mindset of information security. From there, we will attempt to demystify the trusted computing architecture and give examples of where trusted computing is being used today. Then, we'll discuss how security constructs that we know an love today (such as firewalls and SSL transactions) fundamentally change when a trusted hardware component is added. Finally, new tools will be released to allow users to examine trusted components in their system. Bruce Potter is the founder of the Shmoo Group of security professionals, a group dedicated to working with the community on security, privacy, and crypto issues. His areas of expertise include wireless security, software assurance, pirate songs, and restoring hopeless vehicles. Mr. Potter has co-authored several books including "802.11 Security" and "Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X Security" by New Riders. Mr. Potter was trained in computer science at the University of Alaska, Fairbanks. Bruce Potter is a Senior Associate with Booz Allen Hamilton."

In the last 3 years, Bluetooth has gone from geeky protocol to an integral part of our daily life. From cars to phones to laptops to printers, Bluetooth is everywhere. And while the state of the art with respect to Bluetooth attack has been progressing, Bluetooth defense has been lagging. For many vendors, the solution to securing Bluetooth is to simply "turn it off." There are very few tools and techniques that can be used today to secure a Bluetooth interface without resorting to such extreme measures. This talk will examine contemporary Bluetooth threats including attack tools and risk to the user. The meat of this talk will focus on practical techniques that can be employed to lock down Bluetooth on Windows and Linux. Some of these techniques will be configuration changes, some will be proper use of helper applications, and some will be modifications to the Bluez Bluetooth stack designed to make the stack more secure. Finally, we will release the Bluetooth Defense Kit (BTDK), a tool geared towards the end user designed to make Bluetooth security easy to install and maintain on Bluetooth enabled workstations. Ultimately, security tools need to be usable to be useful, and BTDK has been designed with usability in mind. Bruce Potter is the founder of the Shmoo Group of security professionals, a group dedicated to working with the community on security, privacy, and crypto issues. His areas of expertise include wireless security, software assurance, pirate songs, and restoring hopeless vehicles. Mr. Potter has co-authored several books including "802.11 Security" and "Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X Security" by New Riders. Mr. Potter was trained in computer science at the University of Alaska, Fairbanks. Bruce Potter is a Senior Associate with Booz Allen Hamilton."

At DefCon 11, a rogue access point setup utility named "Airsnarf" was presented by the Shmoo Group. Two years later, "Evil Twin" access points have made it to Slashdot and news.google.com. Who would have thought TSG could get away with the easy rogue AP attacks for so long? Note to Shmoo: Next time, put the word "evil" in the title of your presentation for mass appeal and acceptance. Oh, rock on--it WORKED! Wireless n00b? No problem0. This talk starts off with the basics. Wireless insecurity basics. Rogue AP basics. How your wireless users are basically screwed. Etc. If you read about "Evil Twin" access points earlier this year, you will actually see how easy it is to build your own. However, this talk quickly moves on to more advanced attacks and trickery with rogue APs, including: gathering intel beyond usernames / passwords, getting around WEP and WPA-PSK protected networks, integrating RADIUS with your rogue AP, abusing vulnerable EAPs, rogue AP backend bridging, and real-time abuse of two-factor authentication a la Bruce Schneier's Springtime scary story. Even wireless warriors will learn an entertaining trick or two. You want demonstrations? Okey dokey. You'll have them. Once everyone has the willies, the "professional" and "responsible" portion of this talk, albeit minimal, will cover rogue AP defense. Basic wireless security architectures and to-dos for home users, hotspot users, and enterprise wireless network admins are covered, as well as client-side defensive tools, WIDS considerations, and roll-your-own options. But wait! There's more! For the closet Microsoft fanboy in all of us, wireless weapons for Windows are covered--both offense and defense. Why launch a rogue AP attack when you can launch three? Rogue AP attacks for the masses! The release of "Rogue Squadron"! It's a bizarre look at how to be a social engineering badboy with 802.11b presented by Beetle of the Shmoo Group. If you want to know what the press will pick up on two years from now, you should probably check this out. Otherwise, move along. These are not the APs you are looking for. Beetle is a member of the Shmoo Group, holds a BS in Computer Science, and is a D.C.-area computer security engineer. He is a geek, and he is a licensed amateur racecar driver the perfect combination for successfully working and driving around the nation's capital. He presented on the topic of rogue access points at DefCon 11 and Black Hat Federal, demonstrating his rogue AP setup utility Airsnarf. Last year, he and the Shmoo Group pimped some of their new wireless gadgets, such as 802.11bounce and the Sniper Yagi, at DefCon 12, and Beetle unleashed Wireless Weapons of Mass Destruction for Windows at ToorCon last fall. This year, Beetle swears he is taking a break of sorts, having recently organized an East coast hacker conference in D.C. called ShmooCon this past Winter, while reminding people that rogue APs and "Evil Twins" are NOT new, and presenting on wireless topics at several other conferences this past Spring. Bruce Potter is the founder of the Shmoo Group of security professionals, a group dedicated to working with the community on security, privacy, and crypto issues. His areas of expertise include wireless security, large-scale network architectures, smartcards and promotion of secure software engineering practices. Mr. Potter coauthored the books "802.11 Security", published in 2003 by O'Reilly, "Mac OS X Security" by New Riders in 2003 and "Mastering FreeBSD and OpenBSD Security" by O'Reilly published in April 2005. Mr. Potter was trained in computer science at the University of Alaska, Fairbanks. Bruce Potter is a Senior Associate with Booz Allen Hamilton.

At DefCon 11, a rogue access point setup utility named "Airsnarf" was presented by the Shmoo Group. Two years later, "Evil Twin" access points have made it to Slashdot and news.google.com. Who would have thought TSG could get away with the easy rogue AP attacks for so long? Note to Shmoo: Next time, put the word "evil" in the title of your presentation for mass appeal and acceptance. Oh, rock on--it WORKED! Wireless n00b? No problem0. This talk starts off with the basics. Wireless insecurity basics. Rogue AP basics. How your wireless users are basically screwed. Etc. If you read about "Evil Twin" access points earlier this year, you will actually see how easy it is to build your own. However, this talk quickly moves on to more advanced attacks and trickery with rogue APs, including: gathering intel beyond usernames / passwords, getting around WEP and WPA-PSK protected networks, integrating RADIUS with your rogue AP, abusing vulnerable EAPs, rogue AP backend bridging, and real-time abuse of two-factor authentication a la Bruce Schneier's Springtime scary story. Even wireless warriors will learn an entertaining trick or two. You want demonstrations? Okey dokey. You'll have them. Once everyone has the willies, the "professional" and "responsible" portion of this talk, albeit minimal, will cover rogue AP defense. Basic wireless security architectures and to-dos for home users, hotspot users, and enterprise wireless network admins are covered, as well as client-side defensive tools, WIDS considerations, and roll-your-own options. But wait! There's more! For the closet Microsoft fanboy in all of us, wireless weapons for Windows are covered--both offense and defense. Why launch a rogue AP attack when you can launch three? Rogue AP attacks for the masses! The release of "Rogue Squadron"! It's a bizarre look at how to be a social engineering badboy with 802.11b presented by Beetle of the Shmoo Group. If you want to know what the press will pick up on two years from now, you should probably check this out. Otherwise, move along. These are not the APs you are looking for. Beetle is a member of the Shmoo Group, holds a BS in Computer Science, and is a D.C.-area computer security engineer. He is a geek, and he is a licensed amateur racecar driver the perfect combination for successfully working and driving around the nation's capital. He presented on the topic of rogue access points at DefCon 11 and Black Hat Federal, demonstrating his rogue AP setup utility Airsnarf. Last year, he and the Shmoo Group pimped some of their new wireless gadgets, such as 802.11bounce and the Sniper Yagi, at DefCon 12, and Beetle unleashed Wireless Weapons of Mass Destruction for Windows at ToorCon last fall. This year, Beetle swears he is taking a break of sorts, having recently organized an East coast hacker conference in D.C. called ShmooCon this past Winter, while reminding people that rogue APs and "Evil Twins" are NOT new, and presenting on wireless topics at several other conferences this past Spring. Bruce Potter is the founder of the Shmoo Group of security professionals, a group dedicated to working with the community on security, privacy, and crypto issues. His areas of expertise include wireless security, large-scale network architectures, smartcards and promotion of secure software engineering practices. Mr. Potter coauthored the books "802.11 Security", published in 2003 by O'Reilly, "Mac OS X Security" by New Riders in 2003 and "Mastering FreeBSD and OpenBSD Security" by O'Reilly published in April 2005. Mr. Potter was trained in computer science at the University of Alaska, Fairbanks. Bruce Potter is a Senior Associate with Booz Allen Hamilton.

In this show we interview Bruce Potter founder of the Shmoo Group, a non-profit think-tank of computer security professionals. We also talk about Max OS X viruses, interview with a botmaster, indictment of a botmaster, file registary, Web Historian, and listener email.