~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 23 Feb 2023 11:00:00 -0500

Rob van der Veer -- OWASP AI Security & Privacy Guide

Rob van der Veer has a 30-year background in software engineering, building AI businesses, creating software, and assessing software. He is a senior director at the Software Improvement Group, where he established practices for AI, security, and privacy. Rob is involved in several standardization initiatives like OWASP SAMM, ENISA, CIP, and AI security & privacy guide. He leads the writing group for the new ISO standard on AI engineering: 5338. Rob co-leads the OWASP integration project, with openCRE.org as a key result, aiming to create alignment in the standards landscape. Rob joins us to introduce the OWASP AI Security and Privacy Guide. We cover Rob's observations on how AI engineering differs from regular software engineering, typical software engineering pitfalls for AI engineers, the new guide's scope, threats introduced with AI, and mitigations that orgs and teams can use to build a secure AI system. We hope you enjoy this conversation with...Rob van der Veer.

Show Notes:

Visit the OWASP Security & Privacy Guide here --> https://owasp.org/www-project-ai-security-and-privacy-guide/

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 10 Jan 2023 08:00:00 -0500

Robyn Lundin -- Planning & organizing a penetration test as an AppSec team

Robyn Lundin started working in tech after a coding boot camp as a developer for a small startup. She then discovered her passion for security, pivoted into pentesting for NCC Group, and now works as a Senior Product Security Engineer for Slack.

Robyn joins us to discuss the role of penetration testing within the application security realm. Robyn provides actionable guidance you can apply directly to your application pen testing program. We hope you enjoy this conversation with....Robyn Lundin.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 03 Jan 2023 08:00:00 -0500

Michael Bargury -- Low Code / No Code Security and an OWASP Top Ten

Michael Bargury is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure, focused on IoT, APIs and IaC.

Michael is passionate about all things related to cloud, SaaS and low-code security and spends his time finding ways they could go wrong. He also leads the OWASP low-code security project and writes about it on DarkReading. Michael is a regular speaker at OWASP, BSides and DEFCON conferences.

Michael joins us to unpack Low Code / No Code and the new OWASP Top Ten that defines specific risks against Low/No Code. We hope you enjoy this conversation with...Michael Bargury.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 20 Dec 2022 08:00:00 -0500

Alex Olsen -- Security champions, empowering developers, and AppSec training

Alex leads the Cyber Security Consulting Group, part of Rakuten's Cyber Security Defense Department. The group's dedication is to providing global security services, including security architecture, DevSecOps tooling and integration services, delivery of technical training, and running Rakuten's Security Champion community. His focus is on empowering teams to improve security throughout the development lifecycle.

Alex joins us to discuss security champions, a topic near and dear to our hearts. We get into democratizing appsec, the value of security governance and empowerment activities for security champions and the organization, how scope, cost and effort fit, and the ROI of training and security champions. We hope you enjoy this conversation with...Alex Olsen.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 13 Dec 2022 08:00:00 -0500

Mark Curphey -- The future of OWASP

Mark Curphey is one of the creators of OWASP from the very early days. Mark worked in the background over the few decades of OWASP but has recently taken more to the spotlight. After running, he was elected and joined the OWASP Board of Directors.

This conversation starts with the historical story of Mark and his history with OWASP. Then we jump into the visions for OWASP in the future and the plans in place to reach those goals. We hope you enjoy this conversation with...Mark Curphey.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 06 Dec 2022 07:00:00 -0500

Tiago Mendo -- How to scan at scale with OWASP ZAP

Tiago Mendo is a co-founder and CTO of Probely. He has extensive experience in pentesting applications, training, and providing all-around security consultancy.

Tiago started working with security in the early 2000s, beginning with a tenure of 12 years at Portugal Telecom. While there, he built the web security team and worked with 150+ developers. He holds a Master's in Information Technology/Information Security from Carnegie Mellon University and a CISSP certification.

He is also a qualified member of AP2SI, a non-profit organization that promotes Information Security in Portugal, and Co-Leader of the Lisbon OWASP Chapter. He is a frequent speaker at security events, such as Confraria da Segurana da Informao, BSides Lisbon, BSides Krakw and LASCON.

Tiago Mendo joins us to discuss OWASP ZAP and DAST scanning at scale. Tiago shares what scanning at scale is, the common challenges development teams must overcome when scanning at scale, and how to overcome them using OWASP ZAP. We hope you enjoy this conversation with ... Tiago Mendo.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 29 Nov 2022 08:00:00 -0500

Wolfgang Goerlich -- Security beyond vulnerabilities

J. Wolfgang Goerlich is an Advisory CISO for Cisco Secure. He has been responsible for IT and IT security in the healthcare and financial services verticals. Wolfgang has led advisory and assessment practices for cybersecurity consulting firms.

Wolf joins us to talk about some security things that will stretch your mind, like security beyond vulnerabilities, how apps intended functionality can be misused, data privacy, and nudges and behavior science.

Wolf challenged my thinking in this episode and pointed out a new area of threat modeling I had never considered. We hope you enjoy this conversation with... J. Wolfgang Goerlich.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 08 Nov 2022 08:00:00 -0500

Sam Stepanyan -- OWASP Nettacker Project

Sam Stepanyan is an OWASP London Chapter Leader and an Independent Application Security Consultant with over 20 years of IT experience and a background in software engineering and web application development.

Sam has worked for various financial services institutions in the City of London, specializing in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management. He is also a Subject Matter Expert in Web Application Firewalls (WAF) and SIEM systems. Sam holds a Masters degree in Software Engineering and a CISSP certification.

Sam joins us to introduce us to OWASP Nettacker. He describes the tool's capabilities, how you can put it into use in various scenarios for asset generation and vuln scanning, and how to contribute to the project going forward. We hope you enjoy this conversation with...Sam Stepanyan.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 01 Nov 2022 13:00:00 -0400

Nick Aleks and Dolev Farhi -- GraphQL Security

Dolev Farhi is a security engineer and author with extensive experience leading security engineering teams in complex environments and scales in the Fintech and cyber security industries. Currently, he is the Principal Security Engineer at Wealthsimple. He is one of the founders of DEFCON Toronto (DC416). He enjoys researching vulnerabilities in IoT devices, participating in and building CTF challenges and contributing exploits to Exploit-DB.

Nick Aleks is a leader in Toronto's cybersecurity community and a distinguished and patented security engineer, speaker, and researcher. He is currently the Senior Director of Security at Wealthsimple, leads his security firm, ASEC.IO, and is a Senior Advisory Board member for HackStudent, George Brown, and the University of Guelph's Master of Cybersecurity and Threat Intelligence programs. A founder of DEFCON Toronto, he specializes in offensive security and penetration testing. He has over ten years of experience hacking everything from websites, safes, locks, cars, drones, and even intelligent buildings.

Dolev and Nick join us to unpack the world of GraphQL security. We introduce GraphQL, threats, and mitigations to secure your GraphQL instances. We hope you enjoy this conversation with....Dolev and Nick.

Important Links:

Link to the book https://nostarch.com/black-hat-graphql

CrackQL https://github.com/nicholasaleks/CrackQL

Chris Romeo -- The Security Journey Story

In this episode of the Application Security Podcast, Chris Romeo walks through the origin story of Security Journey and shares some experiences taking a security startup from bootstrap to acquisition. Chris talks about how and why he started the company, what defining factors made Security Journey successful and why they're being acquired now. He ends by giving an overview of what to expect from Security Journey moving forward. We hope you enjoy this conversation withChris Romeo.

Check out these resources for more information about the acquisition!
Press Release: https://www.accesswire.com/702562/HackEDU-Acquires-Security-Journey-to-Provide-the-Most-Comprehensive-Application-Security-Training-Offering-Helping-Development-Teams-Deliver-Secure-Code-and-Protect-Data

Chris's Blog Post: https://www.securityjourney.com/post/hackedu-acquires-security-journey

Joe's Blog Post: https://www.hackedu.com/blog/hackedu-acquires-security-journey-to-create-industry-leading-application-security-offering

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 10 May 2022 13:00:00 -0400

Kristen Tan and Vaibhav Garg -- Machine Assisted Threat Modeling

In this episode of the Application Security Podcast, we talk to Kristen Tan and Vaibhav Garg from Comcast. They wrote a paper called "An Analysis of Open-source Automated Threat Modeling Tools and Their Extensibility from Security into Privacy". They join us to share their story about what they were doing and why they did it. We hope you enjoy this conversation with...Kristen and VG.

https://www.usenix.org/publications/loginonline/analysis-open-source-automated-threat-modeling-tools-and-their

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 03 May 2022 14:00:00 -0400

Patrick Dwyer -- CycloneDX and SBOMs

Patrick is a Senior Product Security Engineer in the Application Security team at ServiceNow. He is also Co-Leader of the OWASP CycloneDX project. A lightweight Software Bill of Materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 25 Apr 2022 15:00:00 -0400

Omer Gil and Daniel Krivelevich -- Top 10 CI/CD Security Risks

Daniel Krivelevich is a cybersecurity expert and problem solver, with 15+ years of enterprise security experience with a proven track record working with 100+ enterprises across multiple industries, with a strong orientation to Application & Cloud Security. Daniel co-Founded Cider Security as the companys CTO. Cider is a startup focused on securing CI/CD pipelines, flows, and systems.

Omer is a seasoned application and cloud security expert with over 13 years of experience across multiple security disciplines. An experienced researcher and public speaker, Omer discovered the Web Cache Deception attack vector in 2017. Omer leads research at Cider Security.

Brian Reed is Chief Mobility Officer at NowSecure. Brian has over 30 years in tech and 15 years in mobile, security, and apps dating back to the birth of mobile including BlackBerry, Good Technology, BoxTone, and MicroFocus. Brian joins us to discuss mobile application security, the good, the bad, and the ugly as we head into 2021. We discuss recent issues in mobile apps, mobile firewalls, mobile vs. web, and how AppSec is different in a mobile world. We hope you enjoy this conversation withBrian Reed.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 24 Nov 2020 16:42:39 -0500

The Threat Modeling Manifesto Part 2

This is part two of the story of a diverse group of security and privacy people that love threat modeling and gathered to define threat modeling, encourage people to threat model, help them succeed, and change the world. This is our story of the Threat Modeling Manifesto. In this episode, we move on from definition to working through the values and principles that make up threat modeling, and then we ship the product.

The working group of the Threat Modeling Manifesto consists of individuals with years of experience in threat modeling for security or privacy.

Other episodes on threat modeling:

The Threat Modeling Manifesto Part 1
Adam Shostack Remote Threat Modeling
Kim Wuyts Privacy Threat Modeling
Izar Tarandach Command line threat modeling with pytm
Stephen de Vries Threat Modeling with a bit of #Startup

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 17 Nov 2020 07:14:04 -0500

The Threat Modeling Manifesto Part 1

This is part one of the story of a diverse group of security and privacy people that love threat modeling and gathered to define threat modeling, encourage people to threat model, help them succeed, and change the world. This is our story of the Threat Modeling Manifesto. Our intention is to share a distilled version of our collective threat modeling knowledge in a way that should inform, educate, and inspire other practitioners to adopt threat modeling as well as improve security and privacy during development.

We developed this Manifesto after years of experience thinking about, performing, teaching, and developing the practice of, Threat Modeling. We have diverse backgrounds as industry professionals, academics, authors, hands-on experts, and presenters. We bring together varied perspectives on threat modeling. Our ongoing conversations, which focus on the conditions and approaches that lead to the best results in threat modeling, as well as how to correct when we fail, continue to shape our ideas.

The working group of the Threat Modeling Manifesto consists of individuals with years of experience in threat modeling for security or privacy.

Other episodes on threat modeling:

Adam Shostack Remote Threat Modeling
Kim Wuyts Privacy Threat Modeling
Izar Tarandach Command line threat modeling with pytm
Stephen de Vries Threat Modeling with a bit of #Startup

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 27 Aug 2020 09:18:55 -0400

Elie Saad is an application security engineer, leading three different OWASP projects. He focuses on helping developers own and champion security in their projects by providing guidance, tests, secure pipeline design and aiding them in applying external security measures. In this conversation, Elie educates us about the current happenings with WSTG, Cheat Sheets, and the Integration Standard. He walks us through demos of each project.

We hope you enjoy this conversation with Elie Saad. @7hunderson

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 13 Jul 2020 14:41:53 -0400

Graham Holmes Adversarial Machine Learning

Graham Holmes is the founder and owner of AoP CyberSecurity, LLC whose mission is to enable organizations to create scalable and effective strategies for trustworthy outcomes. His career includes over 22 years as a leader at Cisco Systems, where he infamously served as my boss for a period of time, and before that he served in the US Navy as a commissioned officer for 9 years. Graham joins us to discuss adversarial machine learning. We explore the threats and attacks in an AI/ML world, and review solutions to address these challenges using trust as a foundation. Please enjoy this conversation with Graham Holmes.

Its Life 3.0

https://www.amazon.com/Life-3-0-Being-Artificial-Intelligence/dp/1101946598

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 07 Jul 2020 08:51:22 -0400

Ochaun Marshall Securing Web applications in AWS

Ochaun Marshall is a developer and security consultant. In his roles at Secure Ideas, he works on ongoing development projects utilizing Amazon Web Services and breaks other people's web applications. Ochaun joins us to talk about the changing tide of serverless and frustrations with AWS security. Before we got to the actual topic, we talked about how he currently works as a developer some times, and a pen tester/security person the rest of the time, and the conflict that arises from this split role. Please enjoy this conversation withOchaun Marshall.

@OchaunM

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 30 Jun 2020 08:32:30 -0400

Drew Dennison Security should make the computer sweat more

Drew Dennison is the CTO & co-founder of r2c, a startup working to profoundly improve software security and reliability to safeguard human progress. Drew joins us to introduce a tool called semgrep. Semgrep is a fast source code analysis tool, potentially faster than anything you've seen before. If you want to see the live demo of semgrep, head over to the Application Security Podcast Youtube channel to see the video.

We hope you enjoy this conversation with Drew Dennison.

Twitter: DrewDennison

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 23 Jun 2020 00:48:54 -0400

Aaron Guzman IoTGoat

Aaron Guzman specializes in IoT, embedded, and automotive security. Aaron is the Co-Author of IoT Penetration Testing Cookbook. He helps lead both OWASPs Embedded Application Security and Internet of Things projects; providing practical guidance for addressing top security vulnerabilities to the embedded and IoT community. Aaron joins us to explore IoTGoat. IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices. He describes what it is, where it comes from, and does a demo for us on how to put it to use.

For season 7 and beyond, weve launched our Youtube channel, Application Security Podcast, where we post the video feeds for all episodes. Youll want to check it out, as many interviews now have demos included, where we capture screen during the interview. We hope you enjoy this conversation withAaron Guzman.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 16 Jun 2020 09:00:23 -0400

Adam Shostack The Jenga View of Threat Modeling

Adam Shostack is a leading expert on threat modeling, and consultant, entrepreneur, technologist, author, and game designer. He has taught threat modeling at a wide range of commercial, non-profit, and government organizations. Adam joins us to discuss his new white paper called the Jenga View of Threat Modeling. For season 7 and beyond, we've launched our YouTube channel, Application Security Podcast, where we post the video feeds for all episodes. Youll want to check it out, as many interviews now have demos included, where we capture a screen during the interview.

You can grab a copy of the whitepaper on Adams site, https://associates.shostack.org/whitepapers.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 09 Jun 2020 09:00:48 -0400

Cindy Blake Aligning security testing with Agile development

Cindy Blake is the Senior Security Evangelist at GitLab. Cindy collaborates around best practices for integrated DevSecOps application security solutions with major enterprises. She is proud to introduce her new book, 10 Steps to Securing Next-Gen Software. The book combines her cyber security experience with a background in lean and software development, and simplifies the complexities of todays software evolution into pragmatic advice for security programs. Cindy joins us to discuss how to align security testing with Agile development.

For season 7 and beyond, weve launched our YouTube channel, Application Security Podcast, where we post the video feeds for all episodes. Youll want to check it out, as many interviews now have demos included, where we capture screen during the interview.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 02 Jun 2020 09:00:50 -0400

Jannik Hollenbach Multijuicer: JuiceShop with a side of Kubernetes

Jannik Hollenbach is a Security Automation Engineer at iteratec GmbH, working on and with open source security testing tools to continuously detect security vulnerabilities in the companies software and systems. He is also a member of the OWASP Juice Shop project team. Jannik joins us to discuss MultiJuicer, or how to run JuiceShop in a Kubernetes cluster, with a separate JuiceShop instance for each user.

We hope you enjoy this conversation with.. Jannik Hollenbach.

Links:

https://github.com/iteratec/multi-juicer

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 26 May 2020 08:00:59 -0400

Sebastien Deleersnyder and Bart De Win OWASP SAMM

Sebastien Deleersnyder is co-founder, CEO of Toreon, and Bart De Win is a director within PwC Belgium. They work together to co-lead both the OWASP Belgium Chapter and the OWASP SAMM project. Sebastien and Bart join us to introduce OWASP SAMM 2.0. OWASP SAMM (Software Assurance Maturity Model) is the OWASP framework to help organizations assess, formulate, and implement a strategy for software security they can integrate into an existing Software Development Lifecycle (SDLC). We explore where it came from, and walk through the framework.

We hope you enjoy this conversation with Sebastien and Bart.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 13 May 2020 21:10:09 -0400

Marc French, Steve Lipner, Maya Kaczorowski, DJ Schleen, Kim Wuyts Season Six Wrap up

Weve reached the end of season six, and here are a few of our favorite clips. Season seven is around the corner.

S06E01 Marc French The AppSec CISO
- What are some tips for someone who wants to become a CISO? Is there such a thing as a CISO school?
S06E05 Steve Lipner The Past, Present, and Future of SDL
- Lipner is a giant in the industry and someone that Ive looked up to for years. After some setup, I ask him for a definition of SDL.
S06E08 Maya Kaczorowski Container and Orchestration Security
- Containers are not a security tool. Do you agree or disagree? The philosophy of container security.
S06E10 DJ Schleen DevOps: The Sec is Silent
- DevOps/DevSecOps Unicorns.
S06E15 Kim Wuyts Privacy Threat Modeling
- We walk through the LINDUN privacy threat modeling framework, step by step.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sat, 11 Apr 2020 12:50:25 -0400

Mark Merkow Secure, Resilient, and Agile Software Development

Mark Merkow works at WageWorks in Tempe, Arizona, leading application security architecture and engineering efforts in the office of the CISO. Mark has over 40 years of experience in IT in a variety of roles, including application development, systems analysis, and design, security engineering, and security management. Mark has authored or co-authored 17 books on IT and has been a contributing editor to four others.

Erez Yalon heads the security research group at Checkmarx. With vast defender and attacker experience and as an independent security researcher, he brings invaluable knowledge and skills to the table. Erez joins us to speak about the new OWASP API Security Project, and more specifically, the new API Security Top 10. We hope you enjoy this conversation with Erez Yalon.

Find the Document on the OWASP GitHub: https://github.com/OWASP/API-Security

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 19 Dec 2019 22:12:53 -0500

Steve Lipner The Past, Present, and Future of SDL

Steve Lipner is a pioneer in cybersecurity, approaching 50 years experience. He retired in 2015 from Microsoft where he was the creator and long-time leader of Microsofts Security Development Lifecycle (SDL) team. While at Microsoft, Steve also created initiatives to encourage industry adoption of secure development practices and the SDL and served as a member and chair of the SAFECode board. Steve joins us to talk about all things SDL, and I must say, I was super excited for this interview, with way too many questions for someone who was there on day 1 of Secure Development Lifecycle. We hope you enjoy this conversation withSteve Lipner.

Youll find Steves Bio on the SafeCode website.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 15 Dec 2019 19:18:41 -0500

David Kosorok The Three Pillars of an AppSec Program: Prevent, Detect, and React

David Kosorok is a code security expert, software tester, father of 9, and a self-described major nerd. David is the Director of AppSec at Align Tech, and a fellow member of the Raleigh Durham tech community. David joins us to speak about the three pillars of building an application security program: Prevent, Detect, and React. When we think the program, weve never heard anyone relate a program this way, and thought you needed to hear about a different approach to program building. We hope you enjoy this conversation with. David Kosorok.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 01 Dec 2019 14:59:31 -0500

Chris and Robert: A Taste of Hi-5

As the hosts of the Application Security Podcast, we get the opportunity from time to time to mix it up. This week we gather a few security articles, share a summary, and offer our opinions (for what our opinions are worth). The source of the articles is Hi-5, a weekly newsletter containing five security articles that are worth your time. We scour the Interwebs looking for the best articles on application and product security and share those with you. You can subscribe to Hi-5 on the Security Journey website.

Hit us up on Twitter and let us know if you like this format and if we should do more of this type of content. We hope you enjoy this episode with, Chris and Robert.

These are the articles:

Interest In Secure Design Practices Is Increasing Leading To Two Predictions

Developers mentoring other developers: practices Ive seen work well

7 Web Application Security Best Practices

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 21 Nov 2019 16:43:28 -0500

Bill Dougherty INCLUDES NO DIRT, practical threat modeling for healthcare and beyond

Bill Dougherty is the vice president of IT and security at Omada Health, where he leads a team responsible for all aspects of internal IT including SaaS strategy, end-user support, vendor management, operational security and compliance. Bill along with Patrick Curry created the INCLUDES NO DIRT approach to threat modeling, which takes threat modeling to the next level, beyond STRIDE, and goes head on with a more modern set of real-world security considerations. We hope you enjoy this conversation with, Bill Dougherty.

Find Bill on Twitter @bdognet.

For an article about the methodology, see INCLUDES NO DIRT: A Practical Threat Modeling Approach for Digital Healthcare and Beyond

For the paper that describes the methodology and how to implement, see INCLUDES NO DIRT

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 10 Nov 2019 14:33:47 -0500

Marc French The AppSec CISO

Marc French is a security person, firearms geek, scuba guy, lousy golfer, and an aspiring blacksmith. We met Marc in the hallway at the Boston Application Security Conference. Marc has extensive experience as a CISO but came from the world of AppSec to the exec suite, which is not the normal path. We discuss what is a CISO, and what does a CISO actually do, the role of AppSec in the life of the CISO, and tips Marc has for those that wish to become a CISO someday. We hope you enjoy this conversation with Marc French.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sat, 26 Oct 2019 13:32:07 -0400

Season 5 Finale A cross section of #AppSec

Threat modeling, secrets, mentoring, self-care, program building, and much more. Clips from Georgia Weidman, Simon Bennetts, Izar Tarandach, Omer Levi Hevroni, Tanya Janca, Bjrn Kimminich, Caroline Wong, Adam Shostack, Steve Springett, Matt McGrath, Brook Schoenfield, and Ronnie Flathers.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 27 Sep 2019 21:12:35 -0400

Ronnie Flathers Security programs big and small

Ronnie Flathers is a security guy, a pentester, and a researcher. In this conversation, we explore his experiences in building application security programs. He's had the opportunity to program build inside of companies big and small.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 15 Sep 2019 16:33:49 -0400

Brook Schoenfield Security is a messy problem

Brook Schoenfield is a Master Security Architect @IOActive and author of Securing Systems, as well as an industry leader in security architecture and threat modeling, and a friend. "We have a static analysis tool. Why do we need a program?" This is what Brook overheard at one point in his past, from a company CTO, and it sums up the program issue. The CTO was trying to drive a technical strategy for an entire company, and security was just one piece of that. A mandate or a tool would have made life so easy.

Brook takes us on a journey based on his experience building programs, with advice, stories, comments, and quotes. We talk about architecture, culture, mindset, tools, compilers and so much more.

Catch Brooks next book, Secrets of a Cyber Security Architect which arrives in Fall 2019.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 29 Jul 2019 19:41:52 -0400

Erez Yalon and Liora Herman The Application Security Village @ DefCon

Erez Yalon and Liora Herman are both passionate security professionals. They joined forces to create the AppSec Village, an event at DefCon in Las Vegas. If you are in Vegas for BH/DC, stop by the village and say hi to Robert, who will be in attendance as well.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you've done anything with threat modeling, you've heard of Adam Shostack. We asked him the question, "why would anyone threat model?".

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 01 Jul 2019 10:00:58 -0400

Zoe Braiterman AI, ML, AppSec, and a dose of data protection

Zoe Braiterman is an Innovation Intelligence Strategist focused on both the Machine and Human and also the OWASP WIA Chair. We explore the intersection of application security with artificial intelligence and machine learning and end up discussing data protection. Zoe approaches AppSec from a different angle, and her perspectives get us thinking about the importance of appsec in the future of autonomous everything.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 13 Jun 2019 22:48:49 -0400

Caroline Wong Self-care and self-aware for security people

Caroline Wong has had a long career in security, starting with eBay and leading to her role today at Cobalt.IO as Chief Strategist. Caroline shares her explanation of self-care and tells her story about how neglecting self-care led to problems. She offers ideas about how to better approach self-care as a security professional, work-life balance, and ways for approaching a successful career in security.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 31 May 2019 22:17:50 -0400

Bjrn Kimminich The new JuiceShop, GSOC, and Open Security Summit

Bjrn Kimminich is the project leader for OWASP JuiceShop. This is his second visit to the podcast, and we discuss new features in JuiceShop, including XSS in jingle promo video, marketing campaign coupon hacking, GDPR related features and challenges, working 2FA with TOTP, and the DLP failure challenges. Then we get into the cool new things that will come as a result of the GSoC, where a developer will add new functionality to the JS where new vulns can be hidden. We end discussing the upcoming Open Security Summit from OWASP.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 26 May 2019 19:02:22 -0400

Bjrn Kimminich JuiceShop 5 minute AppSec

Bjrn Kimminich is the project leader for OWASP JuiceShop. He created JuiceShop out of necessity, after reviewing all the available vulnerable web apps years ago, and not finding what he needed. OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security training, awareness demos, CTFs, and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 21 May 2019 09:00:41 -0400

Nancy Garich and Tanya Janca DevSlop, the movement

Nancy Garich and Tanya Janca are two of the project leaders for the OWASP DevSlop Project. As we learn more about DevSlop, we realize that it is much more than a project: it's a movement. DevSlop is about the learning and sharing of four awesome women and is a platform for them to share what theyve learned with the community.

DevSlop consists of four different modules:

Patty An Azure DevSecOps pipeline
Pixi-CRS & Pixi-CRS-ZAP are two Circle-CI pipelines that demonstrate adding a WAF to your pipeline for automatic tuning before moving your apps to prod
Pixi is an intentionally vulnerable app and consists of a vulnerable web app and API service,
The DevSlop Show, a video streaming series where project members build things live, interview members of the OWASP and InfoSec community, and learn where they fit into DevOps.

We hope you enjoy.

Find Nancy, Tanya, and DevSlop on Twitter.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 19 May 2019 20:54:35 -0400

Tanya Janca Mentoring Monday 5 Minute AppSec

Tanya Janca is excited about mentoring. She's started a hashtag on Twitter for mentors to find mentee's, and for mentee's to search for mentors. Mentoring is such an essential part of growing our community, so if you are not mentoring anyone today, I can only ask, why not? Here is Tanya's take on mentoring and her advice on how to get involved with #MentoringMonday.

5 Minute AppSec is an AppSec Podcast experiment with micro-content. Hit us up on Twitter and tell us what you think, @AppSecPodcast.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 13 May 2019 17:42:25 -0400

Matt Clapham A perspective on appsec from the world of medical software

Matt Clapham is a product security person, as a developer, security engineer, advisor, and manager. He began his career as a software tester, which led him down the path of figuring out how to break things. Matt lives in the medical software world and visited the Healthcare Information and Management Systems Society (HIMSS) conference. Matt shares his perspectives on application/cybersecurity through the eyes of the healthcare industry. There is much for us to understand by viewing how other segments approach security and privacy. Matt believes in stepping outside the echo chamber and experiencing how other industries see security, and he achieved that by visiting this non-security conference and sharing his experiences with us. (And if he visits your booth at an event, you better know how your companies make a secure product or solution!)

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 06 May 2019 03:00:14 -0400

Jon McCoy Hacker outreach

Jon McCoy is a security engineer, a developer, and a hacker; and a passionate OWASP advocate. Maybe even a hacker first. Jon has a passion to connect people and break down barriers between hackers and corporate folks. Jon explains the idea of hacker outreach and breaks down what we can expect if we venture to the DefCon event in Las Vegas. Jon also remembered a cautionary tale of Roberts Fitbit out at a DefCon event. Jon is someone we can all learn from about giving back to our community.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 30 Apr 2019 23:07:22 -0400

Omer Levi Hevroni K8s can keep a secret?

Omer Levi Hevroni has written extensively on the topic of Kubernetes and secrets, and he's a super dev. He's the author of a tool for secrets management called Kamus. Kamus is an open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enables users to easily encrypt secrets that can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS, and AES).

Find Omer on Twitter to converse about all things K8s and secrets.

Show notes:

https://blog.solutotlv.com/can-kubernetes-keep-a-secret/

https://github.com/Soluto/kamus

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 23 Apr 2019 21:52:18 -0400

Izar Tarandach Command line threat modeling with pytm

Izar Tarandach is a threat modeling pioneer, seen as one of the movers and shakers in the threat modeling world. Izar leads a small team that develops the pytm tool, which is self-described as a "A Pythonic framework for threat modeling". The GitHub page goes on to say define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram (DFD), a Sequence Diagram and most important of all, threats to your system.

Fri, 11 Jan 2019 18:04:42 -0500

AppSec in Israel and Three Talks to watch from AppSec USA(S04E23)

On this episode, Chris is joined by Josh Grossman, Avi Douglen, and Ofer Maor at AppSec USA. They discuss the AppSec group in Israel and a few important talks you should watch from AppSec USA this year.

You can find Josh on Twitter @JoshCGrossman

You can find Avi on Twitter @sec_tigger

You can find Ofer on Twitter @OferMaor

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 01 Jan 2019 13:22:09 -0500

OWASP IoT Top 10 (S04E22)

On this episode, Chris and Robert are joined by Daniel Miessler to talk about the upcoming Top 10 list for IoT.

You can find Daniel on Twitter @DanielMiessler

Tue, 07 Aug 2018 06:00:44 -0400

CRS and an Abstraction Layer (S04E02)

Christian Folini joins Chris at AppSec EU for this episode about ModSecurity and the Core Rule Set project from OWASP. They dive into the timeline for the abstraction layer piece of the project and much more.

You can find Christian on Twitter @ChrFolini.

OWASP ModSecurity Core Rule Set

Jim Routh joins the podcast to discuss selling #AppSec up the chain. Jim has built 5 successful software security programs in his career and serves as a CISO now. Jim shares his real-world experience with how to successfully sell #AppSec to senior management (as well as many other pieces of wisdom for running an AppSec program).

You can find Jim on Twitter @jmrouth01

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 09 Mar 2018 05:00:29 -0500

#AppSec Recommendations (S03E08) Application Security PodCast

Chris and Robert go over a plethora of recommendations they have accumulated over their years of experience in the industry.

Chriss recommendations

1. Book: Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

by Laura Bell (Author), Michael Brunton-Spall (Author), Rich Smith (Author), Jim Bird (Author)

https://amzn.com/1491938846

2. Website: Iron Geek

Adrian Crenshaw records many major, non-commercial security conferences and posts the talks to Youtube

http://www.irongeek.com/

3. Book: The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations

by Gene Kim (Author), Patrick Debois (Author), John Willis (Author), Jez Humble (Author)

https://amzn.com/1942788002

4. News Source: The Register

News site, but has great sources and a bit of British humor attached to technology failures

http://www.theregister.co.uk/security/

5. Blog: TechBeacon

https://www.techbeacon.com

6. Book: Threat Modeling: Designing for Security

by Adam Shostack (Author)

https://amzn.com/1118809998

7. Book: The Tangled Web: A Guide to Securing Modern Web Applications

by Michal Zalewski (Author)

https://amzn.com/B006FZ3UNI

8. Book: Start with Why: How Great Leaders Inspire Everyone to Take Action

by Simon Sinek (Author)

Not a security book, but a good approach for those trying to change a security culture

https://amzn.com/B002Q6XUE4

Roberts Recommendations

1. Books by Martin Fowler (Author)

He wrote many books on understanding Architecture.

https://martinfowler.com/books/

2. Book: Software Security: Building Security In

by Gary McGraw (Author)

http://a.co/5EIlu4h

3. Book: Core Software Security: Security at the Source
by James Ransome (Author) and Anmol Misra (Author)

http://a.co/hEwCflz

4. Book: Threat Modeling: Designing for Security

by Adam Shostack (Author)

https://amzn.com/1118809998

5. Websites: Troy Hunt

https://www.troyhunt.com/

https://haveibeenpwned.com/

6. Conferences: #AppSec USA, , B-Sides, Source, Converge

https://2018.appsecusa.org/

http://www.securitybsides.com

https://sourceconference.com/

https://www.convergeconference.org/

7. Website: Google Alerts

Use this to be notified about specific topics you want to learn about.

https://www.google.com/alerts

8. Book: The Checklist Manifesto: How to Get Things Right

by Atul Gawande (Author)

http://a.co/dirHpwq

9. Book Securing Systems: Applied Security Architec

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 02 Mar 2018 05:00:03 -0500

Hustle and Flow: Dealing With Burnout in Security (S03E07) Application Security PodCast

Magen Wu works through the topic of burnouts and mental health in the world of security. She gives some examples on how to handle this and how to recognize if people around you are burning out.

You can find her on Twitter @infosec_tottie

Additional information on this topic:

Jack Daniel speaks often on this topic of burnout

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 23 Feb 2018 05:00:02 -0500

OWASP Top 10 #4 XXE (S03E06) Application Security PodCast

Katy Anton joins this week to discuss number four on the OWASP Top 10. She dives into what XXE is, how to deal with it, and some of the other new items on the OWASP Top 10 2017.

You can find Katy on Twitter @KatyAnton

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 15 Feb 2018 21:00:51 -0500

SAST, DAST, and IAST. Oh My! (S03E05) Application Security PodCast

Pete Chestna is an advocate for SAST, DAST, and IAST tools and a passionate #AppSec enthusiast. A moving quote that Pete shared during this episode is an #AppSec program is the byproduct of building secure developers. #Truth

Pete describes the differences between SAST, DAST, IAST, and RASP, the struggles that developers encounter using new tools, false positives that occur and how to reduce them, and advice for building an #AppSec program from scratch versus adding tools to a mature program.

You can find Pete on Twitter @PeteChestna.

Additional information on this topic:

TechBeacon learning article for more details on the differences between AppSec testing tools
- SAST, DAST, IAST, and RASP: Pros, cons and how to choose

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 09 Feb 2018 11:35:26 -0500

We Are Not Making It Worse (S03E04) Application Security PodCast

Irene Michlin operates at the intersection of security and agility. She teaches about incremental threat modeling and how to do threat modeling when living in an Agile or DevOps world.

Irene ends the discussion by saying that her goal when working with a team on threat modeling is that they all conclude We are not making it worse.

You can find Irene on Twitter @IreneMichlin, and check out Irenes talk on Incremental Threat Modeling last year at AppSec EU.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

On this episode of the Application Security Podcast, Chris and Robert talk to Jim Manico and Katy Anton about the OWASP Proactive Controls project.

This is something we have talked about before, and they are looking for feedback on the update coming soon.

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 25 Sep 2017 14:31:14 -0400

The Future of the OWASP Top 10 (S02E16) Application Security PodCast

In this episode we talk about the future of the OWASP Top 10. We do this by meeting the new project leadership team, understanding the process for how they do governance now and into the future, and how they deal with provided feedback. We get a look behind the curtain about how they make decisions and how they use the data and feedback provided.

Side note, at the AppSec USA closing, the OWASP T10 leaders did announce that A7 and A10 from the OWASP Top 10 RC1 have been removed.

We hope you enjoy!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 19 Sep 2017 10:00:12 -0400

Threat Modeling (S02E15) Application Security PodCast

On this weeks episode of the #AppSec Podcast, Chris and Robert are at #AppSecUSA.

We hear a conference talk done by Robert on the topic of Threat Modeling. He goes more in depth than ever before on the show, and we hope you enjoy!

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 12 Sep 2017 18:28:31 -0400

Passwords, Identity, and #AppSec (S02E14) Application Security PodCast

On this episode, Robert and Chris talk about Passwords, something we all are familiar with.

They dive into specifics with passwords and threats that can occur with them. They also talk about how passwords interact with Identity and AppSec.

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 05 Sep 2017 10:00:03 -0400

Hacking APIs and Web Services with DevSlop (S02E13) Application Security PodCast

On this weeks episode, Chris and Robert are joined by Tanya and Nicole. They talk about what APIs are, how they are used, and some of the threats involved with them. They also look at what DevSlop and ZAP are in combination with APIs.

As always, thanks for listening, and enjoy!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 29 Aug 2017 10:00:52 -0400

Agile #AppSec (S02E12) Application Security PodCast

On this weeks episode, Robert and Chris speak with Jon Mccoy and Jonathan Marcil about using Agile #AppSec in the Secure Development Lifecycle.

They dive deeper into what is agile, how it can be used, some practical applications using security champions, and much more.

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 22 Aug 2017 11:55:47 -0400

Docker Security and AppSec (S02E11) Application Security PodCast

A listener asked for a recommendation for a PodCast or Blog post about Docker security. We looked, couldnt find one, so we decided to create one. Robert interviews Jay Beale from Inguardians and asks what is docker, what threats does it introduce, and what are the specific tie-ins with AppSec. Enjoy!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 17 Aug 2017 16:25:26 -0400

Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing (S02E10) Application Security PodCast

Robert and I try a new format talking about a few topics per episode. We talk about changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing.

We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 08 Aug 2017 10:00:43 -0400

Blackhat Security Conference (S02E09) Application Security PodCast

On this episode of the AppSec Podcast.

We talk with Robert about his experiences at the Blackhat Security Conference.

Hes going to explain some of the AppSec focused parts of the conference, and more about the Alec Stamos Keynote.

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 25 Jul 2017 15:38:39 -0400

Were back with another episode of The Application Security Podcast.

This time, we talk to Mark Willis about the many facets of static analysis and how it affects the dev ops world.

Rate us on iTunes and leave a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 14 Jun 2017 01:24:31 -0400

Continuous Integration in .NET(S02E04) Application Security PodCast

Hello all,

Welcome back to season two of the Application Security Podcast. On this weeks episode, we talk to Eric Johnson about static analysis, pen testing, continuous integration and much more.

Thanks for listening!

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 06 Jun 2017 14:05:17 -0400

The Technical Debt Ceiling (S02E03) Application Security PodCast

Our topic today is technical debt and how security plays into it. Chris was at Converge Conference 2017 in Detroit, Michigan (for which he says is the best security conference around), and continued the AppSec PodCast series of hallway conversations. Chris is joined by Matt Clapham. This is Matts second time on the podcast.

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 30 May 2017 13:10:01 -0400

Controversy within the OWASP Top 10 RC (S02E02) Application Security PodCast

On this episode of the application security podcast, Robert and I jump over a wall. Just kidding. This isnt Top Gear.

This is our second episode of season two of the #AppSec PodCast. Robert and I talk about the OWASP Top 10 2017 release candidate. We walk through what is the OWASP Top 10, and what is some of the controversy that surrounds the changes made for this year.

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 22 May 2017 18:21:19 -0400

Security in the Design and Architecture (S02E01) Application Security PodCast

Welcome to the second season of the #AppSec PodCast. Robert and I are back at it, interviewing experts from across the world of application security. This episode is an interview Robert and I did with Brook Schoenfield (@BrkSchoenfield) during the RSA Conference 2017.

Brook S.E. Schoenfield is a Distinguished Engineer at Intel Security Group. At Intel Security (includes the former McAfee), Mr. Schoenfield is the senior technical leader for delivering software products that protect themselves and Intel Securitys customers. He has been a security architecture leader at global technology companies for over 15 years of his 30+ years in high tech. He is a founding member of IEEEs Center For Secure Design.

We discuss secure design, architecture, and threat modeling. Brook has been an advocate for security across the industry for many years, and has a knack for explaining complex things in an uncomplicated way. What a pleasure to speak with him!

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 25 Jan 2017 20:55:00 -0500

Conclusion: The Endof Season 1 (S01E18) Application Security PodCast

Good day, friends. The Application Security PodCast has reached the conclusion of our first season. With the help of many friends, we were able to record 18 episodes. Weve done something a bit different for this final episode of season 1. Our producer, Daniel Romeo, has collected some of our favorite clips from this season, the things that really stood out to us. Enjoy! and we look forward to the release of season 2 in a few months.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 12 Jan 2017 09:52:29 -0500

Interview: #DtSR and What Makes a Good Security Consultant? (S01E17) Application Security PodCast

Greetings all! We have a treat for you this episode. Robert and I are joined by the crew from the Down the Security Rabbit Hole Podcast. This includes Rafal Los (@wh1t3rabbit), James Jardine (@jardinesoftware), and Michael Santarcangelo (@catalyst). This is a special conversation for me, because the AppSec PodCast was born from the first interview I did with #DtSR. I was featured on DtSR Episode 204 in July 2016 after a friend suggested me to Raf on Twitter. (Thanks Nigel!) The DtSR episode was entitled On Changing Culture. I had listened to these guys on and off for years, and now had the chance to be interviewed by them. The experience pushed me to start this PodCast, and here we are 17 episodes later.

In this conversation we answer the question What Makes a Good Security Consultant? We quickly admit that a consultant does not have to mean someone that charges per hour for security. These guys have a wealth of knowledge and experience on the topic, and I know that youll walk away with multiple ideas to apply. Enjoy!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 04 Jan 2017 14:17:37 -0500

Interview: Think like an Attacker or Accountant? (S01E16) Application Security PodCast

On this episode, Robert and I are joined by Adam Shostack (@adamshostack). Adam is a well known speaker and thought leader in the world of application security. We speak with Adam about how to connect with development teams. This all started about a year ago, when Adam tackled the issue of thinking like a hacker, and why he wanted people to think differently. We dive deep into this issue, but many other interesting nuggets also fall out in conversation.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 21 Dec 2016 09:31:01 -0500

Interview: The Mindset to Reverse Engineer (S01E15) Application Security PodCast

Today we talk to Jon McCoy (@thejonmccoy), a developer turned security person. Hes been helping developers learn more about security. We talk about reverse engineering malware and .NET security, as well as a bit of security community, and the mindset to Reverse Engineer.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 13 Dec 2016 13:27:40 -0500

Talk: AppSec Awareness: A Blue Print for Security Culture Change (S01E14) Application Security PodCast

For this episode, we bring you a recorded version of Chriss security conference talk from 2016. The talk is entitled AppSec Awareness, A Blue Print for Security Culture Change. He covers The Problem Space or why do we need application security, how to create sustainable security culture, and introduce the idea of Application Security Awareness. Chris had the luxury of building such a program while at Cisco, and shares his experiences with the community.

There are slides available to correspond with this talk. They arent required, but some may want to follow along. Check out https://speakerdeck.com/edgeroute to get a copy.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 06 Dec 2016 12:14:44 -0500

Interview: Natural Paranoia as a Career Path? A Transition to Security (S01E13) Application Security PodCast

On this episode, Robert and I are joined by Tracy Maleeff. Tracy is an InfoSec enthusiast with a MLIS degree. She has mad research and organizational skills. She co-hosts the PVCSec podcast. You can find Tracy on Twitter @InfoSecSherpa.

Tracy is in the midst of a career transition. She began her career in Library Sciences, and is currently making the move into Information Security. We discussed the challenges of transition, how to network and connect, a process for transition, and three actionable things for those that want to make a transition. Enjoy!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 29 Nov 2016 09:17:19 -0500

This is our second interview from ISC2 Security Congress. We are joined by Glenn Leifheit (@gleifhe), an InfoSec and Development Evangelist at Microsoft. Microsoft is the grandparent to almost every secure development lifecycle across the industry.

This is an in depth discussion about how to actually do SDL. Glenn shares some things during this conversation that Ive never heard in public before about the internals of Microsofts SDL process. You will take something away from this conversation that you can apply to your program.

Enjoy!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 25 Oct 2016 10:19:41 -0400

Interview: Security Must Meet the Needs of the Business (S01E08) Application Security PodCast

Robert and I are joined by Mike Landeck. Mike is a Cyber security evangelist, AppSec junky & Docker Security geek, and can be found on twitter @MikeLandeck.

We interviewed Mike in person at the ISC2 Security Congress event in Orlando, Florida. We discussed his latest talk on breach fatigue, the need to reach outside the echo chamber of security, twitter as a news source for security, secure coding, and a bunch of other things.

Please enjoy, and search for something you can apply directly into your day to day life!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 17 Oct 2016 22:45:41 -0400

Foundations: Web Application Pen Testing Part 2 (S01E07) Application Security PodCast

On this two part episode of the Application Security PodCast, Robert and I speak with Daniel Ramsbrock about Web App Penetration testing. In part two, we focus on the process of pen testing and web app pen testing.

I (Chris) connected with Daniel through the RVASec security conference in Richmond, Virginia. Daniel has been in the security field for over 10 years, with most of that time focused on application security. He spent two years as a full-time consultant at Cigital, and is now doing independent appsec consulting through his company, Enigma Technologies. We hope you enjoy!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 17 Oct 2016 22:41:15 -0400

Foundations: Web Application Pen Testing Part 1 (S01E06) Application Security PodCast

On this two part episode of the Application Security PodCast, Robert and I speak with Daniel Ramsbrock about Web App Penetration testing. In part one, we focus on the difference between pen testing and web app pen testing, where pen testing fits in you development methodology (waterfall, agile, and DevOps) and why someone should care about it.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 10 Oct 2016 21:29:10 -0400

Foundations: Development Security Maturity (S01E05) Application Security PodCast

Robert and I are joined today by Matt Clapham. Matt makes products more secure, I mean, hey, his Twitter handle is @ProdSec.

The topic of this interview is what Matt calls development security maturity. This concept is based on Matts research and also a talk he delivered at RSA. Matt created a simple process to measure the maturity of development security by looking at 5 key behaviors. We cover the what and why of development security, the 5 key behaviors, and scoring and reporting. As a conclusion, we discuss how to make the results of an assessment actionable.

Matts RSA slides are a great resource to review in conjunction with the interview: str-w05-estimating-development-security-maturity-in-about-an-hour-final.pdf

Bio: Matt Clapham makes products more secure. His career is a rare blend of both product development and enterprise operations. He is currently a Principal of Product Development Security at GE Healthcare. Matt previously worked as a Software Tester, IT Policy Author, and Security Advisor to all things games at Microsoft. He is quite familiar with security foibles of the Industrial Device Internet of Things and how to overcome them. Matt is a frequent speaker and author of magazine articles on IT, security, games or some combination thereof. He holds degrees in engineering and music from the University of Michigan.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 04 Oct 2016 09:46:05 -0400

Foundations: Privacy and Data Protection (S01E04) Application Security PodCast

Welcome to the first of many interviews on the #AppSec Podcast. In this episode, Robert and I interview Elena Elkina (@el0chka) on the subject of privacy. We cover the foundations of privacy, data protection, and customer data protection. This is a quick chat at around 20 minutes, in the future well do a deeper dive on the crossroads of security and privacy.

Elena is a Senior Global Privacy & Data Protection Management Executive. She has worked with financial and healthcare institutions, software and internet companies, major law firms, and the government sector on both international and domestic levels. She is the co-founder of Women in Security and Privacy, a non-profit organization that focuses on advancing women in security and privacy. She is also a board member for Leading Women in Technology, a non-profit organization dedicated to unlocking the potential of female professionals who advise technology businesses.

We hope you enjoy this conversation with Elena about privacy and data protection!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 26 Sep 2016 12:23:52 -0400

Foundations: Security in the Methodology (S01E03) Application Security PodCast

On this episode we talk product development methodologies and the impact of security. We explore how to apply security activities to waterfall and Agile, and discuss the pros and cons. Weve both had experience in these methodologies, and freely share what weve seen work, and what weve seen fail. This applies whether you are brand new to security or have been doing security for decades. If you have anything to add, share your wisdom by catching us @AppSecPodcast on Twitter!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 19 Sep 2016 22:04:28 -0400

Foundations: The Activities of the Secure Development Lifecycle (S01E02) Application Security PodCast

On this episode of the Application Security PodCast we continue our journey through the foundations of application security. We explore the activities of the secure development life cycle. We cover requirements, secure design, secure coding, 3rd party SW, static analysis, and vulnerability scanning, and a few other things.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 13 Sep 2016 08:06:34 -0400

Introductions and why #AppSec? (S01E01) Application Security PodCast

In the inaugural episode of the Application Security PodCast, Robert and I introduce ourselves to the audience, explain our journeys into the world of security, and answer the burning question What the heck is application security?

The key takeaways from this episode are:

Application security is:
- foundational
- required by customers
- a worthy investment
- a people issue, supported by tools

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Darknet Diaries

Tue, 14 Feb 2023 08:00:00 -0000

Presenting: Spycast "Black Ops: The Life of a Legendary CIA Shadow Warrior"

Jack is currently on a break. Here is a an episode from the Spycast podcast called "Black Ops: The Life of a Legendary CIA Shadow Warrior". To learn more about Spycast visit: https://www.spymuseum.org/podcast/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 27 Dec 2022 08:00:00 -0000

131: Welcome to Video

Andy Greenberg (https://twitter.com/a_greenberg) brings us a gut wrenching story of how criminal investigators used bitcoin tracing techniques to try to find out who was at the center of a child sexual abuse darkweb website. This story is part of Andys new book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. An affiliate link to the book on Amazon is here: https://amzn.to/3VkjSh7. Sponsors Support for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 13 Dec 2022 08:00:00 -0000

130: Jason's Pen Test

Join us as we sit down with Jason Haddix (https://twitter.com/Jhaddix), a renowned penetration tester who has made a name for himself by uncovering vulnerabilities in some of the worlds biggest companies. In this episode, Jason shares his funny and enlightening stories about breaking into buildings and computers, and talks about the time he discovered a major security flaw in a popular mobile banking app. Sponsors Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and response through our patented Concierge Security model. They work with your existing tools and become an extension of your existing IT team. Visit arcticwolf.com/darknet to learn more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 29 Nov 2022 08:00:00 -0000

129: Gollumfun (Part 2)

Brett Johnson, AKA Gollumfun (twitter.com/GOllumfun) was involved with the websites Counterfeit Library and Shadow Crew. He tells his story of what happened there and some of the crimes he committed. In part 2, his past catches up to him. Listen to more of Brett on his own show. https://www.thebrettjohnsonshow.com/. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 15 Nov 2022 08:00:00 -0000

128: Gollumfun (Part 1)

Brett Johnson, AKA Gollumfun (twitter.com/GOllumfun) was involved with the websites Counterfeit Library and Shadow Crew. He tells his story of what happened there and some of the crimes he committed. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 01 Nov 2022 07:00:00 -0000

127: Maddie

Maddie Stone is a security researcher for Googles Project Zero. In this episode we hear what its like battling zero day vulnerabilities. Sponsors Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Sources https://www.sophos.com/en-us/medialibrary/pdfs/technical%20papers/yu-vb2013.pdf https://www.youtube.com/watch?v=s0Tqi7fuOSU https://www.vice.com/en/article/4x3n9b/sometimes-a-typo-means-you-need-to-blow-up-your-spacecraft Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 18 Oct 2022 07:00:00 -0000

126: REvil

REvil is the name of a ransomware service as well as a group of criminals inflicting ransomware onto the world. Hear how this ransomware shook the world. A special thanks to our guest Will, a CTI researcher with Equinix. Sponsors Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com. Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and response through our patented Concierge Security model. They work with your existing tools and become an extension of your existing IT team. Visit arcticwolf.com/darknet to learn more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 04 Oct 2022 07:00:00 -0000

125: Jeremiah

Jeremiah Roe is a seasoned penetration tester. In this episode he tells us about a time when he had to break into a building to prove it wasnt as secure as the company thought. You can catch more of Jeremiah on the Were In podcast. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs finding and fixing vulnerabilities in real time. Create your free account at snyk.co/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 20 Sep 2022 07:00:00 -0000

124: Synthetic Remittance

What do you get when you combine social engineering, email, crime, finance, and the money stream flowing through big tech? Evaldas Rimaauskas comes to mind. He combined all these to make his big move. A whale of a move. Sponsors Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 06 Sep 2022 07:00:00 -0000

123: Newswires

Investing in the stock market can be very profitable. Especially if you can see into the future. This is a story of how a group of traders and hackers got together to figure out a way to see into the future and make a lot of money from that. Sponsors Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Support for this show comes from Juniper Networks. Juniper Networks is dedicated to simplifying network operations and driving superior experiences for end users. Visit juniper.net/darknet to learn more about how Junipers Zero Trust Data Center provides uncompromising visibility across all your data center environments. Visit juniper.net/darknet to learn more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 23 Aug 2022 07:00:00 -0000

122: Lisa

In this episode we hear some insider threat stories from Lisa Forte. Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs finding and fixing vulnerabilities in real time. Create your free account at snyk.co/darknet. Attribution Darknet Diaries is created by Jack Rhysider. Editing by Damienne. Assembled by Tristan Ledger. Sound designed by Andrew Meriwether. Episode artwork by odibagas. Mixing by Proximity Sound. Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 26 Jul 2022 07:00:00 -0000

121: Ed

In this episode we hear some penetration test stories from Ed Skoudis (twitter.com/edskoudis). We also catch up with Beau Woods (twitter.com/beauwoods) from I am The Cavalry (iamthecavalry.org). Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com/darknet. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. View all active sponsors. Attribution Darknet Diaries is created by Jack Rhysider. Editing by Damienne. Assembled by Tristan Ledger. Sound designed by Andrew Meriwether. Episode artwork by odibagas. Audio cleanup by Proximity Sound. Theme music created by Breakmaster Cylinder. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 12 Jul 2022 07:00:00 -0000

Presenting: Click Here "Lapsus$"

We're going to play two stories for you today. First is a story that comes from the podcast Click Here, hosted by Dina Temple Raston. It's about Lapsus$. Then after that Jack Rhysider tells a story about a sewage plant in Australia that had a big problem. You can find more episode of Click Here on your favorite podcast player or by visiting https://ClickHereShow.com. Sponsors Support for this show comes Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs finding and fixing vulnerabilities in real time. Create your free account at https://snyk.co/darknet. Support for this show comes from Linode. Linode supplies you with virtual servers. Visit [linode.com/darknet](https://linode.com/darknet) and get a special offer. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defender's hands. End cyber attacks. From endpoints to everywhere. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 28 Jun 2022 07:00:00 -0000

120: Voulnet

This is the story about when Mohammed Aldoub, AKA Voulnet, (twitter.com/Voulnet) found a vulnerability on Virus Total and Tweeted about it. Sponsors Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Support for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Sources https://www.cyberscoop.com/story/trial-error-kuwait-mohammed-aldoub-case/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 14 Jun 2022 07:00:00 -0000

119: Hot Wallets

In this episode we interview journalist Geoff White to discuss some of the recent crypto currency heists that have been happening. Geoff has been tracking a certain group of thieves for some time and shares his knowledge of what hes found. Much of what we talk about in this episode has been published in Geoffs new book The Lazarus Heist: From Hollywood to High Finance: Inside North Koreas Global Cyber War (https://amzn.to/3mKf1qB). Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. axonius.com/darknet Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 31 May 2022 07:00:00 -0000

118: Hot Swaps

This is the story of Joseph Harris (https://twitter.com/akad0c). When he was a young teen he got involved with stealing video game accounts and selling them for money. This set him on a course where he flew higher and higher until he got burned. Joseph sometimes demonstrates vulnerabilities he finds on his YouTube channel https://www.youtube.com/channel/UCdcuF5Zx6BiYmwnS-CiRAng. Listen to episode 112 Dirty Coms to hear more about what goes on in the communities Joseph was involed with. Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Support for this show comes from Synack. Synack is a penetration testing firm. But they also have a community of, people like you, who earn regular money by legally hacking. If youre interested in getting paid to hack, visit them now at synack.com/red-team, and click apply now. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 17 May 2022 07:00:00 -0000

117: Daniel the Paladin

Daniel Kelley (https://twitter.com/danielmakelley) was equal parts mischievousness and clever when it came to computers. Until the day his mischief overtook his cleverness. Sponsors Support for this show comes from Keeper Security. Keeper Securitys is an enterprise password management system. Keeper locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization. Get started by visiting keepersecurity.com/darknet. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 03 May 2022 07:00:00 -0000

116: Mad Dog

Jim Lawler, aka Mad Dog, was a CIA case officer for 25 years. In this episode we hear some of the stories he has and things he did while working in the CIA. Jim has two books out. Affiliate links below. Living Lies: A Novel of the Iranian Nuclear Weapons Program https://amzn.to/3s0Ppca In the Twinkling of an Eye: A Novel of Biological Terror and Espionage https://amzn.to/3y7B4OL Sponsors Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Support for this show comes from Juniper Networks. Juniper Networks is dedicated to simplifying network operations and driving superior experiences for end users. Visit juniper.net/darknet to learn more about how Junipers Zero Trust Data Center provides uncompromising visibility across all your data center environments. Visit juniper.net/darknet to learn more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 19 Apr 2022 07:00:00 -0000

115: Player Cheater Developer Spy

Some video game players buy cheats to win. Lets take a look at this game cheating industry to see who the players are. Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 05 Apr 2022 07:00:00 -0000

114: HD

HD Moore (https://twitter.com/hdmoore) invented a hacking tool called Metasploit. He crammed it with tons of exploits and payloads that can be used to hack into computers. What could possibly go wrong? Learn more about what HD does today by visiting rumble.run/. Sponsors Support for this show comes from Quorum Cyber. They exist to defend organisations against cyber security breaches and attacks. Thats it. No noise. No hard sell. If youre looking for a partner to help you reduce risk and defend against the threats that are targeting your business and specially if you are interested in Microsoft Security - reach out to www.quorumcyber.com. Support for this show comes from Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs finding and fixing vulnerabilities in real time. And Snyk does it all right from the existing tools and workflows you already use. IDEs, CLI, repos, pipelines, Docker Hub, and more so your work isnt interrupted. Create your free account at snyk.co/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 22 Mar 2022 07:00:00 -0000

113: Adam

Adam got a job doing IT work at a learning academy. He liked it and was happy there and feeling part of the team. But a strange series of events took him in another direction, that definitely didnt make him happy. Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Support for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 08 Mar 2022 08:00:00 -0000

112: Dirty Coms

This episode we talk with a guy named Drew who gives us a rare peek into what some of the young hackers are up to today. From listening to Drew, we can see that times are changing for the motive behind hacking. In the 90s and 00s it was done for fun and curiosity. In the 10s Anonymous showed us what Hacktivism is. And now, in the 20s, the young hackers seem to be profit driven. Sponsors Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Support for this show comes from Juniper Networks. Juniper Networks is dedicated to simplifying network operations and driving superior experiences for end users. Visit juniper.net/darknet to learn more about how Juniper Secure Edge can help you keep your remote workforce seamlessly secure wherever they are. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 22 Feb 2022 08:00:00 -0000

111: ZeuS

ZeuS is a banking trojan. Designed to steal money from online bank users accounts. This trojan became so big, that it resulted in one of the biggest FBI operations ever. Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Keeper Security. Keeper Securitys is an enterprise password management system. Keeper locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization. Get started by visiting keepersecurity.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 08 Feb 2022 08:00:00 -0000

110: Spam Botnets

This episode tells the stories of some of the worlds biggest spamming botnets. Well talk about the botnets Rustock, Waledac, and Cutwail. Well discover who was behind them, what their objectives were, and what their fate was. Sponsors Support for this show comes fromJuniper Networks(hyperlink:juniper.net/darknet). Juniper Networks is dedicated to simplifying network operations and driving superior experiences for end users. Visitjuniper.net/darknetto learn more about how Juniper Secure Edge can help you keep your remote workforce seamlessly secure wherever they are. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 25 Jan 2022 08:00:00 -0000

109: TeaMp0isoN

TeaMp0isoN was a hacking group that was founded by TriCk and MLT (twitter.com/0dayWizard). They were responsible for some high profile hacks. But in this story its not the rise thats most interesting. Its the fall. Sponsors Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 11 Jan 2022 08:00:00 -0000

108: Marq

This is the story of Marq (twitter.com/dev_null321). Which involves passwords, the dark web, and police. Sponsors Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. View all active sponsors. Sources Court records and news articles were used to fact check this episode. However Marq requested that links to his full name not be made available. https://techcrunch.com/2019/12/19/ring-doorbell-passwords-exposed/ https://www.wired.com/2010/03/hacker-bricks-cars/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 21 Dec 2021 08:00:00 -0000

107: Alethe

Alethe is a social engineer. Professionally she tries to trick people to give her passwords and access that she shouldnt have. But her journey to this point is interesting and in this episode she tells us how she became a social engineer. Follow Alethe on Twitter: https://twitter.com/AletheDenis Sponsors Support for this show comes from Skiff. Skiff is a collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators can see what youve created. Try it out at https://www.skiff.org/darknet. Support for this show comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 07 Dec 2021 08:00:00 -0000

106: @Tennessee

How much online abuse are you willing to take before you decide to let your abuser have what they want? Unfortunately, this is a decision that many people have to ask themselves. If someone can threaten you physically, it bypasses whatever digital security you have in place. Thanks to https://twitter.com/jw for sharing this harrowing story with us. Affiliate links to books: The Smart Girls Guide to Privacy: https://www.amazon.com/gp/product/1593276486/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1593276486&linkCode=as2&tag=tunn01-20&linkId=0a8ee2ca846534f77626757288d77e00 Extreme Privacy:https://www.amazon.com/gp/product/B0898YGR58/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B0898YGR58&linkCode=as2&tag=tunn01-20&linkId=575c5ed0326484f0b612f000621b407f Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET. Support for this show comes from Ping Identity, champions of identity for the global enterprise. Give your users a loveable login solution. Visit www.pingidentity.com/. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 23 Nov 2021 08:00:00 -0000

105: Secret Cells

Joseph Cox (https://twitter.com/josephfcox), Senior Staff Writer at Motherboard (https://www.vice.com/en/topic/motherboard), joins us to talk about the world of encrypted phones. Books Affiliate links to books: The Smart Girls Guide to Privacy: https://www.amazon.com/gp/product/1593276486/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1593276486&linkCode=as2&tag=tunn01-20&linkId=0a8ee2ca846534f77626757288d77e00 Extreme Privacy:https://www.amazon.com/gp/product/B0898YGR58/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B0898YGR58&linkCode=as2&tag=tunn01-20&linkId=575c5ed0326484f0b612f000621b407f Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET. Support for this show comes from Ping Identity, champions of identity for the global enterprise. Give your users a loveable login solution. Visit www.pingidentity.com/. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 09 Nov 2021 08:00:00 -0000

104: Arya

Arya Ebrahami has had quite a personal relationship with darknet marketplaces. In this episode youll hear about his adventures on tor. Aryas current project is https://lofi-defi.com. Sponsors Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Support for this show comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Sources https://www.nbcwashington.com/news/local/27-arrested-in-prince-william-county-narcotics-investigation/58441/ https://patch.com/virginia/manassas/undercover-narcotics-operation-nets-27-arrrests-xanax-distribution-ring Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 26 Oct 2021 07:00:00 -0000

103: Cloud Hopper

Fabio Viggiani is an incident responder. In this episode he talks about the story when one of his clients were breached. Sponsors Support for this show, and for stretched security teams, comes from SOC.OS. Too many security alerts means alert fatigue for under-resourced SecOps teams. Traditional tools arent solving the problem. SOC.OS is the lightweight, cost-effective, and low-maintenance solution for your team. Centralise, enrich, and correlate your security alerts into manageable, prioritised clusters. Get started with an extended 3-month free trial at https://socos.io/darknet. Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET. Sources https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper https://www.reuters.com/article/us-china-cyber-cloudhopper-companies-exc-idUSKCN1TR1D4 https://www.fbi.gov/wanted/cyber/apt-10-group https://www.youtube.com/watch?v=277A09ON7mY https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061 https://www.technologyreview.com/2018/12/20/239760/chinese-hackers-allegedly-stole-data-of-more-than-100000-us-navy-personnel/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 12 Oct 2021 07:00:00 -0000

102: Money Maker

Frank Bourassa had an idea. He was going to make money. Literally. Listen to the story of a master counterfeiter. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 28 Sep 2021 07:00:00 -0000

101: Lotera

In 2014 the Puerto Rico Lottery was mysteriously losing money. Listen to this never before told story about what happened and who did it. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET. Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Sources https://en.wikipedia.org/wiki/Puerto_Rico_Lottery https://www.justice.gov/usao-pr/pr/10-individuals-indicted-drug-trafficking-and-money-laundering https://www.dea.gov/press-releases/2014/07/22/caribbean-corridor-strike-force-arrests-10-individuals-indicted-drug https://casetext.com/case/united-states-v-delfin-robles-alvarez-7 Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 31 Aug 2021 07:00:00 -0000

100: NSO

The NSO Group creates a spyware called Pegasus which gives someone access to the data on a mobile phone. They sell this spyware to government agencies around the world. How is it used and what kind of company is the NSO Group? Thanks to John Scott-Railton and Citizen Lab for investigating this and sharing their research. Sponsors Support for this show comes from Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNET Support for this show comes from Ping Identity, champions of identity for the global enterprise. Give your users a loveable login solution. Visit www.pingidentity.com/. Support for this show comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. For a full list of sources used in this episode and complete transcripts visit https://darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 17 Aug 2021 07:00:00 -0000

99: The Spy

Igor works as a private investigator in NYC. Hes often sitting in cars keeping a distant eye on someone with binoculars. Or following someone through the busy streets of New York. In this episode we hear about a time when Igor was on a case but sensed that something wasnt right. Sponsors Support for this show comes from Exabeam. Exabeam lets security teams see what traditional tools cant, with automated threat detection and triage, complete visibility across the entire IT environment and advanced behavioral analytics that distinguishes real threats from perceived ones, so security teams stay ahead and businesses keep moving without fear of the unknown. When the security odds are stacked against you, outsmart them from the start with Exabeam. Learn more at https://exabeam.com/DD. Support for this show comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Sources Article: The Case of the Bumbling Spy Podcast: The Catch and Kill Podcast with Ronan Farrow Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 03 Aug 2021 07:00:00 -0000

98: Zero Day Brokers

Zero day brokers are people who make or sell malware thats sold to people who will use that malware to exploit people. Its a strange and mysterious world that not many people know a lot about.Nicole Perlroth, who is a cybersecurity reporter for the NY Times, dove in head first which resulted in her writing a whole book on it. Affiliate link for book:This is How They Tell Me The World Ends (https://www.amazon.com/gp/product/1635576059/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1635576059&linkCode=as2&tag=tunn01-20&linkId=0aa8c966d98b49a7927bfc29aac76bbe) Audiobook deal:Try Audible Premium Plus and Get Up to Two Free Audiobooks (https://www.amazon.com/Audible-Free-Trial-Digital-Membership/dp/B00NB86OYE/?ref_=assoc_tag_ph_1485906643682&_encoding=UTF8&camp=1789&creative=9325&linkCode=pf4&tag=tunn01-20&linkId=31042b955d5e6d639488dc084711d033) Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET. Support for this show comes fromPrivacy.com. Privacy allows you to create anonymous debit cards instantly to use for online shopping. Visitprivacy.com/darknetto get a special offer. View all active sponsors. Sources Nicoles Book: This is How They Tell Me the World Ends https://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 20 Jul 2021 07:00:00 -0000

97: The Pizza Problem

What if someone wanted to own your Instagram account? Not just control it, but make it totally theirs. This episode tells the story of how someone tried to steal an Instagram account from someone. Sponsors Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Sources Vid: The $5 Million Phone Hack True Life Crime Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 06 Jul 2021 07:00:00 -0000

96: The Police Station Incident

Nicole Beckwithwears a lot of hats. Shes a programmer, incident responder, but also a cop and a task force officer with the Secret Service. In this episode she tells a story which involves all of these roles. https://twitter.com/NicoleBeckwith Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET. Support for this show comes fromExabeam. Exabeam lets security teams see what traditional tools cant, with automated threat detection and triage, complete visibility across the entire IT environment and advanced behavioral analytics that distinguishes real threats from perceived ones, so security teams stay ahead and businesses keep moving without fear of the unknown. When the security odds are stacked against you, outsmart them from the start with Exabeam. Learn more athttps://exabeam.com/DD. View all active sponsors. Sources https://www.secjuice.com/unusual-journeys-nicole-beckwith/ Talk from Nicole: Mind Hacks Psychological profiling, and mental health in OSINT investigations Talk from Nicole: Whos guarding the gateway? Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 22 Jun 2021 07:00:00 -0000

95: Jon & Brian's Big Adventure

JonandBrianare penetration testers who both worked at a place calledRedTeam Security. Theyre paid to break into buildings and hack into networks to test the security of those buildings. In this episode they bring us a story of how they prepare and execute a mission like this. But even with all the preparation, something still goes terribly wrong. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET. Support for this show comes fromPing Identity, champions of identity for the global enterprise. Give your users a loveable login solution. Visitwww.pingidentity.com/. View all active sponsors. Sources Video: Jon and Brian on ABC Nightline Video: RedTeam Security breaks into a power station https://www.redteamsecure.com/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 08 Jun 2021 07:00:00 -0000

94: Mariposa

Chris Davishas been stopping IT security threats for decades. Hes currently running the companyHyasthat he started. In this episode he tells a few tales of some threats that he helped stop. Sponsors Support for this show comes fromExabeam. Exabeam lets security teams see what traditional tools cant, with automated threat detection and triage, complete visibility across the entire IT environment and advanced behavioral analytics that distinguishes real threats from perceived ones, so security teams stay ahead and businesses keep moving without fear of the unknown. Learn more by visitingexabeam.com/dd. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Sources https://www.zdnet.com/article/hacker-curador-pleads-guilty-to-credit-card-theft/ https://www.pbs.org/wgbh/pages/frontline/shows/hackers/ https://archive.org/details/frontline_202009/Frontline-+Hackers/VIDEO_TS/VTS_01_1.VOB https://defintel.com/docs/Mariposa_Analysis.pdf https://krebsonsecurity.com/2020/03/french-firms-rocked-by-kasbah-hacker/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 25 May 2021 07:00:00 -0000

93: Kik

Kik is a wildly popular chat app. Their website says that 1 in 3 American teenagers use Kik. But something dark is brewing on Kik. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 11 May 2021 07:00:00 -0000

92: The Pirate Bay

The Pirate Bay is a website, a search engine, which has an index of torrent files. A lot of copyrighted material is listed on the site, but the site doesnt store any of the copyrighted material. It just points the user to where you can download it from. So for a while The Pirate Bay has been the largest places you can find pirated movies, music, games, and apps. But this site first came up 2003. And is still up and operation now, 18 years later! You would think someone would shut this place down by now. How does the biggest source for copyrighted material stay up and online for that long? Listen to this episode to find out. Sponsors Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 27 Apr 2021 07:00:00 -0000

91: webjedi

What happens when an unauthorized intruder gets into the network of a major bank? Amlie Koran akawebjediwas there for one of these intrusions and tells us the story of what happened. You can find more talks from Amlie at her websitewebjedi.net. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. This podcast is sponsored byNavisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next. VisitNavisite.com/go. View all active sponsors. Sources https://www.foxnews.com/story/0,2933,435681,00.html https://w2.darkreading.com/risk-management/world-bank-(allegedly)-hacked/d/d-id/1072857 https://www.washingtonpost.com/nation/2020/05/18/missionary-pilot-death-coronavirus/ https://webjedi.net/ CLAIM=8f61b1a2cab60fab354cc5b111ea154705b363d3=CLAIM Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 13 Apr 2021 07:00:00 -0000

90: Jenny

MeetJenny Radcliffe, the People Hacker. Shes a social engineer and physical penetration tester. Which means she gets paid to break into buildings and test their security. In this episode she tells us a few stories of some penetration testing jobs shes done. Sponsors Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. This podcast is sponsored byNavisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next. VisitNavisite.com/go. View all active sponsors. Sources humanfactorsecurity.co.uk Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 06 Apr 2021 07:00:00 -0000

89: Cybereason - Molerats in the Cloud

The threat research team at Cybereason uncovered an interesting piece of malware. Studied it and tracked it. Which lead them to believe they were dealing with a threat actor known as Molerats. Sponsors This episode is sponsored byCybereason. Cybereason reverses the attackers advantage and puts the power back in your hands. Their future-ready attack platform gives defenders the wisdom to uncover, understand, and piece together multiple threats. And the precision focus to end cyberattacks instantly on computers, mobile devices, servers, and the cloud. They do all this through a variety of tools theyve developed such as antivirus software, endpoint monitoring, and mobile threat detection tools. They can give you the power to do it yourself, or they can do all the monitoring and respond to threats in your environment for you. Or you can call them after an incident to get help cleaning up. If you want to monitor your network for threats, check out what Cybereason can do for you. Cybereason. End cyber attacks. From endpoints to everywhere. Learn more atCybereason.com/darknet. View all active sponsors. Sources https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf https://malpedia.caad.fkie.fraunhofer.de/actor/molerats https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 30 Mar 2021 07:00:00 -0000

88: Victor

Victorlooks for vulnerabilities on the web and reports them responsibly. This is the story about discloser number 5780. Listen to episodes 86, and 87 before this one to be caught up on the story leading up to this. Sponsors This podcast is sponsored byNavisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next. VisitNavisite.com/go. This podcast is sponsored by theJSCM Group. They have a service called ClosedPort: Scan, and its is a monthly Penetration Test performed by Cyber Security Experts. Contact JSCM Group today atjscmgroup.com/darknet. Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 16 Mar 2021 07:00:00 -0000

87: Guild of the Grumpy Old Hackers

In 2016 the LinkedIn breach data became available to the public. What the Guild of the Grumpy Old Hackers did with it then is quite the story. Listen toVictor,Edwin, andMattijstell their story. Sponsors Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Support for this show comes fromPrivacy.com. Privacy allows you to create anonymous debit cards instantly to use for online shopping. Visitprivacy.com/darknetto get a special offer. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 02 Mar 2021 08:00:00 -0000

86: The LinkedIn Incident

In 2012, LinkedIn was the target of a data breach. A hacker got in and stole millions of user details. Username and password hashes were then sold to people willing to buy. This episode goes over the story of what happened. For a good password manager, check out LastPass. Sponsors Support for this episode comes fromQuadrant Information Security. If you need a team of around the clock analysts to monitor for threat in your network using a custom SIEM, check out what Quadrant can do for you by visitingwww.quadrantsec.com. Support for this show comes fromThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out athttps://canary.tools. Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 16 Feb 2021 08:00:00 -0000

85: Cam the Carder

This is the story ofCam Harrison, aka kilobit and his rise and fall as a prominent carder. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes fromOracle for Startups. Oracle for Startups delivers enterprise cloud at a startup price tag, with free cloud credits and 70% off industry-leading cloud services to help you reel in the big fishconfidently. To learn more, visitOracle.com/goto/darknet. View all active sponsors. Sources https://www.justice.gov/opa/pr/member-organized-cybercrime-ring-responsible-50-million-online-identity-theft-sentenced-115 https://nakedsecurity.sophos.com/2014/11/14/carder-su-fraudster-jailed-for-9-years-and-ordered-to-pay-50-8m/ https://www.justice.gov/usao-nv/operation-open-market Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 02 Feb 2021 08:00:00 -0000

84: Jet-setters

How bad is it if you post your boarding pass on Instagram? Our guest,Alexdecides to figure this out for themself and has quite a story about what happened. You can read more from Alex on their bloghttps://mango.pdf.zone. We also hear fromTProphetwhos here to give us some travel hacks to save tons on airfare when we start traveling again. You can learn more about TProphets travel hacks athttps://seat31b.comorhttps://award.cat. Sponsors Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Support for this show comes fromTanium. With Tanium you can gain real-time security and operational data directly from your endpoints along with the ability to take action on, and create reports from, that data in just minutes, so that you and your teams can have the insight and capability necessary to accomplish the mission effectively. Learn more athttps://federal.tanium.com. View all active sponsors. Sources https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagram https://seat31b.com https://award.cat Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 19 Jan 2021 08:00:00 -0000

83: NSA Cryptologists

In this episode we interview two NSA Cryptologists,Marcus J. CareyandJeff Man. We hear their story of how they got into the NSA and what they did while there. To hear more stories from Jeff tune intoPauls Security Weeklywhere Jeff is a regular co-host and shares a lot of stories and insights. Marcus has written several books on security. They areTribe of Hackers,Tribe of Hackers Blue Team,Tribe of Hackers Red Team,Tribe of Hackers Security Leaders,Think in Code, and a childrens book calledThree Little Hackers. Also check out theTribe of Hackers podcastto hear interviews with all these amazing people! Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 05 Jan 2021 08:00:00 -0000

82: Master of Pwn

TheZero Day Initiativeruns a hacker contest calledPwn2Own. The contest calls the best hackers in the world to demonstrate they can hack into software that should be secure. Like browsers, phones, and even cars. A lot of vulnerabilities are discovered from this event which means vendors must fix them. Whoever can demonstrate the most vulnerabilities will be crowned the Master of Pwn. Thanks toDustin ChildsandBrian Gorencfrom ZDI to hear all about Pwn2Own. Thanks toRadekandPedrofor sharing their experiences of becoming the Masters of Pwn. Sponsors Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Support for this show comes fromKars 4 Kids. Donate your car today, this organization will sell to use for their charity. View all active sponsors. Sources https://www.forbes.com/profile/lee-junghoon/?sh=49ee055fc9c7 https://www.cyberscoop.com/pwn2own-chinese-researchers-360-technologies-trend-micro/ https://twitter.com/BrendanEich/status/697889208380293120 https://www.techtimes.com/articles/247111/20200130/google-bug-bounty-2019-became-the-highest-paid-google-hackers-reaching-6-5-million.htm Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 22 Dec 2020 08:00:00 -0000

81: The Vendor

This is the story of a darknet marketplace vendor well name V. V tells his story of how he first became a buyer, then transitioned into seller. This episode talks about drugs. Listener discretion is advised. If you want to contact V his email is at https://darknetdiaries.com/episode/81. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 08 Dec 2020 08:00:00 -0000

80: The Whistleblower

In this episode we hear a story from a social engineer whos job it is to get people to do things they dont want to do. Why? For profit. Sponsors Support for this episode comes fromSentinelOnewhich can protect and assistwith ransomeware attacks. On top of that, SentinelOne offers threat hunting, visibility, and remote administration tools to manage and protect any IoT devices connected to your network. Go toSentinelOne.com/DarknetDiariesfor your free demo. Your cybersecurity future starts today with SentinelOne. Support for this show comes fromThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out athttps://canary.tools. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 24 Nov 2020 08:00:00 -0000

79: Dark Basin

What do you do when you find yourself the target of a massive hacking campaign, and you are getting thousands of phishing emails and someone following you in your car. You might turn to Citizen Lab who has the ability to research who is behind this and help bring the hackers to justice. Our guests this episodes are Adam Hulcoop and John Scott-Railton ofCitizen Lab. This episode also has an interview with Matthew Earl ofShadowfall. Sponsors Support for this show comes fromLastPassby LogMeIn. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 10 Nov 2020 08:00:00 -0000

78: Nerdcore

Nerdcore music is music for nerds. In this episode we hear from some of the musicians who make Nerdcore music. This episode features guestsytcracker,Ohm-I, andDual Core. Content warning: This episode has explicit lyrics. Music For a playlist of music used in this episode visit darknetdiaries.com/episode/78. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 27 Oct 2020 07:00:00 -0000

77: Olympic Destroyer

In February 2018, during the Winter Olympics in Pyeongchang South Korea, a cyber attack struck, wiping out a lot of the Olympics digital infrastructure. Teams rushed to get things back up, but it was bad. Malware had repeatedly wiped the domain controllers rendering a lot of the network unusable. Who would do such a thing? We will talk withAndy Greenbergto discuss Olympic Destroyer, a chapter from his bookSandworm (affiliate link). Sponsors Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 13 Oct 2020 07:00:00 -0000

76: Knaves Out

This is the story about how someone hacked into JP Morgan Chase, one of the biggest financial institutions in the world. Its obvious why someone would want to break into a bank right? Well the people who hacked into this bank, did not do it for obvious reasons. The hackers are best described as knaves. Which are tricky, deceitful fellows. Sponsors Support for this show comes fromLastPassby LogMeIn. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. Support for this episode comes fromSentinelOnewhich can protect and assistwith ransomeware attacks. On top of that, SentinelOne offers threat hunting, visibility, and remote administration tools to manage and protect any IoT devices connected to your network. Go toSentinelOne.com/DarknetDiariesfor your free demo. Your cybersecurity future starts today with SentinelOne. Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. For a complete list of sources and a full transcript of the show visit darknetdiaries.com/episode/76. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 29 Sep 2020 07:00:00 -0000

75: Compromised Comms

From 2009 to 2013 the communication channels the CIA uses to contact assets in foreign countries was compromised. This had terrifying consequences. Guests this episodes areJenna McLaughlinandZach Dorfman. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. This episode was sponsored byThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out athttps://canary.tools. View all active sponsors. Sources https://finance.yahoo.com/news/cias-communications-suffered-catastrophic-compromise-started-iran-090018710.html Video: Fostering Bipartisanship in Intelligence Oversight CNAS2019 https://www.mcclatchydc.com/news/nation-world/national/article28348576.html https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/ https://www.nytimes.com/2017/05/20/world/asia/china-cia-spies-espionage.html https://www.nytimes.com/2018/01/17/world/asia/jerry-lee-cia-china-mole-hunt-suspect.html https://news.yahoo.com/cia-fix-communications-system-left-trail-dead-agents-remains-elusive-100046908.html https://www.washingtonpost.com/archive/sports/1988/03/21/cuban-defector-impeaches-cia-spies/10cec17c-076b-4867-96c5-628b8435a852/ https://en.wikipedia.org/wiki/Aldrich_Ames Attribution Darknet Diaries is created byJack Rhysider. Research assistance this episode fromYael Grauer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 15 Sep 2020 07:00:00 -0000

74: Mikko

Poker is a competitive game. Unlike other casino games, poker is player vs player. Criminal hackers have understood this for a while and sometimes hack the other players to get an edge. And that small edge can result in millions of dollars in winnings. This episode contains a story fromMikko HypponenofF-Secure. We also interview Mikko to know more about him and the history of malware. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. This episode was sponsored byThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out athttps://canary.tools. Sources https://www.cardplayer.com/poker-news/18318-wsop-bracelet-winner-jailed-for-web-poker-cheating https://forumserver.twoplustwo.com/29/news-views-gossip/my-unbelievable-ept-barcelona-story-hotel-rooms-arts-barcelona-broken-into-plant-trojans-1369171/ Mikkos research on bypassing hotel room keys https://archive.f-secure.com/weblog/archives/00002647.html https://pokerfuse.com/news/live-and-online/more-stories-of-tampered-laptops-emerge-in-wake-of-ept-barcelona-scam-24-09/ https://forumserver.twoplustwo.com/showpost.php?p=40050535&postcount=410 https://forumserver.twoplustwo.com/showpost.php?p=40099537&postcount=794 https://igaming.org/poker/news/danish-former-high-stakes-pro-reported-to-police-for-massive-fraud-1602/ https://nyheder.tv2.dk/krimi/2019-12-02-dansk-pokerspiller-far-konfiskeret-26-millioner-kroner https://www.flushdraw.net/news/peter-jepsen-verdict-a-mixed-victory-for-poker-justice/ https://www.bankrollmob.com/poker-news/2019123/danish-poker-pro-sentenced-jail-cheating-others-online-poker Video: Peter Jepsen talks about an attempted hack on him https://www.sijoitustieto.fi/comment/29593#comment-29593 https://forumserver.twoplustwo.com/29/news-views-gossip/sad-conclusion-my-barcelona-incident-1397551/ Video: Brain Searching for the first PC virus in Pakistan https://archive.org/details/malwaremuseum Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 01 Sep 2020 07:00:00 -0000

73: WannaCry

It is recommend to listen to episodes53 Shadow Brokers,71 FDFF, and72 Bangladesh Bank Heistbefore listening to this one. In May 2017 the world fell victim to a major ransomware attack known as WannaCry. One of the victims was UKs national health service. Security researchers scrambled to try to figure out how to stop it and who was behind it. Thank you toJohn HultquistfromFireEyeand thank you toMatt Suichefounder ofComae. Sponsors Support for this episode comes fromLastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. This episode was sponsored byLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand when signing up with a new account use code darknet2020 to get a $20 credit on your next project. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 18 Aug 2020 07:00:00 -0000

72: Bangladesh Bank Heist

A bank robbery with the objective to steal 1 billion dollars. This is the story of the largest bank robbery in history. And it was all done over a computer. Our guest this episode wasGeoff White. Learn more about him atgeoffwhite.tech. Check out Geoffs new bookCrime Dot Com. Affiliate link: https://www.amazon.com/gp/product/1789142857/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1789142857&linkCode=as2&tag=darknet04-20&linkId=bb5a6aa7ba980183e0ce7cee1939ea05 Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 04 Aug 2020 07:00:00 -0000

71: Information Monopoly

In this episode, were going into the depths of North Korea to conduct one of the greatest hacks of all time. To find a way to inject information into a country run by totalitarian regime. A big thanks toYeonmi Parkfor sharing her story with us. Also thanks toAlex Gladsteinfor telling us the inside story. You can find more about Flash Drive For Freedom atflashdrivesforfreedom.org. Yeonmis book "In Order to Live": https://www.amazon.com/gp/product/014310974X/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=014310974X&linkCode=as2&tag=darknet04-20&linkId=88ebdc087c6ce041105c479b1bb6c3d2 Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 21 Jul 2020 07:00:00 -0000

70: Ghost Exodus

Ghost Exodus is a hacker. He conducted various illegal activities online. Some of which he documents on YouTube. Hes also a great musician. He got into some trouble from his hacking. This is his story. A big thanks toGhost Exodusfor sharing his story with us. Also thanks toWesley McGrewfor telling us the inside story. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. This episode was sponsored by Detectify. What vulnerabilities will their crowdsource-powered web vulnerability scanner detect in your web applications? Find out with a 14-day free trial. Go tohttps://detectify.com/Darknet Sources https://www.pcworld.com/article/167756/article.html https://archives.fbi.gov/archives/dallas/press-releases/2011/dl031811.htm Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 07 Jul 2020 07:00:00 -0000

69: Human Hacker

We all know that computers and networks are vulnerable to hacking and malicious actors, but what about us, the humans who interface with these devices? Con games, scams, and strategic deception are far older than computers, and in the modern era, these techniques can make humans the weakest link in even the most secure system. This episode, security consultant and master social engineer, Christopher Hadnagy, joins us to share his stories and wisdom. He describes what it was like to be a social engineer before the world knew what social engineering was and tells some of his amazing stories from his long career in penetration testing. A big thanks toChristopher Hadnagyfromsocial-engineer.orgfor sharing his stories with us. Check out his bookSocial Engineering: The Science of Human Hacking, affiliate link here. Check out his podcast calledThe Social-Engineerpodcast. Sponsors This episode was sponsored byThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out athttps://canary.tools. Support for this episode comes fromLastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. Sources https://www.social-engineer.org/ How phishing scammers manipulate your amygdala and oxytocin TEDxFultonStreet DEF CON 22 - Chris Hadnagy - What Your Body Tells Me - Body Language for the SE https://en.wikipedia.org/wiki/George_C._Parker Book Recommendations with affiliate links: Social Engineering Influence What Every Body is Saying Emotions Revealed Presence Its Not About Me, Top 10 Techniques for Building Rapport Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 23 Jun 2020 07:00:00 -0000

68: Triton

A mysterious mechanical failure one fateful night in a Saudi Arabian chemical plant leads a cast of operational technology researchers down a strange path towards an uncommon, but grave, threat. In this episode, we hear how these researchers discovered this threat and tried to identify who was responsible for the malware behind it. We also consider how this kind of attack may pose a threat to human life wherever there are manufacturing or public infrastructure facilities around the world. A big thanks toJulian Gutmanis,Naser Aldossary,Marina Krotofil, andRobert M. Leefor sharing their stories with us. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. This episode was sponsored byLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand when signing up with a new account use code darknet2020 to get a $20 credit on your next project. Sources https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://dragos.com/wp-content/uploads/TRISIS-01.pdf Video S4 TRITON - Schneider Electric Analysis and Disclosure Video S4 TRITON - Mandiant Analysis at S4x18 Video S4 TRITON - Reverse Engineering the Tricon Controller by Dragos Video S4 TRITON - A Report From The Trenches Video - Safety Orientation video for the Chemical Plant Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 09 Jun 2020 07:00:00 -0000

67: The Big House

John Strandis a penetration tester. Hes paid to break into computer networks and buildings to test their security. In this episode we listen to stories he has from doing this type of work. Thanks toJohn Strandfor coming on the show and telling your story. Sponsors Support for this episode comes fromLastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Sources How a Hackers Mom Broke Into a Prisonand the Wardens Computer Video: How not to suck at pen testing John Strand Video: I Had My Mom Break Into Prison Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 26 May 2020 07:00:00 -0000

66: freakyclown

Freakyclown is a physical penetration tester. His job is to break into buildings to test the security of the building. In this episode we hear stories of some of these missions hes been on. Thanks toFreakyclownfor coming on the show and telling your story. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. This episode was sponsored by Molekule, a new air purifier that completely destroys air pollutants to help you breath easier.https://molekule.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 12 May 2020 07:00:00 -0000

65: PSYOP

PSYOP, or Psychological Operations, is something the US military has been doing to foreign audiences for decades. But what exactly is it? And whats the difference between white, gray, and black PSYOP missions? We talk to PSYOP specialists to learn more. Thanks toJon Nicholsfor telling us about this fascinating world. Sponsors Support for this episode comes fromLastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Sources https://www.democracynow.org/2006/3/24/the_psyops_war_a_look_at https://en.wikipedia.org/wiki/Lincoln_Group https://www.goarmy.com/careers-and-jobs/special-operations/psyop/psyop-mission.html# https://en.wikipedia.org/wiki/Operation_Wandering_Soul_(Vietnam_War) https://en.wikipedia.org/wiki/Torches_of_Freedom http://cgsc.contentdm.oclc.org/cdm/ref/collection/p16040coll3/id/182 https://archive.org/details/PropagandaAudiobook/Propaganda+Chapter+01.mp3 https://www.newsweek.com/us-military-gets-mysterious-and-false-text-message-evacuate-korean-peninsula-669875 https://www.cbinsights.com/research/future-of-information-warfare/ https://en.wikipedia.org/wiki/National_Defense_Authorization_Act_for_Fiscal_Year_2013#Smith%E2%80%93Mundt_Modernization_Act_of_2012 Videos Vietnam War Ghost Audio Tape used in PSYOPS Wandering Soul Jon Nichols Part 0 - Unallocated Spaces Talk on Russian Propaganda Cyber-Influence: Cyberwar and Psychological Operations WWII Psych Ops MISO Marines broadcast important information to Afghans The War You Dont See Edward L. Bernays interview, 1986-10-23 As it fights two wars, the Pentagon is steadily and dramatically increasing money spent on propaganda Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 28 Apr 2020 07:00:00 -0000

64: The Athens Shadow Games

Vodafone Greece is the largest telecom provider in Greece. But in 2004 a scandal within the company would pin them to be top of the news cycle in Greece for weeks. Hackers got in the network. And what they were after took everyone by surprise. Sponsors Support for this episode comes fromOkta. Learn more about how you can improve your security posture with the leader in identity-driven security atokta.com/darknet. This episode is supported byPlexTrac. PlexTrac is the purple teaming platform and is designed to streamline reporting, tracking and attestation so you can focus on getting the realcybersecurity work done. Whether you're creating pen test reports on the red team, or tracking and remediating on the blue team, PlexTrac can help. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 14 Apr 2020 07:00:00 -0000

63: w0rmer

The hacker named w0rmer was active within AnonOps. These are Anonymous Operations which often organize and wage attacks on websites or people often with the purpose of social justice. Eventually w0rmer joined in on some of these hacking escapades which resulted in an incredible story that he will one day tell his kids. Thanks to w0rmer for telling us your story. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes from LastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. Visit LastPass.com/Darknet to start your 14 day free trial. SourcesArchived Tweets Feb 7, 2012 Twitter user @Anonw0rmer posts @MissAnonFatale I managed to pwn1 a site , get my papers , find my required primary IDS , yeah baby, i deservers em :) Feb 8, 2012 1:17 AM, Twitter user @Anonw0rmer posted, ROFL! WaS that us? https://www.wvgazettemail.com/news/legal_affairs/hackers-group-posts-police-chiefs-information-online/article_77f79fd5-f76f-5825-ae19-43a398361fdf.html o yeah oops #OpPigRoast #CabinCr3w Feb 9, 2012 12:35 AM, Twitter user @Anonw0rmer posted, DB Leak http://dps.alabama.gov https://pastehtml.com/view/bnik8yo1q.html. The bottom of this post originally showed this NSFW image. Feb 9, 2012 at 8:42 PM, Twitter user @Anonw0rmer posted, Mobile Alabama Police Criminal Record Database Logins Failing To Protect And Serve I Via @ItsKahuna I http://pastehtml.com/view/bnmjxxgfp.html #OpPiggyBank. Feb 9, 2012 at 8:39 PM, Twitter user @CabinCr3w posted, Texas Dept. of safety Hacked By @AnonWOrmer for #OpPiggyBank http://bit.ly/x1KH5Y #CabinCr3w #Anonymous Bottom of pastebin also shows a woman holding a sign saying We Are ALL Anonymous We NEVER Forgive. We NEVER Forget. <3 @Anonw0rmer Feb 10, 2012 at 9:07 PM, Twitter user @Anonw0rmer posted, My baby SETS standards ! wAt U got? https://i.imgur.com/FbH2K.jpg https://i.imgur.com/zsPvm.jpg https://i.imgur.com/S2S2C.jpg https://i.imgur.com/TVqdN.jpg #CabinCr3w. Links Criminal Complaint - United States Western District Court of Texas https://gizmodo.com/these-breasts-nailed-a-hacker-for-the-fbi-5901430 https://www.tomsguide.com/us/Anonymous-CabinCr3w-w0rmer-Ochoa-Australia,news-14803.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 31 Mar 2020 07:00:00 -0000

62: Cam

Cams story is both a cautionary tale and inspirational at the same time. Hes been both an attacker and defender. And not the legal kind of attacker. He has caused half a million dollars in damages with his attacks. Attacks that arose from a feeling of seeing injustices in the world. Listen to his story. Sponsors This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Sources BBC: The teenage hackers whove been given a second chance https://www.bbc.com/news/av/technology-40655656/uk-s-first-boot-camp-hopes-to-reform-teenage-hackers https://www.ncsc.gov.uk/ https://www.csa.limited/ https://www.tripwire.com/state-of-security/latest-security-news/teenager-who-ddosed-governments-seaworld-receives-no-jail-time/ https://www.ncsc.gov.uk/section/education-skills/11-19-year-olds Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 17 Mar 2020 07:00:00 -0000

61: Samy

Samy Kamkar is a hacker. And while hes done a lot of stuff, hes best known for creating the Samy Worm. Which spread its way through a popular social media site and had crazy results. Thanks to our guest Samy Kamkar for telling his story. Learn more about him by visiting https://samy.pl/. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes from LastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. Visit LastPass.com/Darknet to start your 14 day free trial. Sources Samys YouTube Channel Video: MySpace Worm Animated Story https://samy.pl/myspace/ https://www.vice.com/en_us/article/wnjwb4/the-myspace-worm-that-changed-the-internet-forever Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 03 Mar 2020 08:00:00 -0000

60: dawgyg

This is a story about the hacker named dawgyg and how he made over $100,000 in a single day, from hacking. Thanks to our guest dawgyg for telling his story. Sponsors This episode is sponsored by SentinelOne - to learn more about their endpoint security solutions and get a 30-day free trial, visit sentinelone.com/darknetdiaries This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Sources Video: The Million-Dollar Hacker | Bloomberg Video: Hacker makes big money as a bug bounty hunter | Kim Komando Show https://hackerone.com/dawgyg dawgyg wins h1415 https://www.hackerone.com/blog/meet-six-hackers-making-seven-figures USA v. DeVoss court records Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 18 Feb 2020 08:00:00 -0000

59: The Courthouse

In this episode we hear from Gary and Justin. Two seasoned penetration testers who tell us a story about the time when they tried to break into a courthouse but it went all wrong. Sponsors This episode was sponsored by Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNET This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Sources https://arstechnica.com/information-technology/2019/11/how-a-turf-war-and-a-botched-contract-landed-2-pentesters-in-iowa-jail/ https://krebsonsecurity.com/2020/01/iowa-prosecutors-drop-charges-against-men-hired-to-test-their-security/ https://www.coalfire.com/News-and-Events/Press-Releases/Coalfire-CEO-Tom-McAndrew-statement https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/10/iowa-supreme-court-justice-cady-policies-courthouse-break-ins-senate-polk-dallas-burglary-ia-cyber/3930656002/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/09/19/iowa-state-senator-calls-oversight-committee-investigate-courthouse-break-ins-crime-polk-dallas/2374576001/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/28/iowa-courthouse-break-ins-men-security-firm-plead-not-guilty-trespassing/2488314001/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/30/courthouse-break-in-ceo-cyber-security-coalfire-charges-dropped/4097354002/ https://www.desmoinesregister.com/story/news/crime-and-courts/2020/01/30/courthouse-break-ins-charges-dropped-against-coalfire-employees/4611574002/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 04 Feb 2020 08:00:00 -0000

58: OxyMonster

OxyMonster sold drugs on the darknet at Dream Market. Something happened though, and it all came crashing down. Sponsors This episode was sponsored by Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNET This episode was sponsored by Molekule, a new air purifier that completely destroys air pollutants to help you breath easier. https://molekule.com to use check out code DARKNET10 to get a discount. See complete list of sources at https://darknetdiaries.com/episode/58. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 21 Jan 2020 08:00:00 -0000

57: MS08-067

Hear what goes on internally when Microsoft discovers a major vulnerability within Windows. Guest Thanks to John Lambert for sharing this story with us. Sponsors Support for this episode comes from ProCircular. Use the team at ProCircular to conduct security assessments, penetration testing, SIEM monitoring, help with patches, or do incident response. Visitwww.procircular.com/to learn more. This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Sources https://blogs.technet.microsoft.com/johnla/2015/09/26/the-inside-story-behind-ms08-067/ https://www.justice.gov/opa/pr/payment-processor-scareware-cybercrime-ring-sentenced-48-months-prison https://www.nytimes.com/2019/06/29/opinion/sunday/conficker-worm-ukraine.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601 https://www.wired.com/story/nsa-windows-10-vulnerability-disclosure/ Book: Worm Attribution Darknet Diaries is created by Jack Rhysider. Episode artwork by odibagas. Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 07 Jan 2020 08:00:00 -0000

56: Jordan

This is the story of Jordan Harbinger. A bit of a misfit teenager, who was always on the edge of trouble. In this story we hear what happened that lead to a visit from the FBI. Guest Thanks to Jordan Harbinger for sharing his story with us. You can find hist podcast by searching for The Jordan Harbinger Show wherever you listen to podcasts. Sponsors This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. More information at https://darknetdiaries.com/episode/56. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 25 Dec 2019 08:00:00 -0000

55: NoirNet

A holiday special episode. A private pen tester takes on a job that involves him with another eccentric pen tester, a mischievious smile, and his quest to gain access to the network. Guest Thanks to TinkerSec for telling us the story. Sources https://twitter.com/TinkerSec/status/1206410740099366918 Attribution Darknet Diaries is created by Jack Rhysider. Artwork this episode by habblesthecat. More information at DarknetDiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 24 Dec 2019 08:00:00 -0000

54: NotPetya

The story of NotPetya, seems to be the first time, we see what a cyber war looks like. In the summer of 2017 Ukraine suffered a serious and catastrophic cyber attack on their whole country. Hear how it went down, what got hit, and who was responsible. Guest Thanks to Andy Greenberg for his research and sharing this story. I urge you to get his book Sandworm because its a great story. Sponsors This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2019 to get a $20 credit on your next project. Support for this episode comes from Honeybook. HoneyBook is an online business management tool that organizes your client communications, bookings, contracts, and invoices all in one place. Visit honeybook.com/darknet to get 50% off your subscription. This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit cmd.com/dark to get a free demo. For more show notes visit darknetdiaries.com/episode/54. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 10 Dec 2019 08:00:00 -0000

53: Shadow Brokers

The NSA has some pretty advanced, super secret, hacking tools. What if these secret hacking tools were to end up in the wrong persons hands? Well, that happened. Guest Thanks to Jake Williams from Rendition Security for telling us the story. Sponsors This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 26 Nov 2019 08:00:00 -0000

52: Magecart

Credit card skimming is growing in popularity. Gas pumps all over are seeing skimmers attached to them. Its growing in popularity because its really effective. Hackers have noticed how effective it is and have began skimming credit cards from websites. Guest Thanks to Yonathan Klijnsma from RiskIQ. Sponsors This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2019 to get a $20 credit on your next project. Support for this episode comes from Honeybook. HoneyBook is an online business management tool that organizes your client communications, bookings, contracts, and invoices all in one place. Visit honeybook.com/darknet to get 50% off your subscription. This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. Visit darknetdiaries.com for full show notes and transcripts. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 12 Nov 2019 08:00:00 -0000

Ep 51: The Indo-Pak Conflict

Kashmir is a region right in between India, Pakistan, and China. For the last 70 years Pakistan and India have fought over this region of the world, both wanting to take control of it. Tensions sometimes heat up which can result in people being killed. When tensions get high in the real world, some people take to the internet and hack their rivals as a form of protest. In this episode well explore some of the hacking that goes on between India and Pakistan. Sponsors Support for this episode comes from Check Point. Check Point makes firewalls and security appliances you can use to combat the latest generation of cyber attacks. Upgrade your cybersecurity at CheckPoint.com Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. For more show notes and links visit https://darknetdiaries.com/episode/51. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 30 Oct 2019 20:44:00 -0000

Ep 50: Operation Glowing Symphony

Operation Inherent Resolve was started in 2016 which aimed to combat ISIS. It was a combined joint task force lead by the US military. Operation Inherent Resolve sent troops, ships, and air strikes to Iraq and Syria to fire weapons upon ISIS military. Its widely known that US military engaged with ISIS in this way. But what you may not have heard, is the story of how the US military also combated ISIS over the Internet. This is the story of how the US hacked ISIS. Sponsors This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2019 to get a $20 credit on your next project. Support for this episode comes from Honeybook. HoneyBook is an online business management tool that organizes your client communications, bookings, contracts, and invoices all in one place. Visit [honeybook.com/darknet] to get 50% off your subscription. Support for this episode comes from Check Point. Check Point makes firewalls and security appliances you can use to combat the latest generation of cyber attacks. Upgrade your cybersecurity at CheckPoint.com Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 15 Oct 2019 07:00:00 -0000

Ep 49: Elliot

In this episode we meet Elliot Alderson (@fs0c131y) from Twitter. Who is this strange masked person? What adventures have they gotten themselves into? Many stories will be told. The mask will be lifted. Sponsors This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Go to https://nordvpn.com/darknet to get 70% off a 3 year plan and use code darknet for an extra month for free! Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 01 Oct 2019 07:00:00 -0000

Ep 48: Operation Socialist

This is the story about when a nation state hacks into a company within another nation. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25 to get 25% off. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code DARKNET to get 75% off when signing up for 3 years. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 17 Sep 2019 07:00:00 -0000

Ep 47: Project Raven

This is the story about an ex-NSA agent who went to work for a secret hacking group in the UAE. Sponsors This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 03 Sep 2019 07:00:00 -0000

Ep 46: XBox Underground (Part 2)

This is the story about the XBox hacking scene and how a group of guys pushed their luck a little too far. This is part 2 of a 2 part series. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. Learn more about stocks and investing from MyWallSt. Visit mywallst.com/darknet to learn more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 20 Aug 2019 07:00:00 -0000

Ep 45: XBox Underground (Part 1)

This is the story about the XBox hacking scene and how a group of guys pushed the hacking a little too far. This is part 1 of a 2 part series. Sponsors This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "DARKNET". This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn't be. Check them out at https://canary.tools. This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. Use promot code "DARKNET25". Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 06 Aug 2019 07:00:00 -0000

Ep 44: Zain

Ransomware is ugly. It infects your machine and locks all the the data and to unlock you have to pay a fee. In this episode we dive into some of the people behind it. Sponsors This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. This episode was sponsored by MyWallSt. Their app can help you find good looking stocks to invest in. Visit MyWallSt.com/dark to start your free 30 day trial. For more show notes and links check out darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 23 Jul 2019 07:00:00 -0000

Ep 43: PPP

This is the story about how I acquired a black badge from DEFCON (pictured above). We also hear the story about who PPP is, and their CTF journey at DEFCON. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code DARKNET. This episode was sponsored by Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNET Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 09 Jul 2019 07:00:00 -0000

Ep 42: Mini-Stories: Vol 2

Three stories in one episode. Listen in on one of Dave Kennedy's penetration tests he conducted where he got caught trying to gain entry into a datacenter. Listen to a network security engineer talk about the unexpected visitor found in his network and what he did about it. And listen to Dan Tentler talk about a wild and crazy engagement he did for a client. Guests A very special thanks to Dave Kennedy. Learn more about his company at trustedsec.com. Thank you Clay for sharing your story. Check out the WOPR Summit. Viss also brought an amazing story to share. Thank you too. Learn more about him at Phobos.io. I first heard Clay's story on the Getting Into Infosec Podcast. Thanks Ayman for finding him and bring that story to my attention. Sponsors This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn't be. Check them out at https://canary.tools. For more show notes and links check out darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 25 Jun 2019 07:00:00 -0000

Ep 41: Just Visiting

Join JekHyde and Carl on a physical penetration test, a social engineering engagagement, a red team assessment. Their mission is to get into a building they shouldn't be allowed, then plant a rogue computer they can use to hack into the network from a safe place far away. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "DARKNET". This episode was sponsored by Hostinger. Go to https://hostinger.com/darknet and use code DARKNET to get 15% off a hosting plan and check out this weeks free feature. For more information visit darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 11 Jun 2019 07:00:00 -0000

Ep 40: No Parking

Take a ride with a red teamer. A physical penetration tester as he tries to make his away into unauthorized areas, steal sensitive documents, hack into the computers, and escape with company property. This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. This episode was sponsored by Hostinger. Go to https://hostinger.com/darknet and use code DARKNET to get 15% off a hosting plan and check out this weeks free feature. For complete show notes and links go to darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 28 May 2019 07:00:00 -0000

Ep 39: 3 Alarm Lamp Scooter

A talk at Defcon challenged people to find a way to destroy a hard drive. A young man was inspired by this challenge and was determined to find a way to destroy a hard drive. But this is not a typical young man, with a typical plan. For pictures of Daniel and his projects visit darknetdiaries.com/episode/39. This episode was sponsored by Nord VPN. Visit nordvpn.com/darknet and use promo code "DARKNET". This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 14 May 2019 07:00:00 -0000

Ep 38: Dark Caracal

A journalist wrote articles critical of the Kazakhstan government. The government did not like this and attempted to silence her. But they may have done more than just silence her. Perhaps they tried to spy on her too. The EFF investigated this case and went down a very interesting rabbit hole. Thanks to Cooper Q from EFF's new Threat Lab. Also big thanks to Eva from EFF, Andrew Blaich and Michael Flossman from Lookout. For another story about the EFF listen to episode 12 "Crypto Wars". This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 30 Apr 2019 07:00:00 -0000

Ep 37: LVS

The Venetian casino in Las Vegas Nevada was the largest hotel in the world until 2015. The parent company is Las Vegas Sands (LVS) which owns 10 properties around the world. And the CEO and founder of LVS is Sheldon Adelson. One day the CEO said something which sparked quite a firestorm. This episode was sponsored by Nucleus. Visit nucleussec.com to start your free trial. This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. For more show notes visit DarknetDiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 16 Apr 2019 07:00:00 -0000

Ep 36: Jeremy from Marketing

A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn't go as planned. Thanks to @TinkerSec for telling us this story. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "DARKNET". This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. For more show notes visit https://darknetdiaries.com/episode/36. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 02 Apr 2019 07:00:00 -0000

Ep 35: Carbanak

ATM hacking. Hollywood has been fantasizing about this since the 1980's. But is this a thing now? A security researcher named Barnaby Jack investigated ATMs and found them to be vulnerable. Once he published his data the ATM hacking scene rose in popularity and is is a very serious business today. One of the first big ATM robberies was done with the malware called Carbanak. Jornt v.d. Wiel joins us to discuss what this malware is. This episode was sponsored by Nucleus. Visit nucleussec.com to start your free trial. This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. For more show notes and links visit darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 19 Mar 2019 07:00:00 -0000

Ep 34: For Your Eyes Only

Nude selfies. This episode is all about nude selfies. What happens if you take one and give it to a vengeful boyfriend. What happens when a hacker knows you have them and wants to steal them from your phone. What happens is not good. This episode was sponsored by Nord VPN. Visit nordvpn.com/darknet and use promo code "DARKNET". This episode was sponsored by Molekule, a new air purifier that completely destroys air pollutants to help you breath easier. Visit molekule.com to use check out code "DARKNET" to get a discount. For references, sources, and links check out the show notes at darknetdiaries.com/episode/34/. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 05 Mar 2019 08:00:00 -0000

Ep 33: RockYou

In 2009 a hacker broke into a website with millions of users and downloaded the entire user database. What that hacker did with the data has changed the way we view account security even today. This episode was sponsored by CuriosityStream. A streaming service showing non-fiction and documtnaries. Visit https://curiositystream.com/darknet and use promo code "darknet". This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. To see more show notes visit darknetdiaries.com/episode/33. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 19 Feb 2019 08:00:00 -0000

Ep 32: The Carder

A carding kingpin was tracked by the Secret Service. How did he steal the cards? Where was he stealing them from? How much was he making doing this? And where did he go wrong? Find out all this and more as we listen to how the Secret Service investigated the case. This episode was sponsored by Eero. A solution to blanket your home in WiFi. Visit https://eero.com/darknet and use promo code "darknet". This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "darknet". Cover image this episode created by r lr. Go to Darknet Diaries for additional show notes. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 05 Feb 2019 08:21:00 -0000

Ep 31: Hacker Giraffe

In late November 2018, a hacker found over 50,000 printers were exposed to the Internet in ways they shouldn't have been. He wanted to raise awareness of this problem, and got himself into a whole heap of trouble. For show notes and links visit DarknetDiaries.com. This episode was sponsored by CuriosityStream. A documentary streaming service. Visit curiositystream.com/darknet and use promo code "darknet". This episode is also sponsored by Cover. Visit cover.com/darknet to get insured today. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 22 Jan 2019 08:00:00 -0000

Ep 30: Shamoon

In 2012, Saudi Aramco was hit with the most destructive virus ever. Thousands and thousands of computers were destroyed. Herculean efforts were made to restore them to operational status again. But who would do such an attack? Very special thanks goes to Chris Kubecka for sharing her story. She is author of the book Down the Rabbit Hole An OSINT Journey, and Hack The World With OSINT (due out soon). This episode was sponsored by Eero. A solution to blanket your home in WiFi. Visit https://eero.com/darknet and use promo code "darknet". This episode is also sponsored by Cover. Visit cover.com/darknet to get insured today. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 08 Jan 2019 08:00:00 -0000

Ep 29: Stuxnet

Stuxnet was the most sophisticated virus ever discovered. It's target was a nuclear enrichment facility in Iran. This virus was successfully able to destroy numerous centrifuges. Hear who did it and why. Special thanks to Kim Zetter for joining us this episode. You can find more about Stuxnet from her book Count Down to Zero Day. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sat, 15 Dec 2018 08:00:00 -0000

Ep 28: Unit 8200

Israel has their own version of the NSA called Unit 8200. I was curious what this unit does and tried to take a peek inside. Hear what I found by listening along to this episode. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code darknet. This episode is also sponsored by Mack Weldon. Visit mackweldon.com to shop for premium men's casual wear and get a 20% off discount with your first order by using promo code diaries. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sat, 01 Dec 2018 08:00:00 -0000

Ep 27: Chartbreakers

Something is wrong with the Apple Podcasts top charts. As a podcaster, this personally annoyed and intrigued me. I investigate how this is happening and who is behind it. For show notes visit https://darknetdiaries.com/episode/27. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code 'darknet'. This episode is sponsored by LPSS Digital Marketing, your source for honest, transparent marketing services for businesses of all sizes.Visit LPSS at https://www.lpss.co/ for details. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Thu, 15 Nov 2018 08:00:00 -0000

Ep 26: IRS

The IRS processes $3 trillion dollars a year. A lot of criminals want to get a piece of that. In 2015 the IRS had a large data breach. Hundreds of thousands of tax records were leaked. What happened and who was behind this? Listen to this episode to find out. For show notes visit https://darknetdiaries.com Learn more about your ad choices. Visit podcastchoices.com/adchoices

Thu, 01 Nov 2018 07:00:00 -0000

Ep 25: Alberto

Alberto Hill was sent to prison for a long time for hacking. For a crime he said he did not commit. Listen to his story and you be the judge on whether he's guilty or not. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Mon, 15 Oct 2018 08:00:00 -0000

Ep 24: Operation Bayonet

Darknet markets are online black markets. They are highly illegal, and dangerous to run. Hear exactly how dangerous it was for Alphabay and Hansa dark markets. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Mon, 01 Oct 2018 08:00:00 -0000

Ep 23: Vladimir Levin

When banks started coming online, they almost immediately started being targeted by hackers. Vladimir Levin was one of the first ever known hacker to try to rob a bank. He succeeded a little, and failed a lot. Vladimir would go down in the history books as one of the most notorious hackers of all time because of his attempted online bank robberies. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sat, 15 Sep 2018 08:00:00 -0000

Ep 22: Mini-Stories: Vol 1

Three stories in one! In this episode we hear about a penetration test from Mubix that he'll never forget, a incident response from Robert M. Lee which completely stunned him, and a social engineering mission from Snow. Podcast recommendation: Moonshot. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sat, 01 Sep 2018 08:00:00 -0000

Ep 21: Black Duck Eggs

Ira Winkler's specialty is assembling elite teams of special forces and intelligence officers to go after companies. Ira shares a story about a time he and his team broke into a global 5 company. A company so large that theft of intellictual property could result in billions of dollars of damage. Ira's consulting company: Secure Mentum. His books: Spies Among Us, Advanced Persistent Security, Through the Eyes of the Enemy. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 15 Aug 2018 08:00:00 -0000

Ep 20: mobman

Chances are, if you were downloading shady programs in the early 2000's, you were infected with malware he wrote called SubSeven. Hacking changed mobman's life. Hear how it happened by listening to this episode. Image for this episode created by dr4w1ngluc4s. Check out his Instagram to see some amazing artwork! Check out the podcasts Van Sounds and True Crime Island Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 01 Aug 2018 08:00:00 -0000

Ep 19: Operation Aurora

In 2009, around Christmas time, something terrible was lurking in the network at Google. Google is the most popular website on the Internet. Its so popular many people just think Google is the Internet. Google hires many of the most talented minds and has been online since the 90s. Hacking into Google is no easy task. Theres a team of security engineers who test and check all the configurations on the site before they go live. And Google has teams of security analysts and technicians watching the network 24/7 for attacks, intrusions, and suspicious activity. Security plays a very vital role at Google, and everything has to have the best protections. But this attack slipped past all that. Hackers had found their way into the network. They compromised numerous systems, burrowed their way into Googles servers, and were trying to get to data they shouldnt be allowed to have. Google detected this activity. And realized pretty quickly they were dealing with an attack more sophisticated than anything theyve ever seen. Podcast recommendation: Twenty Thousand Hertz Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sun, 01 Jul 2018 08:00:00 -0000

Ep 18: Jackpot

A man addicted to gambling finds a bug in a video poker machine that lets him win excessive amounts of money. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sun, 03 Jun 2018 08:00:00 -0000

Ep 17: Finn

A 14-year-old kid who finds himself bored in class decides to hack someone's twitter account and ends up with more than he bargained for. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 01 May 2018 08:00:00 -0000

Ep 16: Eijah

In 2007, a hacker named Eijah got fed up with the way DRM prevented him from being able to play the content he paid for. He decided to fight back against the AACS and find a way to circumvent the DRM. By the time Eijah was done, his life wasn't the same. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sun, 01 Apr 2018 08:00:00 -0000

Ep 15: Ill Tills

A major retailer was hacked. Their point of sales machines were riddled with malware. Listen to hear how digital forensics and incident responders handled the situation. What malware was found? Where was it found? How was it stopped? And most importantly, how much data was leaked? Learn more about your ad choices. Visit podcastchoices.com/adchoices

Thu, 01 Mar 2018 08:00:00 -0000

Ep 14: #OpJustina

In 2013 a hospital was accused of conducting a medical kidnapping against a young girl name Justina. This enraged many people across the country, including members of anonymous. A DDOS attack was waged against the hospital. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Thu, 15 Feb 2018 08:00:00 -0000

Ep 13: Carna Botnet

In 2012 the Carna Bot was built and unleashed on the world. But it didn't have any intentions on doing anything malicious. It was built just to help us all understand the Internet better. This botnet used the oldest security vulnerable in the book. And the data that came out of it was amazing. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Thu, 01 Feb 2018 08:00:00 -0000

Ep 12: Crypto Wars

In the 1990's the Internet started to take shape. But the US goverment had strict laws regulating what type of cryptography is allowed to be used online. A few brave people stood up to the government in the name of civil rights and won the right to use strong encryption. Listen to their battle and what they had to do through to accomplish this. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Mon, 15 Jan 2018 08:00:00 -0000

Ep 11: Strictly Confidential

What happens when an innovative tech company, that's trying to develop the next big thing, detects a hacker in their network? We hear the story from a digital forensics investigator which has a surprising result. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Mon, 01 Jan 2018 08:00:00 -0000

Ep 10: Misadventures of a Nation State Actor

In today's world of intelligence gathering, governments hack other governments. This episode takes you on a ride with a nation state actor to see exactly how it's done. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Fri, 15 Dec 2017 08:00:00 -0000

Ep 9: The Rise and Fall of Mt. Gox

Mt. Gox was the largest bitcoin exchange in the world. It suddenly went offline. What happened? Learn more about your ad choices. Visit podcastchoices.com/adchoices

Fri, 01 Dec 2017 08:01:00 -0000

Ep 8: Manfred (Part 2)

Manfred found a way to turn his passion for video games and reverse engineering into a full time business. He exploited video games and sold virtual goods and currency for real money. This was his full time job. Listen to this episode to hear exactly how he did this. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Fri, 01 Dec 2017 08:00:00 -0000

Ep 7: Manfred (Part 1)

Manfred has had the most epic story of all online video game stories. For the last 20 years, he's been hacking online games. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 15 Nov 2017 08:00:00 -0000

Ep 6: The Beirut Bank Job

Jayson E. Street tells us a story about the time he broke into a bank in Beirut Lebanon. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 01 Nov 2017 09:00:00 -0000

Ep 5: #ASUSGATE

Security researcher Kyle Lovett bought a new Asus router in 2013. He found it was riddled with security vulnerabilties. He set out on a mission to resolve these vulnerabilities not only for his own router, but for thousands of others who were also vulnerable. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sun, 15 Oct 2017 12:00:00 -0000

Ep 4: Panic! at the TalkTalk Board Room

Mobile provider TalkTalk suffered a major breach in 2015. The CEO tried her best to keep angry customers calm and carry on. The UK government and Metropolitan Police investigate the breach. We get a rare glimpse of how the CEO handles the crisis. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sun, 01 Oct 2017 12:00:00 -0000

Ep 3: DigiNotar, You are the Weakest Link, Good Bye!

The 2011 DigiNotar breach changed the way browsers do security. In this episode, we learn what role a CA plays, how browsers work with CAs, and what happens when a CA is breached. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Fri, 15 Sep 2017 12:00:00 -0000

Ep 2: The Peculiar Case of the VTech Hacker

VTech makes toy tablets, laptops, and watches for kids. In 2015, they were breached. The hacker downloaded gigs of children's data. Discover what the hacker did once he took the data. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Fri, 01 Sep 2017 12:00:00 -0000

Ep 1: The Phreaky World of PBX Hacking

Farhan Arshad and Noor Aziz Uddin were captured 2 years after being placed on the FBI's Cyber's Most Wanted list for PBX hacking. In this episode, we explain PBX hacking and how hackers are racking up billions of dollars in phone bills. We also learn how the two men were captured. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Digital Forensic Survival Podcast

Tue, 21 Mar 2023 05:06:00 +0000

DFSP # 370 - UserAssist

This week is a Windows artifact breakdown on a common source of evidence.

Tue, 14 Mar 2023 05:05:00 +0000

DFSP # 369 - Linux Malware

This week I cover malware on Linux file systems for new examiners.

Tue, 07 Mar 2023 05:01:00 +0000

DFSP # 368 - SVCHOST

This week is a guide to understanding SVCHOST from a DFIR point of view. It is one of the most abused Windows processes, and having a firm working knowledge for investigations is essential.

Tue, 28 Feb 2023 05:35:00 +0000

DFSP # 367 - Shimcache Amcache

This week is a Windows artifact breakdown on a common source of evidence.

Tue, 21 Feb 2023 05:33:00 +0000

DFSP # 366 - Linux File System

This week I cover the Linux file system for new examiners.

Tue, 14 Feb 2023 05:31:00 +0000

DFSP # 365 - CVSS Triage

This week I breakdown the elements within a standard CVSS report for fast triage application.

Tue, 07 Feb 2023 05:26:00 +0000

DFSP # 364 - Network Triage

This week I talk about how to triage Windows events for network connection activity.

Tue, 31 Jan 2023 05:16:00 +0000

DFSP # 363 - RDP Forensics

This week I talk about how to approach investigations involving remote desktop connections.

Tue, 24 Jan 2023 05:08:00 +0000

DFSP # 362 - Windows Core Processes

This week I talk about Windows core processes from a DFIR point of view.

Tue, 17 Jan 2023 05:00:00 +0000

DFSP # 361 - Powershell Breakdown

This week I talk about Powershell attack IOCs.

Tue, 10 Jan 2023 05:54:00 +0000

DFSP # 360 - Permitted Events

This week I talk about how to triage Windows events for network connection activity.

Tue, 03 Jan 2023 05:42:00 +0000

DFSP # 359 - Career Checkpoint

This week is my annual career assessment review - or, my guidelines of how to evaluate your past performance and your future goals.

Tue, 27 Dec 2022 05:05:00 +0000

DFSP # 358 - Listening Ports

This week I talk about how to triage Windows events for network listening activity.

Tue, 20 Dec 2022 05:03:00 +0000

DFSP # 357 - EVTX Analysis

This week I talk about an approach for reviewing Windows event logs.

Tue, 13 Dec 2022 05:02:00 +0000

DFSP # 356 - CMD Triage

This week I talk about an approach for reviewing CMD syntax for findings.

Tue, 06 Dec 2022 05:58:00 +0000

DFSP # 355 - Network Triage

This week I talk about essential network basics necessary for triage.

Tue, 29 Nov 2022 04:05:00 +0000

DFSP # 354 - Fast Triage

This week I talk about Webshell forensics.

Tue, 22 Nov 2022 04:03:00 +0000

DFSP # 353 - Webshells

This week I talk about Webshell forensics.

Tue, 15 Nov 2022 04:02:00 +0000

DFSP # 352 - Startup Locations

This week I talk about Windows startup locations.

Tue, 08 Nov 2022 04:00:00 +0000

DFSP # 351 - Prefetch

This week I talk about Windows Prefetch forensics.

Tue, 01 Nov 2022 04:57:00 +0000

DFSP # 350 - Linux Fileless Attacks

This week I talk about fileless attacks Linux systems.

Tue, 25 Oct 2022 04:06:39 +0000

DFSP # 349 - Registry Modification Events

This week I talk about how to find evidence of malicious autoruns in the windows registry using Windows event codes.

Tue, 18 Oct 2022 04:04:40 +0000

DFSP # 348 - Root Cause

This week I talk about strategies to determine root cause early during an investigation.

Tue, 11 Oct 2022 04:02:54 +0000

DFSP # 347 - Weblogs

This week is a breakdown of HTTP log forensic triage.

Tue, 04 Oct 2022 04:58:22 +0000

DFSP # 346 - Masquerading

This week I talk about finding evidence of Kernel file masquerading on Linux systems.

Tue, 27 Sep 2022 04:22:08 +0000

DFSP # 345 - AutoRuns

This week I talk about how to find evidence of malicious autoruns in the windows registry.

Tue, 20 Sep 2022 04:19:46 +0000

DFSP # 344 - Mac Spotlight DB

This week I talk about the forensic value of the Apple Spotlight DB.

Tue, 13 Sep 2022 04:17:39 +0000

DFSP # 343 - Registry aka The Dungeon Maze

When you talk autoruns you must talk about the Windows registry. This artifact is very dense and it may be difficult to zero in on the elements that are important for compromise assessment. Given that, I am going to begin the series with a breakdown of the Windows Registry from a DFIR point of view. This is crucial in understanding ...

Tue, 06 Sep 2022 04:42:45 +0000

DFSP # 342 - FLUX It

This week I talk about the attack methodology known as Fast Flux.

Tue, 30 Aug 2022 04:52:57 +0000

DFSP # 341 - Those other taskers

This weeks focus is on other scheduled task events useful for DFIR triage.

Tue, 23 Aug 2022 04:51:06 +0000

DFSP # 340 - PSEXEC, ready or not

This week I talk about a popular Windows utility attackers often exploit.

Tue, 16 Aug 2022 04:49:28 +0000

DFSP # 339 - That SUDO that you do

This week I breakdown the SUDOERS file for forensic triage.

Tue, 09 Aug 2022 04:47:13 +0000

DFSP # 338 - Taskers

This weeks focus is on new scheduled tasks, which are a common way of establishing longevity on system. I will have my breakdown of the artifact and how to interpret it for fast analysis coming up.

Tue, 02 Aug 2022 04:03:58 +0000

DFSP # 337 - ResponderCon

The must-attend event for Cyber First Responders who must detect and deal with ransomware, zero-day events, and more!

Tue, 26 Jul 2022 04:26:35 +0000

DFSP # 336 - BAM!

This week I talk about the Windows Background Activity Monitor, an artifact that may be used to find evidence of execution.

Tue, 19 Jul 2022 04:24:13 +0000

DFSP # 335 - CRON

This week Ibreakdown CRON for the uninitiated.

Tue, 12 Jul 2022 04:21:12 +0000

DFSP # 334 - Service Changes

This week is about persistence artifacts. Namely the records for when services fail to start, are either started or stopped, have crashed have had their start type changed. Since services are one of the common ways attackers achieve persistence, understanding how these events may be used for triage purposes is very important...

Tue, 05 Jul 2022 04:18:25 +0000

DFSP # 333 - Mac Autoruns

This week I talk Mac autoruns.

Tue, 28 Jun 2022 10:49:52 +0000

DFSP # 332 - Bash Histories

This week is about bash history forensics.

Tue, 21 Jun 2022 10:47:19 +0000

DFSP # 331 - New Services

In the past Ive talked about fast triage from a high-level, addressing the different artifacts and some interesting elements in each of those artifacts. I decided to start going a bit deeper and focus on one or a few artifacts at a time and really talk about the important details they may record for your investigation and how to interpret that information quickly. Im going to start with the New Service Installation details recorded in Windows event logs. These have a number of advantages for your triage methodology and I will have all the details coming up.

Tue, 14 Jun 2022 10:45:06 +0000

DFSP # 330 - Certifications

Every so often I like to revisit certifications. Everyone seems to have their own opinion as to the value of one certification over another, whether or not certifications should carry as much weight as they do, or preference of certain certifications over others, and so on. In this episode Im sharing my thoughts on the topic as well as how I would approach certifications if I were new in the field but also retained everything I have learned over the years about the impact certifications have or can have on your career.

Tue, 07 Jun 2022 04:41:39 +0000

DFSP # 329 - Shellbags

This week is a back to basics episode where I cover Windows shell bags. This is a core Windows artifact that gets included in pretty much every file use and knowledge investigation. Any investigation where youre looking to tie a specific account to directory access activity. Like most Windows artifacts you must know how user interaction affects the artifact in order to properly interpreted as evidence and you must also be aware of any caveats or pitfalls that may affect your evidence. Spoiler alert, there is a huge one associated with Windows shell bags that Ill cover at the end of the episode-its nothing new but if youre unfamiliar with it you definitely need to know about it.

Tue, 31 May 2022 04:47:42 +0000

DFSP # 328 - Linux Executables

If you are accustomed to Windows forensics you may find you have to shift your way of thinking about executables when you are dealing with a Linux system. Unlike Windows, in Linux there is no fixed file extension to designate an executable. Everything on a Linux system of the file and any file can be executable, so where do you even begin? In this episode I am going to address how to approach Linux executables to help those newer to Linux exams deal with the nuances.

Tue, 24 May 2022 04:46:13 +0000

DFSP # 327 - Persistence Part 1

One of the first things attackers attempt to accomplish on a compromised system is to establish persistence. Unless you are dealing with a denial of service attack, most other attacker goals are centered on maintaining the degree of control over a compromise system in order to use system resources for things like cryptomining or to maintain a foothold to further an attack strategy. This week I am going to talk about a fast triage methodology for persistence, which is one of the first triage strategies I normally recommend for a compromise assessment. Because I am focusing on a fast triage methodology I am going to focus on the artifacts most examiners will have readily at hand and how to make the most of them during the initial pass.

Tue, 17 May 2022 04:44:52 +0000

DFSP # 326 - MFT

This week Im covering the Master file table as a core forensic artifact for Windows investigations. This artifact has value is both a primary and secondary artifact and offers opportunity to decode evidence in a number of different situations. In this episode Im covering the forensic basics, some use cases and tools you can use to bring the value of the artifact to its full potential.

Tue, 10 May 2022 04:43:12 +0000

DFSP # 325 - Malware Triage Part 2

This week of talking malware fast triage. These are the techniques that are short of malware reverse engineering and allow analysts to identify malware and also get a sense of what it is does. This is a necessary skill set for all DFIR professionals as you typically deal with malware and you need a way to do some basic forensics on it for context to advance your investigation. This is going to be a two-part episode where I first go over the foundational information you need to have four common malware triage tasks and the second part will go over specific methods, tools, and indicators for different types of artifacts.

Tue, 03 May 2022 04:40:55 +0000

DFSP # 324 - Malware Triage Part 1

Tue, 26 Apr 2022 04:26:24 +0000

DFSP # 323 - SRUM

This week Im talking about SRUM, a Windows artifact that you dont hear that much about. It has a lot of great potential as evidence and it is something worth the time to check it out and see how it fits into your daily DFIR work.

Tue, 19 Apr 2022 04:24:42 +0000

DFSP # 322 - Live evidence integrity

This week is some thoughts on live evidence integrity. Years ago evidence validation was fairly standard with few exceptions. Nowadays its more of a challenge when considering live evidence collections either on scene, remotely or even in lab environments where physical level access to your evidence is becoming more the exception. It is something that needs to be part of your collection process as it may impact the reliability of your results.

Tue, 12 Apr 2022 04:22:43 +0000

DFSP # 321 - URL Leaks

This week I will talk about investigating data spill cases involving exposed URLs. This is a typical privacy investigation many incident response teams handle and I thought it would be useful to go over some standard guidelines for handling such cases. To be effective with these investigations you need to know how to determine liability and responsibility, a little Google foo, and a number of odds and ends concerning mitigation, containment and remediation strategies depending on what you are dealing with.

Tue, 05 Apr 2022 04:02:00 +0000

DFSP # 320 - Lateral MM and Event Logs

This week Im going to cover detecting lateral movement using Windows event logs. This is not the Windows fast triage method I covered in previous episodes. This is more in-depth and focuses on specific attack tools and strategies seen in actual cases. Going into this level of detail is beyond the scope of a typical episode, however there is some research that has very granular details on the tools and methods you can use. Ill have that coming up right after this.

Tue, 29 Mar 2022 07:33:43 +0000

DFSP # 319 - Shellbags

This week is a back to basics episode where I am going to cover Windows shellbags. This is a core Windows artifact that gets included in pretty much most every file use and knowledge investigation or any investigation where youre looking to tie a specific account to directory access activity. Like most Windows artifacts you must know how user interaction affects the artifact in order to properly interpreted it as evidence. You must also be aware of any caveats or pitfalls that may affect your evidence. Spoiler alert, there is a huge one associated with Windows shellbags that Ill cover at the end of the episode-its nothing new but if youre unfamiliar with it you definitely need to know about it.

Tue, 22 Mar 2022 07:32:43 +0000

DFSP # 318 - Rust and Chainsaw

This week I am talking about a program language called rust and the advantages it has for DFIR analyst. Im also covering Chainsaw, a toolset that you can use for Windows event log analysis.

Tue, 15 Mar 2022 07:30:44 +0000

DFSP # 317 - UserAssist

This week its back to basics with a Windows artifact for tracking program execution. Im covering the user assist key which is a mainstay for both live triage and dead box forensics. This artifact is useful for profiling system usage, identifying malware, and general file use and knowledge applications. There are some caveats you need to be aware of and in this episode Im covering five different experiments to document the effects that different types of user activity had on the artifact. If you want to better understand this artifact and how to work with it stay tuned.

Tue, 08 Mar 2022 13:00:32 +0000

DFSP # 316 - Cloud Traffic Security

This week I am covering how different common protocols are secured in the cloud. Part of your effectiveness as a security analyst is your knowledge and understanding of how environments work in a typical scenario. I know that all environments are different but there is some foundational knowledge that you can learn that will be useful no matter what environment youre working. My goal with this episode is to provide you with a better understanding of how insecure protocols are handled in cloud environments.

Tue, 01 Mar 2022 07:00:10 +0000

DFSP # 315 - ARTHIR

This we can talk about Arthir, an open source platform for windows incident response and threat hunting.

Tue, 22 Feb 2022 05:11:00 +0000

DFSP # 314 - Future of Cyber Security

This week Max Lamothe-Brassard talks about the future of cyber security.

Tue, 15 Feb 2022 05:11:00 +0000

DFSP # 313 - Shimcache and Amcache

This week is a back to basic episode featuring Shimcache and Amcache. Learn what they are, why they are important to many investigations and the pitfalls to avoid.

Tue, 08 Feb 2022 05:11:00 +0000

DFSP # 312 - Cloud Network Security Services

This week is about Cloud Network Security Services.

Tue, 01 Feb 2022 05:02:00 +0000

DFSP # 311 - Data Spoliation Fast Triage

This week we continue with the Windows fast triage series and talk about data spoliation detection.

Tue, 25 Jan 2022 05:00:00 +0000

DFSP # 310 - Cloud Network Segmentation

This week is about cloud network segmentation. Network segmentation has security advantages, and thats regardless of whether or not security is the intention. There are some big differences between traditional on-prem network segmentation and cloud infrastructure segmentation. As a DFIR practitioner, knowing the difference is vital for your incident response preparedness. This week I will break it down from a DFIR point of view and provide some necessary insight that will help you better structure your investigations involving cloud assets.

Tue, 18 Jan 2022 05:00:00 +0000

DFSP # 309 - Insider Threats

This week I cover insider threat, which is sort of a gray area between traditional investigations and DFIR investigations.

Tue, 11 Jan 2022 05:00:00 +0000

DFSP # 308 - Cloud Access Controls

This week Im talking about identity access controls commonly encountered in cloud environments. These come up during DFIR investigations and high-level awareness, at the least, is necessary for analysts in order to be effective during investigations. These are the things that may be part of root cause, part of the attack escalation, or part of mitigation will remediation. This week all cover the basics to help with your incident response preparedness.

Tue, 04 Jan 2022 05:00:00 +0000

DFSP # 307 - Career Strategy Checkup

This week is my advice for conducting a career critique as well as to plan for the future - or at least for 2022. I do this episode every year at this time with the intention of helping newer analysts maximize their efforts to achieve the desired career goals in both the short term and long term.

Tue, 28 Dec 2021 05:00:00 +0000

DFSP # 306 - Lateral MM Fast Triage 5

This week we continue with the Windows fast triage series and talk about lateral movement evidence that may be found in DC records.

Tue, 21 Dec 2021 05:00:00 +0000

DFSP # 305 - CSA Cloud Threats 8

This week is a continuation of the threats to cloud computing miniseries. We are stepping through the top 11 threats to cloud computing as identified by the Cloud Security alliance. When you are protecting cloud assets or investigating breaches of cloud assets, there is a lot to keep in mind. You must remember the standard security infrastructure, the new cloud infrastructure as well as any changes to the standard infrastructure that could be affected for your investigation. The top 11 threats to cloud computing help identify where you, as an analyst, should prioritize your time both as a starting point and how you use your limited time for continuing education.

Tue, 14 Dec 2021 05:00:00 +0000

DFSP # 304 - Detecting File Poisoning on Linux

This week I review a great method to detect file poisoning on Linux using all native commands.

Tue, 07 Dec 2021 05:00:00 +0000

DFSP # 303 - Mac Artifacts with SUMURI

This week SUMURI's Steve Whalen (a.k.a. 'MacBoy') talks Mac artifacts

Tue, 30 Nov 2021 05:00:00 +0000

DFSP # 302 - Lateral MM Fast Triage 4

This week we continue with the Windows fast triage series and talk about lateral movement evidence that may be found in logon event records.

Tue, 23 Nov 2021 05:00:00 +0000

DFSP # 301 - OSDFCON 2021

This week Brian Carrier of Basis Technology joins me to talk about OSDFCon. The DFIR community relies on open source tools and the conference is a great way to get exposure to new tools and to learn how to use them. There's a great lineup this year with something for everyone. Registration is free for everyone.

Tue, 16 Nov 2021 05:00:00 +0000

DFSP # 300 - Case Study Ocean Lotus

This week is a case study where we look at an actual attack strategy and compared it against standard triage methods to see how well they hold up.In this episode I break down some attack methods attributed to APT32, also known as Ocean Lotus, and well see how standard triage techniques hold up against the attack chain.

Tue, 09 Nov 2021 05:00:00 +0000

DFSP # 299 - Malicious Powershell with Blumira

Amanda Berlin of Blumira speaks on malicious Powershell attacks and defense techniques.

Tue, 02 Nov 2021 04:00:00 +0000

DFSP # 298 - Mac Forensics with SUMURI

This week SUMURI's Steve Whalen (a.k.a. 'MacBoy') talks Mac forensics.

Tue, 26 Oct 2021 04:00:00 +0000

DFSP # 297 - Nested Groups

This week Im talking about Nested Groups and the risk they pose for security. Built-in to the functionality of Active Directory is the ability to attach a group to another group. While this has advantages for account administration across an organization, it also offers attackers opportunity if certain precautions are not taken. This week Ill break down Nested Groups in DFIR terms, talk about how attackers take advantage of it and what analysts need to know for investigations.

Tue, 19 Oct 2021 04:00:00 +0000

DFSP # 296 - Case Study Turla-Comrat

This week is a case study where we look at an actual attack strategy and compared it against standard triage methods to see how well they hold up. The Turla group using ComRat malware is our case example, lets see if standard triage techniques can save the day.

Tue, 12 Oct 2021 04:00:00 +0000

DFSP # 295 - Ransomware with Blumira

Matt Warner, Blumira CTO and Co-Founder, talks ransomware investigations.

Tue, 05 Oct 2021 04:00:00 +0000

DFSP # 294 - CSA Cloud Threats 7

Tue, 28 Sep 2021 04:00:00 +0000

DFSP # 293 - Case Study: Ransomware

This week is a case study that demonstrates how fundamental DFIR triage methods can detect advanced attacks. Examiners, especially newer examiners, should find confidence in the fact that standard triage techniques have such a powerful impact on security investigations.

Tue, 21 Sep 2021 04:00:00 +0000

DFSP # 292 - Top Cloud Threats with Blumira

This week Nato Riley from Blumira pays a visit to talk about the top threats to cloud computing.

Tue, 14 Sep 2021 04:00:00 +0000

DFSP # 291 - Lateral MM Fast Triage 3

This week we continue with the Windows fast triage series and talk about lateral movement evidence that may be found in admin shares event records. Four different types of logs are covered, each containing different information for triage purposes.

Tue, 07 Sep 2021 04:00:00 +0000

DFSP # 290 - Mac Training with SUMURI

This week SUMURI's Steve Whalen (a.k.a. 'MacBoy') and Dave Melvin talk about the latest in Mac training and certification. Learn the advantages of vendor neutral training and how to prioritize it in your own training regiment.

Tue, 31 Aug 2021 04:00:00 +0000

DFSP # 289 - Framing Root Cause

As an analyst, it is important to identify root cause and link it back to security governance strategies. This is dealt with through root cause statements typically. What exactly should you be doing for a root cause statement? How important is it? If you produce a findings report you can count on the root cause statement being read. Other parts of the document may be skimmed through, or even ignored, but the root cause statement is going to draw the attention of a variety of different audiences. Therefore this is something you want to get right. In this episode Im going to deliver a simple approach you can use.

Tue, 24 Aug 2021 04:00:00 +0000

DFSP # 288 - Max DFIR Impact

Most of my episodes are about computer forensic artifacts and methods. Once in a while I like to cover non-technical topics, such as thoughts and recommendations about career development, subject matter expertise strategies, and impact exposure or delivery of your work. These soft skills are important to your career success. So this week will be on maximizing DFIR exposure in your current role, whatever that role may be. I will cover how to connect the work you do with the high-level strategies that are important to your management or your customers.

Tue, 17 Aug 2021 04:00:00 +0000

DFSP # 287 - CSA Cloud Threats 6

Tue, 10 Aug 2021 04:00:00 +0000

DFSP # 286 - Lateral MM Fast Triage 2 [5145]

This week we continue with the Windows fast triage series. We are up to lateral movement and talking about admin shares. On topic this week is event 5145 which is a Windows log that records verbose information about network share objects and it is an artifact you can use to triage a system or group of systems for evidence of malicious lateral movement.

Tue, 03 Aug 2021 04:00:00 +0000

DFSP # 285 - Linux Malware Triage

This week I wanted to take a break from Windows forensics and talk about Linux malware triage. The Linux platform offers forensic analysts the opportunity to do a very decent job performing malware triage. What I mean by this is that you do not need any special tools installed, all you essentially need is the knowledge of a handful of commands in the ability to make sense of the output. Armed with this, any analyst can do a malware triage quickly and efficiently.

Tue, 27 Jul 2021 04:00:00 +0000

DFSP # 284 - Fast Triage case study: non-Windows core processes

This week were going to take a look at how standard triage methodology can detect advanced attack techniques. Even as a newer examiners, if you learn the standard triage methods that I have covered in the fast triage series, you will find the skills provide ample opportunity to detect all sorts attack activity-even very advanced attack activity. This is because there are natural chokepoints in the attack chain that can be used to your advantage. This week we are going to see the non-Windows core process triage in action through the lens of a very advanced attack dubbed operation ghost.

Tue, 20 Jul 2021 04:00:00 +0000

DFSP # 283 - CSA Cloud Threats 5

This week we take another look at the top threats to cloud computing. On tap This week is account hijacking. All analysts working in the DFIR field today must be aware of threats to cloud computing in order to be effective in their roles.

Tue, 13 Jul 2021 04:00:00 +0000

DFSP # 282 - Lateral MM Fast Triage

This week I talk about lateral movement fast triage. This is the next topic in the Windows fast triage miniseries and it aligns with the goal of the entire series, which is to help new or any analyst identify the most accessible artifacts that may be quickly analyzed to find evidence of compromise. So far we have dealt with persistence, suspicious network activity, and suspicious processes. As always, I will provide a simple yet effective approach to work with lateral movement artifacts.

Tue, 06 Jul 2021 04:00:00 +0000

DFSP # 281 - Fast Triage case study: persistence

This week Im doing another walk-through to illustrate how standard triage methodology can detect advanced attack techniques. Sometimes as a newer examiner, its easy to become overwhelmed with the technical detail necessary to understand and attack. Its also easy to become discouraged and convince yourself that its way too complicated for your current skill set and you may not even feel useful as a team member. This episode is going to dispel all of that and show you how a focus on the standard fast triage method provides all the knowledge you need to detect and advanced breach into an environment.

Tue, 29 Jun 2021 04:00:00 +0000

DFSP # 280 - Malware Fast Triage

This week Im covering malware fast triage. It occurred to me that I should revisit this issue for a couple of different reasons. I remember covering this many years ago and I believe thats why I havent thought about doing anything on it lately. However, it does go hand-in-hand with the Windows fast triage series that I am doing. Part of that strategy is to look for common malware patterns. In an effort to maximize what the listeners get from the episodes I figured this topic definitely needs to be revisited so that when I use that term, you are at least clear on what I mean by it and the method it represents.

Tue, 22 Jun 2021 04:00:00 +0000

DFSP # 279 - CSA Cloud Threats 4

This week is about the top threats to cloud computing.

Tue, 15 Jun 2021 04:00:00 +0000

DFSP # 278 - Process Triage & CMD

This week is a continuation of the Windows fast triage miniseries. While other aspects of the triage miniseries had fairly contained artifacts to examine, new process triage presents a large and complex landscape to the analyst. I have already broken down a number of effective analysis methods to make this more manageable. This week I focus on key applications to look for during a review. These applications tend to be associated more with malicious activity, at least according to threat intelligence research, so being aware of them and recognizing the potential is important. I also spend some time talking about the nuances of CMD.

Tue, 08 Jun 2021 04:00:00 +0000

DFSP # 277 - Learning from the Red Team II

A while back I did an episode on learning from the red team which focused on methods blue team members can utilize to better understand attacks and the artifacts affected by those attacks. One of the advantages of this method that I did not mention in that episode was how to use open source vulnerability scanners for the same purpose. This week, will be part two and I will go over freely available resources and the method to help you gain better insight into forensic artifacts.

Tue, 01 Jun 2021 04:00:00 +0000

DFSP # 276 - CVSS Fast Analysis

This week is about how size up a reported vulnerability quickly.

Tue, 25 May 2021 04:00:00 +0000

DFSP # 275 - dotNET

This week I tackle .NET. It is an ecosystem that is associated with malicious Powershell activity.

Tue, 18 May 2021 04:00:00 +0000

DFSP # 274 - Powershell Revisited

This week I revisited powershell from a process fast triage context.

Tue, 11 May 2021 04:00:00 +0000

DFSP # 273 - CSA Cloud Threats 3

This week is about the top threats to cloud computing.

Tue, 04 May 2021 04:00:00 +0000

DFSP # 272 - 4688

This week I continue with the fast triage method for processes with a focus on historical records.

Tue, 27 Apr 2021 04:00:00 +0000

DFSP # 271 - DREAD and STRIDE

This week I cover threat modeling from a DFIR point-of-view. It provides a standard framework to classify and rate the severity of vulnerabilities discovered during investigations.

Tue, 20 Apr 2021 04:00:00 +0000

DFSP # 270 - CAPEC

This week I run through a threat intel resource you may use for standardized attack information.

Tue, 13 Apr 2021 04:00:00 +0000

DFSP # 269 - Svchost Revisited

This week I revisit Svchost and the triage methods to apply.

Tue, 06 Apr 2021 04:00:00 +0000

DFSP # 268 - CSA Cloud Threats 2

This week is about the top threats to cloud computing.

Tue, 30 Mar 2021 04:00:00 +0000

DFSP # 267 - Sunscreen

This week is a case study that demonstrates the power behind IR fundamental methodology.

Tue, 23 Mar 2021 04:00:00 +0000

DFSP # 266 - Windows non-core processes

This week I continue with the fast triage method for processes with a focus on, well, everything else!

Tue, 16 Mar 2021 04:00:00 +0000

DFSP # 265 - CSA Cloud Threats 1

This week is about the top threats to cloud computing.

Tue, 09 Mar 2021 05:00:00 +0000

DFSP # 264 - Golden SAML

This week is about preparing for Golden SAML attacks for both Incident Response and Threat Hunting.

Tue, 02 Mar 2021 05:00:00 +0000

DFSP # 263 - Threat Hunt with Statistics

This week is about applying basic statistical analysis to threat hunting. The results are effective!

Tue, 23 Feb 2021 05:00:00 +0000

DFSP # 262 - Security Theatre

This week is about theatrics in security and how to avoid the trap.

Tue, 16 Feb 2021 05:00:00 +0000

DFSP # 261 - Wincore Processes Revisited part 2

This week I revisit Windows Core Processes and the triage methods to apply to them.

Tue, 09 Feb 2021 05:00:00 +0000

DFSP # 260 - Learn from the Red Team

This week I talk about vulnhub, a free resource to practice ethical hacking skills and sharpen your DFIR skills.

Tue, 02 Feb 2021 05:00:00 +0000

DFSP # 259 - Wincore Processes Revisited part 1

This week I revisit Windows Core Processes and the triage methods to apply to them.

Tue, 26 Jan 2021 05:00:00 +0000

DFSP # 258 - Network Triage Part 4

This week is the fourth part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record blocked network activity.

Tue, 19 Jan 2021 05:00:00 +0000

DFSP # 257 - Supply Chain Attacks

This week is about supply chain security posture from a DFIR point-of-view.

Tue, 12 Jan 2021 05:00:00 +0000

DFSP # 256 - Kernel Process Masquerading

This week I go over a method to detect kernel process masquerading on Linux systems.

Tue, 05 Jan 2021 05:00:00 +0000

DFSP # 255 - The Worship of Intelligence in Tech

This week I interview author Shawn Livermore about the myth of the "tech-genius."

Tue, 29 Dec 2020 05:00:00 +0000

DFSP # 254 - Network Triage Part 3

This week is the third part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record network port-binding.

Tue, 22 Dec 2020 05:00:00 +0000

DFSP # 253 - Network Triage Part 2

This week is the second part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record network connections.

Tue, 15 Dec 2020 05:00:00 +0000

DFSP # 252 - Werfault

This week I cover triage techniques for werfault.exe. The process does not have the best documentation which makes it a challenge to triage.

Tue, 08 Dec 2020 05:00:00 +0000

DFSP # 251 - The Rise of Crypto SIM Swapping

This week I interview Haseeb Awan, CEO of EFANI, about the rise of SIM swapping attacks. Haseeb explains the attack, how attackers carry it out, and provides some mitigation strategies.

Tue, 01 Dec 2020 05:00:00 +0000

DFSP # 250 - Network Triage Part 1

This week is the first part of the Network-Fast-Triage mini-series. The first installation is the network investigation primer.

Tue, 24 Nov 2020 05:00:00 +0000

DFSP # 249 - Linux Fileless Attacks

This week I go over a method to detect fileless malware on Linux systems.

Tue, 17 Nov 2020 05:00:00 +0000

DFSP # 248 - Searchsploit

This week I talk utilizing the ExploitDB for DFIR investigations. Searchsploit isa command line search tool for Exploit-DB that allows you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access.

Tue, 10 Nov 2020 05:00:00 +0000

DFSP # 247 - Startup Locations

This week is the last part of the Persistence-Fast-Triage mini-series. The final installation covers Windows startup locations.

Tue, 03 Nov 2020 05:00:00 +0000

DFSP # 246 - Investigation Lifecycle

This week I talk about the IR Investigation Lifecycle, or, the elements included within the incident handling process to ensure a complete investigation.

Tue, 27 Oct 2020 04:00:00 +0000

DFSP # 245 - Fetch and Execute

This week I talk about the use of RUNDLL32 to exploit information files (.INF) to "fetch and execute" malware.

Tue, 20 Oct 2020 04:00:00 +0000

DFSP # 244 - Registry Persistence Part 3

This week is part 3 of examining the Windows Registry for evidence of persistence and the focus is on Windows Registry Modification Event Records.

Tue, 13 Oct 2020 04:00:00 +0000

DFSP # 243 - Stomping the Clock

This week I talk about detecting time stomping on Windows and Linux systems.

Tue, 06 Oct 2020 04:00:00 +0000

DFSP # 242 - Registry Persistence Part 2

This week I talk about examining the Windows Registry for evidence of persistence.

Tue, 29 Sep 2020 04:00:00 +0000

DFSP # 241 - Forensic Hardware

This week I interview JASON ROSLEWICZ of SUMURI about the hardware that drives your forensics system.

Tue, 22 Sep 2020 04:00:00 +0000

DFSP # 240 - MDM

This week is part 3 of the Mobile Attack series.

Tue, 15 Sep 2020 04:00:00 +0000

DFSP # 239 - Registry Persistence Part 1

This week I talk about examining the Windows Registry for evidence of persistence.

Tue, 08 Sep 2020 04:00:00 +0000

DFSP # 238 - Bash Attacks

This week I talk about the use of Bash commands in crypto-mining attacks.

Tue, 01 Sep 2020 04:00:00 +0000

DFSP # 237 - Attack Shimming

This week I talk about detecting persistence via Attack Shimming artifacts.

Tue, 25 Aug 2020 04:00:00 +0000

DFSP # 236 - Apple FSEvents

This week I interview Steve Whalen of SUMURI about Apple FSEvent artifacts. Learn what they are and how to leverage them for investigations.

Tue, 18 Aug 2020 04:00:00 +0000

DFSP # 235 - Scheduled Task Change

This week I talk about examining Windows Scheduled Task change events for evidence of persistence.

Tue, 11 Aug 2020 04:00:00 +0000

DFSP # 234 - Divide & Conquer with Brian Carrier

This week I interview Brian Carrier, SVP & CTO of Basis Technology about his "Divide & Conquer" approach to DFIR investigations.

Tue, 04 Aug 2020 04:00:00 +0000

DFSP # 233 - New Scheduled Tasks

This week I talk about examining Windows New Scheduled Task events for evidence of persistence.

Tue, 28 Jul 2020 04:00:00 +0000

DFSP # 232 - Exam Process - Soup-to-Nuts

This week Chris of MSAB shares his recommended process for DFIR exam standardization.

Tue, 21 Jul 2020 04:00:00 +0000

DFSP # 231 - Service Change Triage

This week I talk about examining Windows Service modification events for evidence of persistence.

Tue, 14 Jul 2020 04:00:00 +0000

DFSP # 230 - User Activity Artifacts

This week I talk about the artifacts and methodology for examining user activity on Windows systems.

Tue, 07 Jul 2020 04:00:00 +0000

DFSP # 229 - Mobile Attacks Part 2

This week is part 2 of the Mobile Attack series.

Tue, 30 Jun 2020 04:00:00 +0000

DFSP # 228 - Psychology of Reporting

This week I interview Steve Whalen of SUMURI and we talk about effective ways to report forensic findings.

Tue, 23 Jun 2020 04:00:00 +0000

DFSP # 227 - New Service Triage

This week I talk about examining Windows systems for evidence of persistence.

Tue, 16 Jun 2020 04:00:00 +0000

DFSP # 226 - User Logons

This week I talk about a triage methodology for examining user activity.

Tue, 09 Jun 2020 04:00:00 +0000

DFSP # 225 - Mobile Device Attacks

This week I talk about mobile device compromise.

Tue, 02 Jun 2020 04:00:00 +0000

DFSP # 224 - Conhost Forensics

This week I talk about examining Conhost data for evidence of execution.

Tue, 26 May 2020 04:00:00 +0000

DFSP # 223 - Apple Meta

This week I interview Steve Whalen of SUMURI about Apple metadata.

Tue, 19 May 2020 04:00:00 +0000

DFSP # 222 - User Enumeration

This week I talk about a triage methodology for examining suspicious user accounts.

Tue, 12 May 2020 04:00:00 +0000

DFSP # 221 - Mobile Device Security

This week I talk about mobile device operating system and file system security, focusing specifically on applications.

Tue, 05 May 2020 04:00:00 +0000

DFSP # 220 - Mobile Forensics For New Investigators

This week I interview MSAB instructor Chris Currier about mobile forensics for new examiners.

Tue, 28 Apr 2020 04:00:00 +0000

DFSP # 219 - Forensic Grab Bag

This week I talk about persistence, malware analysis and identifying system owners.

Tue, 21 Apr 2020 04:00:00 +0000

DFSP # 218 - Plaso & Elk Timelines

This week I talk about SOF-ELK to take your timelines to a new level

Tue, 14 Apr 2020 04:00:00 +0000

DFSP # 217 - Static Malware Analysis

This week I talk about CFF Explorer.

Tue, 07 Apr 2020 15:37:50 +0000

DFSP # 216 - DHASH

This week I talk with MSAB about DHASH, learn what it is and its use in DFIR investigations

Tue, 31 Mar 2020 04:00:00 +0000

DFSP # 215 - CMSTP Forensics

This week I cover triaging CMSTP for remote execution

Tue, 24 Mar 2020 04:00:00 +0000

DFSP # 214 - CyberChef

This week I explain why you need CyberChef in your toolbox

Tue, 17 Mar 2020 04:00:00 +0000

DFSP # 213 - Trusted Developer Utilities

This week I talk DFIR triage for Microsoft Trusted Dev Utilities

Tue, 10 Mar 2020 04:00:00 +0000

DFSP # 212 - Learning Python

This week I review resources aimed at teaching you Python

Tue, 03 Mar 2020 05:00:00 +0000

DFSP # 211 - Mac Forensics with Steve Whalen

This week I interview Steve Whalen from SUMURI about the current Mac Forensic landscape

Tue, 25 Feb 2020 05:00:00 +0000

DFSP # 210 - Pivot Tables for Forensics

This week I talk about Pivot Tables and their value for DFIR investigations

Tue, 18 Feb 2020 05:00:00 +0000

DFSP # 209 - Mac Autoruns

This week I talk about common autorun locations to check during Mac exams

Tue, 11 Feb 2020 05:00:00 +0000

DFSP # 208 - Persistence Fast Triage

This week I talk about a fast triage methodology to detect persistence on Windows systems

Tue, 04 Feb 2020 05:00:00 +0000

DFSP # 207 - Forensic Grab Bag

This week I talk about tools available on the SIFT workstation... that you may not know or even there!

Tue, 28 Jan 2020 05:00:00 +0000

DFSP # 206 - Certutil Abuse

This week I talk breakdown certutil exploitation; what it is and methods to detect malicious usage

Tue, 21 Jan 2020 05:00:00 +0000

DFSP # 205 - Layered Drivers

This week I talk about using layered drivers as an artifact to identify persistence

Tue, 14 Jan 2020 05:00:00 +0000

DFSP # 204 - SOF ELK

This week I talk about SOF ELK, a freely available pre-built virtual appliance for DFIR work

Tue, 07 Jan 2020 05:00:00 +0000

DFSP # 203 - Profile of a modern analyst

This week I start the year with my traditional "back-to-basics" episode, focusing on self-improvement themes and goals to consider

Tue, 31 Dec 2019 05:00:00 +0000

DFSP # 202 - Base64 Forensics

This week I talk about dealing with Base64 evidence.

Tue, 24 Dec 2019 05:00:00 +0000

DFSP # 201 - Regsvcs Triage

This week I talk about identifying REGSVC \ REGASM abuse

Tue, 17 Dec 2019 05:00:00 +0000

DFSP # 200 - Audit Log Clearing

This week I talk about different types of audit log clearing and detection strategies

Tue, 10 Dec 2019 05:00:00 +0000

DFSP # 199 - Hashdeep

This week I talk about using Hashdeep for forensic triage

Tue, 03 Dec 2019 05:00:00 +0000

DFSP # 198 - Linux Malware Detect

This week I talk about LMD, an openly available tool to increase Linux security posture.

Tue, 26 Nov 2019 05:00:00 +0000

DFSP # 197 - Approaching Network Forensics

This week I talk about network forensic methodology.

Tue, 19 Nov 2019 05:00:00 +0000

DFSP # 196 - autoLLR

This week I talk about autoLLR, a script to automate evidence collection on live Linux systems as well as artifact post processing.

Fri, 15 Nov 2019 21:08:06 +0000

DFSP # 195 BAM!

This week I talk about the Windows Background Activity Monitor, an artifact that may be used to find evidence of execution.

Tue, 05 Nov 2019 05:00:00 +0000

DFSP # 194 - Powershell Collection Tools

This week I talk about some issues surrounding powershell when used as a digital forensic collection tool.

Tue, 29 Oct 2019 13:30:00 +0000

DFSP # 193 - LOKI

This week I talk about LOKI, a tool designed to help analyst scan for APT IOCs.

Tue, 22 Oct 2019 13:30:00 +0000

DFSP # 192 - KAPE

This week I talk about KAPE, a freely available forensic evidence collection and triage tool.

Tue, 15 Oct 2019 13:27:42 +0000

DFSP # 191 - Linux File Systems

This week I talk about the common Linux file systems and what to expect when dealing with different hosts.

Wed, 09 Oct 2019 13:53:20 +0000

DFSP # 190 - Dead Simple Boot Disks

This week I go over how to create a boot disk using the native capability of Ubuntu. You'll never have to rely on third-party tools again!

Tue, 01 Oct 2019 13:12:58 +0000

DFSP # 188 - Container Attack Vectors

This week I breakdown container attack vectors for Cloud Incident Response.

Tue, 01 Oct 2019 13:11:01 +0000

DFSP # 187 - SUDOERS File and Forensics

This week I breakdown the SUDOERS file for forensic triage.

Tue, 01 Oct 2019 13:08:59 +0000

DFSP # 186 - Powershell Forensics

This week I talk about Powershell through the lens of the Service Control Manager.

Tue, 01 Oct 2019 13:05:11 +0000

DFSP # 189 - NVMe

This week I talk about NVMe, a data storage technology, from a forensic point of view.

Mon, 30 Sep 2019 13:02:26 +0000

DFSP # 185 - Understanding Linux Executables

This week I cover how to approach Linux binaries during investigations.

Tue, 27 Aug 2019 13:30:00 +0000

DFSP # 184 - Cloud Incident Response

This week I continue the series about the DFIR changes on the horizon with cloud technology and focus on AWS EC2 forensics.

Tue, 20 Aug 2019 13:30:00 +0000

DFSP # 183 - WMI Forensics

This week I talk about using WMI to create processes remotely.

Tue, 13 Aug 2019 13:30:00 +0000

DFSP # 182 - Density Scout

This week I talk about Density Scout, an open source tool for malware triage.

Tue, 06 Aug 2019 13:30:00 +0000

DFSP # 181 - Remote Execution One-Liners

This week I cover a resource you can use to develop windows remote execution triage methodology and threat hunting.

Tue, 30 Jul 2019 13:30:00 +0000

DFSP # 180 - Credential Guard

This week I talk about the Windows credential guard process.

Tue, 23 Jul 2019 13:30:00 +0000

DFSP # 179 - OWASP: Insufficient logging and monitoring

This week Italk about OWASP's Number 10 vulnerability category from their top 10 list, insufficient logging and monitoring.

Tue, 16 Jul 2019 13:30:00 +0000

DFSP # 178 - Attacker Recon Commands

This week I talk about the most frequently seen attacker recon commands.

Tue, 09 Jul 2019 13:30:00 +0000

DFSP # 177 - PSEXEC Forensics

This week I talk about a popular Windows utility attackers often exploit.

Tue, 02 Jul 2019 13:30:00 +0000

DFSP # 176 - Cloud Incident Response

This week I talk about incident response in container deployments.

Tue, 25 Jun 2019 13:30:00 +0000

DFSP # 175 - OWASP: Components with Known Vulnerabilities

This week Italk about OWASP's Number 9 vulnerability category from their top 10 list, components with known vulnerabilities.

Tue, 18 Jun 2019 13:30:00 +0000

DFSP # 174 - The VMEM Experience

This week Italk about the challenges of working with VMEM files for memory forensics.

Tue, 11 Jun 2019 16:00:00 +0000

DFSP # 173 - Cloud Incident Response

This week Italk about the DFIR changes on the horizon with cloud technology.

Tue, 04 Jun 2019 13:30:00 +0000

DFSP # 172 - High Optane

This week Italk about Intel's emerging technology called Optane end it anticipated affects on DFIR investigations.

Tue, 28 May 2019 13:30:00 +0000

DFSP # 171 - OWASP: Breakfast Cereal

This week Italk about OWASP's Number 8 vulnerability category from their top 10 list, insecure deserialization.

Tue, 21 May 2019 13:30:00 +0000

DFSP # 170 - The Crypto-Landscape

This week Italk about the crypto attack landscape.

Tue, 14 May 2019 13:30:00 +0000

DFSP # 169 - Will The Future Kill DFIR?

DFIR are professionals often worry if advances in artificial intelligence and automation are going to put them out of work. This week I address the issue and give my projection, based on expert sources, of what the future of forensics will look like.

Tue, 07 May 2019 13:30:00 +0000

DFSP # 168 - Is CEH Still Relevant?

I recently passed my certified ethical hacker certification test. This week I thought I would talk about why I chose the certification.

Tue, 30 Apr 2019 13:30:00 +0000

DFSP # 167 - OWASP: XSS

This week Italk about OWASP's Number 7 vulnerability category from their top 10 list, cross site scripting.

Tue, 23 Apr 2019 13:30:00 +0000

DFSP # 166 - SVCHOST Abuse

This week I talk about SVCHOST. This Windows core process is one of the most targeted artifacts that comes up again and again during investigations.

Tue, 16 Apr 2019 13:30:00 +0000

DFSP # 165 - Windows Core Processes

This week I go over how to approach windows core processes from the standpoint of fast triage methodology. Since these processes are found on all window systems it makes sense to develop and investigative approach that focuses on quickly reviewing each process for anomalies.

Tue, 09 Apr 2019 13:30:00 +0000

DFSP # 164 - Mobile Device Compromise Assessment

This week I talk about the investigative value of creating a mobile compromise assessment strategy.

Tue, 02 Apr 2019 13:30:00 +0000

DFSP # 163 - DFIR Job Interviews

This week I share my thoughts on DFIR job interviews. How to prepare. Things to consider. Pitfalls to avoid.

Tue, 26 Mar 2019 13:30:00 +0000

DFSP # 162 - OWASP: Security Misconfigurations

This week Italk about OWASP's Number 6 vulnerability category from their top 10 list, Security Misconfiguration. I explore the issue from a DFIR point of view.

Tue, 19 Mar 2019 13:30:00 +0000

DFSP # 161 - Social Engineering Toolkit

This week Italk about all the fun you can have ethically hacking with SET

Tue, 12 Mar 2019 13:30:00 +0000

DFSP # 160 - Serpico

Serpico makes report writing suck less! Check it out.

Tue, 05 Mar 2019 14:30:00 +0000

DFSP # 159 - Linux Triage

This week Italk more about Linux triage methods.

Tue, 26 Feb 2019 14:30:00 +0000

DFSP # 158 - OWASP: Broken Access Control

This week Italk about OWASP's Number 5 vulnerability category from their top 10 list, Broken Access Control. I explore the issue from a DFIR point of view.

Tue, 19 Feb 2019 14:30:00 +0000

DFSP # 157 - File Comparison Strategies

This week I discuss some techniques for comparing files and folders for DFIR investigations.

Tue, 12 Feb 2019 14:30:00 +0000

DFSP # 156 - B2B: Career Maintenance

This week I share my thoughts on assessing DFIR career path progression.

Tue, 05 Feb 2019 14:30:00 +0000

DFSP # 155 - YARA Almighty

This week Italk about the forensic value of YARA.

Tue, 29 Jan 2019 14:30:00 +0000

DFSP # 154 - OWASP: XXE

This week Italk about OWASP's Number 4 vulnerability category from their top 10 list, XXE attacks. I explore the issue from a DFIR point of view.

Tue, 22 Jan 2019 14:30:00 +0000

DFSP # 153 - Google Dorks

This week Italk about the Google Hacking Database.

Tue, 15 Jan 2019 14:30:00 +0000

DFSP # 152 - CEWL

This week Italk about CEWL, a freely available tool for crawling websites to produce unique wordlists (think password attacks!)

Tue, 08 Jan 2019 14:30:00 +0000

DFSP # 151 - Autoweb Project

This week Italk about my new Github page and the autoweb script.

Thu, 03 Jan 2019 14:30:00 +0000

DFSP # 150 - AppLocker Bypass

This week Italk about Applocker Bypass from a DFIR point of view.

Thu, 27 Dec 2018 14:30:00 +0000

DFSP # 149 - OWASP: Sensitive Data Exposure

This week Italk about OWASP's Number 3 vulnerability category from their top 10 list, sensitive data exposure. I explore the issue from a DFIR point of view.

Tue, 18 Dec 2018 14:30:00 +0000

DFSP # 148 - Threat Hunting Tips

This week Italk about tips for building a threat hunting program.

Tue, 11 Dec 2018 14:30:00 +0000

DFSP # 147 - Webshell Breakdown

This week I break down webshells for threat hunting and incident response triage.

Tue, 04 Dec 2018 14:30:00 +0000

DFSP # 146 - Mimikatz Detection

This week Italk about contacting Mimikatz through windows event log.

Tue, 27 Nov 2018 14:30:00 +0000

DFSP # 145 - PDF Forensics

This week I talk about PDF analysis tools to check for malicious indictors in PDFs.

Tue, 20 Nov 2018 14:30:00 +0000

DFSP # 144 - OWASP: Broken Authentication

This week Italk about OWASP and why you should be paying attention.

Tue, 13 Nov 2018 14:30:00 +0000

DFSP # 143 - Tips from the Trenches

Tips from the DFIR Trenches

Tue, 06 Nov 2018 14:30:00 +0000

DFSP # 142 - CRON 101

This week Ibreakdown CRON for the uninitiated.

Tue, 30 Oct 2018 13:30:00 +0000

DFSP # 141 - Logon Triage

This week Italk about investigation strategies for logon events.

Tue, 23 Oct 2018 13:30:00 +0000

DFSP # 140 - PCAP Hunting

This week I talk about PCAP hunting strategies.

Tue, 16 Oct 2018 13:30:00 +0000

DFSP # 139 - Linux Crypto-Mining Malware Tactics

This week IinterviewCraig Rowland ofSandfly Security about crypto-mining attacks on Linux systems.

Learn more about Sandfly athttps://www.sandflysecurity.com

Tue, 09 Oct 2018 13:30:00 +0000

DFSP # 138 - OWASP Top 10

This week Italk about OWASP and why you should be paying attention.

Tue, 02 Oct 2018 13:30:00 +0000

DFSP # 137 - Fast Flux

This week I talk about the attack methodology known as Fast Flux.

Tue, 25 Sep 2018 13:30:00 +0000

DFSP # 136 - Scheduled Task Triage Part 2

This week Italk about details about what to look at in Scheduled Task records for forensic triage.

Tue, 18 Sep 2018 13:30:00 +0000

DFSP # 135 - Scheduled Task Triage Part 1

This week Italk about details about what to look at in Scheduled Task records for forensic triage.

Tue, 11 Sep 2018 13:30:00 +0000

DFSP # 134 -OfficeMalScanner

This week I talk OfficeMalScanner, a malware scanner for Microsoft document

Tue, 04 Sep 2018 13:30:00 +0000

DFSP # 133 - Know Thy Logs

This week I talk Ultimate windows security

Tue, 28 Aug 2018 13:30:00 +0000

DFSP # 132 - Root Cause

This week I talk about methodologies to investigate root cause during incident response investigations.

Tue, 21 Aug 2018 13:30:00 +0000

DFSP # 131 - PIDS

This week Italk about PIDS in their uses and computer forensic investigations.

Tue, 14 Aug 2018 13:30:00 +0000

DFSP # 130 - Network Scoping

This week Italk about scoping network connections as part of incident response triage

Tue, 07 Aug 2018 13:30:00 +0000

DFSP # 129 - Excel Fu for Frequency Analysis

This week I talk more excel fu tips

Tue, 31 Jul 2018 13:30:00 +0000

DFSP # 128 - GREP vs SED vs AWK

This week I talk the difference between common text processing utilities used in forensic analysis

Tue, 24 Jul 2018 13:30:00 +0000

DFSP # 127 - DNS & Forensics

This week I talk about DNS and forensics

Tue, 17 Jul 2018 13:30:00 +0000

DFSP # 126 - Star Grepping

This week I talk about the value of Grep as a forensic skillset

Tue, 10 Jul 2018 13:30:00 +0000

DFSP # 125 - Distributed Hash Cracking

This week Italk about distributed password cracking with Hashtopolis for Hashcat

Tue, 03 Jul 2018 13:30:00 +0000

DFSP # 124 - iOS USB Restricted Mode

This week Italk about the security changes coming with iOS 11.4

Tue, 26 Jun 2018 13:30:00 +0000

DFSP # 123 - IP Triage

This week I talk about IP address and domain triage for computer forensic investigations.

Tue, 19 Jun 2018 13:30:00 +0000

DFSP # 122 - ATT&CK Matrix

This week I talkabout ATT&CK for Enterprise

Tue, 12 Jun 2018 13:30:00 +0000

DFSP # 121 - Adventures in Scripting

This week I talk about getting started in scripting

Tue, 05 Jun 2018 13:30:00 +0000

DFSP # 120 - Rita

This week I talk about Rita, a free Threat Hunting Tool from Black Hills Information Security

Tue, 29 May 2018 13:30:00 +0000

DFSP # 119 - MFT2CSV

This week Ireview mft2csv

Tue, 22 May 2018 13:30:00 +0000

DFSP # 118 - .bash_history forensics

This week Italk about Linux triage using the /.bash_history artifact

Tue, 15 May 2018 13:30:00 +0000

DFSP # 117 - USNJRNL Tool Review

This week I review two tools for extracting and parsing USNJRNL evidence.

Tue, 08 May 2018 13:30:00 +0000

DFSP # 116 - Automatic Detection of Malware from Memory Analysis

This week I talk about a clever way to leverage Volatility to triage malware on a target system

Tue, 01 May 2018 13:30:00 +0000

DFSP # 115 - Prefetch Tools

This week I talkabout 6 different prefetch tools that are FREE!

Tue, 24 Apr 2018 13:30:00 +0000

DFSP # 114 - Go Norse!

This week I talk about keeping up with attack intelligence.

Tue, 17 Apr 2018 13:30:00 +0000

DFSP # 113 - Dead Simple Timelines

This week Ido a tool review of CYLR and CDQR - perhaps the easiest way to build an awesome timeline

Tue, 10 Apr 2018 13:30:00 +0000

DFSP # 112 - Port Forensics?

This week I talk how common ports plays into network forensics.

Tue, 03 Apr 2018 13:30:00 +0000

DFSP # 111 - Network Triage

This week Igo over some Network Forensic artifacts and what they offer to an investigation.

Tue, 27 Mar 2018 13:30:00 +0000

DFSP # 110 - Web Browser Forensics with Foxton

This week Ireview two freely available forensic tools from Foxton Forensics

Tue, 20 Mar 2018 13:30:00 +0000

DFSP # 109 - OLEDump

This week I talk about OLEDump, a malware analysis tool for investigating suspicious macros in MS Office documents

Tue, 13 Mar 2018 13:30:00 +0000

DFSP # 108 - Under the Radare

This week I talk about Cutter,a static malware analysis tool by Radare

Tue, 27 Feb 2018 14:30:00 +0000

DFSP # 106 - Cryptocurrency 1-2-3

This week Igo over an easy way to get set-up to start using crypto-currency to testing \ validation \ and self-training purposes

Tue, 20 Feb 2018 14:30:00 +0000

DFSP # 105 - from Zero to JTAG

This week Iinterview an industry expert about mobile device JTAG and ISP forensics.

Tue, 13 Feb 2018 14:30:00 +0000

DFSP # 104 - UserAssist Forensics

This week Italk about the userassist artifact for file use and knowledge investigations.

Tue, 06 Feb 2018 14:30:00 +0000

DFSP # 103 - B2B USB Forensics

This week I talk aboutresolving USB usage back to specific systems and user accounts.

Tue, 30 Jan 2018 14:30:00 +0000

DFSP # 102 - B2B Windows Explorer

This week I talk about Windows Explorer evidence.

Tue, 23 Jan 2018 14:30:00 +0000

DFSP # 101 - B2B Shellbags

This week I talk aboutWindows Shellbags.

Tue, 16 Jan 2018 14:30:00 +0000

DFSP # 100 - B2B Shimcache

This week Icontinue the back to basics series with talk on the Windows Shimcache.

Tue, 09 Jan 2018 14:30:00 +0000

DFSP # 099 - B2B with Prefetch

This weekit's a refresher on the Windows Prefetch, a core Microsoft artifact every examiner shouldknow.

Tue, 02 Jan 2018 17:00:00 +0000

DFSP # 098 - Back to basics 2018

This week I kick off a revisit of the fundamentals helpful to all new examiners.

Tue, 26 Dec 2017 14:30:00 +0000

DFSP # 097 - The Main Event

This week Igo over some "go to" Windows Event Logs.

Tue, 19 Dec 2017 14:30:00 +0000

DFSP # 096 - OS X Unified Logging

This week I talk about Mac Logs, namely the new Unified Logging in OS X and how this impacts forensic exams.

Tue, 12 Dec 2017 14:30:00 +0000

DFSP # 095 - freE-DISCOVERY?

This week Italk about the "built-in" eDiscovery tools for Office 365

Tue, 05 Dec 2017 14:30:00 +0000

DFSP # 094 - 31 Flavors of Malware Analyst

This week I break down the different variations of the "malware analyst." Do you qualify as one?

Tue, 28 Nov 2017 14:30:00 +0000

DFSP # 093 - Chocolate Peanut Butter Moment

This week I talk about the volatility plug-ins for autopsy that allow you to do memory forensics in the autopsy forensic console.

Tue, 21 Nov 2017 14:30:00 +0000

DFSP # 092 - New Apple File System

This week I talk about the new file system released by Apple, APFS, and what it means for forensic examiners.

Tue, 14 Nov 2017 14:30:00 +0000

DFSP # 091 - Red Team Field Manual

This week I talk aboutRTFM, the companion to the blue team field manual that's filled with over 1000 commands for windows and Linux.

Tue, 07 Nov 2017 14:30:00 +0000

DFSP # 090 - Microsoft Evaluation Center

This week talk about the Microsoft Evaluation Center, a resource Microsoft office to obtain evaluation versions of operating systems and products.

Tue, 31 Oct 2017 13:30:00 +0000

DFSP # 089 - So you want to DFIR?

This weekI interview a DFIR practitioner about some of the little known facts about a career in the industry.

Tue, 24 Oct 2017 13:30:00 +0000

DFSP # 088 - Perfect Execution

This weekI talk about the most popular artifacts to prove application execution

Tue, 17 Oct 2017 13:30:00 +0000

DFSP # 087 - DFIR Degrees

This weekI interview a DFIR professional about his decision to get a Masters Degree in cyber security.

Tue, 10 Oct 2017 13:30:00 +0000

DFSP # 086 - BambiRaptor

This weekI review a freely available Windows Live Response collection tool available from BriMor Labs.

Tue, 03 Oct 2017 13:30:00 +0000

DFSP # 085 - Leggo my Stego

This weekItalk Stego; what it is and what challenges is presents to DFIR professionals.

Tue, 26 Sep 2017 13:30:00 +0000

DFSP # 084 - Blue Team Field Manual

This weekIreviewBlue Team Field Manual, a reference guide for DFIR practitioners.

Tue, 19 Sep 2017 13:30:00 +0000

DFSP # 083 - cree.py

This weekItalkabout cree.py, an OSINT tool to profile social media accounts by geolocation.

Tue, 12 Sep 2017 13:30:00 +0000

DFSP # 082 - iPhone Forensics on the Cheap

This weekItalk how to make a forensic iPhone backup using iTunes and triage of iPhone backup files using free forensic tools.

Tue, 05 Sep 2017 13:30:00 +0000

DFSP # 081 - OS X Collector

This weekI go over OSX Collector, a freely available tool to collect and preprocess Mac artifacts for DFIR investigations.

Tue, 29 Aug 2017 13:30:00 +0000

DFSP # 080 - DFIR Operational Assessment

This week I talk about 4 questions about your DFIR unit from an operations standpoint to identify holes and get a better sense of your investigative capabilities.

Tue, 22 Aug 2017 13:30:00 +0000

DFSP # 079 - Thoughts on DASH Forensics

This weekItalk about crypto currency 2.0 and feature DASH as the example.

Tue, 15 Aug 2017 13:30:00 +0000

DFSP # 078 - Bitcoin Forensics

This weekIprovide an overview of Bitcoin forensics for examiners new to these investigations.

Tue, 08 Aug 2017 13:30:00 +0000

DFSP # 077 - Crypto Currency 101

This weekIbreak down crypto currency concepts for new computer forensic examiners.

Tue, 01 Aug 2017 13:30:00 +0000

DFSP # 076 - Strings!

This weekIlooktalk about one of the most versatile tools for forensic triage and analysis - Strings!

Tue, 25 Jul 2017 13:30:00 +0000

DFSP # 075 - Capturing Websites as Evidence

This weekIlook at a methodology of capturing websites as evidence using HTTrack

Tue, 18 Jul 2017 13:30:00 +0000

DFSP # 074 - Detecting Lateral Movement

This weekIreview a document put out by the Japan Computer Emergency Response Team Coordination Center on "Detecting Lateral Movement through Tracking Event Logs."

Tue, 11 Jul 2017 13:30:00 +0000

DFSP # 073 - Jump Lists

This weekIbreak down the forensic value of Windows Jump lists.

Tue, 04 Jul 2017 13:30:00 +0000

DFSP # 072 - Free Training & Free Beer

This weekI talk about how to design your own training programs using low cost\ no cost options.

Tue, 27 Jun 2017 13:30:00 +0000

DFSP # 071 - Automated Malware Triage

This week I take a look atonline sandboxes for malware analysis.

Tue, 20 Jun 2017 13:30:00 +0000

DFSP # 070 - Notepad++

This weekItalk a Notepad++, a freely available code editing tool with some great options built in that are useful for inspecting forensic artifacts.

Tue, 13 Jun 2017 13:30:00 +0000

DFSP # 069 - Automated Memory Triage

This week I take a look at Redline by Mandiant, a tool that offers automated memory triage and much more.

Tue, 06 Jun 2017 13:30:00 +0000

DFSP # 068 - Is Scanning On-Scene Legit?

This weekI explore the idea of using scanning tools as part of an on scene triage process in order to find hidden devices and\or to document the systems of the local network.

Tue, 30 May 2017 13:30:00 +0000

DFSP # 067 - IR A-Z

Looking for the ultimate DFIR checklist? This weekIcheck out a freely available guidebook that, as the name implies, is aimed at addressing all things DFIR related A-Z.

Tue, 23 May 2017 13:30:00 +0000

DFSP # 066 - Skype Forensics

This weekI talk about the Skype artifacts forensic examiners need to be aware of.

Tue, 16 May 2017 13:30:00 +0000

DFSP # 065 - Is CSA+ Certification right for you?

This weekI take a look at CompTia's CSA+ certification and how it fits into a DFIR career.

Tue, 09 May 2017 13:30:00 +0000

DFSP # 064 - Chrome Forensics

This week it's back to browsers with Chrome Forensics.

Tue, 02 May 2017 13:30:00 +0000

DFSP # 063 - Bulk Extractor

This weekis tool review week featuring Bulk Extractor. This is a great triage tool, lab tool and all around tool to help generate leads for your case.

Tue, 25 Apr 2017 13:30:00 +0000

DFSP # 062 - Building a Forensic VM with VirtualBox

This week I take you through some of the "pain points" of using VirtualBox as a forensic machine virtualization platform. VirtualBox is freely available and is a great tool to scale your lab and field systems at a low cost. VirtualBox does not have the "easy" buttons the pay tools have but do not let that stop you. In this episode I talk aboutthe solutions that will have you up and running.

Tue, 18 Apr 2017 16:00:00 +0000

DFSP # 061 - Firefox Forensics

This week I talk Firefox forensics and identify the artifacts examiners need to know about.

Tue, 11 Apr 2017 13:30:00 +0000

DFSP # 060 - Browsing on the Edge

This week Im talking about the Windows browser some are still surprised to learn about, MS Edge. Windows 10 comes with two browsers and in this weeks podcast Im going to go over one of them, MS Edge, and what computer forensic examiners need to know about it.

Tue, 04 Apr 2017 13:30:00 +0000

DFSP # 059 - Thumbcache Forensics

This weekI talk aboutsurviving Windows Thumbcache forensics. A great source of evidence for File Use & Knowledge investigations.

Tue, 28 Mar 2017 13:30:00 +0000

DFSP # 058 - Linux FU&K Artifacts

This weekI talkLinux forensics and breakdown some useful artifacts that may generate leads forinvestigations.

Tue, 21 Mar 2017 13:30:00 +0000

DFSP # 057 - Webmail Collections

This weekI talk about a methodology to collect webmail using freely available tools as well as the things you must consider before you do so.

Tue, 14 Mar 2017 13:30:00 +0000

DFSP # 056 - Surviving Solid State Drives

This weekIgo over my survival tips for imaging solid state drives (SSDs).

Tue, 07 Mar 2017 14:30:00 +0000

DFSP # 055 - Automated Host Intelligence

This weekItalk about threat intelligence tool Hostintel by Keith Jones.

Tue, 28 Feb 2017 14:30:00 +0000

DFSP # 054 - Surviving the Conference Season

This weekIshare some thoughts on how to approach DFIR conferences to maximize the experience. There are many to choose from and having an analytical approach may get you exactly what you want for your time and money.

Tue, 21 Feb 2017 14:30:00 +0000

DFSP # 053 - Top FU&K Plugins

This weekI talk aboutmy favorite Volatility plugins for File Use & Knowledge investigations to get at the volatile evidence most often targeted during a dead box exam.

Tue, 14 Feb 2017 14:30:00 +0000

DFSP # 052 - Free Your Mind

This weekI talk about FreeMind, a freely available visualization tool that can be used to enhance the computer forensic investigation process.

Tue, 07 Feb 2017 14:30:00 +0000

DFSP # 051 - Analyzing PE Signatures

This weekI talkabout an openly available library and tool repository all examiners should be aware of as well as a tool by Didier Stevens called "AnalyzePESig" which is perfect for bulk analysis of executables on Windows systems.

Tue, 31 Jan 2017 14:30:00 +0000

DFSP # 050 - Virtual Machine Forensics

This weekI talk File Use & Knowledge investigations involving virtual machines. This is mainly from a dead-box exam point-of-view.

Tue, 24 Jan 2017 14:30:00 +0000

DFSP # 049 - Get your SRUM on!

This week I talk aboutSRUM, a windows artifact with some significant forensic value for both File Use & Knowledge investigations as well as Incident Response.

Tue, 17 Jan 2017 14:30:00 +0000

DFSP # 048 - Evidence Integrity On-Scene

This weekI talkabout considerations for digital evidence integrity when collection evidence on-scene from a live system.

Tue, 10 Jan 2017 14:30:00 +0000

DFSP # 047 - Epoch Time Survival

This week I talk about surviving mobile App timestamps.

Tue, 03 Jan 2017 14:30:00 +0000

DFSP # 046 - DFIR New Year

This weekIshare my thoughts on setting DFIR goals for the coming year. I go over seven pointsworth focusing on for professional development.

Tue, 27 Dec 2016 14:30:00 +0000

DFSP # 045 - RUN DMA

This weekI talk DMA (direct memory access) exploits as a technique to bypass passwords of a live system to conduct imaging - with legal authority of course.

Tue, 20 Dec 2016 14:30:00 +0000

DFSP # 044 - Automated File Intelligence

This weekItalk about a useful automated file intelligence resource for dead box exam as well as IR investigations.

Tue, 13 Dec 2016 14:30:00 +0000

DFSP # 043 - Imaging a Mac: Survival Tips

This week I go over survival tips for imaging a Mac.

Tue, 06 Dec 2016 14:30:00 +0000

DFSP # 042 - Windows 10 Prefetch

This weekIabout the format change for Windows 10 Prefetch files as well as a freely available tool to decompress and present .pf file data.

Tue, 29 Nov 2016 14:30:00 +0000

DFSP # 041 - Trash Talkin'

This weekI'm talking .Trash. I cover the forensic basics of this Mac artifact that examiners need to know.

Tue, 22 Nov 2016 14:30:00 +0000

DFSP # 040 - Mac Log Files

This weekI talk about Mac Log files that are useful for File Use & Knowledge investigations as well as Incident Response.

Tue, 15 Nov 2016 14:30:00 +0000

DFSP # 039 - Apache Weblogs & SDF Announcement

This weekI talk about Apache weblogs and a great resource for foundational knowledge at aid newer examiners with forensic analysis. In addition, big news for the SDF series!

Tue, 08 Nov 2016 14:30:00 +0000

DFSP # 038 - Finder Sidebar Forensics

This weekit's back to Mac forensics with a look at the the Finder Sidebar and it's value for File Use & Knowledge investigations.

Tue, 01 Nov 2016 13:30:00 +0000

DFSP # 037 - The DFIRONOMICON

This weekIpull back the focus for newer examiners andshare some thoughts on creating a system that works for you to organize, and keep readily accessible, all the knowledge you accumulate..... and a few words about Shimcache on Windows 10.

Tue, 25 Oct 2016 13:30:00 +0000

DFSP # 036 - iCloud Forensic Evidence

This week I breakdown iCloud forensic artifacts.

Tue, 18 Oct 2016 13:30:00 +0000

DFSP # 035 - "Recent" File Listings on a Mac

This weekI talkaboutwhere to find different listing of different recently accessed files on a Mac as well as how to break out the data for interpretation.

Tue, 11 Oct 2016 13:30:00 +0000

DFSP # 034 - Forensic tools for your Mac

This week I go over some of myfavorite Mac tools.

Tue, 04 Oct 2016 13:30:00 +0000

DFSP # 033 - PLISTS for Mac Triage

This weekI talkaboutsome common PLISTS to check as part of an initial system triage.

Tue, 27 Sep 2016 13:30:00 +0000

DFSP # 032 - Mac Formats, Libraries & Keychains

This weekI talkabout common Mac file formats, Libraries and Keychains.

Tue, 20 Sep 2016 13:30:00 +0000

DFSP # 031 - Mac User Home Folder

This weekI talkaboutMac Home Folders to give Mac Examiners an idea of how it is structured and where to look for certain artifacts.

Tue, 13 Sep 2016 13:30:00 +0000

DFSP # 030 - OS X Spotlight

This weekI talkabout OS X's Spotlight feature, a powerful indexing and search engine built into your Mac that may be harnessed for computer forensic purposes.

Tue, 06 Sep 2016 13:30:00 +0000

DFSP # 029 - Mac Cooties?!

This weekI talk Apple double files and what to make of them during a forensic exam.

Tue, 30 Aug 2016 13:30:00 +0000

DFSP # 028 - Microcast

This week I am taking a breather and doing some planning for future topics. If you have a topic you would like to see covered mention it in the show notes. Full episodes will return the first week of September.

Tue, 23 Aug 2016 13:30:00 +0000

DFSP # 027 Mac as a forensic platform

This week I go over some of my top reasons why Macs should be considered as a computer forensic platform.

Tue, 16 Aug 2016 13:30:00 +0000

DFSP # 026 - File Juicer

File Juicer is an easy to use data carving tool that runs on OS X. Take most any file, drop it on File Juicer, and watch it spin out embedded image, movie, document files and text. Perfect for on-scene triage, lab work and exploring new file types.

Tue, 09 Aug 2016 13:30:00 +0000

DFSP # 025 - RAM Extraction Tools - Part 2

This is part twoofRAM extraction tools. Part 1 looked at why RAM extraction is an important part of forensic analysis. In Part 2 the results ofa benchmark experiment withfour different RAM Extraction tools is discussed: DumpIt, Belkasoft's RAM Capturer, Magnet RAM Capture and the RAM extraction feature in FTK Imager.

Tue, 02 Aug 2016 13:30:00 +0000

DFSP # 024 - RAM Extraction Tools - Part 1

This episode is a two-parter looking at RAM extraction tools. Part 1 will take a look at why RAM extraction is an important part of forensic analysis. Part 2 will go over an experiment I did with four different tools: DumpIt, Belkasoft's RAM Capturer, Magnet RAM Capture and the RAM extraction feature in FTK Imager.

Mon, 25 Jul 2016 13:30:00 +0000

DFSP # 023 - Battle Royale: FTK vs EnCase vs WinHEX

This week I take a look at three popular computer forensic suites: FTK, Encase and WinHex. I offer my opinion as to the strengths and weaknesses of each.

Tue, 19 Jul 2016 13:30:00 +0000

DFSP # 022 - DFIR Certification Planning & Considerations

If you take a look at all the different DFIR certifications that exist today you can easily get overwhelmed. There are so many to choose from it puts meaning to the saying that too many choices is no choice at all. In this episode I take a look at digital forensic certifications from two different vantage points to provide a little guidance to those that may be trying to advance themselves through a certification or two.

Tue, 12 Jul 2016 13:30:00 +0000

DFSP # 021 - The Honeynet Project

For those looking to get some real world hands-on experience in DFIR to build up or expand your skill set, check outhoneynet.org. The non-profit offers information and challenges to help sharpen your skills.

Tue, 05 Jul 2016 13:30:00 +0000

DFSP # 020 - Amcache Forensics - Find Evidence of App Execution

This week I talk about Amcache Forensics, a Windows artifact that collects details about programs that have been run on a given system. This evidence can support malware/ intrusion investigations, file use and knowledge exams and data spoliations inquiries.

Tue, 28 Jun 2016 00:46:12 +0000

DFSP # 019 - Password Cracking with Hashcat

The last talk in the Open-Source password cracking series focuses on a tool that rivals the pay tools in function and capability - Hashcat.

Mon, 20 Jun 2016 13:30:00 +0000

DFSP # 018 - John the Ripper

Last episode I talked about using Cain to attack Windows LANMAN and NTLM hashes. Next we will discuss John the Ripper, Linux password files and rainbow tables.

Mon, 13 Jun 2016 13:30:00 +0000

DFSP # 017 - Cracking Passwords with Cain

In the last episode I talked about PW psychology, an important part of operationalizing any PW cracking tool effectively. Face it, the math is against you so understanding a persons probable PW patterns is important.In this episode we will talk about our first tool that can be used against a PW file. First lets go over some general features you will likely find in a PW cracking tool.

Mon, 06 Jun 2016 13:30:00 +0000

DFSP # 0016 - Password Psychology

The next mini series will focus on open source password attack tools.There are some pay options out there, however, most IR teams do not have a need for it and disk forensic teams use if infrequently. Despite this many labs want the capability so it makes sense to explore the open source options first before spending the money. My goal here is talk about these options to provide some insight and to open the series I thought I's talk about password psychology since the weakness link in any password algorithm is usually the person using it.

Tue, 31 May 2016 13:30:00 +0000

DFSP # 015 - $UsnJrnl File

The$UsnJrnl is an artifact that logs certain changes to files in NTFS volumes. It is a great source of timeline information for malware\ IR investigations, time stomping concerns and anti-forensics activities (i.e. wiping) as well as an additional source of file use and knowledge evidence for disk forensics.

Mon, 23 May 2016 13:30:00 +0000

DFSP # 014 - Shimcache

In this episode Italk Shimcache, otherwise known as the Application Compatibility Cache. This registry key has existed since Windows XP and tracks executableon a system, making it a great source of digital evidence for both disk forensics and incident response cases. In addition, there are freely available tools that will parse the data. It is not a difficult artifact to understand. Once an analyst spends the time learning how to pull, parse and interpret the data it is easily incorporated into an investigation and aligns well with other Windows artifacts.

Mon, 16 May 2016 13:30:00 +0000

DFSP # 013 - Windows 10 Artifacts

In this episode I cover something I have been intending to do for some time: a Windows 10 artifacts overview. Here, I explore some key artifacts changes and what has stayed the same. Once I got into it I found there was a lot to talk about so, to start, I will discuss the topics from a high level. In future episodes I will dig in deeper to each artifact.

Mon, 09 May 2016 13:30:00 +0000

DFSP # 012 - Just-Metadata

This episodeI talk Just-Metadata, a freely available tool that gathers data about IP addresses from publicly available resources. Check outTruncer's websiteto learn more. I put together my quick start notes (below) for anyone interested in getting set up. This tool is very powerful and useful for Incident Response investigations, especially since you can batch upload IP addresses and quickly get useful details.

Mon, 02 May 2016 13:30:00 +0000

DFSP # 011 - PALADIN

This episodeI talk about PALADIN from SUMURI.PALADIN is a modified live Linux distribution based on Ubuntu that simplifies various forensics tasks in a forensically sound manner via the PALADIN Toolbox andused by thousands of digital forensic examiners from Law Enforcement, Military, Federal, State and Corporate agencies.

Mon, 25 Apr 2016 13:30:00 +0000

DFSP # 010 - Investigation Survival Tips

This episode covers Investigation Survival Tips.... for the new guy. Newer examiners are often thrown into a world where it is there mission to find "everything." Not on that, they are usually given inadequate investigative support to accomplish their assigned goals. I have seen this happen often so I thought I would spend an episode giving some advice on how to steer the conversation to keep expectation realistic and in-check.

Mon, 18 Apr 2016 13:30:00 +0000

DFSP #009 - Linux for Computer Forensics

In this episode Icover using Linux as a forensic platform... for the new guy. I find many examiners are very Windows-centric. There is nothing wrong with that as most tools and evidence is Windows based. However, Linux comes in handy from time to time and knowing some basic commands is always helpful.

Mon, 11 Apr 2016 13:30:00 +0000

DFSP # 008 - Virtual Machines & Computer Forensics

In this episode I talk all about virtual machines; the reasons you should be using them (more), prebuilt ones that are freely available and loaded with digital forensic tools and a free virtual machine application that has the same functionality you need as the pay tools.

Mon, 04 Apr 2016 13:30:00 +0000

DFSP #007 - File Use & Knowledge Wrap Up

In this episode we wrap up the File Use & Knowledge artifacts discussed previously and talk about how they connect to help strengthen a case.

Mon, 28 Mar 2016 13:30:00 +0000

DFSP #006 - Resolving Attached USBs

Have you ever been asked to find out what the "F" drive is? Have you ever needed to prove a USB drive was attached to a target system? Collecting and presenting this information is a core skill all computer forensic analysts need know. This episode breaksdown the process of collecting and interpreting the data necessary to make the connection between USB device and Windows systems.

Mon, 21 Mar 2016 13:30:00 +0000

DFSP #003 - What the Shellbag!

In this episode we examine how to use Windows Shellbag records to help prove file use and knowledge. Shellbag records are created by certain user activity and can be used to show where a user has navigated to on a computer system and when they did so. Very powerful evidence!

Mon, 14 Mar 2016 13:30:00 +0000

DFSP #004 - Windows Prefetch

Windows Prefetch data is a great source of evidence to help determine file use and knowledge of applications running on the system.

Wed, 17 Feb 2016 01:36:03 +0000

DFSP #003 - Windows Explorer Evidence

Oftentimes you will be asked to find information on a target system that shows if a user accessed certain files, the last time they did and/ or how often they did. Being able to put a picture together that answers these questions can be critical and make or break the case.

Mon, 15 Feb 2016 20:28:48 +0000

DFSP #002 - Windows Link Files

Windows LINK files are a great source of information when your aim is proving file use and knowledge during a computer forensic investigation. Knowing how to interpret these files will break reliance on automated tools and give you the versatility to quickly examine - interpret - and gain investigative insight.

Sun, 14 Feb 2016 16:58:29 +0000

DFSP #001: Premiere Episode

Listen totalkabout computer forensic analysis, techniques, methodology, tool reviews and more.

Down the Security Rabbithole Podcast

Tue, 21 Mar 2023 00:00:00 -0400

DtSR Episode 543 - National Cyber Security Policy Daydreams (2023)

TL;DR
This week, on the podcast, Rafal and James host Brian Chidester and Jordan Burris to talk about the latest National Cyber Security Strategy from the Biden White House. It's an interesting piece of national policy that outlines our cyber security priorities as a nation - and you'll have to forgive me for calling it "aspirational".
The four of us discuss the likelyhood of this strategy ever being fully implemented, which pieces are most likely to work and which ones will struggle, and ultimately what will be the result here.
This is an important document - and if you're a defender or serious about cyber security at a national level - you should listen in.

YouTube video replay: https://youtube.com/live/O8lePu4ings?feature=share

Links:

White house release: https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/

Guests:

Brian Chidester
- Linked: https://www.linkedin.com/in/abchidester/
Jordan Burris
- LinkedIn: https://www.linkedin.com/in/jordan-burris-60588a70/

Tue, 14 Mar 2023 00:00:00 -0400

DtSR Episode 542 - Distilling 20 Years of CISO Wisdom

TL;DR:

On this week's episode of the podcast, James joins me to co-host a great episode with an old friend - Ray Emerly. Ray is a long-time veteran of the CISO chair, and no stranger to working at all aspects of the security leadership role. We talk through a number of important topics, ask him what's changed (and what hasn't) and of course we have a stumper at the end. Listen to the end, or you'll miss a golden nugget.

Guest

Raymond Umerly
- LinkedIn: https://www.linkedin.com/in/rumerley/

Watch the Video on our YouTube channel

https://youtube.com/live/x1trGIgZSF0

Mon, 13 Mar 2023 21:30:00 -0400

DtSR Episode 541 - The Calculus of Cyber Insurance

** This episode is being re-published due to an issue with the RSS feed/provider **

TL;DR:

We've talked about cyber insurance a lot here on this podcast, and this episode is yet another angle on the topic. Nate Smolenski joins us to discuss his view, from the perspective of a CISO. This is a great conversation for those who are still investigating Cyber Insurance, or realizing that their policies are astronomical, or trying to right-size their security program along with insurance.

Video link: https://youtube.com/live/O0gpapA_r08?feature=share

Guest:

Nate Smolenski
- LinkedIn: https://www.linkedin.com/in/nathansmolenski/

Mon, 27 Feb 2023 19:17:02 -0500

DtSR Episode 540 - David Barton on Simplifying the Complex

** This episode is being re-published due to an issue with the RSS feed/provider **

TL;DR:

This week I brought on David Barton the CTO of HighWire Networks - who knows a few things about a few things. We discuss the complex nature of our business, where things get weird, and how we can work to make them better. We talk about complexity, specifically, and what makes this such a difficult thing for our industry where simple is the arch-enemy of secure.

Join us, and catch the video on the YouTube page (smash that subscribe button), or on LinkedIn.

Video Stream (replay):https://youtube.com/live/_rykxVh_VBw?feature=share

Guest:

David Barton
- LinkedIn: https://www.linkedin.com/in/davidbarton1/

Tue, 21 Feb 2023 12:37:00 -0500

DtSR Episode 539 - SBOM Paving the Road of Good Intent

TL;DR

It's been said that the road to hell is paved with good intentions. I feel like this applies to SBOM so much it's scary. All the good intentions in the world seemed to have led us to a place where we have tools that produce inconsistent results, tool sets that aren't necessarily integrated or mission-focused to deliver results, and a lot of confusion. Varun joins us with a boatload of entrepreneurial expertise and an eye for problem-solving so it's an interesting conversation.

Join Rafal & James in a conversation that you'll want to listen to a few times, and take notes.

Link to YouTube video

https://youtube.com/live/pZgiiRQeou0?feature=share

Guest

Varun Badhwar
- LinkedIn: https://www.linkedin.com/in/vbadhwar/

Tue, 14 Feb 2023 12:45:00 -0500

DtSR Episode 538 - What the heck is a vCISO

TL;DR:

This DtSR podcast brings back a good friend of the show, and one of the most experienced leaders I know - Mr. Jim Tiller. We talk about an interesting topic - the "virtual CISO". vCISO is interesting because as markets tighten, and it becomes more difficult tofind andafford good CISOs and security leaders in this market. So how can a company best utilize this part-time resource?

We discuss...

What are the best ways to utilize vCISO?
What questions should you be asking?
What are things to look out for?

YouTube video

https://youtube.com/live/OaYS0yEajQw?feature=share

Guest

Jim Tiller
- LinkedIn: https://www.linkedin.com/in/jimtillersecurity/
- Jim's Security Bytes newsletter: https://www.linkedin.com/newsletters/security-bytes-6943286067194187776/

Tue, 07 Feb 2023 15:53:00 -0500

DtSR Episode 537 - Sergio Talks Threat Intelligence

TL;DR:

I'm extremely excited to present to you, dear listeners and friends, a wonderful conversation with Sergio Caltagirone, who is quite the authority on 'threat intelligence' - where others talk tools and limited knowledge, Sergio literally was there at the birth of the cyber dawn of the threat intelligence operations we know (or don't know) today.

Sergio has been at an agency, at Microsoft, at Dragos - and he knows threat intelilgence from theory to applications. Listen in, learn a bit, and laugh along as the Chinese spy baloon (that's my story and I'm sticking to it) disrupts our communications with our pal, Sergio.

Video Link(unedited, and hilarious):https://youtube.com/live/SuH4uxBiX3E

Guest

Sergio Caltagirone
- LinkedIn: https://www.linkedin.com/in/sergiocaltagirone/

Tue, 31 Jan 2023 00:00:00 -0500

DtSR Episode 536 - Incident Response Automation Dreaming

Tl;DR:

Automation. It's a precarious thing in cyber security. Whether you're thinking about SOAR, or incident investigation, or maybe SIEM (I'm sorry) - this conversation will be worth your time. Anton and Jonathan join us to talk about how "automation" has evolved over the last decade or so, and where it's largely failed. We also start to explore the future and requirements for how things can collectively improve.

We think you'll enjoy the podcast... share it and we'd love to hear from you.

Guests

Anton Goncharov
- LinkedIn: https://www.linkedin.com/in/cybernode/
Jonathan Cran
- LinkedIn: https://www.linkedin.com/in/jcran/

Tue, 24 Jan 2023 00:00:00 -0500

DtSR Episode 535 - Let's Ask AI Security Questions

TL;DR

A few days ago, my pal Kevin asked me if I had seen the LinkedIn post by Helen Patton that asked an interesting question of the podcast space... Her post made me think - why the heck not? So, I did. Thanks to Helen, whose idea this was - I hope you get a chance to watch and enjoy the outcome of your request ... we had far too much fun recording it.

Here on this episode - which I promise you is 100x better on video, we have Anton Chuvakin, Kevin Thompson, and Jeff Collins joining Rafal & James on the podcast to have a little fun and ask "ChatGPT" some questions. Anton drove the screen share, and we had a lot of fun. I have to wonder - how did some of those answers (you'll know when you see/hear them) make it on there. Holy cow... wow.

LinkedIn video replay -https://www.linkedin.com/video/event/urn:li:ugcPost:7021885147977314304/

Guests

Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
Jeff Collins
- LinkedIn: https://www.linkedin.com/in/jmcollins/
Kevin Thompson
- LinkedIn: https://www.linkedin.com/in/blackfist/

Tue, 17 Jan 2023 11:12:00 -0500

DtSR Episode 534 - The AppSec is Still a Mess

TL;DR

On this episode, we welcome Josh Grossman - who has a pretty interesting perspective on AppSec, or Software Security, or (cringe) "DevSecOps". Josh has a bit of an edge on the subject, so he fits in with myself & James perfectly. We talk about where things stand from the vendor perspective, building programs, and why it takes to make a real impact, versus continuing to push a very large boulder up a very steep hill.

Oh, hey, want to be on the show? Let us know a topic and your background and let's talk.

Guest

Josh Grossman
- LinkedIn: https://www.linkedin.com/in/joshcgrossman/
- Twitter: https://twitter.com/JoshCGrossman

Tue, 10 Jan 2023 00:00:00 -0500

DtSR Episode 533 - Maybe 2023 Won't Suck

TL;DR

This week on 2023's first live-streamed episode (technical our first recorded in '23) our friend Larry Whiteside, Jr. joins us to talk about the prospects for 2023 and beyond. We discuss trends, make some rather sad predictions, and attempt to be hopeful about what the new year could bring us - if we don't find a way to walk ourselves off a cliff, first. It's a light discussion, that dives into some deep topics, and ultimately ends with some hope... 'ish. Join us!

Oh, hey, since some of you are looking for a new opportunity in the new year, Larry's hiring (check out his LinkedIn page).

Guest

Larry Whiteside, Jr.
- LinkedIn: https://www.linkedin.com/in/larrywhitesidejr/

Tue, 03 Jan 2023 22:45:00 -0500

DtSR Episode 532 - Its the End of 2022 As We Know It

TL;DR

Shawn Tuma, our favorite cyber legal eagle, joins Rafal & James to talk about the sorts of things we learned about 2022, in what could be confused for a year-in-review episode. We saw ransomware, big incidents, but overall ... things weren't the worst out there. If you missed our live-stream on LInkedIn (link below) you can replay that any time, or listen to this episode as a podcast. For 2023, I'm going to be tweaking some things to get us talking, sharing, and hopefully an even better experience of the podcast you already love.

LinkedIn Live-stream re-play:https://www.linkedin.com/video/event/urn:li:ugcPost:7013670254237163520/

Guest

Shawn Tuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/
- Twitter: https://twitter.com/shawnetuma/

Tue, 20 Dec 2022 10:58:00 -0500

DtSR Episode 531 - Security Guarantees, Warranties, and Insurance

Prologue

This week James and I are joined by my good friend and many-timer on the podcast Brandon Dunlap, and our mad genius and serial entrepreneur pal Paul Calatayud to talk about all of these guarantees, warranties, and insurance. It's a strange discussion but quite necessary as the industry is littered with some of these offerings by providers and various software (security) vendors. These guarantees and warranties are made to make you feel better, but rest assured lawyers wrote these and there'salways a catch. The insurance conversation, that's a little different (way different) and Paul's got some interesting things to say here. Don't miss a great episode!

Guests

Paul Calatayud
- LinkedIn: https://www.linkedin.com/in/whitehat/
Brandon Dunlap
- LinkedIn: https://www.linkedin.com/in/bsdunlap/

Tue, 13 Dec 2022 00:00:00 -0500

DtSR Episode 530 - The Bold and the Invasive

Prologue

Karim Hijazi joins Rafal & James this week on the podcast to talk about some interesting trends and developments in the world of bad actors. It's an interesting update including some things I wasn't expecting to hear about how threat actors "hit back at" incident responders and threat hunters. This is a good conversation about the current threat landscape with an eye on the Russian hackers out there, and pretty good listening for anyone who wants an added dose of situational awareness.

Links:

Sneaky Hackers Reverse Defense Mitigations When Detected - https://www.bleepingcomputer.com/news/security/sneaky-hackers-reverse-defense-mitigations-when-detected/
https://cybernews.com/editorial/russian-hacktivist-real-dangers/

Guest

Karim Hijazi
- LinkedIn: https://www.linkedin.com/in/karimhijazi/

Tue, 06 Dec 2022 00:00:00 -0500

DtSR Episode 529 - The CISOs Guide to Liability

Prologue

This is a very interesting episode... Gadi Evron joins James and me on this slightly technically difficult (the IPoCP - IP over Carrier Pigeon - was awful at times) episode to talk about the CISO role and the potential liabilities that lie within. Whether we're talking about the Joe Sullivan case (and we're not, or we try not to), or we're generalizing about employment and legal culpability - this show traverses a lot of land and it's all worth your time.

Hopefully if I did an OK job, you won't notice all the edits :)

Pre-reading

Blog post from Gadi & Team 8: https://team8.vc/rethink/cyber/cisos-guide-to-legal-risks-and-liabilities/
The CISO guide: https://lp.team8.vc/cisosguide

Guest

Gadi Evron
- LinkedIn: https://www.linkedin.com/in/gadievron/

Tue, 29 Nov 2022 00:00:00 -0500

DtSR Episode 528 - So Many Vendors, So Few Solutions

Prologue

It's always a pleasure when I can get some friends together and banter on about a topic we all find interesting. This week's topic was supposed to be released a bit later, but it couldn't wait. We hadso much fun that I thought it needed publication right now. The premise is simple - have you looked around at how many security vendors there are and just asked yourself ... "Are we solving anything, or just adding to the mess?" That's what we did on this podcast. And yeah, we'd know because we have some life experience in this industry.

Required Reading: https://www.linkedin.com/pulse/security-tools-crash-coming-mark-curphey/

Guests

Mark Curphey
- LinkedIn: https://www.linkedin.com/in/curphey/
Jim Tiller
- LinkedIn: https://www.linkedin.com/in/jitiller/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
Vikas Bhatia
- LinkedIn: https://www.linkedin.com/in/vikasbhatiauk/

Tue, 22 Nov 2022 00:00:00 -0500

DtSR Episode 527 - Fun With Machines Learning

Prologue

On this episode Rafal & James re-visit the concepts of machine learning, "artificial intelligence", and applicability to cyber security from Sven Krasser, Chief Scientist at CrowdStrike. Dr Krasser has been working on algorithms and computers analyzing massive amounts of data since the early 2000's so his analysis of today's "state of the art" and projections for the future are likely spot on. We have a little fun poking at industry buzzwords and make some real projections for where things are moving.

If you're trying to sift through the hype and asking yourself is any of the "AI + ML" hype is real, right now, listen to this podcast. Some of your questions are likely answered here.

Guest

Sven Krasser, Ph. D. - SVP & Chief Data Scientist at Crowdstrike
- LinkedIn: https://www.linkedin.com/in/svenkrasser/

Tue, 15 Nov 2022 00:00:00 -0500

DtSR Episode 526 - Downmarket SecOps Reality

Prologue

This podcast has attempted to go down-market a few times, with some success in discussing the important issues that service providers and security vendors oddly ignore. If you're not in the enterprise, you get ignored by 90%+ of the security vendor space, that's just fact, and that means that you're left to fend for yourself at the worst scale possible.

That's unfortunate, in the long run, because as all the vendors chase enterprise vendors, they at the same time lament the poor state of downmarket security. This podcast addresses something that may be able to help. A long-time colleague and friend has started a company and has a philosophy that we think y'all should hear about.

I'm going to encourage you to give ContraForce a look -- not just because they're named after one of my favorite video games of all time -- but because they are working hard to solve a fundamental problem that we have in the security space...small companies have big problems too.

Guest

Stanislav Golubchik
- LinkedIn: https://www.linkedin.com/in/stan-golubchik/
- Company LinkedIn: https://www.linkedin.com/company/contraforce/
- Company website: https://www.contraforce.com/

Tue, 08 Nov 2022 00:00:00 -0500

DtSR Episode 525 - Practical Zero Trust

Prologue

Are you sick of hearing "Zero Trust"? Do you, like us, also feel like it's a marketing buzzword, and then a cute concept that has a very difficult time in reality? Yeah, this episode is for you.

David Fairman and Jason Clark, join Rafal to talk about what is essentially continuous signals evaluation, least privilege, and default deny with segmentation. All those things we love, and haven't done right.

Guests

Jason Clark
- LinkedIn: https://www.linkedin.com/in/jasonclarkfl/
David Fairman
- LinkedIn: https://www.linkedin.com/in/dfairman/

Tue, 01 Nov 2022 00:00:00 -0400

DtSR Episode 524 - Cybersecurity Starts and Ends with Assets

Prologue

This week, we take it back to the basics, that's right, thebasics, as we talk to Huxley Barbee about the need to identify and understand the assets on your network and in your various environments. A fascinating conversation with some history, some laughs, and some honest discussion a topic that's absolutely critical to cyber security.

If you've not done so, go check out the conversation with Dell Technologies' John Scimone -- a CSO's perspective onfundamentals:https://ftwr.libsyn.com/dtsr-episode-513-cso-perspective-on-security-fundamentals which will give you some additional perspective on this issue.

Guest

Huxley Barbee
- LinkedIn: https://www.linkedin.com/in/jhbarbee/

Tue, 25 Oct 2022 00:00:00 -0400

DtSR Episode 523 - Practical SASE for the Masses

Prologue

Today's guest helps James and Rafal attempt to unravel the completely confusing space of "modern remote access". Some call it SASE, some SSE, some ZTE and some are completely mad and still use the term VPN. Who knows who's right, or why any one is preferred over the other ...except Carlos Salas from NordLayer. Listen in, and give it some thought. Maybe you'll understand this big mess a little better by the end of the episode.

Guest

Carlos Salas, Engineering Manager, NordLayer
- LinkedIn: https://www.linkedin.com/in/carlos-salas-b89480187/
- Get a special offer from NordLayer, because you're a listener of DtSR: https://nordlayer.com/dtsr

Wed, 19 Oct 2022 16:09:00 -0400

DtSR Episode 522 - Insuring Corporate Survival

Prologue

It's been a while since we have done an episode on cyber insurance, in fact, the last episode was https://ftwr.libsyn.com/dtsr-episode-454-tpa-cyber-insurance-fact-vs-fiction back in July of 2021. So we revisit with the two experts plus a bonus guest for you.

We look at the issues from the perspective of the broker, buyer, and lawyer -- a complete picture if I do say so myself!

Story link in FastCompany: https://www.fastcompany.com/90781786/cyber-insurance-price-hikes-have-left-local-governments-reeling

LinkedIn Live video stream (on-demand): https://www.linkedin.com/video/event/urn:li:ugcPost:6980210814192402434/

Guests

Shawn Tuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/
Sean Scranton
- LinkedIn: https://www.linkedin.com/in/sean-scranton-2b24948/
Sebastian Avarvarei
- LinkedIn: https://www.linkedin.com/in/sebastianavarvarei/

Tue, 11 Oct 2022 15:17:00 -0400

DtSR Episode 521 - The Peanut Gallery Takes on XDR

Prologue

Our industry has been talking aboutXDR for a while now. Some people think it's the savior, some people think it's marketing garbage - and neither of them really understands what this "thing" named XDR is. Well, I figure we'll get some smart people on the podcast, people who live in this field and use this word a lot, and giddy up.

This episode is slightly PG-13'ish ... because Anton has a potty mouth and I don't want to edit.

Guests:

Anton Chuvakin (Google)
- LinkedIn: https://www.linkedin.com/in/chuvakin/
Jamie Moles (ExtraHop)
- LinkedIn: https://www.linkedin.com/in/jamiemoles/
Bryan Lee (CrowdStrike)
- LinkedIn: https://www.linkedin.com/in/obiwanblee/

Tue, 04 Oct 2022 00:00:00 -0400

DtSR Episode 520 - The War With Online Scammers

Prologue

We start Cyber Security Awareness Month - the 30-day window where corporate law requires you to check the box and take boring security 'awareness' training, then forget it November 1st. Not my favorite month... so what about scammers, criminals, and bad people who prey upon those who aren't covered by corporate mandated training? Join us, let's talk about it.

Guest

Michael Magrath
- LinkedIn: https://www.linkedin.com/in/michaelmagrath/

Tue, 27 Sep 2022 22:52:58 -0400

DtSR Episode 519 - Insights From an Industry Leader

Prologue

This week, Rafal takes the show on the road (literally) to Las Vegas for Fal.Con '22 -- this is CrowdStrike's premier global get-together of customers, partners, and industry experts to showcase some innovation and share ideas and insights.

I wanted to say a big thank you to CrowdStrike -- all the folks who helped make this happen and continue to support this podcast and provide access to these fantastic guests.

Thank you to Nick Lowe, Geeta Schmidt, Kapil Raina, and Bryan Lee for taking the time to share their unique insights.

Guests

Nick Lowe
- LinkedIn: https://www.linkedin.com/in/nick-lowe-cissp-7751a05b/
Geeta Schmidt
- LinkedIn: https://www.linkedin.com/in/geetaschmidt/
Kapil Raina
- LinkedIn: https://www.linkedin.com/in/kapilraina/
Bryan Lee
- LinkedIn: https://www.linkedin.com/in/obiwanblee/

Tue, 20 Sep 2022 00:00:32 -0400

DtSR Episode 518 - Go Big or Go Home

Prologue

Solving problems is a challenge not everyone is up for. The industry is littered with people and companies that bring small-time solutions to an industry begging and pleading for actual solutions. Jason Clark of Netskope, and long-time friend, joins James and Rafal to talk about the mindset and approach needed to solve BIG problems that change the game, change the landscape, and change our lives.

Guest

Jason Clark
- LinkedIn: https://www.linkedin.com/in/jasonclarkfl/

Tue, 13 Sep 2022 12:31:34 -0400

DtSR Episode 517 - Two Truths and a Lie

For those of you paying attention - DtSR is officially 11 years old.

This episode is the first episode of year (season) 12. WOW. Thank you for listening, sharing, commenting, and watching us live!

Prologue

We work in a weird industry where marketing has to make ever-more outrageous claims that product and service teams then have to attempt to live up to, but it's a way of life. Now, I'm not strictly speaking blaming product marketing people, but they do have some blame in this insane climate we find ourselves in. On this episode, two good friends - and professional snark'ists - join James and I to talk about where our industry has over-marketed, over-hyped, and simply failed to deliver ...and where it may actually be meeting expectations. It's a fun conversation, and I bet you won't see the ending coming.

Guests

Jeff Collins
- LinkedIn: https://www.linkedin.com/in/jmcollins/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
- Twitter: https://twitter.com/anton_chuvakin

Tue, 06 Sep 2022 13:49:32 -0400

DtSR Episode 516 - Breaking Bad on EAS

Prologue

Fresh off his presentation at Defcon 2022, Ken Pyle joins Rafal to talk about the Emergency Alert System (EAS) he's been hacking since 2019 and discusses findings, challenges, and the work left to do.

It's a fascinating conversation that will leave you wondering - how do we fix this clear and present problem, and more importantly...where else should we be looking?

Guest

Ken Pyle
- LinkedIn: https://www.linkedin.com/in/ken-pyle/
- LinkedIn Stream (recorded): https://www.linkedin.com/video/event/urn:li:ugcPost:6971199601311694848/

Tue, 30 Aug 2022 00:00:07 -0400

DtSR Episode 515 - Gadi Evron Talks PostBreach and Disinformation

Prologue

This week's guest is always a great interview. Gadi Evron has been around the industry longer than it's been an officially named discipline. In this episode, he talks about post-breach standards and the apparent but not previously discussed need. He also breaks your brain with disinformation, which we only lightly touch on before realizing we need at least one more podcast to go deeper into the topic.

Join us, and share this one, it's awesome.

Guest

Gadi Evron
- LinkedIn: https://www.linkedin.com/in/gadievron/

Tue, 23 Aug 2022 00:00:31 -0400

DtSR Episode 514 - Adam Explains Everything

Prologue

We've covered "threat intelligence" on the show a few times now, but the evolving nature of what threat data is, how it's useful, and how it enables defenders of a specific type identify malicious activity keep it interesting. This time around Adam Meyers of CrowdStrike joins Rafal to discuss threat intelligence, threat hunting, and clarifies some of the mis-conceptions and utilities around the topic. A good conversation for those defending their infrastructure and useful data points from someone who is a recognized expert. Adam joins us from his bunker, with all the elements you'd expect from Adam, so it's definitely worth your time to listen closely.

Check out Fal.Con, where you can catch the cutting-edge on CrowdStrike kit, industry knowledge, and hear some great industry speakers. Rafal will be there speaking on the topic of operationalizing and making the SOC more effective and efficient at small scale, check it out (link below).

Guest

Adam Meyers
- LinkedIn: https://www.linkedin.com/in/adam-meyers-7a58481/
- CrowdStrike: https://www.crowdstrike.com
- Fal.Con: https://www.crowdstrike.com/events/fal-con/

Tue, 16 Aug 2022 15:27:05 -0400

DtSR Episode 513 - CSO Perspective on Security Fundamentals

Prologue

"Just do the basics!"

"Remember the security fundamentals."

...sick of hearing those catch phrases without anything to actually get it DONE? Yeah, us too. This week we're joined by John Scimone of Dell Technologies to talk about his take on fundamentals both security and IT. His approach is notunique, per se, but it's one that works and it's repeatable. More importantly, he's willing to share his expertise and what he's done to be successful in raising the bar to his level of "good enough" -- so unless you've gotten where YOU want to be in those security fundamentals, it's time to listen to John's podcast and take notes. Take lots of notes.

By the way, if you want the video on LinkedIn Live where you can post questions too, click here: https://www.linkedin.com/video/event/urn:li:ugcPost:6953043382164209664/

Guest

John Scimone - President, Chief Security Officer at Dell Technologies
- LinkedIn: https://www.linkedin.com/in/john-scimone-0b2041a1/

Tue, 09 Aug 2022 00:00:48 -0400

DtSR Episode 512 - Why is Enterprise Security Program Maturity so Tough?

Prologue

This week, long-time friend and well-known industry personality, Jessica Hebenstreit joins Rafal to talk about her journey in consulting to very large security programs and why maturity is elusive in many of those programs. As it turns out, maturity is influenced by many factors but highly dependent on actually solving problems and being able to show progress. This is an interesting conversation for anyone who wants to understand what's inside the head of a former practitioner who has ventured into the field to help others solve large-scale, complex, problems.

Guest

Jessica Hebenstreit
- LinkedIn: https://www.linkedin.com/in/jessicahebenstreit/
- LinkedIn Live stream: (video!) https://www.linkedin.com/video/event/urn:li:ugcPost:6960010458405756928/

Tue, 02 Aug 2022 10:03:23 -0400

DtSR Episode 511 - Managing Technical Teams

Prologue

This week on the podcast, the one and only Tom Eston joins Rafal & James to talk about managing teams. Tom is a well-known personality who runs the "Shared Security Show" podcast -- which has been running even longer than we have, give them a listen if you don't already.

Tom talks about the difficulties of managing, coping with various types of personalities, and helping employees thrive while finding the right balance between in-office and remote. Great show if you're in a leadership position, or hoping to be, managing technical teams.

Guest

Tom Eston
- https://www.linkedin.com/in/tomeston/
The Shared Security Show
- https://sharedsecurity.net/

Tue, 26 Jul 2022 00:00:53 -0400

DtSR Episode 510 - The Big Services Discussion - Part 1

Prologue

It's always a pleasure to have someone on the show who is an expert in their trade, someone who has experience, expertise, and depth of understanding like few others. In this case, James and I host Jim tiller - one of the people I consider a mentor and long-time friend, who is all of those things and more.

Jim is a quintessential expert on cybersecurity services - and in this discussion we push some of the buttons that really get him talking, passionate, and dispensing wisdom. I hope you brought a notepad, because you'll want to be taking notes.

This episode is for those out there who work in, or manage, services organizations. Truckloads of information here...

Guest

Jim Tiller
- https://www.linkedin.com/in/jitiller/
- Subscribe to Security Bytes: https://www.linkedin.com/newsletters/security-bytes-6943286067194187776/

Tue, 19 Jul 2022 10:25:46 -0400

DtSR Episode 509 - The Shift Left Debate

Prologue

James has been talking about "shift left" for a while so when Jeff Williams posted interesting research on LinkedIn - we jumped on an opportunity to have him on the show to talk about the subject. Let's face it, everyone is shifting left, and most of this is just marketing nonsense, but some of it is actually an attempt to push security "earlier" into the cycles - but is that good? Does it even make sense?

Jeff kills one of my favorite, go-to, security myths about software security...and a fun discussion ensues. Join us, and maybe add to the conversation!

Guest

Jeff Williams
- LinkedIn: https://www.linkedin.com/in/planetlevel/
- The post that started the discussion: https://www.linkedin.com/feed/update/urn:li:activity:6948662117398962177?updateEntityUrn=urn%3Ali%3Afs_feedUpdate%3A%28V2%2Curn%3Ali%3Aactivity%3A6948662117398962177%29

Tue, 12 Jul 2022 10:29:17 -0400

DtSR Episode 508 - DNS Under Siege, So What?

Prologue

DNS is a big topic, and you may be asking yourself why. Well, as we noted in a recent show ( https://ftwr.libsyn.com/dtsr-episode-504-dns-turns-40 ) DNS is officially middle-aged. And with that middle-age comes some more problems. These issues have caused a situation where it's increasingly evident that DNS needs to evolve, mature, or simply revise (2.0?) itself ... but into what? And why? Listen to Ken Carnesi from DNSFilter who joins James & Rafal to talk about the challenges and the future, and why it's still such a sh*tshow today.

Guest

Ken Carnesi
- LinkedIn: https://www.linkedin.com/in/kencarnesi/

Tue, 05 Jul 2022 12:13:27 -0400

DtSR Episode 507 - Beyond NDR: Of Badguys and Bottlenecks

Prologue

Let's start with NDR - Network Detection and Response - because it's not new, but the discussions lately have been very interesting. Is it still relevant? Does it have a place in today's hybrid and cloud world? Well, in this conversation with Raja Mukerji, co-founder of ExtraHop, Rafal tackles these questions and gets some interesting answers.

For those of you who have followed for a while - I have a surprise reveal for you at the end.

Tue, 28 Jun 2022 00:00:13 -0400

DtSR Episode 506 - What the Heck is ASPM

Prologue

As some of you know, I've been either in the AppSec space, or adjacent, since the fairly early days. I built a program at GE a million years ago, and worked selling dynamic web app testing software for many years. If you've been in the space, you can feel a little bit hopeless with all the different options, tools, and advice only to look at the stale OWASP Top 10 and wonder ...why aren't things improving? Matt Rose joins me in a post-RSA conversation about ASPM (Application Security Posture Management), and before you dismiss it as another analyst buzzword, let's talk about why this may actually (and finally) start to solve some of the complex issues around developing, releasing, and maintaining reasonably secure software.

This is a space I've been passionate about for a long time, and I feel like everyone should listen to this.

Guest

Matt Rose
- LinkedIn:https://www.linkedin.com/in/mattarose/

Tue, 21 Jun 2022 10:32:45 -0400

DtSR Episode 505 - Reflections on RSA Conference 2022

Prologue

RSA Conference 2022 has come and gone. Rafal was there for all the circus and madness, and sits down with James to discuss what was seen and heard.

Also, you'll get some clips in here from some of the interviews from the show as Rafal caught up with some interesting vendors, old friends, and even some poetry.

Guests

Tyler Moffitt
- LinkedIn: https://www.linkedin.com/in/tyler-moffitt-29752050/
Rock Lambros
- LinkedIn: https://www.linkedin.com/in/rocklambros/
Matt Rose
- LinkedIn: https://www.linkedin.com/in/mattarose/
Dr. Khawaja Saeed
- LinkedIn: https://www.linkedin.com/in/khawaja-asjad-saeed-29b2a6a/
Ray Canzanese
- LinkedIn: https://www.linkedin.com/in/raymond-canzanese-jr-178a846/
Deidre Diamond
- LinkedIn: https://www.linkedin.com/in/deidrediamond/

Tue, 07 Jun 2022 00:00:45 -0400

DtSR Episode 504 - DNS Turns 40

Prologue

In this RSA conference-themed episode, I bring on Jonathan Barnett from OpenText Security Solutions to discuss DNS turning 40 years old. Yeah, it was originally invented in 1983 y'all. As DNS turns 40, some of the lingering problems are getting worse, some of the new solutions open up other problems, and we're all about solutions here so we tackle some of the things Jonathan is doing to address the issues.

Interesting episode to ponder, and reflect on, as DNS turns 40 years old next year and we try and figure out "now what?"

Guest

Jonathan Barnett
- LinkedIn: https://www.linkedin.com/in/jonathan-barnett-61417313/
- OpenText Security Solutions: https://security.opentext.com/?_ga=2.120496974.732014807.1654199211-1391672637.1654199211

Thu, 02 Jun 2022 14:13:31 -0400

DtSR Episode 500 - Looking Back to Look Forward in Tech - Part 3

Prologue

This is a bonus episode for the Episode 500 live-stream we did. I brought togetherCrowdstrike, OpenText,andNetskope technologists to talk about the technology they've worked with over the last 10 years, where it stands today, and what the future outlook looks like.

It's a fascinating conversation from some of the most common vendors out there in security - and you're probably using or relying on their platforms -- so it makes sense to get their take on the past, present, and future of technology in our industry.

Special thanks to Adam, Grayson, and Mark for taking the time out and sharing their expertise!

Guests

Adam Meyers (Crowdstrike) -https://www.linkedin.com/in/adam-meyers-7a58481/
Grayson Milbourne (OpenText) -https://www.linkedin.com/in/themilbourne/
Mark Day (Netskope) -https://www.linkedin.com/in/markstuartday/

Tue, 31 May 2022 16:39:40 -0400

DtSR Episode 503 - Blowing Up Your Cloud (Permissions Structure)

Prologue

This week, we talk about the cloud in a different way than we have previously. We discuss "blast radius" with regard to vast numbers of roles and permissions inside of a public cloud infrastructure. The numbers are staggering and you'll likely find yourself asking the obvious question -- "How does anyone manage all of this, with any hope of getting it right?" The beginnings of that answer lie in this show.

Guest:

Arick Goomanovsky
- LinkedIn: https://www.linkedin.com/in/arick-goomanovsky/
- Twitter: https://twitter.com/g00manoid/
- Ermetic: https://ermetic.com/

Tue, 24 May 2022 00:00:45 -0400

DtSR Episode 502 - Why Can't Gov Figure Out Supplier Security

Prologue

CMMC may be something you know nothing of, but if you're a government contractor, or work with government contractors of the DIB - you're probaby alll too familiar.

For some, it's hell. For the rest, it's mostly insane. Jacob joins Rafal & James to educate us, and give us the reality of this set of standards.

Guest

Jacob Horne
- LinkedIn: https://www.linkedin.com/in/jacob-horne-cissp/

Tue, 17 May 2022 11:25:09 -0400

DtSR Episode 501 - Netskope's Bad SaaS Report

Prologue

This week, on the first post-500 episode, we welcome Netskope's Ray Canzanese to talk about the Cloud & Threat Report they just published ( https://www.netskope.com/netskope-threat-labs/cloud-threat-report ) which has some interesting bits in it.

Ray discusses the details and some of the things that you won't find in the text of the report. Good conversation as Rafal & James break down the headlines.

Thu, 12 May 2022 00:00:19 -0400

DtSR Episode 500 - Looking Back to Look Forward - Part 2

Prologue - Part 2 of 2

First - thank you to everyone who listens to this show, shares it, and has left us a review. You all are the reason these past 500 episodes got published, and why this show will keep going into the forseeable future!

Link to video:https://www.linkedin.com/video/event/urn:li:ugcPost:6917850703235321856/

This episode features some of my favorite guests from the last 500 episodes, with something to say. We cover a lot of ground, totally unscripted, and we have opinions.

Guests

Jim Tiller
- LinkedIn: https://www.linkedin.com/in/jitiller/
Will Gragido
- LinkedIn: https://www.linkedin.com/in/gragido/
Diana Kelley
- LinkedIn: https://www.linkedin.com/in/dianakelleysecuritycurve/
Rob Hansen
- LinkedIn: https://www.linkedin.com/in/roberthansen3/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
Jeff Moss
- LinkedIn: https://www.linkedin.com/in/jeffmoss/

Tue, 10 May 2022 00:00:51 -0400

DtSR Episode 500 - Looking Back to Look Forward - Part 1

Prologue - Part 1 of 2

Link to video:https://www.linkedin.com/video/event/urn:li:ugcPost:6917850703235321856/

This episode features some of my favorite guests from the last 500 episodes, with something to say. We cover a lot of ground, totally unscripted, and we have opinions.

Guests

Jim Tiller
- LinkedIn: https://www.linkedin.com/in/jitiller/
Will Gragido
- LinkedIn: https://www.linkedin.com/in/gragido/
Diana Kelley
- LinkedIn: https://www.linkedin.com/in/dianakelleysecuritycurve/
Rob Hansen
- LinkedIn: https://www.linkedin.com/in/roberthansen3/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
Jeff Moss
- LinkedIn: https://www.linkedin.com/in/jeffmoss/

Tue, 03 May 2022 01:45:29 -0400

DtSR Episode 499 - Four Hundred Ninety Nine and Counting

Prologue

Friends and colleagues - I want to thank you from the bottom of my heart. It almost brings me to tears that over the last 11 years you've been sharing, downloading, and talking about this little thing I started back in 2011. Incredible doesn't even begin to describe the ride so far.

And to top it off, we've hit almost 32,000 downloads this month - the most we'veever gotten by almost 2,000 more. I'm flabbergasted.

So this episode, it's just James and I - just us doing what we do.

Thank you. We love you. Keep listening!

Tue, 26 Apr 2022 00:00:24 -0400

DtSR Episode 498 - Living in the Tornado

Prologue

Super pumped this week to have James Azar on the show. James hosts a collection of podcasts including one I try to catch as often as possible - https://www.linkedin.com/company/cyberhubpodcast/.

We cover a lot of ground, but you'll walk away with James' words ringing in your head, I can almost promise you that.

Guest

James Azar
- LinkedIn: https://www.linkedin.com/in/james-j-azar/

Tue, 19 Apr 2022 12:49:16 -0400

DtSR Episode 497 - Security Buzzword Bingo

Prologue

This week, as we approach episode 500 and the extravaganza that it will be, James and I welcome my personal friend and all-around wonderful marketing dude, Russell Wurth. We joke about what's wrong with cyber-security, and why it's mostly marketing's fault.

Join us, prep your buzzword bingo card, and have a drink in hand (unless you're driving, then please don't).

Guest:

Russell Wurth
- LinkedIn: https://www.linkedin.com/in/russellwurth/
- Twitter: https://twitter.com/rswurth

Tue, 12 Apr 2022 00:00:47 -0400

DtSR Episode 496 - How to Win Friends and Influence CISOs

Prologue

Have you noticed that the relationship between buyer and seller, or more precisely, between CISO and seller is... eh ... tenuous lately? OK, maybe it's a lot worse than that in some cases. Why is that? How did we get here? And how do we fix a relationship that is quite clearly necessary, but just so broken? Yaron Levi, long-time industry veteran joins Rafal to discuss the challenges and opportunities of the CISO - vendor relationship.

Guest

Yaron Levi
- LinkedIn: https://www.linkedin.com/in/yaronrl/

Mon, 04 Apr 2022 00:00:18 -0400

DtSR Episode 495 - Analyzing Russia's Offensive Cyber Ops

Prologue

This week, as Vladimir Putin's Russia continues to commit war crimes and genocide against the people of Ukraine, DtSR gathered a panel of experts to discuss and dissect the threat of a Russian-based cyber offensive against the west. Our panelists helped separate fact from fiction, and gave us some take-aways that we can use to rationally and realistically protect ourselves from this and other related threats.

LinkedIn Livestream video recording: https://www.linkedin.com/video/event/urn:li:ugcPost:6915354239766568960/

Guests

Karim Hijazi
- LinkedIn: https://www.linkedin.com/in/karimhijazi/
Joe Slowik
- LinkedIn: https://www.linkedin.com/in/joe-slowik/
Mattias Whln
- https://www.linkedin.com/in/mattias-w%C3%A5hl%C3%A9n-9b3b58201/

Tue, 29 Mar 2022 00:00:00 -0400

DtSR Episode 494 - Forensics The Art of the Science Plus a Cat

Prologue

Special thanks on this episode to OpenText for bringing Mike to us on this show. What a fantastic conversation about the state of forensics and a little bit of reminiscing too!

This episode we talk forensics, and the art and science, plus how to build that back-fill of talent this entire industry is short on. Michael has decades of knowledge and experience, and it's a joy of a conversation.

Also, if you're into nothing else on this episode, check out the world's cutest kitten. Come for the kitten, stay for the forensics goodness.

Guest

Michael Hill -- You'll have to go look him up yourself :)

Tue, 22 Mar 2022 00:00:49 -0400

DtSR Episode 493 - Breaches: Is Anyone Learning Anything

Prologue A big Texas welcome back to the podcast to our friend Shawn Tuma, our legal-eagle in residence. This week Shawn talks to us about the cases he's involved in, and the types of trends he's seeing in his client base when being their breach coach, and fire-fighter guide.

With all these breaches, and all this money and productivity lost - is anyone paying attention? Is anyone learning anything? Join us, Shawn will tell you.

Guest

Shawn Tuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/
- Shawn's recent appearence on The Above Board Show: https://www.linkedin.com/feed/update/urn:li:activity:6909959787845730304/

Tue, 15 Mar 2022 21:38:47 -0400

DtSR Episode 492 - Operationally Useful Blocklists

Prologue

This week, the guy with the best vendor hoodies ever is back! Philippe Humeau of Crowdsec joins us again to talk about some of the data his team have gathered, analyzed, and are using to crowd-source protection in the form of block lists. Anton Chuvakin joins us to bring his useful manner of snarkasm, just to keep us honest.

Guests

Philippe Humeau
- LinkedIn: https://www.linkedin.com/in/philippehumeau/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/

Tue, 08 Mar 2022 17:08:50 -0500

DtSR Episode 491 - SOAR is Boring

Prologue

I read an article the other day that got me thinking, and inspired me to get Wesley onto the podcast to talk about SOAR. Yes, SOAR is absolutely boring - but that's OK, isn't it? What's the actual purpose of SOAR technology, and where is it being utilized today? Are we getting the most of this, or is it just a boring fad? All this and more on today's show.

Guest

Wesley Belleman
- LinkedIn: https://www.linkedin.com/in/cyberwes/

Tue, 01 Mar 2022 00:00:06 -0500

DtSR Episode 490 - CISO Ascending Beyond Enterprise Security

Prologue

We open this episode with an acknowledgement of the crisis in Ukraine, as Putin's madness is unleashed. We stand with the brave people of Ukraine as they defend themselves from unprecedented evil.

That said, this week James and I bring Grant Sewell onto the show. Grant has experience being a "behind the scenes" CISO, and more recently in a customer-facing role. We discuss the evolution of the CISO into a "trust officer" and the focus that takes.

Guest

Grant Sewell
- LinkedIn: https://www.linkedin.com/in/grantsewell/
- Twitter: https://twitter.com/grantsewell

Tue, 22 Feb 2022 00:00:37 -0500

DtSR Episode 489 - Crowdstrike Global Threat Report Feb 22

LinkedIn Live stream (recorded): https://www.linkedin.com/video/event/urn:li:ugcPost:6895440886222643201/

DtSR LinkedIn Page (subscribe here!): https://www.linkedin.com/company/down-the-security-rabbithole-podcast/

Prologue

This week is a slightly longer (oops) episode of the DtSR Podcast with a three-timer, Adam Meyers of Crowdstrike. Adam joins James and Rafal to talk about the latest Global Threat Report and all the trends and insights.

There is a lot of good insight here, and if you want to catch the LIVE (recorded) video you can get that too! Don't forget to subscribe to our DtSR page on LinkedIn to get all the latest content.

Guest

Adam Meyers
- LinkedIn: https://www.linkedin.com/in/adam-meyers-7a58481/
- Twitter: https://twitter.com/adam_cyber

Tue, 15 Feb 2022 00:00:53 -0500

DtSR Episode 488 - Essential CISO Business Skills

Prologue

This week I'm so thankful that James and I have the opportunity to talk to the authors of "The CISO Evolution" -- a fantastic book for anyone who wants to be, or is working as, a security leader. Rock and Matt join us to talk about the book, share some insights, and maybe answer a tough question or two.

Guests:

Rock Lambros
- LinkedIn: https://www.linkedin.com/in/rocklambros/
- Rock Cyber: https://www.linkedin.com/company/rockcyber/
Matthew Sharp
- LinkedIn: https://www.linkedin.com/in/ciso-mba/

Tue, 08 Feb 2022 13:33:22 -0500

DtSR Episode 487 - Software Supply Chain is a BFD

Prologue

Continuing our thread on the software supply chain and SBoM (Software Bill of Materials) we bring in Ed Moyle who is writing a series on the subject for his column. Ed brings up some very interesting points on some key aspects of software supply chain including feasibility and asks that difficult question "So what if you get it?"

Guest

Ed Moyle
- LinkedIn: https://www.linkedin.com/in/edmoyle/
- Must-read article: https://www.techtarget.com/searchsecurity/tip/4-software-supply-chain-security-best-practices

Wed, 02 Feb 2022 01:17:50 -0500

DtSR Episode 486 - SBOM in the Real World

Prologue

SBoM ("Software Bill of Materials") is the new rage. Everyone's talking about it. What it means is you're expecting a list of software components and includes, libraries, etc that make up the software you're buying or using.

The problem is, in real life, SBoM is exceptionally difficult and maybe even slightly impractical. Listen in as Rafal & James discuss SBoM in real-life scenarios with Paul Caiazzo -- a guy who's trying to make this idea work in his day-job.

Guest

Paul Caiazzo
- LinkedIn: https://www.linkedin.com/in/pcaiazzo/

Tue, 25 Jan 2022 00:00:45 -0500

DtSR Episode 485 - YGHT Beating Ransomware at Its Game

Prologue

Back in episode 469 ( https://ftwr.libsyn.com/dtsr-episode-469-yght-they-hacked-ransomware ) we brought Steve Perkins of Nubeva ("Cloud Go" in Portuguese) to talk about a very interesting "accidental" development. They'd figured out a way to steal encryption keys from ransomware, thus rendering itpotentially toothless. Well, now Steve's back with a product, and a way toreverse ransomware's encryption with minimal friction and withoutpaying the ransom. So ... yeah. Listen in.

Tue, 18 Jan 2022 00:00:00 -0500

DtSR Episode 484 - Defrauding Mobile Payments

Prologue

Have you ever made a payment from your mobile device, wirelessly using NFC? Of course you have, most of us have by now. Did you know there are some (or at least were) fairly significant design flaws, otherwise known as "features", in the various platforms? On this show, we're interested in learning more about Timur's research and what he's uncovered. You'll want to do what I did, check your phone's NFC payments settings, once this show is over.

Tue, 11 Jan 2022 00:00:00 -0500

DtSR Episode 483 - How Not to Screw Up Your Cloud

Prologue

We have a repeat guest today! Mr. Mark Simos joins me once again to talk about Microsoft's Cloud Adoption Framework (CAF) and it's applicability to not only Azure, but also your other clouds.

Building resilient and secure clouds isn't just about security, it's about design and architecture that adheres to good practices. Microsoft's CAF is fantastic place to start - listen here to learn more.

Guest

Mark Simos
- LinkedIn: https://www.linkedin.com/in/marksimos/
- Twitter: @marksimos

Tue, 04 Jan 2022 16:53:36 -0500

DtSR Episode 482 - Tales of Wireless Hacking

Prologue

This week, on a good start to the new year, Eric Escobar joins us to talk about hacking wireless - and a little bit of history on the topic. Taking us back to early wireless hacking where you had to have the right wireless PCMCIA card and drivers, to today where things are a little more complicated but oddly not too much has changed.

Guest

Eric Escobar
- LinkedIn: https://www.linkedin.com/in/eric-escobar/

Tue, 28 Dec 2021 00:00:00 -0500

DtSR Episode 481 - Spies In Your Tech

Prologue

Bentsi is a guy with some experience in the bad guy world when it comes to devices and gadgets getting compromised. In this episode, he tells us stories and anecdotes on things he's seen and the threats gadgets face. It's a very interesting discussion, and might just make you a little more paranoid before it's over.

Guest

Bentsi ben-Atar
- https://www.linkedin.com/in/bentsi-ben-atar-6b0128/
- Check out Sepio - https://sepio.systems/

Tue, 21 Dec 2021 00:00:00 -0500

DtSR Episode 480 - Juice Jacking

Prologue

Have you ever plugged your smart phone, tablet or other "smart thing" into a power cable that wasn'tyours? I'm guessing you've answered yes - and if so, you need to listen to this episode.

As we travel and move around with our smart devices, we don't always have our charging cables & blocks with us, and that can lead to disaster. Hear more from Robert Rowley on how "juice jacking" can cause security problems we aren't even aware of.

Guest

Robert Rowley
- LinkedIn: https://www.linkedin.com/in/robertlei/

Tue, 14 Dec 2021 13:39:05 -0500

DtSR Episode 479 - Productivity of Jump Boxes and Bastion Hosts

Prologue

In a technically deeper episode, Ev joins Rafal to discuss how security has made productivitychallenging at times, in terms of having to jump through hoops to get work done, and what we should be doing about it. Ev asks us to image an entirely new paradigm of productive access to necessary resources - so listen in and dream big with us.

Guest:

Ev Kontsevoy
- LinkedIn: https://www.linkedin.com/in/kontsevoy/
- Teleport: https://www.linkedin.com/company/go-teleport/

Tue, 07 Dec 2021 11:10:45 -0500

DtSR Episode 478 - Beyond Buzzwords: XDR

Prologue

This week's episode is one of my favorite topics - marketing buzzwords. You've all heard the term "XDR" and wondered (probably like me) what the heck it is and how it's different than EDR or MDR. Do we really need more buzzwords?

Mark Alba from Anomali joins me this week to discuss this, and I think it'll help sort things out for you, it sure did for me. I'm still not a big fan of new buzzwords, but at least I get it now.

Guest

Mark Alba
- LinkedIn: https://www.linkedin.com/in/markalba/
- Anomali XDR Info: https://www.anomali.com/learn/the-impact-of-xdr-in-the-modern-soc-v2

Thu, 02 Dec 2021 15:20:36 -0500

DtSR Episode 477 - Passwords are Dead and Other Fables

Prologue

Welcome to the last month of 2021 - December. This month we have a few bonus episodes, starting with this gem on identity. We've got a great guest and Mike Kiser has some interesting opinions he's definitely not holding back on.

Thanks for listening - we hope you enjoy this episode. And special thanks to SailPoint for bringing Mike to the mic.

Guest

Mike Kiser
- LinkedIn: https://www.linkedin.com/in/mike-kiser/

Tue, 30 Nov 2021 00:00:00 -0500

DtSR Episode 476 - Securing Public Cloud with Azure ASB v3

Prologue

Folks, the video of this episode which was live-streamed to our YouTube channel is here: https://youtu.be/IYVB_LNhURQ - and if you can, watch it.

Huge mega-thanks to Microsoft and Lightstream for bringing together Jeff and Mark on this one to deliver some truly phenomenal content.

This week is Azure Security Benchmark (not baseline, oops) version 3.0 hot off the presses. We talk about what it is, how to apply it, and where and why it's so useful for keeping not just your Azure public cloud safe, but also the "other" public clouds you use too.

Guests

Mark Simos
- LinkedIn: https://www.linkedin.com/in/marksimos/
- Twitter: https://twitter.com/marksimos
Jeff Collins
- LinkedIn: https://www.linkedin.com/in/jmcollins/

Tue, 23 Nov 2021 00:00:00 -0500

DtSR Episode 475 - Community Sourced Threat Instructions

Prologue

Fair warning y'all, this episode may have been just slightly more fun than the Surgeon General allows. That said, on this one we not only made up some new terms ("Threat Instructions", Anton) but also had some fun describing what a well-functioning system of highly automate-able threat data would look like. And as it turns out, it's CrowdSec's "Fire" data set.

Fascinating conversation, and most fascinating of all is that as Philippe described how it functions, Anton could find nothing wrong with it. Call me gobsmacked.

If you're interested in participating in the Crowd, click this link - because a typo will put you in a very weird and very different sort of crowd.

Guests

Philippe Humeau, CEO at CrowdSec
- LinkedIn: https://www.linkedin.com/in/philippehumeau/
- Twitter: @Crowd_Security
- Website: https://crowdsec.net/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
- Twitter: @Anton_Chuvakin

Thu, 18 Nov 2021 11:31:26 -0500

DtSR Episode 474 - Unraveling Mountains of Evidence

Prologue

Hey! Are you attending OpenText World Enfuse? If not, click here and check it out - it's virtual!

Straight from Enfuse Chuck Dodson joins Rafal & James to talk about digital evidence collection, management, and processing in the realm of law enforcement. A fascinating look at the law enforcement side of things, and a topic perspective most of us never have occasion to think about, unless you're in the fight.

Guest

Chuck Dodson
- https://www.linkedin.com/in/chuckdodson/
OpenText World - Enfuse https://www.opentextworld.com/event/7653eae4-3cf3-4dfc-89f2-7c41e260aa89/websitePage:4b6071b8-edc1-4efc-888b-520c728292ff

Mon, 15 Nov 2021 13:00:00 -0500

DtSR Episode 473 - Cyber Security by Executive Order

Prologue

In this episode, we host a lady who only needs one name, like a movie or rock star. But "Jax" deals with topics we normal people don't have the stomach for, like CMMC and government security. In this episode, she joins us to talk about the current Executive Order on Cybersecurity ( Executive Order 14028, May 12, 2021 - https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity ) and the implications and impact it will, might, and could have. A fascinating discussion that's worth listening to, whether you spend time in FedGov, or not.

Guest

Jaclyn Jax Scott
- LinkedIn: https://www.linkedin.com/in/iamjax/
- Company site: Outpostgray.com
- Blog: http://www.beansandbytesblog.com/

Tue, 09 Nov 2021 00:00:00 -0500

DtSR Episode 472 - Rick Howard on Trust and Tech

Prologue

Let me start by saying how much I enjoy chatting with Rick Howard, today's podcast guest. Rick's been on before, and we always go long (especially on this one, sorry not sorry), but the content is well worth your time.

On today's episode, we chat about "Zero Trust" and where technology meets concept, what's missing, and what's next. If you think you know all these is to know about Zero Trust, I promise you, you'll learn something new.

Guest

Rick Howard
- LinkedIn: https://www.linkedin.com/in/rickhoward/
- Twitter: https://twitter.com/racebannon99
- Rick's Show on CyberWire (Pro, subscription required): https://thecyberwire.com/podcasts/cso-perspectives

Tue, 02 Nov 2021 00:00:00 -0400

DtSR Episode 471 - TPA Threat Modeling the Software

Prologue

On Episode 471, as we rapidly hurl towards our 500th episode, we bring back Chris Romeo to talk about threat modeling. Specifically, we discuss threat modeling of software - with developers, methodologies, silos, incentives, and outcomes all in play for discussion.

Chris has been doing this a while, and has some deep insights into what it takes to make things work - and he we welcome your feedback on howyou do it.

Guest

Chris Romeo
- LinkedIn: https://www.linkedin.com/in/securityjourney/
- Twitter: https://twitter.com/edgeroute

Tue, 26 Oct 2021 10:48:23 -0400

DtSR Episode 470 - Security Leadership Insights from Ann

Prologue

On this episode of the DtSR Podcast - Ann Johnson joins special guest-host Ken Fishkin of NJ ISC2 chapter, along with James & Rafal to talk about leadership, and sports apparently.

Thanks to the NJ Chapter of ISC2 ( https://www.linkedin.com/groups/4425593/ )for submitting questions and Ken for joining us to guest-host.

On this episodes, we ask Ann to talk to us about leadership challenges, and what's in store for the future. Also, we briefly talk sports teams and discover Ann is a Cowboys fan.

Guests

Ann Johnson
- LinkedIn: https://www.linkedin.com/in/ann-johnsons/
- Twitter: https://twitter.com/ajohnsocyber
Ken Fishkin
- LinkedIn: https://www.linkedin.com/in/kfishkin/

Tue, 19 Oct 2021 00:00:00 -0400

DtSR Episode 469 - YGHT They Hacked Ransomware

Prologue

This week on a ridiculously awesome episode of the DtSR Podcast the one and only Mr. Steve Perkins of Nubeva joins Rafal & James to talk about something worth shouting about. They've figured out how to beat ransomware... yes, there are a few 'catch' things, but the tech seems solid and the possibilities endless.

Give this episode a listen, then scroll below to click the links, and give this a look for yourself!

Guest

Steve Perkins
- LinkedIn: https://www.linkedin.com/in/steve-perkins-1604b31/

Relevant Links

Webinar coming up on session key intercept: https://info.nubeva.com/fall_2021
Email info@nubeva.com if you want to hear more, or partner with them to deliver their tech to YOUR customers
Learn about the tech: https://info.nubeva.com/ransomless_decryption

Tue, 12 Oct 2021 00:00:00 -0400

DtSR Episode 468 - TPA Another Journey Into Security

Prologue

This week, we get to meet Sean Jackson. You may not know Sean, but his journey may feel familiar. He got here much like many of you, and his story of discovery and understanding of his role in the business as "the security guy" is something you should probably know. There are many paths into our profession, and there are many different ways to view what we do - Sean's is compelling as it is timeless. Give it a listen, and join me on his journey.

Guest

Sean Jackson
- LinkedIn: https://www.linkedin.com/in/74rku5/
- Twitter: https://twitter.com/shunkydave

Mon, 04 Oct 2021 23:31:28 -0400

DtSR Episode 467 - TPA Chips and SLSA

Prologue

This week, Kim Lewandowski joins Rafal & James to talk about Google's latest contribution to the Open Source software movement - Supply-chain Levels for Software Artifacts (SLSA). We have a great conversation, and I hope you guys go watch the video (when it comes out) and check out the axe in the background. I never did find the interesting logo Kim talks about- maybe one of you will find it and post it to #DtSR on Twitter!

Guest

Kim Lewandowski
- LinkedIn: https://www.linkedin.com/in/kimsterv/
- Twitter: https://twitter.com/kimsterv

SLSA Links

Tue, 28 Sep 2021 00:00:00 -0400

DtSR Episode 466 - TPA Vulnerability Management Goat Rodeo

Prologue

This week, fresh off his Twitter rant, Travis McPeak joins Rafal to talk about the goat rodeo that vulnerability management in the enterprise. Travis talks about the multitude of reasons vulnerability management is so difficult, and what we can be done about the whole mess.

Great episode, lots of great discussion and big thanks to Travis for the contribution to the topic. This needs more discussion, folks!

Guest

Travis McPeak
- LinkedIn:https://www.linkedin.com/in/travismcpeak/
- Twitter:@TravisMcPeak

Tue, 21 Sep 2021 00:00:00 -0400

DtSR Episode 465 - TPA Nic-NAC-Security-is-Whack

Prologue

I have no excuses, and no ideas, how this show has made it so far without having the one and only JJ as a guest. She's been doing network security and architecture for a long time, in addition to being a force for good. Her focus on NAC (Network Access Control) shines through in this discussion too. Hilarity ensues.

Guest

Jennifer ("JJX") Minella
- LinkedIn: https://www.linkedin.com/in/jenniferminella/
- Twitter: https://twitter.com/jjx

Tue, 14 Sep 2021 00:00:00 -0400

DtSR Episode 464 - TPA An Empowering Discussion on the Grid

Prologue

This week our pal and previous guest Patrick Miller joins us to talk about the power grid, current state of the thing, and what he's working on in the power generation and distribution sector. It's a strange place where 8" floppy disks and DOS 2.2 still live. Yeah, go search those, you think there's a 0-day for DOS 2.2?

Guest

Patrick C. Miller
- LinkedIn: https://www.linkedin.com/in/millerpatrickc/
- Twitter: https://twitter.com/PatrickCMiller/
- Ampere Security: https://amperesec.com

Tue, 07 Sep 2021 00:00:00 -0400

DtSR Episode 463 - TPA Human Security Engineering

Prologue

This week our friend Ira Winkler joins Rafal & James to talk about the human element in cyber security. Ira, like us, absolutely loathes the phrase "stupid user" - so you'll want to hear what he's working on, and his comments on the space.

Tue, 31 Aug 2021 00:00:00 -0400

DtSR Episode 462 - TPA Aki Peritz on Open Source Intel

Prologue

With all the craziness going on in the world, from terrorism, to catastrophically botched withdraws from a 20 year war, to the incredible proliferation of ransomware, and "cyber privateering" making a comeback in the news - it's as good a time as any to discuss open source intelligence, collection, and analysis.

Aki is a guy who would know a little bit of something about the topic, because anytime someone has to choose the way they describe their past "work" - you know their background is pretty colorful.

Guest

Aki Peritz
- LinkedIn: https://www.linkedin.com/in/aki-peritz-483a994/

Thu, 26 Aug 2021 00:00:00 -0400

DtSR Episode 461 - TPA Peacocking Without PCAPS

Prologue

Let me start off by saying that this episode isn't about politics. It's about facts, claims made, and election security facts and myths.

I want to thank Rob Graham for getting on the show and sharing his experience on short notice, and providing insights from Mike Lindell's "Symposium". It's truly eye-opening, and hopefully a conversation that strikes at the core of what we need to hear right now.

Guest

Robert Graham
- Twitter - https://twitter.com/erratarob

Mon, 23 Aug 2021 13:00:00 -0400

DtSR Episode 460 - TPA About CIAM and Other Auth

Prologue

Thanks to Okta, for providing what is surely an entertaining (at least to record) and informative episode with some really cool guests. Bharat and John join James and Raf to talk about CIAM (a term Raf had to look up) and all things authentication history, past, and present.

By the way, if you haven't registered, you should register for this very cool Okta Developer Day "Auth for All".

Guests

John Pritchard
- LinkedIn: https://www.linkedin.com/in/jpritchard/
Bharat Bhat
- LinkedIn: https://www.linkedin.com/in/bharatbhat/

Tue, 17 Aug 2021 00:00:00 -0400

DtSR Episode 459 - TPA A Defenders Endpoint Perspective

Prologue

Big thanks this week to OpenText for providing access to Fabian Franco (go check out his bio below). He joins James & Rafal to talk about protecting endpoints, and some of the interesting things that go along with state-of-the-art detection and response capabilities. Also, if you'd be so kind as to support those who keep this show going, go check out the OpenText link below and give it a click, won't you?

Why are there so many acronyms for endpoint defense? What do EPP, EDR, MDR, XDR mean and are they at all any different? Let's dive into this, on today's episode.

Guest

Fabian Franco
- Bio:Fabian Franco, Senior Manager of Digital Forensics and Incident Response (DFIR), Threat Hunting and SOC. Fabian specializes in digital forensics, incident response, memory forensics, malware analysis, reverse engineering of malware and threat hunting.
- LinkedIn: https://www.linkedin.com/in/fabian-franco-434646a/
- OpenText: https://security.opentext.com/solutions/managed-detection-and-response

Mon, 09 Aug 2021 23:51:27 -0400

DtSR Episode 458 - TPA Staffing Disasters We Created

Prologue

This week we have the pleasure of having Kevin Pope, one of Raf's close and long-time friends, and someone who's had one heck of a journey into and through our industry. Kevin is a veteran, a security-curious, and cyber security professional - and he's also got some metered opinions too. We discuss hiring, staffing, and some of the issues we've collectively - and he specifically - have seen. Give this one a listen if you want to understand why we have the staffing problem in cyber-security that we do. Seriously.

Guest

Kevin Pope
- LinkedIn: https://www.linkedin.com/in/screamingbyte/
- Twitter: https://twitter.com/screamingbyte

Mon, 02 Aug 2021 22:19:43 -0400

DtSR Episode 457 - TPA Foreign Adversaries Killing People

Prologue

Huge thanks to Prevailion's Karim Hijazi for taking the time with us to dissect this Gartner headline and article on "adversaries killing people using OT". As we expected, a sensationalist headline, followed by some mildly fluffy stuff, with a kernel of truth. Good discussion nonetheless, though, and I even learned a thing.

Links

The Gartner article referenced: https://www.gartner.com/en/newsroom/press-releases/2021-07-21-gartner-predicts-by-2025-cyber-attackers-will-have-we

Guest

Karim Hijazi
- LinkedIn: https://www.linkedin.com/in/karimhijazi/
- Previous episode: http://ftwr.libsyn.com/dtsr-episode-426-tpa-winning-intelligence-collecting-zombies

Mon, 26 Jul 2021 23:35:30 -0400

DtSR Episode 456 - TPA The Pandemic Meat Grinder

Prologue

Frankly, we have no idea how we got through 450 episodes without interviewing Rich. No clue. Rich is a man of many talents including a trained responder for situations like we've been facing. He's also a cloud security specialist, and happens to do a half-dozen other things in his "spare time" too. In this episode we chat about what the pandemic has taught cyber security professionals, and what we'll come out the other side looking like.

Warnings:

Loki spoiler alert - oops, Rafal did this one
Explicit language warning - Rich dropped some colorful language, deal with it

Guest

Rich Mogull
- LinkedIn:https://www.linkedin.com/in/richmogull/
- Twitter: https://twitter.com/rmogull

Wed, 21 Jul 2021 23:41:32 -0400

DtSR Episode 455 - TPA All The Reminiscing

Prologue

It's been a long time, maybe forever, since James and I sat down and just chatted on the podcast. With all these amazing guests we have on the show it's easy to get caught up in the fun and forget to just have a two-person conversation every once in a while. With that in mind, we did it this week. We sat down, just the two of us, and chatted about the last few hundred episodes, the things that have stayed with us, and some things we wished would "get better" but alas...

Jump in, this is a special episode.

Tue, 13 Jul 2021 00:08:10 -0400

DtSR Episode 454 - TPA Cyber Insurance Fact vs Fiction

Prologue

Sean Scranton joins Shawn Tuma and myself to talk about cyber insurance, specifically, as it is a massive topic of discussion lately. Building on top of the "does cyber insurance even pay out?" question and exploring if cyber insurance will actually change the industry (as Jeremiah hints in episode 447) we traverse a lot of related topics and answer some good questions. This is one of the most informative episodes on this specific topic I've found out there - without all the usual propaganda.

Huge thank you to Sean and Shawn for agreeing to take time away from client work to speak with DtSR, and leave this information accessible to my listeners.

Guests

Sean Scranton
- LinkedIn:https://www.linkedin.com/in/sean-scranton-2b24948/
Shawn Tuma
- LinkedIn:https://www.linkedin.com/in/shawnetuma/
- Twitter:https://twitter.com/shawnetuma

Tue, 06 Jul 2021 02:29:30 -0400

DtSR Episode 453 - TPA On Prioritizing Enterprise Vulnerabilities

Prologue

Vulnerability Management has been a bit of a soapbox for me lately, and this episode brings in two experts on the topic directly from the enterprise to talk about how we prioritization, spreadsheets, and today's big vulnerability problem produces serious issues for enterprise professionals. The problem is as old as our profession, but in spite of the tools, testimonials, and hand-waving it's still a massive problem.

Guests

Britney Hommertzheim
- LinkedIn: https://www.linkedin.com/in/bhommertzheim/
- Twitter: https://twitter.com/bhommertzheim
Ace Moore
- Ace is incognito :)

Tue, 29 Jun 2021 01:03:46 -0400

DtSR Episode 452 - TPA Burning It At Both Ends

Prologue

On this episode of the podcast I have the pleasure of hosting one of my long-time friends and industry titan - Dawn-Marie "Rie" Hutchinson. She's fresh off of a stint as a CISO, and talking about burnout in our industry and beyond.

It's always a pleasure chatting with a friend, but this is an important topic so extra thanks for sharing her knowledge and insights with us; working in a globally diverse and multi-timezone workforce isn't easy, and the lessons are useful!

Guest

Dawn-Marie "Rie" Hutchinson
- LinkedIn: https://www.linkedin.com/in/riehutch/
- Twitter: https://twitter.com/CISO_Advantage

Mon, 14 Jun 2021 19:03:08 -0400

DtSR Episode 451 - TPA Rockin It

Prologue

My pal Rock has ventured off on his own, so I wanted to catch up with him and get a quick update on the state of business, but also get a sense for what he's seeing in the industry as he's advising companies and helping them through compliance and regulatory challenges. Fascinating conversation, always fun stuff.

Guest

Rock Lambros
- LinkedIn: https://www.linkedin.com/in/rocklambros/
- Twitter: https://twitter.com/rocklambros
- Twitter: https://twitter.com/rockcyberllc
- Website: https://www.rockcyber.com/

Mon, 07 Jun 2021 00:00:00 -0400

DtSR Episode 450 - TPA 3rd Party Risk Shitshow

Prolgue

Ladies and Gentlemen - we've hit ** 450 ** episodes.

Let me just take a moment and reflect on the number of awesome guests, long hours recording and editing, and all of you phenomenal fans and listeners spreading the show content.

Episode 450 feels like the right one to drop an episode with one of my real-life best friends, British sensation, and perennial entrepreneur Vikas Bhatia. We drop the gloves and go after the shitshow that is third party risk management in modern day enterprise.

There are answers, but not if you don't address it head-on.

Guest

Vikas Bhatia
- LinkedIn: https://www.linkedin.com/in/vikasbhatiauk/
- Twitter: https://twitter.com/vikasbhatiauk
- Company URL: https://justprotect.co

Wed, 02 Jun 2021 22:39:17 -0400

DtSR Episode 449 - TPA Tuma on A Watershed Moment for US Cyber

Prologue

In this episode, our legal eagle Shawn Tuma is back to discuss the Colonial Pipeline incident and whether it could be a watershed moment for US Cyber interests. As Toby Keith's "Courtesy of the Red, White, and Blue" plays in the background, we discuss what's happened, what could happen, and what it all means.

Guest

Shawn Tuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/
- Twitter: https://twitter.com/shawnetuma/

Tue, 25 May 2021 00:00:00 -0400

DtSR Episode 448 - YGHT Knock Knock Who's There

Prologue

You've GOT to hear this!

This week on the podcast, I invited Martin Zizi of Aerendir, to talk about how we can use technology to not only distinguish between humans and non-humans (bots?) but also how to identify humans with staggering levels of precision - usingcommonly available and inexpensive components. He's got humor, an eclectic background, and great knowledge of the topic. Join us!

Guest

Martin Zizi
- Bio: Dr. Martin Zizi, MD-Ph.D, deep expertise in Molecular Biophysics and Neurosciences. He is one of the Founders & CEO of Aerendir Mobile Inc. He is the inventor of the NeuroPrint, a cloudless AI-supported neural-tapping technology that can be used for authentication, identification, encryption, secure TLS, and bot segregation. Following his early years in the United States as a Scientist at the Walter Reed Army Institute of Research where he worked on very advanced projects, he had a 20-years dual-track career, leading both academic and strategic projects as a top scientist in 3 fields and was also a Chief Scientific Officer for Belgian DoD. Martin was a sought-after advisor for the Belgian, the EU governments, international organizations (UN) and the industry.
  Aerendir Mobile Inc. is his second start-up. He was #2 at another start-up in the Medical technology vertical.
- LinkedIn: https://www.linkedin.com/in/martinzizi/
- Twitter: https://twitter.com/MartinZ_uncut
- Aerendir Mobile, Inc.
  - LinkedIn: https://www.linkedin.com/company/aerendir-mobile-inc
  - Twitter: https://twitter.com/AerendirMobile/

Tue, 18 May 2021 00:00:00 -0400

DtSR Episode 447 - TPA Software Security Liability and Insurance

Prologue

I don't know about you, but I have Jeremiah in a list on Twitter that allows me to read/think about some of the things he posts without the noise of the rest of Twitter.

Should a company that develops software be held responsible when a bug they missed is exploited? Why do we "Agree" on all those click-through agreements which basically disavow any responsibility, anyway?

What about security tools - if they scan and miss a flaw that's later exploited, shouldn't they be liable?

These and other salient topics are discussed in fairly great detail without all the usual hype you hear around this topic. Please join us, this is a wonderful episode to listen to more than once.

Guest

Jeremiah Grossman
- LinkedIn: https://www.linkedin.com/in/grossmanjeremiah/
- Twitter: https://twitter.com/jeremiahg

Tue, 11 May 2021 01:07:31 -0400

DtSR Episode 446 - TPA AppSec Philosophy

Prologue

When in Austin, TX ... meet up with some friends right? This week I have the pleasure of sitting down in-person with Joel whom has been doing the "AppSec thing" for longer than many of you who are reading this have been in our profession. Joel knows a thing or two - so we discuss a thing or two.

Philosophy, history, and some ugly truths come out in a conversation that can only happen in-person.

Guest

Joel Scambray
- LinkedIn: https://www.linkedin.com/in/joelscambray/

Tue, 04 May 2021 00:00:00 -0400

DtSR Episode 445 - TPA Non-Random Cyber Thoughts with Dave Marcus

Prologue

I honestly am having a difficult time understanding how this show has gone so long, so many episodes, without sitting down with Dave Marcus 1:1. It hurts my brain. So I rectified this situation and here you are. Dave is one of the best humans in the industry, has a few truckloads of knowledge, and you could stand to learn something from him. Give this episode a shot.

Warning: Dave drops a pair of F-bombs, and the show goes a little longer than most at >40 minutes. But it's well worth your time. I promise.

Guest

Dave Marcus
- Twitter: https://twitter.com/DaveMarcus
- LinkedIn: https://www.linkedin.com/in/marcusdavid/

Tue, 27 Apr 2021 12:16:52 -0400

DtSR Episode 444 - TPA Gary is Awful at Retirement

Prologue

I'm honored to have Gary McGraw on with James and myself on this episode. I hadn't realized, but Gary retired from (what was formerly) Cigital - and by retired I mean "started something new". Gary sucks at retirement, but he's brilliant and has a lot to say about machine learning and its applications, so you shouldreally listen in. No, "AI" isn't going to take over security - but it's work exploring the enormous contributions machine learning make to our lives and how they can be abused.

Guest

Gary McGraw
- Twitter: https://twitter.com/noplasticshower
- Home: https://www.garymcgraw.com/
- Boards he's on: https://www.garymcgraw.com/technology/business/
- Info on Berryville Institute: https://berryvilleiml.com/
- ARA for ML: https://berryvilleiml.com/results/ara.pdf

Tue, 20 Apr 2021 17:53:44 -0400

DtSR Episode 443 - TPA Addressing AppSec Tech Debt

Prologue

Chris Eng has been elbows deep in software security for a very long time. Times have changed over the last 20 years, as have tools, methods, and outcomes - what hasn't changed is how much security debt we keep amassing in our applications. How bad is the problem, and what can be done? Tune in and find out what we think.

Guest

Chris Eng
- LinkedIn: https://www.linkedin.com/in/chris-eng-ab51331/
- Twitter: https://twitter.com/chriseng

Tue, 13 Apr 2021 12:54:24 -0400

DtSR Episode 442 - S11E15 - TPA Fighting the Good Fight

Prologue

This week, the show is back after a brief spring break, and we have with us Dmitri Alperovitch - who has taken on a new venture in his latest role. We discuss cybersecurity policy, government's role in private enterprise defense, and why you should probably never run your own MS Exchange Server.

Lots of great content from the always informative and entertaining Dmitri.

Guest

Dmitri Alperovitch
- LinkedIn: https://www.linkedin.com/in/dmitrialperovitch/
- Twitter: https://twitter.com/DAlperovitch
- Silverado Policy Accelerator: https://silverado.org/

Mon, 29 Mar 2021 10:29:20 -0400

DtSR Episode 441 - TPA State Secrets and Diplomatic Protection

Prologue

** First, before I say anything else, I want to thank Lonnie and his staff for their service to our country. Protecting diplomats is not an easy task I imagine, and being the most powerful nation on Earth, our diplomats are likely a target 24x7x365. **

This week, Lonnie Price joins me and James on the show for an intriguing talking through some very, very cool stuff. Now, this episode is special. Of course, every episode is special but some are more special than others. In this edition of the show we're talking to someone who keeps state secrets, well ... secret, as America's diplomats travel internally and abroad.

I can safely say I hadno idea how much there was to concern yourself with beyond just encryption.

Guest

Lonnie Price
- LinkedIn:https://www.linkedin.com/in/lonniejprice/

Tue, 23 Mar 2021 00:00:00 -0400

DtSR Episode 440 - TPA Fighting Back Against ATO

Prologue

Account Take-Over (ATO). You've probably not given this too much thought, unless you've had your account jacked. Whether it was someone stealing your Twitter account, or your bank account, or God-forbid your Facebook - you know the ramifications are serious. But how do you identify it, prevent it, detect and respond to it, and maybe even recover from it... at scale?

Rafal's guest, Ari Jacoby of Deduce has some ideas.

Ari talks about the broader ATO problem, and suggests some of the reasons it's gotten this bad (...how bad is it?...) and what companies that arenot in the Fortune 250 can do to protect themselves -and you.

Guest

Ari Jacoby
- Deduce: https://www.deduce.com/
- LinkedIn: https://www.linkedin.com/in/arijacoby/
- Twitter: https://twitter.com/arijacoby

Tue, 16 Mar 2021 00:00:00 -0400

DtSR Episode 439 - TPA Open Source Endpoint Defense

Prologue

OK, say it with me, defender tools suck. They all have their own dashboards, data formats, ways to look at what's going on...and that wouldn't be bad if they even remotelyworked together.

OSQuery isn't the end-all for endpoint tools, but it surely can tell you a whole lot about what's going on out there - and then you can actuallyintelligently do something. But it needs a front-end...so enter Fleet. This episode is all about defending the endpoint using open source, and Fleet/OSQuery specifically.

Guest

Zach Wasserman
- LinkedIn: https://www.linkedin.com/in/zacharywasserman/
- Twitter: https://twitter.com/thezachw
- Fleet Open Source Device Management: https://fleetdm.com/

Tue, 09 Mar 2021 00:00:00 -0500

DtSR Episode 438 - TPA Implementing Zero Trust Principles

Prologue

This week on a very cool conversation, Rafal snags a chance to do a virtual sit-down with Yuri all the way from the Netherlands. Yuri is one of the quintessential experts on Zero Trust (not the commercial tools stuff, but principles and foundations) and you need to hear his take on how we get it implemented, where, and why.

Guest

Yuri Bobbert
- LinkedIn: https://www.linkedin.com/in/yuribobbert/
- His book "Leading Digital Security": https://www.linkedin.com/pulse/new-book-leading-digital-security-yuri-bobbert-1f/?trackingId=%2Fwm4S897TnSMTgkDszCDJQ%3D%3D

Tue, 02 Mar 2021 00:00:00 -0500

DtSR Episode 437 - TPA Healthcare IT Under Siege

Prologue

This week, DJ McArthur joins James and Rafal to talk shop about his career in defending healthcare IT. The Cliff's Notes version is that it's more complex, more under siege, and more critical than ever. No problem, right?

This episode has been a long-time coming, and DJ is an honest-to-goodness expert in the field. He teaches classes on this topic which you may just want to go and look up if this is your thing.

Guest

DJ McArthur
- LinkedIn: https://www.linkedin.com/in/dj-mcarthur-74364b24/
- Twitter: https://twitter.com/djmca5280

Tue, 23 Feb 2021 00:00:00 -0500

DtSR Episode 436 - TPA A Dev Perspective on AppSec

Prologue

Continuing what accidentally became a series of AppSec or Software Security focused episodes, #436 takes it from yet another direction. Rey joins us to talk about AppSec from his perspective - that of a life-long developer that's moved into software security. It's been an interesting journey, and while some of the things we discuss aren't necessarily revelations - listen for the subtle clues about what software security teams are doing wrong in the corporate enterprise... you'll hear it.

Guest

Rey Bango
- LinkedIn: https://www.linkedin.com/in/reybango/
- Twitter: @ReyBango

Tue, 16 Feb 2021 00:00:00 -0500

DtSR Episode 435 - TPA WPScan and Wordpress

Prologue

Episode 435 is packed with OpenSource goodness, talking about WordPress and WPScan with Ryan Dewhurst. Ryan started WPScan (a tool you probably use as a security practitioner) and has now made a business out of it. He spends a half-hour discussing the product, his road, and Wordpress/security in general and includes some plans for the future.

Guest

Ryan Dewhurst
- LinkedIn: https://www.linkedin.com/in/ryandewhurst/
- Twitter: https://twitter.com/ethicalhack3r
- Website: https://wpvulndb.com/

Tue, 09 Feb 2021 00:00:00 -0500

DtSR Episode 434 - TPA Open Source Software Security

Prologue

This week, Jennifer Fernick of NCC Group joins me to talk about her work with open source software and security. With a storied career, Jennifer is well-qualified to talk about some really interesting topics, but finding bugs in open source software, at the scale we need it to be done, is a monumental task.

If you're a developer and keen on innovation and open-source, and know security or are interested in learning more - I encourage you to go check out the Open Source Security Foundation here: https://openssf.org/

Guest

Jennifer Fernick
- LinkedIn: https://www.linkedin.com/in/jenniferfernick/

Tue, 02 Feb 2021 00:00:00 -0500

DtSR Episode 433 - TPA Leading the Alliance

Prologue:

This week, Gary Latham joins the podcast to talk about taking the reigns of the Security Advisor Alliance, at a pivotal time for the organization. If you don't know about the SAA,I highly encourage you to check it out here:https://www.securityadvisoralliance.org/

Guest

Gary Latham
- LinkedIn: https://www.linkedin.com/in/gary-latham-8bb62925/

Tue, 26 Jan 2021 00:00:00 -0500

DtSR Episode 432 - TPA Identity and Trust

Prologue

On this week's episode of the podcast, boomerang guest Robb Rock joins Rafal to talk identity, trust, and what's happened since the last time Robb was on the show (which was in 2016!). Of course they talk about the "big hack", and retreat into identity, Zero Trust, and the challenges of mid-market companies trying to do their own security.

The lesson here? "The more we learn, the more we recognize we know very little."

Guest

Robb Reck
- LinkedIn: https://www.linkedin.com/in/robbreck/
- Twitter: @RobbReck

Tue, 19 Jan 2021 00:00:00 -0500

DtSR Episode 431 - TPA Medical IOT

Prologue

This week on DtSR, an old friend Jamison Utter joins Rafal to talk aboutmedical IoT devices, and what makes them different -- and of course, how we can better protect them. Jamison's company, Medigate, is a healthcare securityand medical analytics company - and it's an interesting discussion on how this type of IoT differs from others with security implications. You'll want to listen in, since the "Internet of Things" discussion is getting very varied, and you need to keep up.

Guest

Jamison Utter
- LinkedIn: https://www.linkedin.com/in/jamisonutter/
- Twitter: https://twitter.com/jamison_utter
- Company website: https://medigate.io

Tue, 12 Jan 2021 00:00:00 -0500

DtSR Episode 430 - TPA What We Learned in 9 Years

Prologue

David was a guest on the podcast many years ago, back in episode 7. We had a great conversation and it's interesting to see how so many of the topics have evolved in the last nearly a decade. Or not.

Guest

David Elfering
- LinkedIn: https://www.linkedin.com/in/aroundomaha/
- Twitter: https://twitter.com/icxc

Thu, 07 Jan 2021 22:18:59 -0500

DtSR Episode 429 - YGHT Crowdsourcing Security Intel

You Gotta Hear This! [YGHT]

This special edition of the Down the Security Rabbithole Podcast is the first of it's kind. For 2021 I've decided to throw in a bonus episode here and there that doesn't necessarily fit the typical format when I find something interesting, or a topic or person worth your time.

Right now, with CrowdSec is that time. Philippe Humeau is a wealth of information and the CEO of CrowdSec - a company that's picking up where someone else left off and making crowd-sourced security intelligence, free if you're a contributor to the system. Brilliant stuff... jump in and listen.

Guest

Philippe Humeau
- LinkedIn: https://www.linkedin.com/in/philippehumeau/
- Twitter: https://twitter.com/philippe_humeau
Check out CrowdSec

Tue, 05 Jan 2021 00:00:00 -0500

DtSR Episode 428 - TPA TIM-enabled NextGen SOC Platforms

Prologue

Let's start 2021 off right with a returning guest whose name you will want to remember. Joep (pronounced like "soup" but with a "you") Gommers the founder and CEO of EclecticIQ joins Rafal to talk about threat intelligence - from platforms to TIPs, use-cases, implementations, limitations, and the move to TIM. It's a fun conversation that looks at where "threat intelligence" started, and where it's gone over the last 5 years or so. If you're a threat intel analyst, another consumer, or even a vendor, you'll want to listen up carefully and maybe take notes.

By the way we need a "TIM-enabled NextGen SOC Platform" sticker to be made up, with "Tim the Enchanter" as the key figure ... this should happen. Someone has to have the talent!

Guest

Joep Gommers
- LinkedIn: https://www.linkedin.com/in/joepgommers/
- Twitter: https://twitter.com/joepgommers

Tue, 29 Dec 2020 00:00:00 -0500

DtSR Episode 427 - TPA Security Beyond the RegExp

Prologue

This week, on the last episode of 2020, Michael Coates joins Rafal to talk about wire-speed-data-protection. Sort of like CASB but more universal. Interestingly, Rafal and Michael talk through how DLP has evolved and into what, and some interesting developments along the way - then the promise of something better.

Guest

Michael Coates
- LinkedIn: https://www.linkedin.com/in/mcoates/
- Twitter: https://twitter.com/_mwc

Mon, 21 Dec 2020 23:01:22 -0500

DtSR Episode 426 - TPA Winning Intelligence Collecting Zombies

Prologue

First and foremost, thank you toPrevailion for giving us some of Karim's time, and content for this episode. Adversary intelligence is critical to protection and defense, so the methods and means in which it's gathered, refined, and provided back into the industry is always a great topic of discussion.

I can't stress enough how much I recommend going and doing this - https://www.prevailion.com/claim-your-apex-platform-account/ which isfree and can give you an idea of whether you have some of those pesky "bad actors" running around your infrastructure stealing your critical assets.

Guest

Karim Hijazi
- LinkedIn: https://www.linkedin.com/in/karimhijazi/
- Is YOUR org compromised?: https://www.prevailion.com/claim-your-apex-platform-account/

Tue, 15 Dec 2020 00:00:00 -0500

DtSR Episode 425 - TPA Being Media Trained

Prologue

This week, one of my old allies in the advocacy for sane media appearance joins James and me on the podcast. We talk about being a media liaison, managing speakers and security types with lots to say and few f***s to give for the media. It's an interesting conversation if you want to hear about what your media and PR person has to go through.

Guest

Diana Wong
- LinkedIn: https://www.linkedin.com/in/dianawong1/

Tue, 08 Dec 2020 16:19:59 -0500

DtSR Episode 424 - SOC Fight 2020

Prologue

Fill up your coffee cup, find a comfortable seat, and get ready to dive into this show! Richard & Anton join James and Rafal to discuss the SOC and it's evolution (or not) in today's enterprise.

What are the major issues with SOCs today?
What will the SOC of tomorrow be like?
Does anyone know why Anton's hair is so nutty?

These and other questions will be answered, maybe, on this show... so listen in and please give us some love on the socials.

Guests

Richard Steinnon
- LinkedIn: https://www.linkedin.com/in/stiennon/
- Twitter: https://twitter.com/stiennon
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
- Twitter: https://twitter.com/anton_chuvakin

Mon, 30 Nov 2020 13:30:53 -0500

DtSR Episode 423 - TPA Malware and Other Bad Things

Prologue

This week,virtually live fromEnfuse 2020 we've invited Grayson Milbourne, who is the Director of Security Intelligence at OpenText (formerly Carbonite/Webroot), to the show to talk about his work, malware, and the ever-evolving battle between good and evil'ish.

This is a unique look at the intelligence, research, and innovation that goes into anti-malware tools and the arms race between attacker and defender in the real world.

Guest

Grayson Milbourne
- LinkedIn: https://www.linkedin.com/in/themilbourne/
- Twitter: https://twitter.com/gmilbourne

Mon, 23 Nov 2020 00:00:00 -0500

DtSR Episode 422 - TPA Blurry Ethical Lines

Prologue:

This week is a TREAT for you Down the Security Rabbithole Podcast listeners. Before she does her keynote on the topic, you'll get to hear Tarah Wheeler's take on the graying lines of privacy, security, and ethics. Just because we can ... does that mean we should?

Lots of interesting discussions, and some totally nerdy andpedantic references you'll want to listen to a few times.

Week 3 of OpenText's Enfuse Conference 2020 is kicking off with Tarah's keynote, and if you haven't checked in, or signed on, maybe this will convince you! Give her keynote a listen...

Guest

Tarah Wheeler
- LinkedIn: https://www.linkedin.com/in/tarah/
- Twitter: https://twitter.com/tarah

Mon, 16 Nov 2020 18:40:25 -0500

DtSR Episode 421 - TPA Holding the Public Ransom

Prologue

Welcome to week 2 of our coverage of the OpenText Enfuse conference! This week I'm super excited about two very cool guests - Brian Chidester and Tyler Moffitt. Y'all know Brian who is now officially a multi-time returning guest, and Tyler's background is pretty cool (literally, you'll know what I mean when I post the video hopefully soon).

Huge thanks to OpenText for giving us access to these great guests. Go check out #EnfuseOnAir (on Twitter's hashtag) with the links below:

Links:

Conference link - https://www.opentext.com/enfuse
General Registration link -https://web.cvent.com/event/d634f034-3b46-432a-ae21-4be1ca3fb1cf/regProcessStep1?RefId=enfuse2020-ppctx&rp=00000000-0000-0000-0000-000000000000
OpenText security handle -- https://twitter.com/OpenTextSecure

Guests:

Brian Chidester
- LinkedIn: https://www.linkedin.com/in/abchidester/
- Twitter: https://twitter.com/ChidesterAB
Tyler Moffitt
- LinkedIn: https://www.linkedin.com/in/tyler-moffitt-29752050/

Mon, 09 Nov 2020 17:27:28 -0500

DtSR Episode 420 - TPA Virtually Live from Enfuse 20 Overview

Prologue

This week on DtSR Anthony Di Bello from OpenText drops by the show to talk about Enfuse, and the future of forensics, eDiscovery, and cyber security - and happens to let out a few details of the Enfuse 2020 conference kicking off this week. Anthony's always a great interview and of course we talk about my favorite topic lately - "convergence" of security disciplines.

Join us - and if you're so inclined,virtually attend Enfuse 2020 by clicking over here: REGISTER FOR ENFUSE 2020.

Guest

Anthony Di Bello
- LinkedIn: https://www.linkedin.com/in/anthony-di-bello-29b419b/

Tue, 03 Nov 2020 00:00:00 -0500

DtSR Episode 419 - TPA CISOs in Covid Times

Prologue

This week James and Rafal have the pleasure of being joined by Allan Alford, from his work-cave somewhere near Dallas, TX to talk about what we're hearing and seeing as we advise CISOs during the times that Covid brings. We discuss budgets, priorities, and "good enough" security strategy in a weird time in our industry and world.

Guest

Allan Alford
- LinkedIn: https://www.linkedin.com/in/allanalford/
- Twitter: https://twitter.com/AllanAlfordinTX/

Tue, 27 Oct 2020 14:07:28 -0400

DtSR Episode 418 - TPA Another Security Inflection Point

Prologue

This week on DtSR, John Steven joins Rafal & James to talk about an inflection point in security that's happeningright now.As you may notice, everything about security is changing, especially in the AppSec space... listen in and you'll hear John's thoughts on a very interesting time to be in the industry.

Evolve, or die...

Guest

John Steven
- LinkedIn: https://www.linkedin.com/in/m1splacedsoul/
- Twitter: https://twitter.com/m1splacedsoul

Tue, 20 Oct 2020 00:00:00 -0400

DtSR Episode 417 - TPA Budgets and Breaches

Prologue

This week on DtSR my long-time friend and pragmatic alter-ego, Chris Abramson, joins me to give a sneak peek at what you can expect on thenew podcast we're launching together in a few weeks... and also to discuss the "budget before breach/budget after breach" meme going around LinkedIn.

We discuss security, budget, process, threat modeling and a half-dozen other things you'll just have to listen to the show to hear.

Guest

Chris Abramson
- LinkedIn: https://www.linkedin.com/in/chris-abramson-29a9b2b/

Tue, 13 Oct 2020 00:00:00 -0400

DtSR Episode 416 - TPA A Newer New Hope

Tue, 06 Oct 2020 10:11:23 -0400

DtSR Episode 415 - TPA Man Algorithm Machine

\\Prologue

As I was scrolling through LinkedIn looking for interesting things to read, who should scroll by but one Sven Krasser, whom you may remember from a few episodes ago ( http://ftwr.libsyn.com/dtsr-episode-261-deeper-down-the-ml-rabbit-hole ) - OK it was a long time ago now. We talk briefly about machine learning, algorithms and other relevant things and have a little fun in the process.

I hope you enjoy the episode!

Guest

Sven Krasser
- Twitter: https://twitter.com/SvenKrasser
- LinkedIn: https://www.linkedin.com/in/svenkrasser/
- His blog: http://www.skrasser.com/blog/archives/

Tue, 29 Sep 2020 00:00:00 -0400

DtSR Episode 414 - TPA Rick Howard's Almost Retirement

Prologue:

This week on episode 414 of the podcast, I'm joined by Rick Howard who just retired ... no, wait ... scratch that, almost retired from Palo Alto Networks after a fantastic run. Rick tells the story of how he almost retired, why he's not on the beach somewhere yet, the Cyber Security Canon, and so much more.

Join me, this week on the podcast, because you never know just how many more of these he'll agree to before he actually and truly does retire some day!

Guest

Rick Howard
- Twitter: https://twitter.com/raceBannon99
- LinkedIn:https://www.linkedin.com/in/rickhoward/

Wed, 23 Sep 2020 12:15:14 -0400

DtSR Episode 413 - TPA SOCs and Stuff

Prologue

This week we welcome Greg Foss to the show - Greg has some experience in security operations and managing SOCs and such. He dishes, we laugh, we learn, and hopefully you'll enjoy. Lots of topics covered including my personal favorite: "tools in the SOC" - in which we discuss how tools are actually hurting SOC efficiency and such.

Guest

Greg Foss
- LinkedIn: https://www.linkedin.com/in/gregfoss/
- LinkedIn: https://twitter.com/Heinzarelli

Tue, 15 Sep 2020 00:00:00 -0400

DtSR Episode 412 - TPA Consolidation Integration and Good Enough

Prologue:

This week David Soto joins Rafal and James to talk about how throughout his career the cybersecurity landscape has evolved and the tools have consolidated, integrated, and how we're perhaps still misunderstanding "good enough". David of course has a very long and storied career where he's carried multiple roles from CISO to a consultant, so he has a depth of experience most of us don't get. He's great to listen to, as he shares his knowledge - tune in!

Guest:

David Soto
- LinkedIn: https://www.linkedin.com/in/dsoto/
- Twitter: @David__Soto

Tue, 08 Sep 2020 22:44:30 -0400

DtSR Episode 411 - TPA RSnake at Large

Prologue:

This week, the one and only @RSnake joins us to just ... talk. We notice he has a few cameras too many, or maybe he's just being monitored? We talk about the big problems in the industry, what he's doing to solve them, and some other random things you'll have to listen to get.

Guest

Robert Hansen
- Twitter: @RSnake
- LinkedIn: https://www.linkedin.com/in/roberthansen3/

Tue, 01 Sep 2020 00:04:17 -0400

DtSR Episode 410 - TPA CISO Accountability Problems

Prologue:

Because we can't get enough of Brandon Dunlap and Shawn Tuma over here on the podcast, here we go again. Last episode Brandon talked about responsibility and accountability - so when we saw the story about a CISO being indicted for being less-than-truthful to the FTC, we couldn't resist. This episode is powerful, and doesn't tiptoe around difficult topics.

Guests:

Brandon Dunlap
- Twitter: @bsdunlap
- LinkedIn: https://www.linkedin.com/in/bsdunlap/
Shawn Tuma
- Twitter: @shawnetuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/

Tue, 25 Aug 2020 20:08:08 -0400

DtSR Episode 409 - Dunlap Time 2020 Edition

Prologue:

Hey friends, it's Tuesday so time for another dazzling edition of the podcast. This week we welcome Brandon Dunlap - hair model, professional snarkist - back to the show. This is Brandon's fourth trip around the merry-go-round, so I think he holds the record now. Someone may want to fact-check that... Brandon talks about transitioning between roles, managing big orgs, very remotely, and of course "Would you ever go back to a CISO role?"

Join us, and you may be able to help solve a mystery.

Guest

Brandon Dunlap
- LinkedIn: https://www.linkedin.com/in/bsdunlap/
- Twitter: @bsdunlap (Hey, someone remind him that picture is like ... 10 years old!)

Tue, 18 Aug 2020 10:41:40 -0400

DtSR Episode 408 - Shawn Tuma Cyber Superhero

Prologue:

This week, on episode 408 Shawn Tuma joins us again to talk about the legal side of cyber security. Shawn's one of the premier legal forces on breach law and litigation - you can fact check that - and it's great to have him on the show again. We talk through what's going on in laws, litigation, and whatever else is on his mind.

Guest
Shawn Tuma:
- Twitter: @ShawnETuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/

Wed, 12 Aug 2020 10:00:46 -0400

DtSR Episode 407 - Marcs Wild InfoSec World

Prologue:

This week, a legend of the InfoSec (or Cyber Security, for some of you) space joins me on the show. Marc Rogers has been the guy heading up Defcon security, and at the helm of the security function for some ... "highly visible" companies doing great amounts of good. Now, he's doing tremendous amounts of good during the global Covid-19 pandemic by providing cyber security services to besieged healthcare firms via the CTI League (check out their open letter here, as it may apply toyou.)

Guest

Marc Rogers
- Twitter: @MarcWRogers
- LinkedIn: https://www.linkedin.com/in/marcrogers/
- CTI League: https://cti-league.com/

Tue, 04 Aug 2020 23:53:32 -0400

DtSR Episode 406 - Cybersecurity and the SMB

Prologue
Cybersecurity is one of those industries where the one of the market segments that is the most desperate for support is also one of the segments that is the least supported. The Small and Medium Business (SMB) segment is largely ignored by most security vendors and service providers alike - and yet they need the most help.

Kiersten has put in the work to build tools and resources (all free, by the way) for this dramatically underserved market segment. In our episode, we talk about challenges, resources, and opportunities before us. Join us!

Guest

Kiersten Todt
- LinkedIn: https://www.linkedin.com/in/kiersten-e-todt-73b81359/
- Cyber Readiness Institute: https://www.cyberreadinessinstitute.org/

Tue, 28 Jul 2020 10:32:59 -0400

DtSR Episode 405 - Hallmarks of Good Leaders

Prologue:

This week, Rafal welcomes Wayne Reynolds, a veteran of not only our industry, but of the US Marine Corps - where he's been a leader in multiple scenarios. We talk about what makes good leaders, good and bad styles, and the things you need to know if you either WANT to be a leader, or you are looking to find someone who you want to work for. Huge thanks to Wayne for taking time out of his crazy schedule early in the morning to talk with us.

Guest

Wayne Reynolds
- LinkedIn: https://www.linkedin.com/in/wayne-reynolds-80593318/
- Raf's note: It's been an honor and privilege to work alongside Wayne in a past life - he's a solid human, and a fantastic leader.

Tue, 21 Jul 2020 00:00:00 -0400

DtSR Episode 404 - The Wacky Wild World of OT

Prologue:

This week, on the "Episode Not Found", Rafal and James host Robert Lee from Dragos. It's a conversation about Operational Technologies that includes a deep dive into the business and management side of Industrial Controls and the Energy Sector. Robert gives us a frank, no-spin walkthrough in the good and bad of the space and talks about some of the misunderstandings many of us have. A great episode if you're interested in the non-traditional cybersecurity sector.

Guest

Robert Lee
- Twitter: https://twitter.com/RobertMLee
- LinkedIn: https://www.linkedin.com/in/robmichaellee/

Wed, 15 Jul 2020 00:55:59 -0400

DtSR Episode 403 - ReInventing the MSSP

Prologue:

This week on the podcast, episode 403 features two good friends of mine Joey Peloquin and John "JP" Pirc. John and I talked about the awful state of the MSSP back in episode 395 (LINK) and I was challenged to do more than just talk about the sorry state of security delivered as a service. So, I called up some friends, and we talked it though.

I'm curious - do you agree with us? Let us know on LinkedIn by going to our LinkedIn page, or on twitter using the hashtag #DtSR.

Guests

Joey Peloquin
- LinkedIn: https://www.linkedin.com/in/joeypeloquin/
- Twitter: https://twitter.com/jdpeloquin
John "JP" Pirc
- LinkedIn: https://www.linkedin.com/in/johnpirc/

Tue, 07 Jul 2020 00:00:00 -0400

DtSR Episode 402 - Life Security Adulthood

Prologue:

First, I need to apologize for the quality of my (Rafal) audio. For a reason I don't understand, the Skype central record feature absolutely butchered it - could have been something on my end, I simply don't know. It should be listenable, albeit annoying.

Second, huge thanks to Carlos for taking the time out of his busy morning from being a dad and his day job to talk to us. He's got a lot of really interesting and important things to share about his adventures in our industry and community - you should probably listen closely.

Lastly - I have t-shirts to give away. If you want one, follow & re-tweet the @DtSR_Podcast handle and we'll pick a few of you (probably at random) to send shirts to.

Guest

Carlos Perez
- LikedIn: https://www.linkedin.com/in/carlos-perez-a146b917/
- Twitter: https://twitter.com/carlos_perez/

Tue, 30 Jun 2020 10:15:44 -0400

DtSR Episode 401 - Vyrus Lessons in Red to Blue

Episode 401

Epilogue: This week, I got to sit down virtually with a long-time friend, and one of the most intelligent and quiet people you'll ever meet in InfoSec. My pal Carl Vincent (some of you may know him by other names) and I chat the transition from Red Team to Blue Team, tools, the state of the industry over the last few years, and just general conversation.

The world around us has changed, and it's important to have real conversations with people who shaped the industry in ways you probably didn't know or realize.

Guest:

Carl Vincent
- LinkedIn: https://www.linkedin.com/in/mcarlvincent/
- Twitter: https://twitter.com/vyrus001

Wed, 24 Jun 2020 09:54:59 -0400

DtSR Episode 400 - Tom Nichols on Expertise

Friends and Colleagues!

We've made it. Milestone episode 400 of the podcast is here. And for the 400th episode I have none other than Mr. Tom Nichols. He's truly a qualified expert on a topic that needs some serious attention in today's world - expertise. In fact, he's written a book about it.

Please enjoy this episode, share it, and I want to thank Tom for taking the time out of his crazy schedule to laugh, educate, and drop a little bit of snark into our day.

Guest:

Tom Nichols
- LinkedIn: https://www.linkedin.com/in/tom-nichols-94a7a23/
- Twitter: @RadioFreeTom
- Go get and read his book: https://smile.amazon.com/Death-Expertise-Campaign-Established-Knowledge/dp/0190865970/

Tue, 16 Jun 2020 11:43:44 -0400

DtSR Episode 399 - Post-Pandemic Issues

Episode 399 ... what a crazy ride it's been.

This week we have Brian Chidester - you may recall we had a chat with him on episode 379 which was recorded live at EnFuse Conference 2019 - back to talk about some of the things he's been hearing state and local security leadership talk about.

Great conversation, lots of topics covered... you'll enjoy it.

Also, next up - EPISODE 400!

Guest

Brian Chidester
- LinkedIn: https://www.linkedin.com/in/abchidester/

Tue, 09 Jun 2020 23:53:04 -0400

DtSR Episode 398 - Leadership Series: Allan Alford

This week, episode 398 features our Leadership Series and the one and only Allan Alford. Allan has spent a long career building various security practices, advising boards, and generally doing great things.

While we're at it, you should go check out and sign up for the RSS feed of "Defense In Depth" podcast that Allan is a co-host on. They have a great tagline: "Couples therapy for security vendors and practitioners". Check them out here: https://www.linkedin.com/company/ciso-security-vendor-relationship-series/

Guest:

Allan Alford
- LinkedIn: https://www.linkedin.com/in/allanalford/
- Defense In Depth Podcast: https://cisoseries.com/category/defense-in-depth

Tue, 02 Jun 2020 00:39:00 -0400

DtSR Episode 397 - Modern-ish Vulnerability Management

Welcome Down the Security Rabbithole to yet another edition of the DtSR Podcast. We we roll on towards milestone episode 400 James and Rafal discuss a topic that doesn't get nearly enough airplay - vulnerability management.

This isn't just your dad's vulnerability scanning though, or is it? Have we doneanything exciting in this space in the last 15 years? Maybe... kind of...but the problem is much harder.

Guest

Ed Bellis
- Twitter: @ebellis
- LinkedIn: https://www.linkedin.com/in/bellis/

Wed, 27 May 2020 10:04:38 -0400

DtSR Episode 396 - Verizon DBIR 2020 Analysis

It's Verizon Data Breach Investigations Report time again. This episode is a yearly walk-through of the DBIR, where Rafal and James once again welcome Gabe Bassett back to the show to talk data, graphics, and lessons we need to learn.

Link to the report:

https://enterprise.verizon.com/resources/reports/dbir/

Guest:

Gabriel Bassett
- LinkedIn: https://www.linkedin.com/in/gabriel-bassett/
- Twitter: https://twitter.com/gdbassett/

Tue, 19 May 2020 00:00:19 -0400

DtSR Episode 395 - Can We Fix the MSSP

Special thanks to our friends at AlertLogic - for providing some great discussion points and John for the episode!

This week, as DtSR hits episode 395 on our way to Episode 400, James and Rafal take some time out to ask:

"Hey John, how's the hair?"

It's great to be able to spend time with old friends and just talk about solving some long-standing problems our industry faces. One of the perennial favorites is why MSSPs are all terrible. Well - we have some ideas! Listen in if you've ever been frustrated with your MSSP... and are maybe interested in how the industry can collectively do better.

Guest

John Pirc
- LinkedIn: https://www.linkedin.com/in/johnpirc/
- Rafal's personal note: John's a badass who has more experience in solving broad-scale problems and helping customers and companies through some difficult challenges. His advice is sage... you should probably listen in

Tue, 12 May 2020 00:00:00 -0400

DtSR Episode 394 - High Profile Healthcare Security Leadership

Episode 394

Rafal & James host Keith Duemling from the Cleveland Clinic (talk about high-profile jobs!) to talk about security in the healthcare space, challenges, the future, and other random topics. Keith has spent a large part of his career leading healthcare organizations, so he has a lot to share. Listen in!

Guest

Keith Duemling - Director of Cybersecurity Technology Protection at the Cleveland Clinic
- LinkedIn: https://www.linkedin.com/in/keithduemling/
- Twitter: @KeithDuemling

Tue, 05 May 2020 12:14:58 -0400

DtSR Episode 393 - Smartish Cities

Guess who's back, back again ... James is back, so listen in!

So James is officially back after a bit of a hiatus from the podcast, and on this episode him and Rafal sit down over a fun interview with Matt Lewis Research Director for the UK with NCC Group. Matt is the primary author on a report on "Smart Cities", and it's definitely somethingyou should read.

We talk about the report, discuss the true nature of asmart city and what it means to live in one. Pay particular attention to how difficult it was not to jump right into Die Hard 4 references... although we eventually broke down and did it anyway.

Links

Check out the NCC Group report on smart cities, right here: http://www.mynewsdesk.com/nccgroup/documents/ncc-group-a-blueprint-for-secure-smart-cities-whitepaper-95577

Guest Bio

Matt Lewis is Research Director for the UK with NCC Group (https://www.nccgroup.trust/us/) a security consultancy that has over 35 global offices, 2,000 employees and 15,000 clients. Hes worked in Cyber Security for over 18 years since his Computer Science academic studies, which focused on formal methods for system specification and design. Since then Matt has worked in various roles across Defence, Intelligence, Commercial and Big 4. He specializes in security consultancy, scenario-based penetration testing, vulnerability research and development of security testing tools and methodologies. His consultancy, testing and research experience spans multiple technologies across all sectors and many FTSE 100 and Forbes 2000 companies. He has vast experience in facilitating security assurance within the Government sector. Matt is a public speaker with global recognition of his knowledge and expertise in biometric security. He regularly presents at international conferences and seminars on all manner of cybersecurity-related topics.

Tue, 28 Apr 2020 18:31:32 -0400

DtSR Episode 392 - Chris Nickerson is an Original

Ladies and Gentlemen, friends, countrymen, lend me your ears!

This episode of DtSR features one of my favorite guests and one of the better storytelling from the "old days" opportunities I can recall. It also, not accidentally, features one of my favorite totally genuine people from our industry - Chris Nickerson.

I think the best way to describe Chris is like a charismatic honey badger. And if you haven't had the pleasure, you can listen to this episode and get just a small taste of what he's been up to the last few years. Buckle in, it's story time.

Guest

Chris Nickerson ( @Indi303 ) - https://www.linkedin.com/in/nickersonlares/

Tue, 21 Apr 2020 01:04:16 -0400

DtSR Episode 391 - Unprecedented Cyber Badness

This week, I'd like to thank JD Work for taking the time to be on the show and sharing his professional experience and expertise with us. The space of cyber policy, at the national and international level, is growing by leaps and bounds; and difficult decisions are often debated even as rapid reactions have to be made. These are difficult times for policymakers in the theater of cybersecurity. JD is an expert in this space and provides some real inside into what's going on, what our policymakers are thinking.

Guest

JD Work
- LinkedIn: https://www.linkedin.com/in/jd-work-22096010/
- Bio: JD Work serves as the Bren Chair for Cyber Conflict and Security at Marine Corps University. He holds additional affiliations with the School of International and Public Affairs at Columbia University, the Elliot School of International Affairs at George Washington University, and as a senior advisor to the Cyberspace Solarium Commission. He can be found on Twitter @HostileSpectrum. The views and opinions expressed here are those of the author(s) and do not necessarily reflect the official policy or position of any agency of the US government or other organizations.

Tue, 14 Apr 2020 09:55:48 -0400

DtSR Episode 390 - DFIR 20-20

This week, Brian Carrier joins DtSR to talk about digital forensics and incident response in 20/20. Forensics and incident response has had to evolve and change as devices become more mobile, smaller, and purpose-built. Brian talks through what this change has meant, and how tools and techniques have had to evolve to deal not only with the explosion of device types, but also sizes and various log capabilities (or none at all).

Guest

Brian Carrier
- Twitter: @Carrier4n6
- LinkedIn: https://www.linkedin.com/in/carrier4n6/

Related episodes:

DtSR Episode 365 - "Mountains of Data"
DtSR Episode 320 - "Specializing in Forensics"
DtSR Episode 264 - "Windows Forensics Then and Now"
DtSR Episode 252 - "DFIR with Lesley Carhart"
DtSR Episode 247 - "Internet of Things Forensics"
DtSR Episode 146 - "State of Enterprise Incident Response"

Tue, 07 Apr 2020 00:00:00 -0400

DtSR Episode 389 - Leading Cyber Security in Academia

This week, DtSR dives into security leadership with an academic twist. We have the pleasure of hosting Robert Turner, the CISO of the University of Wisconsin, Madison.

This episode was recorded March 13th, 2020 right as the University and other institutions across the country and the world started their efforts to social distance and work from home due to the Corona Virus (Covid-19) pandemic.

Special thanks to Bob for taking the time out of his busy day, and crazy schedule given the times, to give us insights on his strategy, challenges, and successes!

Guest

Robert Turner - https://www.linkedin.com/in/bob-turner-9936993/

Tue, 31 Mar 2020 00:00:00 -0400

DtSR Episode 388 - The SIEM is Dead Long May It Live

Welcome to episode 388, an episode at least 5 years in the making...mainly because it's taken this long to figure out a good way to get Anton on the podcast! Now that he's not an analyst anymore, I snagged him for an honest and open conversation about the one topic he has more expertise in than most anyone I know - the SIEM.

We wax philosophically, I manage to show my ignorance of the state of the art and history of SIEM, and we talk about where SIEM is going. Join us on a great conversation I am thrilled to have been a part of.

Guest

Anton Chuvakin - Let's face it, it's really "The" Anton Chuvakin, right?
- Linkedin: https://www.linkedin.com/in/chuvakin/
- Twitter: @anton_chuvakin
- Blog: https://medium.com/anton-on-security

Tue, 24 Mar 2020 17:04:04 -0400

DtSR Episode 387 - Remote Workforce Leadership

This week, as we all continue quarantines and work-from-home DtSR hosts Valentina Thrner,who is an expert on remote workforce leadership. Valentinaliterally wrote the book (From a Distance) and now she's on the show discussing how to be a leader when your workforce is remote.

Additional Links and Resources

1:1s
- https://remote.co/creative-ways-get-to-know-your-team-when-work-from-home/
- https://knowyourteam.com/blog/2020/02/19/how-to-coach-employees-ask-these-1-on-1-meeting-questions/
- https://getlighthouse.com/blog/one-on-one-meeting-questions-great-managers-ask/
- https://getlighthouse.com/blog/transition-to-remote-work-help-your-team/ - the blog has amazing resources apart from this article
- A great article on how to scale remote work: https://beau.blog/2020/03/remote-work-at-scale/
- Recommended webinar: https://wordpress.com/blog/2020/03/06/a-crash-course-in-remote-management/
- Quick guide on how to set up your remote working strategy: https://intenseminimalism.com/2020/quick-work-remote/

Guest 411

Valentina Thrner
- LinkedIn - https://www.linkedin.com/in/valedeoro/
- Twitter - https://twitter.com/valedeoro

Tue, 17 Mar 2020 17:46:55 -0400

DtSR Episode 386 - Securing a Suddenly Remote Workforce

Covid-19 ... that's the headlines. Everywhere.

The suddenly remote workforce is a problem for many enterprises, and as workers are forced to work from home - security is a problem.

To that end, I snagged Brian Foster who has a long and storied history in our industry, to talk about what he thinks we should be thinking about.

Listen in, share, and let's hear what you think folks! Stay safe and well and most of alldo not panic.

Guest

Brian Foster - https://www.linkedin.com/in/brianfoster1/

Mon, 09 Mar 2020 23:58:11 -0400

DtSR Episode 385 - Malware on the Lifeline

Greetings! On this episode of the podcast we present to you an episode we recorded back in January (but then due to a storage error we lost temporarily) with Nathan Collier from Malwarebytes. Nathan reported some findings from his research that basically there was some pre-installed malware running around, impossible to uninstall, on low-cost mobile phones. That kind of villainy is unforgivable (praying on the weak!) so we wanted to hear the whole story...and then some.

Here's one link to the full story, in case you're interested in reading it on your own... https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/

Guest:

Nathan Collier - Malwarebytes

Tue, 03 Mar 2020 16:14:14 -0500

DtSR Episode 384 - Zero Trust Redux 2020

This week Rafal hosts Dr. Chase Cunningham, Forrester analyst and all-around security badass to redux Zero Trust. The last time we tackled the topic was Episode 222 with John Kindervag back in 2016 - so it's time to see what's new.

Zero trust is more than just firewall rules, and it encompasses a lot of security technologies we don't even think about - so this update is a great primer for 2020.

Guest:

Dr. Chase Cunningham - https://www.linkedin.com/in/dr-chase-cunningham-54b26243/

Wed, 26 Feb 2020 21:51:15 -0500

DtSR Episode 383 - The Jennifer Ayers Interview

Join Rafal & James this week, as they welcome Jennifer Ayers. Jennifer is the Vice President of Overwatch and Security Response at Crowdstrike.

Rafal and Jennifer worked together "back in the day" so the conversation starts with a little storytelling from the old days, and then works its way into Jennifer's fantastic career and lessons learned over the years in her various leadership positions.

Guest

Jennifer Ayers - https://www.linkedin.com/in/jnayers/

Tue, 11 Feb 2020 00:22:32 -0500

DtSR Episode 382 - Jeremiah Grossman Doing the Basics

This week on DtSR Podcast, a long-awaited guest joins us. That's right, the one and only Jeremiah Grossman joins us live from a tropical paradise, and you need to hear his message.

On this show we cover history, "the basics", and the necessity to know what your security attack surface looks like. It's perhaps one of the least sexy topics ever - but if you ignore it, you're pretty much screwed.

Guest:

Jeremiah Grossman - @Jeremiahg - https://www.linkedin.com/in/grossmanjeremiah/

Tue, 04 Feb 2020 08:35:25 -0500

DtSR Episode 381 - 5G Security Implications

Welcome friends and fans!

This week we go down the rabbithole with Russell Mohr of MobileIron as we talk about the security implications for 5G. The new standard unleashed upon the American consumer (but more importantly on the commercial market) is changing mobile communication and connectedness.

About the guest...

Russell Mohr is an expert in 5G and mobile technology, with a wide breadth of expertise in other areas as well. Apparently during the early part of the interview, he was attacked by a dog that tried to eat him (I may be guessing, but that's what it sounded like).

LinkedIn: https://www.linkedin.com/in/russmohr/

Big thanks to Becca Chambers for setting this up, and lining up another future guest too!

Tue, 28 Jan 2020 00:00:00 -0500

DtSR Episode 380 - Gadi Tells It Like It Is

Welcome to episode 380 of the DtSR Podcast.

We have a special treat for you this episode, with long-time friend Gadi Evron, and he holds nothing back in his start discussion of our industry. We virtually guarantee this will quickly be your favorite episode...or at least your top 5.

Highlights from this week's episode include...

Gadi unloads on the 'attackers in the spotlight' nature of security conferences
Gadi & Raf chat about 25 years of incidents and what it's leading up to
Gadi is clearly not a fan of "Just do the basics"
Raf & Gadi decide we're clearly going to have to do this again...

Guest

Gadi Evron ( @gadievron ) - https://www.linkedin.com/in/gadievron/

Tue, 21 Jan 2020 00:55:48 -0500

DtSR Episode 379 - IoT Transforming LE

This week, in our final (for real this time) episode recorded LIVE from Enfuse Conference 2019, courtesy of OpenText, we chat with Brian Chidester. It's a fascinating conversation about what the IoT world can (and is) do for law enforcement and government ... think smart cities + Cops.

Highlights from this week's episode include...

Brian shatters any last shred of privacy I could believe in through the millions of IoT devices out there 'for our protection'
Brian reminds us hackers set of Tornado alarms around Dallas ...
Brian and Rafal muse about FOIA in the digital age
Brian talks about advances like 'connected firearms'

Guest

Brian Chidester - https://www.linkedin.com/in/abchidester/

Tue, 14 Jan 2020 00:00:00 -0500

DtSR Episode 378 - Trending on CISOs

In our final "Live from Enfuse 2019" episode, I had the pleasure of sitting down with Paul Shomo to talk about some of the things he's talked to CISOs about as he travels and advises on behalf of OpenText. It's a pretty interesting conversation...

Once again, thanks to OpenText for having the DtSR Podcast in Vegas!

Highlights from this week's episode include...

Paul and Rafal disagree on whether the cloud transformation is "almost over" or "just begun"
Paul brings up the challenge of API security
Rafal and Paul tackle security budgets - how much you spend vs how you spend it
Rafal asks Paul what's going on with security, and the challenge of identity
A link to Paul's article he mentions: https://www.darkreading.com/cloud/5-cybersecurity-ciso-priorities-for-the-future--/a/d-id/1336325

Guest

Paul Shomo - https://www.linkedin.com/in/paulshomo/

Tue, 07 Jan 2020 00:02:45 -0500

DtSR Episode 377 - The Global War for Soft Power

Welcome to 2020, as Down the Security Rabbithole rolls on!

This week we're back with a timely episode on the global war for soft power, with Andrea Limbago, Chief Social Scientist from Virtru. This is an interesting episode, touching on some topics such as privacy and censorship, and very timely.

Highlights from this week's episode include...

Andrea gives us a run-down on "soft power" and why it's important
Raf starts down a rabbithole and gets "dropped"
Andrea discusses how privacy regulation is impacting this space

Guest

Andrea Limbago ( @limbagoa ) - Chief Social Scientist at Virtru - https://www.linkedin.com/in/andrea-little-limbago/

Tue, 24 Dec 2019 00:00:00 -0500

DtSR Episode 376 - Protecting Our Kids Online

Merry Christmas, and a Happy New Year listeners of the Down the Security Rabbithole Podcast!

This week the show focuses on one of the most important things any of us really have - our children. Protecting kids in an increasingly digital world is tough, but not impossible. We decided to bring Theresa Desuyo from Qustodio on the show this week to discuss what her company is doing, and the broader theme of protecting children online.

Apologies in advance for Theresa's audio quality. Couldn't fix that in post.

Highlights from this week's episode include...

Rafal takes a shot at a sinister human being
Theresa talks through some of the more ominous things kids can face online
James is curious
Theresa gives us a look into the crystal ball...

Guest

Theresa Desuyo of Qustodio -
Theresa is Qustodios Digital Family expert, leading Qustodios insights into how to best generate talking points around technology use adapted to each familys reality. In addition, she leads growth, partnerships and operations in the US. Before joining Qustodio, Theresa worked in gamification for enterprises and a social enterprise, leveraging technologies to engage employees and for cause marketing initiatives respectively.

She holds a B.A. from UCLA and an MBA from ESADE, is fluent in Spanish, Cataln and native English speaker from California.

As a mother of 3 school-aged children (13, 11, and 5), decisions around technology use is an everyday topic and different for every child. She believes in educating kids and openly discussing the good and the risks associated to digital devices and the internet for them to build the resilience needed today.

Read her professional bio here: https://www.linkedin.com/in/theresadesuyo/

Tue, 17 Dec 2019 23:58:42 -0500

DtSR Episode 375 - Malcolm in the Middle (of a Career)

This week, DtSR is joined by Malcolm Harkins - former CISO of Intel and industry insider extraordinaire. Malcolm shares insights from his long and distinguished career so pull up a virtual chair, grab your notebook, and pull over because this is one that's a great listen.

Highlights from this week's episode include...

Rafal asks Malcolm why he doesn't job-hop like most CISOs
Malcolm and Raf discuss the "feature economy"
Raf asks Malcolm to predict the future

Guest

Malcolm Harkins ( @ProtectToEnable ) - Chief Security and Trust Officer at Cymatic https://www.linkedin.com/in/malcolmharkins/

Tue, 10 Dec 2019 21:09:28 -0500

DtSR Episode 374 - Mike Daugherty Looks In the Rearview Mirror

This week, on a very special show recorded from his home studio in Atlanta, Rafal welcomes Mike Daugherty back onto the show to tell the story of his crazy journey and battle with the FTC.

Highlights from this week's episode include...

Mike gives a recap of the road to where he got
Rafal and Mike discuss the last few years since episode 171: "When the FTC Attacks"
Rafal & Mike discuss the New Yorker article: https://www.newyorker.com/magazine/2019/11/04/a-cybersecurity-firms-sharp-rise-and-stunning-collapse

Guest

Mike Daugherty - ( @daughertymj ) - https://www.linkedin.com/in/michael-j-daugherty-7a500819/

Tue, 03 Dec 2019 16:28:11 -0500

DtSR Episode 373 - Internet of Increasingly Smart Things

Welcome back for another great episode. This week we have a boomerang guest, Amber Schroader, recorded live in Las Vegas at Enfuse 2019.

Highlights from this week's episode include...

Amber wants a rockstar moment, but no confetti canons
Amber dissects Apple, Android, and "other" mobile OSes
We discuss machine-to-machine interactions
...so much more to discuss here!

Guest:

Amber Schroader ( @GingerWonderMom ) - https://www.linkedin.com/in/amberschroader/

Tue, 26 Nov 2019 00:03:53 -0500

DtSR Episode 372 - Not the Rise of the Machines

This week on #DtSR (live from Las Vegas, Enfuse 2019 Conference) Rafal chats with Nick Patience of 451 Group. Nick has some expertise in ML and provides context and content that is badly needed to dispel the crazy marketing hype out there.

Highlights from this week's episode include...

Nick answers the "What is ML/AI, and what is it not?"
We think Nick insulted machines by calling their learning potentially "shallow" (haha)
Nick gives us the retail applications of machine learning - grocery stores and similar things
Nick talks about "automating the mundane vs automating the complex" as problem spaces where ML is applicable
Nick explains ML is just software - but it's different from other software

Guest

Nick Patience ( @NickPatience ) - https://www.linkedin.com/in/nickpatience/

Tue, 19 Nov 2019 00:00:00 -0500

DtSR Episode 371 - Advancing SOC-as-a-Service

First, and foremost, thank you to OpenText for having the #DtSR Podcast live and in-person in Las Vegas. Enfuse is a fantastic conference bringing together security operations professionals (forensics, threat hunters, SOC analysts), privacy, and legal professionals under one banner. It's a fantastic opportunity to hear some very involved talks, hear about the state-of-the-art, and join the conversation.

Also ... the people you will meet there are amazing - guests and staff.

Highlights from this week's episode include...

Kevin gives us an educated, experience-based opinion on threat intelligence, threat hunting, and other various key terms
Rafal make some snarky comments about "your mess for less" MSSPs
Rafal and Kevin attempt to discuss the analyst shortage - do we solve it with tech or people?

Guest

Kevin Golas, Director of Worldwide Security Services at OpenText - https://www.linkedin.com/in/kevin-golas-cism-cisa-cissp-1126b01/

Wed, 13 Nov 2019 14:15:01 -0500

DtSR - This Just In - OpenText and Reveille Announcement Nov 2019

Dropping in for a quick announcement - youheard it here first!

This week a few different announcements went out from OpenText, but this one caught my attention because it could honestly and truly be agame-changer for security and legal teams when it comes to breaches.

Going beyond the typical EDR solution, this announcement may be able to shine light into the questions security and legal professionals need answered in the case of a breach. Check it out.

Official Name: OpenText Content Security for EnCase by Reveille.

Press release: https://www.opentext.com/about/press-releases?id=6A68BD4D22384A45A910DEFBD22BECBD

Guests:

Paul Shomo, Senior Security Architect, OpenText
Brian Dewyer, CTO, Reveille Software

Tue, 12 Nov 2019 01:03:35 -0500

DtSR Episode 370 - Gamifying InfoSec

Down the Security Rabbithole is back for Episode 370, and this week's podcast focuses on gamification, and it's applications to InfoSec. Big thanks to Chlo for joining us and sharing her knowledge. She's a legitimate expert in the field, so give this a listen.

Highlights from this week's episode include...

Chlo explains gamification
Rafal and James ask some tough questions
Chlo explains how games help us learn
Much more, tune in!

Guest

Chlo Messdaghi ( @ChloeMessdaghi ) -VP of Strategy at Point3 Security. She is a security researcher advocate who supports safe harbor and strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to change the statistics of women in InfoSec. She co-founded Women of Security (WoSEC) and heads the SF Bay Area chapter. As well, she created WomenHackerz, a global online community that provides support and resources for hundreds of women hackers at all levelshttps://www.linkedin.com/in/messdaghi/

Tue, 05 Nov 2019 00:00:00 -0500

DtSR Episode 369 - Ransomware's End

Welcome to episode 369!

This week Rafal talks ransomware andwelcomesOussama El-Hilali, Chief Technology Officer at Arcserve, andChester Wisniewski, Principal Research Scientist at Sophos to the podcast.

Highlights from this week's episode include...

Chester hits us with some staggering facts and figures about ransomware
Rafal asks if companies should pay the ransom and ducks
Oussama explains why backup companies and anti-malware companies should be besties

Guests

Oussama El-Hilali -https://www.linkedin.com/in/oussama-el-hilali/
Chester Wisniewski -https://www.linkedin.com/in/chester-wisniewski-b428241/

Links

Arcserve landing page for more information -https://www.arcserve.com/partners/alliances/sophos/
Sophos press release on the alliance -https://www.sophos.com/en-us/press-office/press-releases/2019/09/sophos-and-arcserve-to-offer-all-in-one-data-security-and-protection-from-cyberattacks.aspx

Wed, 30 Oct 2019 10:21:10 -0400

DtSR Episode 368 - Contain(er) Your Security

Welcome to another edition of the DtSR Podcast! This week Liz Rice joins us all the way from the(still) UK, and James is back too! What a treat... join us and read the show notes!

Highlights from this week's episode include...

Liz explains containers, security, and gives us a foundation
Liz explains the fundamental stages of securing containers
Liz explains the model of different types of containers and the things you need to worry about
Rafal asks "where do you install the agent?"

Guest

Liz Rice - ( @LizRice ) - Liz Rice leads Aquas technology evangelism activities in the cloud-native ecosystem. She is an active member of the open source community, and an award-winning speaker known for her live-coding demos. She is currently co-chair of KubeCon & CloudNativeCon. Prior to getting immersed in containers she built up a wealth of software development, team, and product management experience working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP with companies including Skype, Last.fm and Metaswitch Networks. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, and competing in virtual races on Zwift. Find her on LinkedIn:https://www.linkedin.com/in/lizrice/

Tue, 22 Oct 2019 15:34:22 -0400

DtSR Episode 367 - Cloud Babies

This week, #DtSR Podcast is recordedlive from Dallas at the Armor SecureCon inaugural user conference. Rafal had the occasion (and good fortune) to get a few minutes to sit down with Jeff Collins (CSO, Lightstream) and Kristopher Russo (Security Architect, Herman Miller) and chat cloud.

P.S. - Welove in-person conversations!

Highlights from this week's episode include...

Jeff talks about Lightstream's cloud foundational framework and why it's a must-do if you're thinking cloud
Kristopher some inner wisdom on architecture and business alignment
Rafal makes a snarky comment about frameworks

Guests

Jeff Collins, CSO Lighstream -https://www.linkedin.com/in/jmcollins/
Kristopher Russo, Architect, Herman Miller -https://www.linkedin.com/in/krisrusso/

Tue, 15 Oct 2019 12:04:27 -0400

DtSR Episode 366 - D I Why and How

Welcome Down the Security Rabbithole, to the DtSR Podcast.

This week, Zac Rosenbauer joins us to talk about what it's like to be "the IT guy" who also has to be vigilant of security in a fast-paced startup...based on Google's cloud platform. It's a riveting episode that will give you some good guideposts if you're about to DIY.

Highlights from this week's episode include...

Zac introduces what it's like to work in a rapidly evolving startup
We discuss some of the DIY that Zac has had to work with
Wait ... compliance...

Guest

Zac Rosenbauer - VP of Technology at Precognative -https://www.linkedin.com/in/zacrosenbauer/

Tue, 08 Oct 2019 00:00:00 -0400

DtSR Episode 365 - Mountains of Data

Welcome back to another episode ... this one sets up DtSRs appearance at the Enfuse Conference 2019 in Las Vegas in November. Give this topic a listen, as it doesn't matter whether you're in legal, compliance, or security - you need to understand this topic well.

We want to thank Opentext for sponsoring DtSR's trip out to Las Vegas for the conference, and of course we encourage you tojoin us out in the desert for another really well-done conference on the intersection of law, compliance, privacy, and security.

Highlights from this week's show include...

Anthony uses the phrase "data exhaust"
We get a peek into the intersection of big data, and big forensics
Anthony, James, and Rafal discuss 'real time identification' that's way beyond what your IPS can do
Anthony gives an insider peek into Enfuse 2019 including a keynote by James Clapper

Guest

Anthony Di Bello - Vice President, Strategic Development at Opentext:https://www.linkedin.com/in/anthony-di-bello-29b419b/

Tue, 01 Oct 2019 00:00:00 -0400

DtSR Episode 364 - Interviewing Jerry Archer

Welcome!

This episode of Down the Security Rabbithole Podcast was recorded live from Dallas, TX where the Security Advisor Alliance Summit 2019 was happening. One of the hardest working men in the business, Mr. Jerry Archer, stopped by and took a few minutes off his schedule to let Rafal interview him and get some of those amazing nuggets of wisdom and experience into your ears.

Feedback, as always, is welcome!

Highlights from this week's show include...

Jerry sets the background for his knowledge by dropping his 40+ years experience
Jerry talks about risk management and reporting to the board
Jerry goes a little crazy talking about his budget
...so much more!

Big thanks to Sidney, AJ, Jerry and the rest of the SAA crew for having me aboard and letting me add some value to this very worthy cause. Folks, if you aren't a part of this thing, go tohttps://www.securityadvisoralliance.org/and find your cause.

Guest

Jerry Archer - SVP/Chief Security Officer at Sallie Mae; you can read more about Jerry's career here:https://www.linkedin.com/in/jearcher/

Wed, 25 Sep 2019 00:40:28 -0400

DtSR Episode 363 - That Oh Shit Moment

This episode was recordedlive from the Security Advisor Alliance Summit, 2019 in blistering hot Dallas, TX. If you don't know what the Alliance is, or are asking yourself why you should bother, click here and find out why this is one of those organizations that youmust be part of if you're serious about cybersecurity.

Highlights from this week's episode include...

Graeme introduces himself
Rafal & Graeme talk about security atscale
Graeme discusses some of the insights of the Equifax breach
Graeme dispenses knowledge and experience by the truckload

Guest

Graeme Payne ( @Cybersecurity4E ) - Shelve whatever you think you know about him. Graeme was the CIO of the business unit that had that catastrophic breach over at Equifax a few years ago. He's on LinkedIn here:https://www.linkedin.com/in/payneg/

Tue, 17 Sep 2019 16:52:07 -0400

DtSR Episode 362 - Real Security is Hard

Friends & Colleagues, this week I have the pleasure of being joined by one of my good friends and industry veteran - the one and only Jim Tiller. We revisit the things we talked about in Episode 102 and get an update on the state of security from a guy who would know.

Pre-requisite listening: Episode 102 -http://ftwr.libsyn.com/dtr-episode-102-security-leaders-series-jim-tiller

Highlights from this week's show include...

Jim & Rafal talk about the "feature economy" that is the security vendor marketplace today
Jim explains the statement "Complexity is the camouflage for bad guys"
Jim explains what he believes security organizations have accomplished in the last 5 years
Rafal & Jim lament the 'fundamentals'

Guest

Jim Tiller ( @Real_Security ) -https://www.linkedin.com/in/jitiller/

Wed, 11 Sep 2019 00:31:21 -0400

DtSR Episode 361 - Your Adversary Problem in 2019

This week Adam Meyers joins James & Rafal to talk about the Crowdstrike Mobile Threat Landscape Report 2019 -https://www.crowdstrike.com/resources/reports/mobile-threat-report-2019/and the learnings and lessons therein.

Highlights from this week's episode include...

Adam gives us the lowdown on adversaries, in 2019
Adam bakes some bread
Rafal asks who the biggest and baddest attackers are
So much more... check out the link above, read the report!

Guest:

Adam Meyers -https://www.linkedin.com/in/adam-meyers-7a58481/- VP, Intelligence at Crowdstrike. We'll let him explain the rest...

Tue, 27 Aug 2019 00:00:00 -0400

DtSR Episode 360 - Thwarting Bots and Frauds

This week, Rafal sits down in person with Sam Bouso of Precognitive, in Chicago headquarters to talk about some very cool tech that's probably only on the periphery of security. Give it a listen!

Highlights from this week's show include...

Sam discusses the problem that bots and fraud pose to not only digital commerce but overall digital interaction
Sam and Rafal talk through the various buzzwords (machine learning, AI, etc) and their real applications here
Sam talks through how algorithms and massive data sets can identify human from non-human
So much more

Tue, 20 Aug 2019 01:16:22 -0400

DtSR Episode 359 - Mind the Diversity Gap

This week, in the 2nd of two installments recorded live at Black Hat 2019, Alyssa Miller joins Rafal live to talk about some of the talks she's giving, and takes us back in time.

Highlights from this week's show include...

Rafal and Alyssa discuss the very real problems the lack of diversity in technology creates
A jab is taken at the TSA ...because it's just too easy
Alyssa revisits the 'castle analogy' for InfoSec and why it's so tough to get right
Much more fun... you'll have to listen in!

Guest

Alyssa Miller ( @AlyssaM_Infosec ) - Alyssa's bio and website is here:https://alyssasec.com/

Thu, 15 Aug 2019 00:14:08 -0400

DtSR Episode 358 - No More Crappy Job Hunts

This week on another jammed-packed episode, Rafal takes to Black Hat 2019 to interview some interesting guests that have something unique to tell you. We start with Deidre Diamond, the lady behind CyberSN - and why she's reinventing the way you get your next InfoSec job.

Highlights from this week's show include...

Deidre tells us a little bit about what's new at CyberSN
Rafal & Deidre discuss the insane InfoSec job market
Deidre explains why how she's planning on eliminating hiring bias in the InfoSec workforce
The last time Deidre joined us was episode 337 -http://ftwr.libsyn.com/dtsr-episode-337-insights-on-cyber-talent
For more, go to www.cyberSN.com/and click the "Know More" icon in the top-right corner and get started!

Guest

Deidre Diamond( @Cyber_SN ) -With over 20 years spent leading technology and cybersecurity organizations, Deidre Diamond offers a great perspective on the issues that matter most in our industry. Her vision, to transform employment searching has remained constant since she founded CyberSN in 2014. Find her on LinkedIn:https://www.linkedin.com/in/deidrediamond/

Mon, 05 Aug 2019 17:43:32 -0400

DtSR Episode 357 - Hacker Summer Camp 2019

This week, James and I sit down to think (and talk) through Black Hat (and Defcon) 2019. "Hacker Summer Camp" as it's affectionately known in the industry, is a rite of every summer...but is it delivering value to attendees, do we have the right audience, and is the content worthwhile? This and more...

Highlights from this week's show include...

Raf and James reminisce about summer camp days gone by
Rafal addresses Dino's excellent-sounding keynote (abstract)
Raf & James discuss the hype (or more precisely, the lack thereof) of this year's conference and why it's nice for a change
All this and more...so tune in!

Tue, 30 Jul 2019 10:20:12 -0400

DtSR Episode 356 - Its Been a While Andy

Welcome down the security rabbithole friends! This week, Andy Kalat takes a few minutes off from recovering to chat and comment on the state of security, and what's different since we first met back in... 2003? Fun episode... It's been a while, Andy!

Highlights from this week's show include...

Andy and Rafal try and figure out when they first met...in real life
Andy points out the problem vendors suffer from "problem-scope-limiting" (this is an interesting one...)
Are things getting better? The guys discuss...snark ensues
Rafal asks Andy to predict what will change in the next ~5yrs

Guest

Andrew Kalat ( @LERG ) - Andy is an IT Security Executive, Co-Host of the Defensive Security Podcast, Speaker, Writer...according to his LinkedIn profile, here.

Tue, 23 Jul 2019 00:00:00 -0400

DtSR Episode 355 - Threat Modeling Rides Again

My dear listeners - we have John Steven back on this episode! If you don't remember his first appearance, it's OK, it was a little while ago back on episode42 ...http://podcast.wh1t3rabbit.net/dt-r-episode-42-threat-modelingso it's been a while!

Highlights from this week's show include...

John gives us a run-down on the new things since the last episode
James & John talk OWASP Top 10
The guys try to understand what happened to Threat Modeling, and security overall, over the last decade
So much more, you'll have to listen

Thu, 18 Jul 2019 00:42:01 -0400

DtSR Episode 354 - Pragmatic Azure Security

Fans & Listeners!

This week we have a treat for you... as this episode is recorded LIVE from Microsoft's Inspire 2019 in Las Vegas (where it was 117F) but the conversation here is way hotter.

Highlights from this week's show include...

What is Microsoft releasing to help guide secure Azure deployment?
Mark and Jeff debate "What exactly is the value of "best practices"?"
So much more packed into this extended episode!

Links to things you need:

Azure security guidance & best practices:https://aka.ms/AzureSecurityArchitecture
Microsoft cybersecurity reference strategies:https://aka.ms/CISOWorkshop
Things Mark thinks you should have handy:https://aka.ms/MarksList

Guests:

Mark Simos ( @MarkSimos ) - Lead Architect, Cybersecurity Solutions Group, Microsoft
Jeff Collins - Chief Strategy Officer, Lightstream

Tue, 09 Jul 2019 00:00:00 -0400

DtSR Episode 353 - Ira Winkler on Point

Yes, DtSR took a week off ... we were due.

This week, Ira Winkler joins Rafal to go down the rabbithole and talk about his career, opinions on our profession, and other important stuff. Sit back, take notes, and enjoy.

Highlights from this week's show include...

Ira gives a run-through on his career and what's gotten him "here"
Ira and Rafal discuss "breaking into security" and how it's being sold now, versus what realityshould be
Ira gives us his take on training, certifications, career paths and the like
Yeah, so much more...

Guest

Ira Winkler ( @IraWinkler ) - This guy: https://www.linkedin.com/in/irawinkler/

Mon, 24 Jun 2019 00:22:18 -0400

DtSR Episode 352 - AWS REInforce Warm Up Episode

This week, ahead of AWS RE:INFORCE 2019 (the first one) Rafal gets a conversation with buddy Mark for a candid talk about the top 3 public cloud providers, and a little insight into the evolution of the industry ... or not...

Highlights from this week's show include...

What are we expecting from AWS RE:INFORCE this inaugural year?
Mark gives us his take on the security in the three major public cloud providers
Rafal and Mark reminisce about how things were...and where they are in terms of cloud, and security
Mark and Rafal laugh about the opportunity security teams have right now...or may be missing

Guest:

Mark Nunnikhoven ( @marknca ) - Mark's awesome. He's also the Vice President of Cloud Research at Trend Micro. Other stuff he does here:https://www.linkedin.com/in/marknca/

Wed, 19 Jun 2019 00:32:06 -0400

DtSR Episode 351 - Deeper Into the Microsoft Security Ecosystem

Thank you to Microsoft for sponsoring this show, and our podcast over the years...

Highlights from this week's show include...

Rob discusses what "Microsoft Threat Protection" is, isn't, and why it's relevant today
Rob gives us some context to "trillions of signals" - what does that mean?
Rob provides perspective on the pillars of operational excellence required to make Microsoft's vision a reality in damn-near-real-time
Rafal and Rob discuss what the ecosystem looks like, and how it's being released into production
Rob answers whether Microsoft consumes its own tools the answer may surprise you

Guest:

Rob Lefferts - @rob_lefferts -
Microsoft Responsibilities/Contributions As corporate vice president for M365 Security within Experiences and Devices, Rob Lefferts is responsible for ensuring that Microsoft 365 provides a comprehensive and cohesive security experience for our all of our customers. Prior to this role, he led the Windows Enterprise & Security team, where he was responsible for hardening the Windows platform, building intelligent security agents, and driving commercial adoption of Windows 10.Since joining Microsoft in 1997,Lefferts has been instrumental in shaping key products and technologies, from helping develop the original SharePoint Portal Server to leading extensibility efforts for the Office platform to championing the vision for Microsoft 365.

Pre-Microsoft Work Experience Rob began his career at Claritech, a startup that was born from a Carnegie Mellon research project. He then consulted with the Government of Namibia, Africa.

Education Heearned a bachelors degree in logic and computation, as well as a masters degree in computation linguistics, from Carnegie Mellon University.

Family/Other Interests Rob and his wife have two children and live in the Seattle area.

Tue, 11 Jun 2019 02:27:42 -0400

DtSR Episode 350 - Deep Learning on Deep Packets

Show Note:As most of you know, this show has long refused to use advertisements, or ad revenue to keep itself going. That said, I openly welcome organizations who have something interesting to say and some extra marketing dollars to give, to sponsor an episode while still going through the same vetting process as everyone else. This is one of those shows.

This week James and Rafal are joined by Saumitra Das, the Chief Technology Officer for an interesting little start-up called Blue Hexagon. If you find yourself nodding along and interested in hearing more, we encourage you to go check out their website and let them know you hear of them on this show.

Highlights from this week's show include...

Saumitra shares his insights on AI, machine learning, and the limitations and mis-uses of them
We discuss the challenges of finding 'malice' at extremely high volumes, at extremely high rates of speed, and in extremely diverse environments
Saumitra previews the methods Blue Hexagon use to approach this problem and potentially start to draw a viable approach

Guest

Saumitra Das - CTO at Blue Hexagon -https://www.linkedin.com/in/saumitramdas/
- Fun fact, Saumitra has over 330 granted patents...how many you got?

Tue, 04 Jun 2019 14:22:46 -0400

DtSR Episode 349 - Verizon 2019 DBIR Double-Live Part 2

Friends & listeners - welcome to the 2nd half of the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report.

Highlights from this week's show include...

We all talk patching... why it's hard, what we can do about it, and realities of patching
Gabe does more live data analysis
We get an insight into how long and how hard this report is to produce

Guest

Gabriel Bassett ( @gdbassett ) - Gabe is one of the writers and data scientists behind the Verizon DBIR. His LinkedIn is here:https://www.linkedin.com/in/gabriel-bassett/

Tue, 28 May 2019 23:32:08 -0400

DtSR Episode 348 - Verizon 2019 DBIR Double-Live Part 1

Friends & listeners - welcome to the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report.

Highlights from this week's show include...

Gabe distinguishes between an incident and a breach - for those of you who need the refresher
Gabe dives into the stats to talk about small businesses, and the impact of breaches on them
Gabs does some live data science for us, pulling in stats on-the-fly
We avoid the 'patching' discussion (that's for the 2nd half)

Guest

Gabriel Bassett ( @gdbassett ) - Gabe is one of the writers and data scientists behind the Verizon DBIR. His LinkedIn is here:https://www.linkedin.com/in/gabriel-bassett/

Tue, 21 May 2019 00:00:00 -0400

DtSR Episode 347 - Inside the RH-ISAC

This week, Tommy McDowell who is theVice President at the Retail and Hospitality Information Sharing and Analysis Center, joins Rafalin person, in Dallas.

Highlights from this week's show include...

Tommy gives us a background on himself, and the RH-ISAC (and it's mission statement, and such)
Tommy & Rafal discuss the difficulty in setting up an information sharing center
Tommy gives us insights into why retail and hospitality need their own unique threat sharing network

Guest:

Tommy McDowell -https://www.linkedin.com/in/tommy-mcdowell-97184116/- It's easier to just let you go look at Tommy's page on LinkedIn. He's got a storied, and very interesting, career that we could not possibly do justice to here.

Tue, 14 May 2019 01:46:30 -0400

DtSR Episode 346 - Green Waxes Mostly Academically

This week, Rafal gets the rare occasion of sitting down face-to-face with someone and do an interview in person. Andy Green is a great if not sharky fellow, who helped me get over my PG rating for this podcast. So ... it's probably PG-13.

Highlights from this week's show include...

Andy talks about BSides Atlanta and the labor of love that is getting a conference stood up
We talk about conference drama - because we all need more of that in our lives
Andy discusses academic programs, shaping young minds, and being a universally beloved professor (not)

Guest:

Mr. Andy Green ( @SecProfGreen ) - Andy is a lecturer of Information Security at Georgia's Kennesaw State University. When he's not running Atlanta's BSides ATL heteaches classes in the Information Security and Assurance degree program, in the InformationSystems department of the Michael J. Coles College of Business at Kennesaw State University.

Tue, 07 May 2019 01:15:53 -0400

DtSR Episode 345 - RaffCon the Podcast

This week on the podcast, Rafal gets some one on one time with Raffael Marty ... and it's #RaffCon.

Highlights from this week's show include...

Raf & Raffy discuss the origins of #RaffCon
Raffy talks through Artificial Intelligence...in security
Raf and Raffy dive into "risk management"

Guest:

Raffael Marty - ( @raffaelmarty ) -Data analytics and visualization enthusiast. Interested in large-scale big data and cloud infrastructures tosupport cyber security use-cases. "How can we assist users to gain deep insight into large amounts of data?" I have spent a lot of time building and defining the security visualization space through open.Ioversee Forcepoint's X-Labs, a specialized department within Forcepoint that is responsiblefor behavior-based security research and the development of predictive intelligence. In additionto traditional threat and security intelligence, we are the home of data science,machine learning, and artificial intelligence within Forcepoint.

Wed, 01 May 2019 17:44:13 -0400

DtSR Episode 344 - You've Probably Been Pwned

This week, Rafal is joined by the man, the myth, the Aussie legend - Troy Hunt. We basically talk about whatever is on his mind - which, as it turns out is a lot. Take a listen, we may publish an English translation later (joking, Troy!).

Highlights from this week's show include...

Troy gives a run-down on HaveIBeenPwned
We talk through some of the interesting use-cases for HaveIBeenPwned data
Troy gives perspective on usernames, passwords, and other important things technology/security related

Guest

Troy Hunt ( @TroyHunt ) - Troy is aMicrosoft Regional DirectorandMost Valuable Professionalawardee for Developer Security, blogger attroyhunt.com, international speaker on web security andthe author of many top-rating security courses for web developers on Pluralsight.
I created HIBP as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.

Short of the odddonation, all costs for building, running and keeping the service currently come directly out of my own pocket. Fortunately, today's modern cloud services like Microsoft Azure make it possible to do this without breaking the bank!

Tue, 23 Apr 2019 01:42:59 -0400

DtSR Episode 343 - The 31st Human Right

This week, on a riveting edition of Down the Security Rabbithole Podcast Raf sits down with Richie Etwaru, a human data ethicist and Founder and CEO of Hu-manity.co.

What's a human data ethicist, you ask? Listen to the podcast, and find out.

Highlights from this week's show include...

Richie walks us through data ownership as a fundamental human right, including whynow is the right time in history
Raf and Richie discuss the principles of data ownership and how they're different from privacy or security
Richie discusses data ownership as a great leveling factor for society
SO much more...

Guest

Richie Etwaru -Richie Etwaru is a human data ethicist and the Founder & CEO at Hu-manity.co where he is responsible for vision, strategy and execution focus for the company. He is driven to reshape the world by creating a new data economy, where inherent human data is legally human property.

He has held c-level roles at Fortune 500 companies for two decades, and serves as advisor to venture capitalists, startups, governments, academia, and large organizations on transitioning to Trust Companies.

Richies book Blockchain Trust Companies, Every Company is at Risk of Being Disrupted by a Trusted Version of Itself (2017) is used by universities, consulting organizations, and governments, and his TEDx talk Blockchain Massively Simplified has been viewed almost 1 million times.

Tue, 16 Apr 2019 14:19:57 -0400

DtSR Episode 342 - Michael Coates Has Things to Say

This week on episode 342, Michael Coates joins Rafal & James for the 2nd time. Michael's first episode was way, way back in 2015 on episode 134 titled "Fundamental Security". Looks like things haven't changed much.

We highly recommend you check out episode 134 first, then listen to this one. Trust us, you want the context.

Highlights from this week's show include...

Michael gives us an opinion on "what's changed" in the last decade or so
Michael discusses "risk", "technical risk", and the Enigo Montoya problem in security
Michael gives an overview of what he thinks the profile of the CISO should be
Michael gives his take on why he thinks low false-positive rates are important and automation is the future

Guest

Michael Coates: ( @_mwc ) All you need to know is here, on his LinkedIn page:https://www.linkedin.com/in/mcoates/

Tue, 09 Apr 2019 02:26:15 -0400

DtSR Episode 341 - Discussing Security Reference Architecture

This week, in the final installment of "Live from RSA Conference 2019" Rafal interviews Mark Simos, who is the definitive source for reference architectures at Microsoft. He's the Lead Architect in the Enterprise Security Group and he's doing some amazing things for the community with regards to the Azure cloud and other Microsoft-related security things. Give this episode a listen and share it ...maybe listen again and take good notes!

Highlights from this week's show include...

Mark discusses security reference architectures (in general)
Mark and Raf rap on the shared responsibility model for the cloud...again
Mark answers "What's different about security in the cloud?"
Mark raises the concept of "raising the cost to the adversary" for defenders...

Guest

Mark Simos - ( @MarkSimos ) -Mark is Lead Architect in Microsofts Enterprise Cybersecurity Group where he is part of a group of cybersecurity experts who create and deliver unique cybersecurity services and solutions to Microsofts customers.

Mark has contributed to a significant amount of Microsoft cybersecurity guidance - most of which can be found on Mark's List (http://aka.ms/markslist)

Mark focuses on cybersecurity guidance to help customers manage cybersecurity threats with Microsoft technology and our partner solutions. Mark's current focus is on security assessments and roadmaps that span the spectrum of security topics including privileged access, high value asset protection, security strategies and operations, datacenter security, and information worker protection.

Tue, 02 Apr 2019 00:00:00 -0400

DtSR Episode 340 - Diana Kelley from RSA 2019

This week, Down the Security RabbitholePodcast is publishing episode 3 of 4 which were recorded LIVE at RSA Conference 2019. This episode features Diana Kelley, of Microsoft, talking about the latest security report and other goodies.

Highlights from this week's show include...

Diana discusses the highlights from the latest Microsoft Security Intelligence Report
Raf provides an opinion on how Microsoft could totally own the endpoint space
Rafal & Diana dive back into passwords...apparently, we just can't get away from them
Diana tells a really interesting story about Microsoft Windows Hello and twins

Guest

Diana Kelley - @DianaKelley14 -Microsoft Enterprise Cybersecurity Group Leadership team member. Represent Microsoft atglobal security conferences, author-industry analysis, white papers, and blogs on Microsoft security strategy and response to cyber threats. Contribute to the all up security messaging and provide insight into the strategic vision and direction for the company in close partnership with marketing, business groups, and engineering, as well as working closing with the security PR and AR teams.

Wed, 27 Mar 2019 22:12:32 -0400

DtSR Episode 339 - Insuring Against Acts of Cyber War

This week, driven by the news cycle, and an interesting story... Rafal & James invite George and Shawn, as actual experts, onto the show.

Highlights from this week's show include...

This news story -https://www.infosecurity-magazine.com/news/zurich-refuses-to-pay-out-for/
George & Shawn discuss the language of cyber policies
We discuss language, inclusions, exclusions, and such
George brings up Information vs Cyber, security

DtSR Episode 338 - Failure of Risk Management

This week, part 2 of a four-episode set recorded live from RSA Conference 2019. This time, it's Phil Beyer's turn to have a turn at the microphone...

Highlights from this week's show include...

Phil talks up "The failure of risk management"
We discuss the realities of risk management
Raf asks "How do we make more informed risk decisions?"
Raf and Phil talk through thread models and why they're relevant
...and so much more

Guest

Phil Beyer -https://www.linkedin.com/in/pjbeyer/

Tue, 12 Mar 2019 00:37:35 -0400

DtSR Episode 337 - Insights on Cyber Talent

This week, in the first of a four-part "Live from RSA Conference 2019" series, Rafal interviews Deidre Diamond. Deidre knows a little something about cybersecurity talent having worked in the field most of her professional career. We discuss all kinds of interesting and relevant topics...

Highlights from this week's show include...

Deidre presents her new "human model" for hiring, staffing, and retaining excellent talent
We discuss the difference between a good leader, and just a good manager and why those aren't the same
We discuss the pay gap, why it's still a thing, and what's to be done about it
Deidre discusses the challenges women face in cybersecurity, and what's changing

Guest:

Deidre Diamond: (@DeidreDiamond) -https://www.linkedin.com/in/deidrediamond/in her own words:
- Combining my 21 years of experience working in technology and staffing, my love for the cybersecurity community, and a genuine enthusiasm for people; I created Cyber Security Network (http://www.cybersn.com), a company transforming the way Cyber Security Professionals approach job searches. CyberSN.com will remove the frustration from job-hunting, and aid in interpersonal connections and education.
  
  Throughout my career, I have built large-scale sales and operations teams that achieved high performances. Creating cultures based on an anything is possible attitude allows people to achieve above and beyond the usual. By establishing an open communication framework throughout an organization; I have created cultures of positive energy, career advancement, and kindness, that enables teams to reach beyond peak performance and have fun at work.

Tue, 26 Feb 2019 02:09:43 -0500

DtSR Episode 336 - Energy Sector Security Update Q1-2019

This week, Patrick Miller joins Rafal to provide an update on the energy sector, and what's different (or not). Another episode with a returning guest who continues to provide timely and important updates on key "big picture" security issues.

Highlights from this week's show include...

Patrick gives us a "state of the union" update on what's going on in the power industry with security
Raf asks "are we getting better... or worse?"
Patrick discusses IoT, IIoT, and "everything has an IP address"
Patrick tells a story about his recent encounter with a 386 & DOS 2.2 (if you know what this is, you're old)

Tue, 19 Feb 2019 10:32:18 -0500

DtSR Episode 335 - Ranking the Adversaries

This week, in a special episode, Dmitri Alperovitch of Crowdstrike joins Rafal to talk about a brand new report thatCrowdstrike is releasing. The Crowdstrike2019 Global Threat Report is a must-read with some very interesting topics covered. Dmitri joins Rafal to talk specifically about the ranking of threat actors, and what it means toyou.

Highlights from this week's show include...

Dmitri explains "breakout time" and why it's important
Dmitri gives a walk-through of the methodology used to rank your global adversaries
Dmitri & Rafal talk through who's on first, and what's up with China
Rafal & Dmitri talk about what this report means toyou sitting at your desk playing defender

Tue, 12 Feb 2019 01:28:35 -0500

DtSR Episode 334 - Compliance and Operational Process

This week, on the DtSR Podcast,Rafal is joined by Matt Herring, long time listener, and first-time caller. We talk through Matt's career path, and how he got to head up a global security operations team. It's a pretty interesting story - you should listen.

Highlights from this week's show include...

Matt talks us through how he got into being an auditor
Matt and Raf compare and contrast compliance and security (yes, really)
An uncomfortable discussion on market consolidation ensues
Matt gets put on the spot for leading and trailing indicators, provides some insights

Guest:

Matthew Herring - @MatthewDHerring - Found on LinkedIn here:https://www.linkedin.com/in/matthew-herring-cissp-63277038/

Tue, 05 Feb 2019 01:32:50 -0500

DtSR Episode 333 - Security Evolution and Trends

This week James and Rafal talk to Sean Martin, one of the people who have been quietly making a difference in the security industry for almost three decades. Sean is credited with many innovations, ideas, and trends...and he spends some time discussing that with us.

Highlights from this week's show include...

We collectively quickly make fun of the SIEM (yesterday, today, and next decade)
Sean talks through the "feature companies" that are hitting the market in a recent couple of years
Raf brings up the idea that we really don't understand the impact of the technology we create for 10+ years - what does that mean for security?

Tue, 29 Jan 2019 23:40:55 -0500

DtSR Episode 332 - Security in Transformation

This week, long-time friend and colleague Jenn Black (doer of interesting things) joins James and Rafal on the podcast to talk about the role of security leaders in the digital transformation efforts of enterprise shops. Interesting conversation ensues.

Highlights from this week's show include...

Jenn, James, and Rafal discuss the role of the security lead in enterprise digital transformation
Jenn shares some of her experience in aiding CISOs with building security programs to support 'the business'
We make light of the fact that it's a million degrees below zero up north

Guest

Jenn R. Black ( @JennRBlack ) -With over 18 years of experience within IT and cybersecurity managed services, Jenn helps companies manage their cybersecurity threats, vulnerabilities, and risks to meet regulatory and business needs, while driving process efficiency. As a consultant in a cybersecurity practice, she works closely with clients to define their cyber strategy, create roadmaps and solutions to meet the companys security objectives.

Wed, 23 Jan 2019 01:09:28 -0500

DtSR Episode 331 - Incident Response and Counterfactuals

This week second-timer Jon Hawes is back for another trip to the microphone to talk about his interesting take on risk, response, and the security world we live and breathe. With interesting anecdotes and a firm grasp on real-world risk discussions, Jon and Raf have a pretty enlightening chat you will benefit from.

Highlights from this week's show include...

Jon discusses the concept of a "counterfactual"
Jon discusses feedback loops in how incidents are handled
Jon and Raf talk through how security professionals discuss 'risk' and what we can do to better the conversation

Guest:

Jon Hawes -https://www.linkedin.com/in/jonhawes/

Tue, 15 Jan 2019 00:00:00 -0500

DtSR Episode 330 - Biometrics for Authentication

This week, James and I sit down to discuss biometric authentication and some of the FUD around ways it can be broken. This ends pretty much the way you think it does.

Highlights from this week's show include...

James & Raf talk about how hackers used a "wax hand" to fool a vein auth system
- Link:https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbug
Fingerprint authentication to start your car?! We take this discussion to task
- Link:https://www.forbes.com/sites/jeanbaptiste/2018/12/27/hyundai-motor-lets-drivers-use-fingerprints-to-unlock-and-start-new-car/
James & Raf deconstruct the argument for and against biometric security
We ask "Does it matter that biometric auth is hackable?"

Wed, 09 Jan 2019 00:16:30 -0500

DtSR Episode 329 - Volunteering Your Career

This week, on the DtSRPodcast recorded way too early on a Monday morning, we talk volunteering in InfoSec with Kathleen Smith. Kathleen is the CMO of ClearedJobs.net and CyberJobs.com - and she recently ran a volunteerism survey (link:https://cybersecjobs.com/cyber-security-community-volunteering-report) you should probably check out too.

Highlights of this week's show include...

Kathleen discusses some of the highlights of the survey
We discuss some of the things volunteers learn, and why this is critical to our community
Several jokes are made
We discuss the value of volunteering and its impact on your career
and much, much more

Guest

Kathleen Smith - @YesItsKathleen - CMO, ClearedJobs.Net/CyberSecJobs.Com, both veteran-owned companies, she spearheads the community-building, and communications outreach initiatives catering to the both organizations many audiences including security cleared job seekers, cybersecurity candidates, and military personnel. Kathleen has presented at several security conferences on recruiting and job search within the cybersecurity world to include BSidesLV, BSidesTampa, BSidesDE, FedCyber. Kathleen volunteers in the cybersecurity community; she is the Director, HireGround, BSidesLVs 2-day career track. Kathleen is well respected within the recruiting community, is the co-founder and current President of recruitDC, the largest community of recruiters in the Washington DC area

Tue, 01 Jan 2019 20:30:25 -0500

DtSR Episode 328 - Who Who Who Are You

This week, James and Rafal welcome in 2019 with a look at the fundamentally fatalistic argument that "everyone gets hacked" - with Richard Bird. They discuss whether that's even a valid statement, and if so, what can we do about it?

Highlights from this week's show include...

Richard addresses the question of whether we've addressed a fundamentally fatalistic attitude towards security
The guys discuss whether the real perimeter, as we go into 2019
Richard schools the guys on identity - and what it's not the perimeter, but something else

Guest

Richard Bird -Chief Customer Information Officer at Ping Identity - Link:https://www.linkedin.com/in/rbird/
(Yes, Richard is the guy with the smashingly handsome bowties!)

Wed, 19 Dec 2018 01:28:24 -0500

DtSR Episode 327 - Experienced Security Leadership

This week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, and developing that talent pool. We talk to Yaron and Setu to get a sense of what their thoughts are on where good security leaders come from, and the hallmarks of that experience.

Highlights from this week's show include...

the curious case of the cyber head who doesn't computer
Yaron and Setu give us their thoughts on developing security leaders
Yaron shares some of his experience building a security program, across industries
Yaron and Setu give us a few pieces of insight for current and future security leaders

Tue, 11 Dec 2018 00:00:00 -0500

DtSR Episode 326 - MidMarket Security

This week, go down the security rabbit hole with someone who has been working on security in the mid-market (likely the kind of company you work at, statistically) for a long time. Bob has some great lessons learned and is willing to share. Listen in

Highlights from this week's show include...

Bob gives a quick history of how he "hacked into hacking"
A discussion of breaking into security
Bob & Raf discuss security in the mid-market, and how it's fundamentally different than other market segments
Bob discusses hiring, talent acquisition and "working from home" in today's job market

Tue, 04 Dec 2018 20:06:38 -0500

DtSR Episode 325 - A CISO at AWS reInvent 2018

In another episode LIVE'ish from AWS re:Invent2018 I catch perennial favorite and long-time friend Dustin Wilcox as he wandered the vendor show floor.

Highlights from this week's show include...

Raf asks Dustin the obvious question - what's a CISO doing at a cloud expo?
Dustin discusses some of the cloud transformation challenges for security teams
Dustin unveils the three things he is currently concerned most about for security, in the cloud
Dustin imparts a final piece of wisdom you won't want to miss...

Rafal's Guest:

Dustin Wilcox -Vice President and Chief Information Security Officer at Anthem, Inc. -https://www.linkedin.com/in/dustin-wilcox-4896614/

Wed, 28 Nov 2018 16:02:46 -0500

DtSR Episode 324-1 - AWS reInvent 2018 Delivering Security

At day 2 of re:Invent 2018 I tracked down Arash Marzban, Armor's head of product to talk about his stage session and where the market is going for security - at a developer/builder focused cloud conference. This short conversation is quite interesting...

Tue, 27 Nov 2018 13:27:51 -0500

DtSR Episode 324 - AWS reInvent 2018 Preamble

This episode of the Down the Security Rabbithole Podcast is sponsored in part by Armor Cloud Security. Go check us out at www.armor.com!

This week's show is a multi-part release from AWS re:Invent 2018. We sit down with two of Armor's solutions consultants to discuss trends, insights from day 0, and discuss anticipated moves and market shifts.

Expect this to be an insightful episode where we dive intocloud security from a development and security perspective.

Tue, 20 Nov 2018 00:59:24 -0500

DtSR Episode 323 - Security of a Global Enterprise

On episode 323, Richard Rushing (aka the "Security Ninua") joins us to talk about being the CISO of a global organization, and multi-national enterprise.

Highlights from this week's show include...

Richard talks to us about his background
We discuss the unique challenges of a multinational enterprise
Richard gives us some wisdom on how to approach "the business"
Richard provides some advice for keeping prioritization and sanity

Thu, 15 Nov 2018 17:08:08 -0500

DtSR Episode 322 - The Ethics of Cyber Security Panel

This week #DtSR tackles the topic no one else wants to - ethics in cybersecurity. There are a lot of things to be said, so rather than writing them down here, go listen to the episode. Repeatedly.

Highlights from this week's show include...

A base platform for the discussion on ethics
Moral relativism, applied to cyber
Law vs ethics
Cultural ethics and relativism
"Hacking back" - yes we went there

Tue, 06 Nov 2018 00:56:53 -0500

DtSR Episode 321 - Putting Threats In Perspective

** Go Vote **

Do your civic duty, and go vote. Heck, while you're standing in that long line to vote, listen to the podcast, we're not picky.

This week, Rob Graham joins Rafal and James (who's back!) to talk about various topics related to threats. We start with the hacking voting machines, and it go from there.

Highlights from this week's show include...

We ask Rob to tell us what he knows about the Georgia 'hacking the election' case going on right now
We discuss what the real threat to our elections is
We ask Rob to tell us what he thinks the biggest threats are, and how we should approach them

Thu, 01 Nov 2018 23:00:45 -0400

DtSR Episode 320 - Specializing in Forensics

This week, James Habben joins me in studio for what turns out to be an introspective walk through the evolving world of forensics.

Highlights from this week's show include...

James gives us some background on how he got where he is
We talk through some nostalgia
James answers the "Is APT trying to get me" question, sort of
We talk about things companies should be doing to prepare...

Tue, 23 Oct 2018 00:00:00 -0400

DtSR Episode 319 - Striking Out On Your Own

This week, my good friend and entrepreneur Rock Lambros (of the newly formed Rock Cyber) joins me to talk about getting the itch to go out on your own and actually doing it. Many of us have thought about it, daydreamed, but very fewdo it. So hear an episode from someone who did...

Highlights of this week's show include...

What motivates and drives someone to jump the safety net of corporate life and go off on their own?
Rock gives us the secret to "How you know it's time"
We discuss how you can avoid the failings of the typical "consultant"
We talk through some very interesting strategy and advisory questions... (lots of gems in here!)
Rock drops his list of things to think about/remember
We discuss how to make security more than just a cost center

Links:

Rock's new company - Rock Cyber "Navigating Security in a Brave New World" (www.rockcyber.com)

Wed, 17 Oct 2018 20:45:20 -0400

DtSR Episode 318 - War, Cyber and Policy

This week the DtSR podcast tackles one of the thornier issues going around in the news. As the accusations of Russsian hacking continue to mount, international leaders are speaking out and making bold statements that impact policy on a global level.

This topic needed to be addressed with some folks who have actual expertise in the matter - and with the understanding that what we have here are opinions and interpretations.

Highlights from this week's show include:

A lively discussion on the implications of the term "cyber war"
Jon and Dennis discuss the tone, and context of the article in question:https://nltimes.nl/2018/10/15/netherlands-cyber-war-russia-defense-minister-says
Rafal, Patrick, and Jon go a few rounds on other cyber matters as it pertains to the term "war" and its implications

If you listen to this episode and have a strong opinion - get on Twitter and use the hashtag #DtSR and let's discuss it! There is already a lively discussion started here:https://twitter.com/Wh1t3Rabbit/status/1051928507884875776

Tue, 09 Oct 2018 00:00:00 -0400

DtSR Episode 317 - Protecting Higher Education

While James is away, Raf will podcast all day ...or something like that.

Highlights from this week's show include:

Bill talks about what it's like to jump into a higher education system and try and play defense
We discuss the role of governance, centralized policy, and management in higher education environments
Bill discusses his view on the appropriate places to work in security, in a college/higher education environment
We compare and contrast the experience of security in higher education against very large enterprise (the comparison may shock you)

Guest

William Reyor - ( @WilliamReyor ) -William is Fairfield Universitys first CISO, is a former penetration tester, and has more than a decade of security and network engineering experience. He is also the Security BSides Connecticut co-founder. You can find Bill on LinkedIn here:https://www.linkedin.com/in/wreyor/

Wed, 03 Oct 2018 16:25:24 -0400

DtSR Episode 316 - NCSAM 2018

So, it's October 2018, and it's National Cyber Security Awareness Month. Again.

James and I have a bit of an issue with this, as you'd guess. Why are we still talking aboutawareness when we need action? Are there really people out there that are saying "If only I was aware that there are bad people trying to do bad things, I'd had done it differently"?

Highlights from this week's show include...

We riff on the thing we talk about once a year (and not anymore)
James takes a shot at passwords... fish, meet the barrel
Raf gets a little upset that we're talking about awareness, since 2004 and nothing really changes
Raf & James ask you to take action this year and tell us about it! Hashtag it #DtSR and tell us what you're doing for NCSAM 2018 that's going to make an actual difference

Tue, 25 Sep 2018 00:00:00 -0400

DtSR Episode 315 - Women in Cybersecurity-Mary Cheney

On this episode of the Down the Security Rabbithole Podcast, Mary Cheney joins us fresh off her talk to the North Texas ISSA Women in Security group. She has such a colorful background and such great stories to tell - we just had to have her on the show.

Highlights from this week's show include...

A walk-through of Mary's colorful and extremely diverse background
Mary talks about burnout as we pick up the topic from our conversation with Ann Johnson's episode
Mary talks about corporate "tools efficacy" and security's cry for wolves
...so much more!

Tue, 18 Sep 2018 01:22:47 -0400

DtSR Episode 314 - None of This Crap is Secure

This week, on DtSREpisode 314, the infamous (that's more than famous) John Strand joins us. No, not the male model ...the guy who's been an InfoSec legend since before you could walk.

Highlights from this week's show include...

We take a stroll down memory lane
We discuss the challenges with more complexity in development
John takes us through what he thinks some of the faults are

Tue, 11 Sep 2018 00:00:00 -0400

DtSR Episode 313 - Cyber Law Update Sept 2018

Friends welcome to yet another edition of the Down the Security Rabbithole Podcast - as we invite perennial favorite, Shawn Tuma onto the show! Shawn has a new office, a new law firm, and is giving us his take on what's new in the world of cyber and law. Listen in!

Highlights from this week's episode include...

Shawn brings up "The GDPR" and the self-imposed disaster that it has become
We dive into the problem with "all the data"
Shawn explains the idea of "necessary and proper" and case-law for data breaches
Shawn tells us about cyber insurance and the scariest word in the vernacular ... "negligence"

Tue, 04 Sep 2018 23:23:13 -0400

DtSR Episode 312 - Ann Johnson on Mental Health

This week Down the Security Rabbithole Podcast welcomes two very cool ladies from the InfoSec realm. First Ann Johnson of Microsoft (if you don't know Ann, you're living under a rock, honestly) is here to discuss a tweet she put out a while ago (https://twitter.com/ajohnsocyber/status/1033934334720278528) on mental health in high-pressure jobs in InfoSec. If that wasn't enough, Jennifer Duman from Armor joins us as a guest-host to provide her experienced perspective as a road warrior.

Highlights from this week's episode include...

Ann discusses the big deal with working from the road, in a high-pressure InfoSec job
We discuss the impact of being a road warrior has on mental health, families, and career
Ann gives us some insight from the teams and companies she's worked with
Ann gives us some thoughts on how to mitigate mental health impact for InfoSec professionals

Guest

Ann Johnson - Corporate VP, Cybersecurity Solutions @ Microsoft
- Twitter: @ajohnsocyber
- LinkedIn:https://www.linkedin.com/in/ann-johnsons/

Guest Host

Jennifer Duman - Director of North American Channels @ Armor
- LinkedIn:https://www.linkedin.com/in/jduman/

Wed, 29 Aug 2018 12:29:33 -0400

DtSR Episode 311 - Further the Browser

This week we dive into the world of the web browser. A brief history, some discussion about what's wrong and how it's broken - and a few suggestions for what to do next. This is a complicated discussion - so you can bet we'll come back to it with your feedback!

Highlights from this week's show include...

A brief walk-through of the history of browsing
Solutions that tried, but ultimately failed, to solve the challenges
An approach we've seen before - the "remote browser"
Discussion on challenges and opportunities of the remote browser concept
Discussion on Authentic8's approach and innovations

Thu, 23 Aug 2018 12:51:33 -0400

DtSR Episode 310 - RFP POC OMG

This week, Rafal & James discuss one of the bigger challenges that an enterprise security team faces today - evaluating new/replacement security tools and services. Listen close if you're on the enterprise side, and listen closer if you're selling to them.

Highlights from this week's show include...

We address the difficulties of evaluating or replacing technologies or services
Rafal takes you into the "better" trap, and how you can avoid it
We discuss defining concrete problem statements
James & Rafal talk through the challenges of defining good requirements and evaluating
We address how to pick a winner - or not

Tue, 14 Aug 2018 00:00:00 -0400

DtSR Episode 309 - Digital Transformation, Take 2

This week Nate Smolenski - Director, Cloud Architecture Services - joins us for an insightful discussion on the concept of digital transformation for the enterprise. Many companies are undergoing a digital transformation, or have done so already, and it's up to security to once again, catch up.

Nate brings a truckload of experience and evidence into the conversation and as a security professional and practitioner - you should absolutely listen to this episode. Twice.

Highlights from this week's show include...

Answering: What in the world is "digital transformation"?
Discussion around the seemingly "take 2" we're embarking on, as security professionals
Enterprise security's role, or not, in digital transformation

Wed, 08 Aug 2018 01:48:38 -0400

DtSR Episode 308 - Theoretical and Applied Futurism

Friends, this week's episode is truly unique. We talk to a gentleman whose job it is to think big, and into the future in a big way.

Jeremy Nulik is the "Evangelist Prime" at Big Wide Sky - an organization that looks to think big, and solve big problems, in big ways. This is an incredible journey into problem-solving on a grand scale.

Highlights from this week's show include...

An overview of futurism, as an abstract tool for problem-solving
A discussion on the roots of futurism
Overview of how futurism is applied today
The four key approaches in applied futurism
Applying futurism to problem-solving in information security

Links you need to check out:

Tue, 31 Jul 2018 22:55:38 -0400

DtSR Episode 307 - Building and Teaching in Chicago

On this episode of the Down the Security Rabbithole Podcast, Rafal is in Chicago for a few days and visiting with a long-time friend and colleague, Don Donzal. Don has some great history in the Chicago hacking and security professional scene, so we take a stroll down memory lane, talk about what he's doing now, and take a long look ahead. Join us!

Highlights from this week's show include...

Don gives us a little insight into where Ethical Hacker Network got started
A history of Chicago Con - anyone been?
Life, family, career - and how balancing all of that and still doing what you love is important
A look into the future of the new venture!

Catch the Ethical Hacker Network online at https://ethicalhacker.net, and on Twitter at @EthicalHacker.

Tue, 24 Jul 2018 23:59:44 -0400

DtSR Episode 306 - Balancing Family and Career

This week, we tackle a topic that should not have taken 306 episodes to get to - balancing family and work while growing a career in Information Security. Britney hits the high points with us, and takes us down the road of what it's like being a mother and security leader - as we explore the topic for everyone who is in our field.

Highlights from this week's show include:

Who does this apply to?
Are you being asked to choose?
Becoming adaptive
When you should bend and when you should concede
Creating your own space
Confidence
Benefits of Blending

Tue, 17 Jul 2018 01:32:15 -0400

DtSR Episode 305 - Security for the Mid-market

Do you work at a company that's too big to be "small business" but too small to be "large enterprise"? You're probably in that place known as the "mid-market". Many of the large vendors don't pay attention to you, and yet you still have all of the same problems big companies do - just without all the budget. What do you do? Listen to this episode of DtSR and find out what we think.

Highlights from this week's show include...

Addressing the "tool" or "staff" conundrum
Who's manning all those dashboards? Staff to dashboard ratio
How do you prioritize, when you can't multi-thread?
Giving up isn't an option, so what do you do?

Tue, 10 Jul 2018 23:50:04 -0400

DtSR Episode 304 - Transforming Security

This week, James and I interview a former Optiv colleague and advisor to many Fortune 250 CISOs in his long career, our friend Ron Kurisczak. Ron's long and successful career has included time spent truly transforming the way security functions, and how it's seen in the boardroom. Spend 35 minutes and hear his take on where we've been, and why right now is so crucial to our future.

Highlights from this week's show include...

Why are we transforming security?
- Data classification, operation policies
Tracking key performance indicators (KPIs) to the new rules of security
- Who's getting through, how long did they have, what did you do to eradicate?
What are we measuring - how do we define "maturity" in security programs
Understanding how we understand and measure long-term losses from security failures
Moving into a truly risk-based security program, and away from "how much are my peers spending?"

Tue, 03 Jul 2018 00:00:00 -0400

DtSR Episode 303 - Advising Security Leadership

Thanks to my friend Brian Wrozek for joining us this week on Down the Security Rabbithole Podcast. Brian's long career as a CISO has broken several 'typical' molds... so he's a fantastic person to join us to talk about the things CISOs should be thinking about.

Highlights from this week's show include...

Prioritizing projects as the CISO
Getting support from the outside because "we hired you to know this"
Refreshing and revisiting completed projects/tools to optimize and see a value
Security is additive, we never really take anything away - is this a problem?
Red team, blue team, purple team ... what happened to penetration testing?
Automation, orchestration, automated response to bad
Risk management, and "back to the basics" is still broken
Breach after breach after breach - and nothing's changing

Tue, 26 Jun 2018 00:00:00 -0400

DtSR Episode 302 - InfoSec Superhero Syndrome

This week, as DtSRrolls on to Episode 302, we talk with John Svazic who is a Cloud Security Architect for a day job and runs the Purple Squad Security Podcast in his spare time. His perspective on the idea of an "infosec army of one" is one that many of us share, and it needs to be solved.

Highlights from this week's show include...

Trying to solve everything, on our own... burn out or flame on
Working as a lone wolf can be detrimental to your career, and sanity
Working as an individual within an enterprise team
Perspective for the business requires others
Case in point - Application security jobs
Purple teams - the ultimate collaboration, not me vs you

Tue, 19 Jun 2018 15:44:02 -0400

DtSR Episode 301 - Julie Conroy on eFraud and Identity

This week on Episode 301, James is off and I take a one on one conversation with Julie Conroy from Aite group on the topic of global fraud. It's a fascinating conversation that winds through the fringes and often unexplored corners of enterprisesecurity. Check it out, and special thanks to Julie for taking the time out of her busy schedule.

Highlights from this week's show include...

A brief glimpse into the impact of enterprise security on global fraud
Julie talks through identity, and how enterprise security can positively impact fraud
Account takeovers - the thing we all fear but struggle to solve
Balancing security and usability, convenience

Guest

Julie Conroy - (https://www.linkedin.com/in/julie-conroy-6997/): Julie is an experienced product management executive with a proven track record of revenue growth and innovation.

Wed, 13 Jun 2018 23:09:30 -0400

DtSR Episode 300 - Reminiscing

Thank you, listeners!

Down the Security Rabbithole has reached milestone episode #300.

In this episode, James and Rafal sit down with the nothing more than an open mic and talk through topics the podcast has previously covered, and others we still have yet to cover.

Join us. And a personal thank you to all of our guests over the past 300+ episodes... we are looking forward to much more great content to come!

Tue, 05 Jun 2018 00:00:00 -0400

DtSR Episode 299 - Leadership Lessons w Chris Abramson

Special thanks to Chris for doing this in-person. It was a fun conversation and always a pleasure!

Highlights from this week's show include...

Chris and I talk about measuring 'risk'
We discuss 'brittle systems' which apparently are still alive and kicking
Risk analysis, cloud computing, and your business

Guest

Chris Abramson ( @cabramson50 ) - Director, Information Security Delivery & Engineering;Team oriented Enterprise Information Security Management professional seeking to improve the security of organizations through education and practice. Qualifications include a bachelors degree in computer science; CISM, CISA, CEH and ECSA certification. Understanding of Industry, State and Federal regulatory standards. Ten years of experience in the creation and deployment of Information Security solutions for protecting the networks, systems and data assets of a fortune 50 company.

Tue, 29 May 2018 00:00:00 -0400

DtSR Episode 298 - Overcoming the Language Barrier

Two more episodes until we hit #300...what a crazy ride it's been! Thanks for taking the journey with us, and we're looking forward to having you along for another 300 (maybe).

Highlights from this week's show include...

Applications of DoD security in a non-DoD world
The meaning and elements of the risk equation
Understanding (making sense of) the risk equation
Swimming in the swamp of marketing literature
AppSec as an area of expertise (again, and again, and again)

Go see Jeff atCircle City Con if you're attending. He's giving a talk (https://circlecitycon.com/talks/rethinking_cyber_security_given_the_spectre_of_a_meltdown_someone_hold_my_beer/) titled "(Re)Thinking Cyber Security Given the Spectre of a Meltdown: (Someone Hold My Beer)"

Tue, 22 May 2018 01:14:11 -0400

DtSR Episode 297 - A Model for Prioritizing Patching Efforts

Before you listen to this podcast ... go grab this report:https://www.kennasecurity.com/prioritization-to-prediction-report/from Kenna Security and the Cyentia Institute. Read it. Think about it. Then listen to this show.

Highlights from this week's show include...

A high-level walkthrough of the model that authors developed, and the many interesting insights
Why what you're doing now is probably as good asrandom chance
A deeper discussion on cause and effect of patches, and trying to do everything

So much more! While you're listening to the show, hit us up on Twitter using the hashtag #DtSR or tweet to @DtSR_Podcast!

Guests

Jay Jacobs ( @JayJacobs )
Wade Baker ( @WadeBaker )
Michael Roytman ( @MRoytman )

Tue, 15 May 2018 00:00:00 -0400

DtSR Episode 296 - Hype Machine Off the Rails

This week, former analyst and security industry veteran Adrian Sanabria joins James & Rafal to talk about some of the hype in our industry. From current events, to learning lessons, to the on-going master-class in bullsh*t we convince ourselves of - this podcast is a riveting (although slightly longer) episode of free-flowing discussion.

Highlights from this week's show include...

We discuss #eFail - and the circus maximus of ridiculousness that it currently is
Adrian gives us some views on believing our own nonsense
We attempt to discuss how we got to this point
Much more!

Wed, 09 May 2018 10:49:51 -0400

DtSR Episode 295 - DevSecOps is Not a Thing

This week, Mark Nunnikhoven joins us from the great white North. All the way from Ottawa, Canada - Mark talks with James and Raf about cloud computing, DevOps, and some silly things security folks are doing to undermine themselves in the brave new world.

Highlights from this week's show include...

A brief discussion on moose and Canada
Why none of us believe "DevSecOps" is a thing
Deploying security into modern code development practices
Much, much, much more

Guest

Mark Nunnikhoven ( @MarkNCA ) - Vice President, Cloud Research at Trend Micro. Mark has way too many credentials and accolades to list here, go read his LinkedIn page, or check out "Mornings with Mark" on his Twitter feed daily.[Mark on LinkedIn]

Wed, 02 May 2018 00:03:47 -0400

DtSR Episode 294 - Securing Azure

* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements athttps://microsoft.com/rsaand if you really want to check out something amazing where IoT and cloud collide, check outhttps://microsoft.com/azure-sphere.

On this second special episode of the podcast live from RSA 2018, Raf sits down at RSA Conference 2018 with a gentleman you may not know but you should, Avi Ben-Menahem. We discuss what it's like in terms of effort, scope, and sheer talent, to take on the monumental task of securing the Azure public cloud platform. Avi shares his insights, and drops us some interesting tidbits on the day in the life of someone working at truly hyper scale.

Again, special thanks to Jessica and the Microsoft team for some truly unprecedented access.

Tue, 24 Apr 2018 00:00:00 -0400

DtSR Episode 293 - Diana Kelley from RSA 2018

* Special thanks to Microsoft for giving DtSR access to fantastic guests, and printing t-shirts & stickers for RSA Conference 2018. Please help us say thank you and check out all of the MS announcements at https://microsoft.com/rsaand if you really want to check out something amazing where IoT and cloud collide, check out https://microsoft.com/azure-sphere.

On this very special episode of the podcast, Raf sits down at RSA Conference 2018 with the one and only Diana Kelley to talk data integrity, crisis communication, and fear-based selling in security.

Again, special thanks to Jessica and the Microsoft.

Guest

Diana Kelley ( @DianaKelley14 ) - Diana is the Cybersecurity Field CTO for Microsoft, a cybersecurity thought leader, practitioner, executive advisor, architect, speaker, author and co-founder of SecurityCurve. More here:https://www.linkedin.com/in/dianakelleysecuritycurve/

Tue, 17 Apr 2018 00:00:00 -0400

DtSR Episode 292 - Navigating Industry Conferences (RSA)

This week, James is back and he and Raf sit down for a discussion on navigating the big industry conferences, as RSA Conference kicks off in San Francisco. We add just the right bit of snark to your day, and provide some much-needed commentary on the industry, conferences, and survival.

Highlights from this week's show include...

A quick overview of RSA Conference
Getting value, learning something, or whatever else
Buzzwords, and navigating marketing speak
Attendee personas: buyer, attendee, vendor - there is a huge difference in how you experience a conference from these angles
Feature, product, or startup (sometimes they're the same thing!)
Tips, tricks and ideas for having a successful experience

Tue, 10 Apr 2018 00:00:00 -0400

DtSR Episode 291 - A New Perspective On Endpoint (Nyotron)

[This week's episode and fantastic discussion on endpoint security is sponsored by Nyotron]. DtSR listeners already know we don't do advertisements or traditional sponsorship - so when we bring in a sponsored guest it's because we believe the topic is interesting and the guests have a genuinely interesting point of view.

On that note...

The topic this week is the endpoint. Yes, the endpoint - the place where security started, and was subsequently abandoned, and reborn. Whether you're talking about virtual cloud workloads, laptops or other types of endpoints - we can all agree on the fact that there are too many buzz words, too many tools, and too many 'solutions' to the various ailments of the endpoint. This week we dive down the rabbit hole with Rene and Nir, from Nyotron, to hear their unique perspective and get an understanding on why they think their approach to this very difficult problem is worthy of your time.

I invite you to give this episode a listen, as it's a bit of a pilot for us. If you all enjoy it, we will do 1-2 of these per quarter ... if the audience votes that these add no value, we will give it more thought.

If you're coming out to RSA 2018, comesee demos of live attacks (including Rubber Ducky) and learn more about Nyotron's technology at the RSA Conference - South Hall, booth #1639.

More information on Nyotron which we invite you to check out are here:

Nyotron's latest OilRig report - https://nyotron.com/oilrig/
Background on Nyotron's technology - https://nyotron.com/wp-content/uploads/2017/01/Nyotron-Positive-White-Paper_1-10-2018.pdf
Endpoint security assessment - https://nyotron.com/bpt/

Don't forget the hashtag #DtSR on Twitter and you can find us on LinkedIn as well!

Thanks for Rene and Nir of Nyotron for the discussion and recognition of the DtSR audience!

Tue, 03 Apr 2018 00:00:00 -0400

DtSR Episode 290 - What Ails the CMS

This week on the Down the Security Rabbithole Podcast, Tony Perez stops by for an early morning chat about the content management systems we in InfoSec love to hate on. We talk about Drupal, Wordpress and all the other CMSes out there that have similar issues.

Highlights from this week's show include...

Why start a company that does CMS security (they're hopeless anyway right?)
How many of the most popular CMSes are actually not as bad as you may think, security wise
The core, the plug-in infrastructure, and plug-ins
Finding, responding to, and fixing bugs in the modern software world

Guest

Tony Perez ( @Perezbox ) - [Tony has perhaps one of the coolest LinkedIn write-ups, so I'm pasting it here.] Tony is a proven business leader and operator. He is a former US Marine (2000 - 2005), and former CEO of Sucuri (2011 - 2017), a website security platform that was acquired by GoDaddy in April 2017. He has proven experience taking a security product from startup to a global, multi-national, organization.

His core competency revolves around: leadership, management, marketing, product position, product pricing, sales, business institutionalization, revenue and organizational strategy.

He believes that our greatest responsibility in sales and marketing is to bridge the gap between the value a customer expects from your product, and the value you assume you are delivering.

He brings with him an intoxicating level of energy, work ethic and passion. Excelling in high-tempo environments, and executing flawlessly against strategies. He is adamant about self-reflection and self-actualization, placing energy on learning his weaknesses and building on them.

He is horrible at spelling, but amazing at motivating people. He is known for challenging people to be better, to strive for more, to never settle for the cards they've been dealt. He was a leader of Marines, and today he's a leader of people, technology and industry.

Tue, 27 Mar 2018 12:00:00 -0400

DtSR Episode 289 - Neither Security Nor Privacy

This week, join DtSR as Rafal sits down across the virtual table with the one and only Robert Hansen. Rob (aka @Rsnake ) discusses his roots of being an almost-bad-guy, to the security of browsers, and privacy. Plus we get to reveal something pretty awesome...

Highlights from this week's show include...

Rob's fascination with alien conspiracy theories
A back history of browsers you've never heard of, that you benefit from today
Google...
Security vs. Privacy - why you don't actually get either
A secret reveal from Rob about his exciting new venture

Tue, 20 Mar 2018 00:00:00 -0400

DtSR Episode 288 - Experienced Opinions

This week, while James was out on family duty, I sat down on a Saturday morning with my good friend Will Gragido to talk security. Will is an industry old-timer (sorry buddy, we're old) and has some seriously valid opinions on many things. We discuss some interesting topics, and apologize for nothing.

Highlights from this week's show include...

It's conference season again... and time for more buzzword bingo
Marketing people are the worst...except we're all complicit
Threat Intelligence. Again. Still. Yep.
Let's go hunting for threats - who should have a threat hunt team, and why
Mergers, acquisitions, and the future of our industry

Guest

Will Gragido ( @WGragido ) -Will Gragido is a seasoned security professional with over 20 years experience in networking and information security. Wills extensive background is the result of his service as a United States Marine, a consultant with the world renowned International Network Services, Internet Security Systems (now IBM ISS), McAfee, Damballa, Cassandra Security, RSA Netwitness, Carbon Black, Digital Shadows and now Digital Guardian where he leads the organizations Advanced Threat Protection Product Line as its Director.

Tue, 13 Mar 2018 00:00:00 -0400

DtSR Episode 287 - Armored and Battle Tested

In case y'all don't read LinkedIn or Twitter - Rafal recently joined Armor (Armor.com), so what better time to interview the CEO Chris Drake than right now.

So this week, Chris Drake joins us in the studio to talk about his background (which is quite interesting, by the way) and how he got to start a fast-paced cloud security-as-a-service company.

Highlights from this week's show include...

The road starts with jumping out of airplanes
The Butterball story
More discussion on challenges with existing security models
Security-as-a-Service vs. Managed Security (MSS) - differences and big differences

Guest:

Chris Drake, Founder and CEO of Armor ( @ChrisDrake ) - Chris is currently the founder and CEO of Armor, a fast-paced cloud Security-as-a-Service provider. If you want more on Chris, you'll have to listen to the podcast.

Tue, 06 Mar 2018 00:00:00 -0500

DtSR Episode 286 - Breach vs Incident vs Lawyers

This week's DtSR Podcast sits down in the offices of Shawn Tuma to discuss an update on the law with regards to data breaches, or incidents - and what the differences between. We talk through current events, past history and look into the future a bit.

Highlights from this week's show include...

thelegaldifferences in the words we use (breach vs. incident)
notification and disclosure in a global economy
planning, preparation, and the big day
costs - specifically around insurance - when things go badly
right to sue for current, and future, damages (did they really happen?)
overview of GDPR, and the cornucopia of other local, regional, national, and international laws as they are evolving

Guest

Shawn Tuma ( @ShawnETuma )

Tue, 27 Feb 2018 16:26:08 -0500

DtSR Episode 285 - Alt-Tab Alt-Tab Swivel-Chair

We have a treat for you folks this week!

On episode 285 of the podcast I'm joined by three well repected, forward thinking, and entrepreneurial-minded security executives to talk about about some of the challenges they see in the industry and what they're doing to solve them.

From cloud, to threat intelligence, staffing, and other scaling issues - we address the issues head-on, and provide some insight into what these three are thinking going forward.

*The audio quality isn't the usual high-quality I expect to publish, so my apologies for that in advance. Somewhere the recording tool I use had an issue, but I did my best to make sure you could hear the speakers clearly. Apologies for the background noise on this recording.

Guests:

Susan Magee
Dustin Wilcox
Jason Clark

If you've noticed the new logo, it's courtesy of aphenomenal artist, whose name is Peter Czaplarski. Yes, you too can hire him to draw amazing things for you, you can find him here:http://fb.com/CzaplarskiArt. Peter is also the artist behind Vengence Nevada (found here, for you comic lovers:https://www.comixology.eu/Vengeance-Nevada-1/digital-comic/593731) and has been an artist in many other venues. We highly encourage you to give his Facebook page a like!

Tue, 20 Feb 2018 01:46:14 -0500

DtSR Episode 284 - MSS SOS

This week on the Down the Security Rabbithole Podcast, Raf and James welcome long-time friend of Rafal's - Scott Stanton - to the microphone. Scott's able to join Raf in person in Atlanta, while James is predictably on the other end of a Howdy Doodie (you'll get this if you listen).

This week, we tackle the MSS issue (Managed Security Services providers) again, but with a fresh angle where we aren't just spending the entire time bashing something we all rely on - but rather providing some constructive feedback into MSS providers from an enterprise perspective. And reminiscing a little. A lot.

Join us! And spread the word!

Guest:

Scott Stanton ( @Scott_Stanton ) -Information Security leader with experience in the High Tech, Manufacturing, Engineering, Services, and Energy industries. My technical depth includes application development, IP networking, operating systems, virtualization, and storage systems. Scott is currently the Senior Manager of Infrastructure Security at a medical technology company.

If you've noticed the new logo, it's courtesy of aphenomenal artist, whose name is Peter Czaplarski. Yes, you too can hire him to draw amazing things for you, you can find him here: http://fb.com/CzaplarskiArt. Peter is also the artist behind Vengence Nevada (found here, for you comic lovers:https://www.comixology.eu/Vengeance-Nevada-1/digital-comic/593731) and has been an artist in many other venues. We highly encourage you to give his Facebook page a like!

Tue, 13 Feb 2018 01:31:51 -0500

DtSR Episode 283 - Testing Security Into Applications

This week an old friend, Vinnie Liu of Bishop Fox, joins Raf and James to talk about the history of App Sec. We started trying to test ourselves secure, and we continue to come back to it - so this episode is a walk down memory lane and a glimpse into the future of application security.

Don't forget to like us on iTunes and share with your colleagues!

Guest

Vinnie Liu ( @VinnieLiu ) - Vincent Liu (CISSP) is a Partner at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. With nearly two decades of experience, Vincent is an expert in security strategy, red teaming, and product security; and at Bishop Fox, he oversees firm strategy and client relationships.

Tue, 06 Feb 2018 10:48:11 -0500

DtSR Episode 282 - DDoS - Past, Present, and Future

Join us this week on Down the Security Rabbithole as Barrett Lyon (who knows a thing or two about DDoS) is our guest to talk about the evolution of the art and science of kicking people off of a network. Barrett is the authority on DDoS, with over 20 years in the field, going back to when angry teenagers flooded each other off of IRC servers.

This is a fun episode that walks through DDoS - where it came from, how it evolved, and what we can expect in the future. TLDR; yes ...your fridge may one day DDoS your toaster.

Guest

Barrett Lyon ( @BarrettLyon ) -

Barrett Lyon is the Vice President of Research and Development for the Neustar Security Solutions portfolio. He spearheads the development of innovative new products and solutions for the companys industry-leading DDoS, DNS and cybersecurity solutions.

Mr. Lyon is a serial entrepreneur and a well-respected cybersecurity thought leader with experience building leading edge network services and infrastructure. Prior to Neustar, Mr. Lyon founded Defense.net and served as its Chief Technology Officer. In 2009, he co-founded XDN, Inc. and served as its CEO. As Chief Technology Officer, he led the strategy and technical operations at BitGravity, a company he co-founded. Previously, Mr. Lyon founded Prolexic Technologies and served as its Chief Technology Officer, where he created the first successfully managed service to defend enterprises from Distributed Denial of Service (DDoS) attacks.

His authority and over 20 years of experience in the network security space has led to numerous collaborations with a majority of the tier-one and tier-two carriers in North America and Europe, and at National Security Agencies in Europe and the U.S. Outside of the security field, he has been active proponent in the advancement of the Internet. Mr. Lyon was responsible for the Opte Project, often referred to as the Internet Mapping Project and he formed AlphaLinux.org. He has been published in several security and

Tue, 30 Jan 2018 01:44:51 -0500

DtSR Episode 281 - Exploiting and Defending Human Behavior

This week, go Down the Security Rabbithole with James and Raf as they host Robert Sell. Robert took 3rd place at the Defcon SECTF (Social Engineering Capture-the-Flag) in 2017 and he has some lessons to you in the enterprise.

"Social Engineering" (while a ridiculous and non-descriptive term) is a real attack vector. How are you defending your enterprise?

Listen in. Then talk back on Twitter at #DtSR or LinkedIn!

Guest:

Robert Sell ( @RobertESell &https://www.linkedin.com/in/robertsell/)

Mon, 22 Jan 2018 00:00:00 -0500

DtSR Episode 280 - A Cloud Container Security Primer

This week, Chris Rosen from IBM joins us to talk about cloud containers - and the security (or lack thereof) of them. There is a paradigm change coming which significantly impacts security - if we're ready for it. Chris talks us through the dramatic changes (or maybe not) of doing cloud security with containers and the impact to the shared responsibility model.

Join us, and let us know what you think by leaving us a comment, either here or on iTunes.

Guest

Chris Rosen - https://www.linkedin.com/in/chris-rosen-71790513/

Tue, 16 Jan 2018 18:31:04 -0500

DtSR Episode 279 - Deeper Down the SDP Rabbithole

This week, Jason Garbis re-joins the podcast to go past the Primer (Episode 257) and dive deeper into SDP (Software Defined Perimeter) with a discussion on cloud and relevance to the re-invention of the data center and related infrastructure.

Related DtSR listening:

Zero Trust Model w/ John Kindervag: http://podcast.wh1t3rabbit.net/dtsr-episode-222-zero-trust-security-model
Software Ate the Perimeter w/Jason Garbis: http://podcast.wh1t3rabbit.net/dtsr-episode-257-software-ate-the-perimeter

Tue, 09 Jan 2018 00:00:00 -0500

DtSR Episode 278 - The Meltdown Over Spectre

Welcome Down the Security Rabbithole. This week we bring Jeff Schilling from Armor to talk about Spectre and Meltdown - the two hottest topics of the security right now and for the foreseeable future.

While you listen to us talk, check out these links:

And the obligatory "I patched and things got worse" post:

https://twitter.com/timgostony/status/948682862844248065

Tue, 02 Jan 2018 11:53:37 -0500

DtSR Episode 277 - An Outside In Look at Security and Innovation

Happy New Year, 2018.

Friends, thanks for listening! I can't believe this podcast is still going strong after all these years and 277 episodes. I started this podcast with an idea - give you something to listen to that was office-friendly, informative, and focused on advancing our trade. Over the years I've gotten some encouraging comments from people ranging from those trying to get into our industry, to those who are leading large organizations' security practices. I'm encouraged by you all, and thank you for supporting us.

Now, let's get on with 2018.

On this first episode of 2018, James and I welcome Ben Kepes who is a long-time friend of mine and and industry analyst. Ben isn't your typical analyst though, because he has a healthy dose of skepticism, an eye for bullsh**, and he's trusted by vendor and buyer alike. Oh, also, he's a Kiwi so he's got that going for him too.

Sit back, enjoy, and leave us a comment if you are so moved.

Tue, 26 Dec 2017 11:04:08 -0500

DtSR Episode 276 - Game Changer in ICS (no FUD edition)

What: In this episode we get the facts on the recent game-changing malware/attacks that appear to be nation-state sponsored attacking critical safety systems in industrial controls (ICS).

Why: You've probably read about it, and depending on what you read you may only have the hype or half the story.

Who: As always, Sergio Caltagirone from Dragos is the master at telling a great story, from just the facts. He's part of the team that did the analysis, wrote the narrative, and then ended up on countless phone calls explaining it to executives and national security types. He knows his craft.

Links:

Dragos blog about the topic: https://dragos.com/blog/trisis/
Fireeye's version: https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html

We invited him on this special episode to give you the inside story, to separate some of the hyperbole from reality - so listen up.

Tue, 19 Dec 2017 00:00:00 -0500

DtSR Episode 275 - Beyond 2017 A New Hope

For episode 275 we are once again joined by the one and only Haroon Meer ( @haroonmeer ) to follow up on his conversation from September 2016 titled "What will get us there". If you've not had a chance to listen to that show, you absolutely should do that first.

Haroon shares his perspective including...

"The cloud has won"
Fundamentals are still hard, we're still largely failing at them
Hackers make the best engineers when you give them a problem to solve
Where do we go from here, into 2018, is there hope?

Wed, 13 Dec 2017 10:53:29 -0500

DtSR Episode 274 - Let's Talk Power Grid

This week, Patrick Miller returns (another boomerang guest from the way-back machine) to talk about the energy grid. It turn out, things aren't super different from 5 years ago, but some things have changed.

Patrick and I discuss resiliency (over actual security) in the grid, and focus on transmission, generation, and "getting it all working again" from a life safety perspective. It's a fascinating discussion, don't miss it!

** Apologies for some of the audio quality, we had "choppy" issues on Skype and I edited the best I could.

Tue, 05 Dec 2017 00:55:21 -0500

DtSR Episode 273 - Automate or Die (w/Demisto)

Join James and Rafal, one last time,live fromEnfuse Conference (Las Vegas, NV) this past summer.

In this episode, we track down a personal friend of Raf's - Bob Kruse, Demisto, VP Sales & Alliances, and talk about the need for the enterprise to automate and orchestrate.

Oh, also, Bob pretty much said by 1 year from the recording of that episode he would get an "Automate or Die" tattoo. So just to be on the safe side, we'll give him until next year, about this time. Game on, Bob.

Tue, 28 Nov 2017 12:15:55 -0500

DtSR Episode 272 - Innovation, Startups, and the Security Bubble

This week, Grant and Mark join me live and in person in Las Vegas at the Amazon AWS re:Invent conference to talk about the security marketplace, innovation, "the bubble" and more.

Here's the announcement we talked about at the opening of the show

McAfee announces agreement to buy SkyHigh Networks: https://www.skyhighnetworks.com/mcafee-and-skyhigh/

Guests:

Mark Arnold ( @lotusebhat )
Grant Sewell ( @GrantSewell )

Tue, 21 Nov 2017 00:00:00 -0500

DtSR Episode 271 - The Secrets of Influence Through Communication

This week James and I are fortunate enough to have one of the best keynote speakers I've ever seen on the show. He's an amazing speaker, a brilliant magician and a sharp dresser - this guy is the real deal.

Straight off the keynote stage at the Security Advisor Alliance (SAA) Summit in Denver ... ok maybe not straight off, Vinh Giang joins us to talk about how to influence people while you're up there giving a talk or speech.

Grab something to take notes with - trust me, this one is chock full of brilliant nuggets.

Guest:Vinh Giang ( Twitter: @AskVinh and Facebook: https://www.facebook.com/askvinh/ ) is a brilliant self-made public speaker, magician, and all-around snappy dresser.

Wed, 15 Nov 2017 00:49:15 -0500

DtSR Episode 270 - Secrets of InfoSec at Scale

Ladies and gentlemen - we have our first 3-time guest! Brandon Dunlap, my good friend and industry titan, joins thepodcast for his third trip down therabbit hole.

In this episode Brandon Dunlap (@bsdunlap) and I talk through the challenges of security at scale, in person and live from Seattle. In the previous two episodes that Brandon has done on this show we've talked about the challenges of scaling information security teams, and this time we go deep into the strategies that work, where the lines are drawn and some lessons learned form a very successful career doing exactly this - infused at scale.

The previous two appearances of Brandon on this show are:

Outsourced by Better -DtSR Episode 202 - Outsourced but Better
Managing Security with Outsourced IT -DtSR Episode 158 - Managing Security with Outsourced IT

We invite you to listen, take notes, and converse with us on #DtSR on Twitter, or on this post on LinkedIn.

Tue, 07 Nov 2017 00:00:00 -0500

DtSR Episode 269 - Industrial Internet of Things (IIOT)

This week, we have a repeat guess with Robert M. Lee joining our show to talk about the Industrial Internet of Things. Rob's just finished a conference his company, Dragos, Inc, just started to educate and help increase awareness and research for theIndustrial Internet of Things.

Whether you think you know what the IIOT is, or whether you can admit to yourself you need to be know more - this podcast will have it all.

We also reference a podcast with Dr. Timothy Chou (link:DtSR Episode 250 - Deconstructing the Internet of Things). If you haven't read his book, "Precision" (link:https://www.amazon.com/Precision-Principles-Practices-Solutions-Internet/dp/1329843568) it's the basis for a lot of this discussion.

Thanks to Rob again for being on the show!

Tue, 31 Oct 2017 10:50:40 -0400

DtSR Episode 268 - CISOs Survival Guide

Welcome down the Security Rabbithole, friends and colleagues!

This week, my guest is Larry Whiteside, Jr. (we know him as the best dressed man in InfoSec). Larry joins the podcast while James is out to discuss the life and times of a CISO. He has extensive experience as a CISO and security leader, working across multiple market verticals from energy to healthcare, in addition to being a former colleague advising CISOs.

Larry dispenses his brand of knowledge with a little bit of an edge, a little dose of realism, and a lot of fun. If you've never had the pleasure of working with Larry - it's something I advise you do at some point in your career. He's even been referred to as the "CISO Whisperer" by people who know and have worked with him. All else failing, Larry can always give you fashion advice, and up your sock game.

Game on!

Tue, 24 Oct 2017 00:00:00 -0400

DtSR Episode 267 - Cyber Security Awareness Month Wrap

This week, James and Raf cover the tail-end of Cyber Security Awareness Month. It's been an interesting week of news and of course let's talk about awareness.

Have you completed your mandatory training?

-- This weeks' talking points

Namaste Health Care security incident, announcement

Pay attention to how this article is worded, we've covered this before with Sean and Michael too
When you don't know, you have to report the worst-case
Focuses spotlight on knowing what's in your environment, and having a plan for not only technical IR but communications
How would your organization report? Are you ready to be better?
http://www.abc17news.com/news/namaste-health-care-reports-data-breach-unsure-if-the-attacker-had-access-to-files/642247970

DHS Imposes DMARC on Federal Agencies

Any time we can add to the security measures over email, bonus
We already know email is the #1 way bad things get disseminated
This is not set-and-forget, you need to make sure it's working!
https://www.bankinfosecurity.com/dhs-imposes-email-security-measures-on-federal-agencies-a-10386

Cyber Security Awareness Training

Are we over it yet?
Raf says he's always late, and it's always the same thing... does it work?
What are some better alternatives? (there have to be better)
Does your job offer/mandate awareness training? Does it WORK?!
- How would you even know??

Tue, 17 Oct 2017 00:00:00 -0400

DtSR Episode 266 - Leadership Perspective with Michael

This week we're getting the band back together!

Michael Santarcangelo joins us for a segment we'll be featuring regularly (look for is every 6 weeks or so) on the leadership perspective. Security could use some leadership, and we will be enlisting Michael to talk about current events and lessons for leadership.

Tune in, and you may just end up with something you can use in your day job.

Mon, 09 Oct 2017 23:37:38 -0400

DtSR Episode 265 - Privacy and Paranoia

This week's Down the Security Rabbithole Podcast asks - "Are you paranoid enough about your privacy? or do you simply not have any?" with a couple of gentlemen who would know.

Join James and Raf as we go down the rabbit hole one more time, this time talking about the breadcrumbs, fingerprints, and digital privacy violations you voluntarily give up in your everyday life. It's a little scary, but the trade-off we make for the sake of convenience is very real.

Grab your tinfoil hat and your burner phone and enjoy!

Tue, 03 Oct 2017 02:23:37 -0400

DtSR Episode 264 - Windows Forensics Then and Now

This week, Harlan Carvey joins James and I to talk about the evolution of Windows forensics over the last decade and half or so. Harlan has more experience than most when it comes to diving into the Windows machine from a forensics perspective and is a well-spoken author of many books and blogs.

Guest

Harlan Carvey ( @keydet89 ) -Digital forensics and incident response analyst with past experience in vulnerability assessments and penetration testing. Conducts research into identifying and parsing various digital artifacts from Windows systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. Developer of RegRipper, one of the most widely used tools for Windows Registry analysis. Has developed and teaches several courses, including Windows Forensics, Registry, and Timeline Analysis.
- Harlan's Blog:http://windowsir.blogspot.com
- Harlan on LinkedIn:https://www.linkedin.com/in/harlan-carvey-86a8694b/

Tue, 26 Sep 2017 14:32:24 -0400

DtSR Episode 263 - Legal Update Q3 2017

On this episode of Down the Security Rabbithole Podcast James and I get an update on the legal issues that have been talked about from our legal-eagle Shawn Tuma!

We're continuing our policy of not piling on to data breach hysteria, but will be covering some of the legal ramifications of recent disclosures, a possible national data breach law and a few other things that will make this show a must-listen. Shawn's unique perspective and true expert insights give you talking points and a download of facts that you wouldn't get listening to the talking heads and mainstream media.

Enjoy, share with your colleagues,subscribe via RSS, and don't forget to talk back to us on Twitter using the hashtag #DtSR.

Thanks for listening!

Wed, 20 Sep 2017 00:34:15 -0400

DtSR Episode 262 - Deeper Down the Cyber Liability Insurance Rabbithole

This episode, in conjunction with the Security Advisor Alliance (https://www.securityadvisoralliance.org/) we dive into a third round of Cyber Liability Insurance. This fascinating discussion dives deeper into the things security leaders need to know as Travis and Stephen get right to the heart of matters.

Required pre-listening...

Check out the first episode (way back in the archives) on DtSR Episode 34 - The Inside Scoop on Cyber Liability Insurance (http://podcast.wh1t3rabbit.net/episode-34-the-inside-scoop-on-cyber-liability-insurance) with Christine Marciano ( @DataPrivacyRisk ).

Then, go grab episode 172, our 2nd foray into this topic titled "The Truth on Cyber Insurance" (http://podcast.wh1t3rabbit.net/dtsr-episode-172-the-truth-on-cyber-insurance) with Eran Kahana and L. Keith Burkhardt and dive a little deeper.

As always, thoughts and comments are more than welcome and discussion using the hashtag #DtSR is encouraged!

Wed, 13 Sep 2017 14:52:21 -0400

DtSR Episode 261 - Deeper Down the ML Rabbit Hole

Welcome to another Down the Security Rabbithole episode folks!

This week, Alex and Sven are baaaaaaack for a deeper dive into machine learning and the shenanigans that surround it. We talk through what ML is, some use-cases and further dispell some common myths. We even have a little fun, who knew.

Guests:

Alex Pinto ( @Alexcpsec )
Sven Krasser, Ph.D ( @SvenKrasser )

Tue, 05 Sep 2017 00:00:00 -0400

DtSR Episode 260 - The Immense Challenge of Protecting Office 365

This week, on Down the Security Rabbithole, Rudra "Rudy" Mitra joins us from Redmond to talk about what it's like to defend Office 365 at scale. On this episode we cover:

What we mean by at scalein regards to Office 365
Some pros and cons of the Office 365 platform as it pertains to security and safety
Eary warning, early detection, and how easy it is to really break things

There's so much more too! We even skipped talking about current events to give this show maximum run-time. Sit back, grab something to take notes with, and listen up. The lesson begins now.

Guest

Rudra "Rudy" Mitra - ( @rudramitra ) Rudra is the Director of Information Protection for the Office 365 platform. He works on extremely large-scale projects to ensure the safety and security of client data and the platform itself. LinkedIn profile is here:https://www.linkedin.com/in/rudramitra/

Thu, 31 Aug 2017 08:02:31 -0400

DtSR Episode 259 - Risk Communication Primer

As we go once again down the security rabbithole, Raf and James meet up with Claire Tills who gives us a primer on "risk communication". Communicating 'risk' is a nuanced, subtle and often time-based endeavor so we feel like everyone should have at least some background in it.

Sit back, relax, and again...start taking notes furiously.

Guest

Claire Tille ( @ClaireTills ) -Communication researcher trying to get into information security. I write about applying comm theory to infosec and case studies in my blog (http://cliretills.com).

Tue, 22 Aug 2017 15:06:18 -0400

DtSR Episode 258 - Big Scary Numbers

This week on the Down the Security Rabbithole Podcast, Dave Bittner of The CyberWire (podcast) joins us to talk about some of the ways that we believe security goes awry when it comes to 'big, scary numbers'. Listen in...

-- Top News

Maersk says it's going to lose between $200M and $300M from notPetya
- Depending on which headline you read this is either a catastrophe - or not that big of a deal
- Seems to be about perspective in their overall guidance to investors, in light of industry trends
- https://www.cnbc.com/2017/08/16/maersk-says-notpetya-cyberattack-could-cost-300-million.html
- https://theloadstar.co.uk/maersk-shrugs-off-300m-cost-cyber-attack-freight-rates-soar/
- Bottom line, perspective matters
Uber is in trouble. Again.
- FTC has Uber in hot water over less-than strict security of drivers' information
- Lack of security, privacy and finally a chief security exec
- Speaks to a broader issue with how start-ups treat security in the overall scheme of "making it"
- https://www.forbes.com/sites/thomasbrewster/2017/08/15/uber-settles-ftc-complaint-over-secuirty-and-privacy/#5dc3d58b88da

Wed, 16 Aug 2017 13:23:06 -0400

DtSR Episode 257 - Software Ate the Perimeter

This episode of Down the Security Rabbithole Podcast was recordedlive and in personin Las Vegas at the Black Hat Conference 2017. Raf had a chance to sit down across the microphone from Jason Garbis of Cryptzone to talk about a the software defined perimeter.

SDP is a relatively new space many of us in security aren't familiar with, so we decided we'd record a primer on the topic, narrated by someone who is expertly involved in the practitioner side (through the CSA, Cloud Security Alliance) developing the standards and the provider side (Cryptzone) developing products and services towards the specification.

This is a more technical-focused podcast than many of our others, so sit back, grab a notepad and get ready to learn something.

For more of Jason's work, check out this link:https://insight.cryptzone.com/author/jason-garbis/

Guest

Jason Garbis -Vice President of Products for Cryptzone, where he's responsible for the company's product strategy and product management. Garbis has over 25 years of experience with technology vendors, including roles in engineering , professional services, product management, and marketing. Jason joined Cryptzone from RSA, and holds a CISSP certification.

Tue, 08 Aug 2017 23:37:39 -0400

DtSR Episode 256 - Rick Howard on the Record

This week - Rick Howard joins us and goes on the record to talk about the Security Canon and a few other interesting things you're just going to have to listen to, in order to find out.

Top News

Adobe is end-of-life'ing Flash
- I'll pause while you catch your breath
- Wait, it's not until 2020
- Also there's more
- http://www.businessinsider.com/adobe-flash-killed-by-2020-2017-7
Developers targeted by malicious Chrome extension
- https://www.forbes.com/sites/leemathews/2017/08/03/over-a-million-coders-targeted-by-chrome-extension-hack/#7b6849359c9d
- Just like security people and "commoners" developers fall for it
- At least it was caught, and removed...

Here's what we talked about with Rick Howard...

The Cyber Security Canon

Check it out
Reading material for newbies and others of us
Patrolling Cyberspace my homework

The Cyber Threat Alliance

Sharing intelligence - amongst competing vendors
Palo Alto leading the endeavor, with a group of 6
Some things are above competition thats worthy of a clap
If yourvendors isnt part of this alliance, ask them why not?

Guest Info

Rick Howard -Currently the Chief Security Officer at Palo Alto Networks. More here: https://www.linkedin.com/in/rickhoward/

Tue, 01 Aug 2017 14:33:24 -0400

DtSR Episode 255 - Security and Human Nature

This week on the Down the Security Rabbithole Podcast, John Nye ( @EndIsNye_Com ) to talk about the human aspect of the cyber security equation. Getting away from blaming the user, we talk through the human nature side of the business with a focus on social aspects and behavior modification.

A fascinating discussion you'll want to listen to over and over again, for sure!

Tue, 25 Jul 2017 00:00:00 -0400

DtSR Episode 254 - Lowdown and Dirty ICS

This week Sergio Caltagirone joins James and I to talk about Industrial Controls networks and systems and some of the dangers that go undiscussed. Sergio is a 2nd timer, and we take the opportunity to catch up and discuss one of his favorite topics.

Additionally, we talk about a some of the topics that were discussed the week this podcast was recorded, a few weeks ago.

Whether you're in Las Vegas for Black Hat Conference 2017 or not, take a listen to this sobering discussion about industrial controls and some of the more clear and present dangers facing us in that sector.

Thanks again for joining us, Sergio!

Tue, 18 Jul 2017 00:39:51 -0400

DtSR Episode 253 - Defending the Small-to-Medium Enterprise

On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.

Blue Cross Blue Shield of Alabama sends out USB sticks
- Security elitists up in arms
- We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content?
- To my fellow security professionals- it's reckless to continue tostand with a firm "no" while offering no alternatives
- So what do we suggest?
- More important - what threat model vector are we saying that blocking the sending out of USB sticks would defend against?
- https://www.theregister.co.uk/2017/07/12/blue_cross_usb_card_mailers/
MySpace has a major account password reset flaw, allowing account take-over
- Wait ... MySpace is still around?
- But seriously, to exploit thislast ditch feature for those who've forgotten everything else all you need is the listed name, date of birth, and username
- How many of our sites have this problem, or worse?
- https://www.wired.com/story/myspace-security-account-takeover/

This week we bring Shon Gerber onto the show to talk about defending the SMB and SME. Here are some of our talking points:

SMBs/SMEs are uniquely challenged in that they can'tafford good security any more than they can accordlack of security -- what's the answer?
How do we achieve scale, in an area of industry with razor thing margins and tiny profit margins
SMBs/SMEs are more likely to be catastrophically affected by an attack such as ransomware than big companies -- agree or disagree (#DtSR on twitter to talk back)
Other challenges - including how to achieve scale

Guest:

Shon Gerber
- Current
  - CISO for multinational chemical company with approximately 10K employees
- Recent Past
  - Security Operations Supervisor for multi-national company 100K employees
  - Senior Security Architect with multi-national
  - Air Force Red Team - Squadron Commander
  - Multi-Disciplinary (Physical / Network Penetration Testing of Critical Systems)

Tue, 11 Jul 2017 01:01:26 -0400

DtSR Episode 252 - DFIR with Lesley Carhart

In this smasher of an episode James and I are joined by Lesley Carhartlive from Enfuse Conference in Las Vegas to talk about the DFIR (Digital Forensics and Incident Response) as a broad field. There is SO much to talk about here, you'll want to listen twice.

Make sure that if you missed Enfuse this past year, you don't miss 2018. It's a great conference where you get to meet and talk with folks like Lesley and many others in this field.

Tue, 27 Jun 2017 10:59:24 -0400

DtSR Episode 251 - General Data Protection Regulation (GDPR)

This week on Down the Security Rabbithole Episode 251 (wow, can you believe we've published 251 full episodes?!) James and I host a roundtable of privacy and data protection experts and talk about the looming EU regulation known affectionately as GDPR.

The Global Data Protection Regulation (GDPR for short) impactsall companies that eitherdo business with EU citizens, or operate in the EU. Basically, everyone. It's a huge deal and there really isn't a "wait and see" option.

Listen in, and if you have feedback provide it!

Does anyone really read these show notes? Reply on Twitter with #DtSR!

Guests:

James Keese -https://www.linkedin.com/in/james-keese/
Dawn-Marie Hutchinson -https://www.linkedin.com/in/dawn-marie-hutchinson-mba-06780314/
Stephen Edmonds -https://www.linkedin.com/in/stephen-edmonds-547176/

Tue, 20 Jun 2017 00:00:00 -0400

DtSR Episode 250 - Deconstructing the Internet of Things

Fresh off of his closing keynote at Enfuse Conference 2017 in Las Vegas, Dr. Timothy Chou joins us to talk about the difference between the Internet of People and the Internet of Things.

Even though many people talk about the IoT we still fail to understand the gravity and enormity of the problem we face and how information security professionals are so far behind the 8-ball here. Dr. Chou spend some time with us to dispense wisdom interlaced with humor to make it stick.

Guest:

Dr Timothy Chou is a technologist, a lecturer, and published author. He has written a book called
"Precision: Principles, Practices and Solutions for the Internet of Things" that delves into an Internet of Things many don't really understand yet. While most of us focus on the Internet of People (gadgets and things meant to be operated by people) Dr. Chou focuses on the IoT where people aren't just optional, they're unnecessary.
LinkedIn:https://www.linkedin.com/in/timothychou/

Tue, 13 Jun 2017 00:34:32 -0400

DtSR Episode 249 - Finding a Way

This week, James and i try out a new format for the show. We hope you enjoy the blend of news commentary and an interview.

News

More car vulnerabilities - this time in a Subaru
- No stunt hacking involved
- Arepeat vulnerability means there's potentially a bigger SDLC issue
- Responsibly disclosed, fixed ... if a tree falls...
- Link:
  http://www.bankinfosecurity.com/exclusive-vulnerabilities-could-unlock-brand-new-subarus-a-9970
The 5th Amendment and your phone passcode
- This issue is sticky
- Passcodes, fingerprints, etc - all need consistent law
- We need a lawyer
- Link:
  http://thehackernews.com/2017/06/unlock-iphone-passcode.html

Guest

Kevin Pope ( @screamingbyte ) - Kevin is a long-time friend of the show, and someone who has a fantastic story only he can tell. From struggling to thriving and the story to get there.

Tue, 06 Jun 2017 00:40:28 -0400

DtSR Episode 248 - Nick Hyatt On Ransomware

This podcast episode was recordedlive to tape from Enfuse Conference 2017 from Las Vegas. If you didn't get a chance go get out this year to one of the premier DFIR (Digital Forensics and Incident Response) conferences you missed a heck of an event.

James and I want to thank Guidance Software for the invitation, for having us out, and for access to some truly amazing guests for this series of recordings.

For #248 sit back and listen to Nick Hyatt talk with James and Raf about ransomware - fresh from his Enfuse Conference talk to your ears.

Enjoy and as always please hit us up on Twitter at #DtSR.

Guest:

Nick Hyatt ( @Skelet0wn3d ) - Nick is currently the Senior Incident Management Consultant at Optiv Security, Inc. responsible for incident response, threat hunting, digital forensics, and malware forensics using a variety of skills and tools. He has hands-on knowledge and understanding of malware forensics, observation, removal, and threat hunting. Additionally, Nick has hands-on experience with digital forensics, malware forensics, data mapping, threat hunting, and e-discovery in different scales, from start-up and SMB environments to Fortune 500 environments.

Tue, 30 May 2017 14:45:33 -0400

DtSR Episode 247 - Internet of Things Forensics

Live once again from Enfuse Conference 2017 in Las Vegas, James and I interview Amber Schroader, thePresident and CEO of Paraben. This interview happened because you all voted and asked for it..ok and because she's a fantastic person to interview.

Be prepared for a little humor and a lot of knowledge.

Special thanks again to Enfuse and the Guidance Software team for having us out and getting us access to some downright amazing guests!

Fri, 26 May 2017 11:00:00 -0400

DtSR FeatureCast - Enfuse Conf 2017 - Theresa Payton

As James and I continue to publish ourEnfuse Conference 2017 series of episodes we are this week joined by Theresa Payton. Theresa is the former CIO of the George W. Bush White House Administration, and now on the showHunted where she runs a team of cyber trackers.

Guest:

Theresa Payton ( @TrackerPayton) -Theresa Payton is one of the nations leading experts in cybersecurity and IT strategy. As CEO of Fortalice Solutions, an industry-leading security consulting company, and co-founder of Dark Cubed, a cybersecurity product company, Theresa is a proven leader and influencer who works with clients and colleagues to uncover strategic opportunities and identify new and emerging threats.

Theresa began her career in financial services, where she coupled her deep understanding of technology systems with visionary leadership, executing complex IT strategies and winning new business. Following executive roles Bank of America and Wachovia, Theresa served as the first female chief information officer at the White House, overseeing IT operations for President George W. Bush and his staff.

In 2015 Theresa was named a William J. Clinton distinguished lecturer by the Clinton School of Public Service. She is the author of several publications on IT strategy and cybersecurity and a frequent speaker on IT risk. In 2014 she co-authored, with Ted Claypoole, the book Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family, which was subsequently featured on the Daily Show with John Stewart.

Among her numerous accolades and recognitions, Theresa was named one of the top 25 Most Influential People in Security by Security Magazine and One of Infosecs Rising Stars and Hidden Gems by Tripwire. In 2005 she was honored as Charlotte, NCs Woman of the Year.

Wed, 24 May 2017 18:53:30 -0400

DtSR FeatureCast - Enfuse Conf 2017 - DFIR Students

Continuing our series recordedlive atEnfuse Conference 2017 in Law Vegas, this episode features two USC students who are part of a large contingent here to learn and make connections.

Tatiana and Ayman join us to talk about how they got here, what they are planning for their future along with some general thoughts on DFIR and our industry!

Guests:

Tatiana Santos ( @tatitasantita)
Ayman Siraj ( @aymansiraj )

Wed, 24 May 2017 13:49:05 -0400

DtSR FeatureCast - Enfuse Conf 2017 - Keynote Patrick Dennis

Today,CEO Patrick Dennis joins the Down the Security Rabbithole Podcast right after his keynote to talk about the conference, what's going on at Guidance, and the state of defense.

This is a FeatureCast so we get right to the point in an easy-to-listen format.

Thanks for listening!

Tue, 23 May 2017 12:00:00 -0400

DtSR FeatureCast - Enfuse Conf 2017 - Preamble

We kick off a week of on-the-scene podcasts live'ish fromEnfuse Conference 2017, hosted by Guidance Software in Las Vegas, Nevada with Lori Chavez VP of Corporate Marketing. She is the brainsresponsible for the amazing conference including speakers, content and everything else.

Lori gives YOU an insider preview of Enfuse 2017, and tells us a little about what we can expect and some history of the conference - and we can't wait to give you MORE!

Stay tuned in all week as we bring you more fantastic content from Enfuse Conference 2017. And as always, use the hashtag #DtSR to talk back to James and I or #EnfuseCon17 to interact with speakers and attendees!

Just for DtSR listeners - we will post aspecial coupon code for next year's registration... just for listening. Don't miss it later this week!

Tue, 23 May 2017 04:06:47 -0400

DtSR Episode 246 - Finding and Responding to Badness

This week we arelive from Enfuse Conference 2017 in Las Vegas, Nevada.

Special thanks to Guidance Software for having us out and getting us access to a whole host of fantastic speakers.

On this episode Greg Hoglund and Ryan Butterworth of Outlier Security join us to talk about the DFIR space with all it's problems including a shortage of qualified labor and sub-optimal tools. This fantastic discussion wanders all over the DFIR space including the "data problem" and tools, tools, tools.

That tool that Greg mentions, which is free, is right here:http://unbouncepages.com/supertimelines-free/

Guests

Greg Hoglund - Founder and CEO, Outlier Security, Inc.
Ryan Butterworth - Principal Software Engineer, Outlier Security, Inc.

Tue, 16 May 2017 01:20:06 -0400

DtSR Episode 245 - NewsCast for March 16th 2017

Microsoft warns ransomware cyber-attack is a wakeup call

As of recording, it is reported that 200,000 computers were infected.
Patch for flaw was released in March, 2017
- Microsoft has since released a patch for older systems
Lots to discuss on this - including Microsoft's letter to the NSA
Link: http://www.bbc.com/news/technology-39915440
Link: https://www.infosecurity-magazine.com/news/microsoft-xp-patch-wannacry/
Link: http://www.bbc.com/news/uk-39921479

United flight attendant accidentally leaked door codes online

Flight attendant somehow posted the codes online
Insider threat?
Multiple layers of security needed and additional controls here
Link: https://www.infosecurity-magazine.com/news/united-flight-attendant-door-codes/
Link: https://www.wsj.com/articles/uniteds-cockpit-door-security-codes-inadvertently-revealed-1494794444

Keylogger discovered preinstalled on some HP laptops

Audio driver inspected keystrokes looking for events like Mute, Unmute, etc.. but also stored keystrokes in a file.
Log file was overwritten after each reboot.
Was this just a debugging issue that wasnt disabled before release?
Link: https://www.cnet.com/news/keylogger-discovered-on-some-hp-laptops-conexant/

Tue, 09 May 2017 22:25:39 -0400

DtSR Episode 244 - A Government CISOs Perspective

This week - live and in person from Denver, Colorado and the RMISCConference I interview Stephen E. Coury the CISO of the County and City of Denver. The conversation leads off with Stephen's journey through cloud computing and weaves through some of the challenges municipalities and city governments are facing. It's a fantastic conversation that is readily applied to both public and private organizations - you need to check this out.

Thanks Stephen for coming out and talking to us!

Guest

Stephen E. Coury - CISO of the County and City of Denver, CO.

Tue, 02 May 2017 14:17:49 -0400

DtSR Episode 243 - NewsCast for May 2nd 2017

Chrome to mark more HTTP pages Not Secure

In October, 2017, all HTTP sites will be marked Not Secure while in incognito mode.
- Incognito mode allows surfing the internet without saving your browsing history.
Enterprise:
- Have you seen any negative feedback from the previous changes to show not secure?
- Does this change your priority for moving to always HTTPS for all sites?
Link: https://threatpost.com/chrome-to-mark-more-http-pages-not-secure/125255/

2017 Verizon DBIR Highlights: Analyzing the Latest Breach Data in 10 Years of Incident Trends

Oh, the headlines. Slow the roll, folks.
Stop the password hate and turn the mirror around
Lets talk about people and why they are not the weakest link. Grow up.
So many obvious points, yet so much insight not being talked about - why?
- Hint: It dispells the doom and gloom and asks tough questions
- Example: Page 13 - patching ... looks like after 2 weeks "If it's not patched, it's not getting patched".
- Ask yourself, what patch percentage you're at after 2 weeks - and are you OK with that?
Link: https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/highlights-of-the-2017-verizon-dbir-analyzing-the-latest-breach-data-in-10-years-of-incident-trends/
Link: http://www.infoworld.com/article/3193028/security/annual-verizon-security-report-says-sloppiness-causes-most-data-breaches.html

Hacker leaks episodes from Netflix show and threatens other networks

Importance of digital supply chain
The peril of cyber
Link: https://www.nytimes.com/2017/04/29/business/media/netflix-hack-orange-is-the-new-black.html?_r=1
Link:

Wed, 26 Apr 2017 11:13:50 -0400

DtSR Episode 242 - Management and Leadership

This week the team gets together to talk Management and Leadership in the security industry and in general. Our very own Michael Santarcangelo joins us as our featured guest to dispense knowledge on leadership by the truckload. So grab a cup of coffee, something to take notes and listen in.

Tue, 18 Apr 2017 01:07:22 -0400

DtSR Episode 241 - NewsCast for April 18th 2017

NewsCast for Tuesday April 18th, 2017

Dallas Tornado Sirens Hijacked

Tornado sirens in Dallas all simultaneously went off
Suspected hijacking of the emergency system, lots of speculation of how this happened
Now believed to be a radio hijack
Link: http://content.govdelivery.com/bulletins/gd/TXDALLAS-1936de1

Two Inmates in Ohio Jail Hacked it From the Inside

Talk about an insider threat!
These were made from spare parts, hidden in ceiling, concealed well
Unauthorized access to network (no NAC?) made infiltration possible
Link: https://qz.com/958503/two-ohio-inmates-hacked-their-prison-from-the-inside-using-makeshift-computers-built-from-spare-parts/

SWIFT Launches New Anti-Fraud Controls in Wake of Wire Frauds

New tools to detect suspicious transactions
Appears to be free in addition to other fraud-detection tools
Link: https://www.swift.com/news-events/news/swift-launches-new-anti-fraud-payment-control-service-for-customers

Huge Adobe Security Update Just Released

59 total vulnerabilities - Flash still a big chunk of that (surprise!)
44 are considered critical - code execution bugs
Enterprises should download, test and deploy -- how are you handling these?
Link: https://threatpost.com/adobe-patches-59-vulnerabilities-across-flash-reader-photoshop/124914/

Insider Threat - Engineer Arrested for Stealing Code

High-volume algofinancial trading company
These are literally their trade secrets - the way they make money
No abuse of privilege - this was hacking (unathorized access)
Link:

Tue, 11 Apr 2017 00:11:21 -0400

DtSR Episode 240 - The Truth About Machine Learning

This week the Down the Security Rabbithole podcast hosts Sven Krasser of CrowdStrike. Sven is anactual machine learning data science expert (as opposed to an "expert") who has been dabbling in machine learning, artificial intelligence and other forms of advanced computational science for a long while before it was popular in security. This week we James and Raf sit him down for 45 or so minutes to discuss the real facts and separate them from the fiction of what machine learning really is and the promise that it may hold for the enterprise security world.

As always, join us, share, and engage our crew using the hashtag #DtSR on Twitter.

We'd like to take a moment to thank Sven and Crowdstrike for the time and expertise to our show.

Guest:

Sven Krasser ( @SvenKrasser ) -Dr. Sven Krasser currently serves as Chief Scientist at CrowdStrike where he leads the machine learning efforts utilizing CrowdStrikes Big Data information security platform. He has productized machine learning-based systems for over a decade and most recently led the research and development of the first fully machine learning-based anti-malware engine featured on VirusTotal. Dr. Krasser has authored numerous peer-reviewed publications and is co-inventor of more than two dozen patented network and host security technologies.

Thu, 06 Apr 2017 15:37:57 -0400

DtSR Episode 239 - NewsCast for April 4th 2017

Pew Center Survey Finds Americans Lack Understanding of Cybersecurity Measures

Most typical users simply dont understand security because its magic to them
Basics must be understood by average Jane - attackers count on you not knowing
How do you take knowledge and push to enterprise, while keeping up with consumers?
Link: http://www.pewinternet.org/2017/03/22/what-the-public-knows-about-cybersecurity/

Suspect Charged in USD 100m Whaling Scheme

$100 Million dollar - from just two companies
How would your executives (and those supporting staff) fare against this attack?
More importantly, how does your awareness program deal with this?
Link: https://www.justice.gov/usao-sdny/pr/lithuanian-man-arrested-theft-over-100-million-fraudulent-email-compromise-scheme

Google's Android Security 2016 Year in Review Report: Android Security Improving

Overall, Google is making great strides
The fragmentation problem isnt getting better for legacy devices that have long life-spans
Going forward, things appear to be set up for faster, more OTA updates regularly - but thats only for NEW stuff
What is the state of your enterprise mobile policy?
Link: http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf

U.S., U.K. warn airports, nuclear facilities of cyberattacks

Confusing - threat to airports seems to be from hiding explosives in laptops/mobile devices
Threat to Nuclear Plants (ICS) seems to be of a cyber nature to legacy systems
Big picture issue works for enterprises too - legacy systems are a target
Link: https://www.scmagazine.com/us-uk-warn-airports-nuclear-facilities-of-cyberattacks/article/648163/

Neiman Marcus data breach settlement tells us plenty about the ROI of security

Tue, 28 Mar 2017 01:18:56 -0400

DtSR Episode 238 - March 2017 Update with Shawn Tuma

This week, on the Down the Security Rabbithole Podcast, Michael and I areback with perennial favorite Shawn Tuma. Shawn, our legal eagle friend from Dallas, breaks down the latest issues that affect Cyber Security and the Law - with that business perspective you've come to expect from our podcast.

As always, we love hearing from you and if you have questions don't hesitate to hit us up on Twitter using hashtag #DtSR or you can always hit up Michael (@catalyst), myself (@Wh1t3Rabbit) or Shawn (@ShawnETuma) directly!

Thanks for listening and spread the word!

Tue, 21 Mar 2017 01:00:00 -0400

DtSR Episode 237 - NewsCast for March 21st 2017

The Cost of Cybercrime - Lets Take a Different Perspective

Cybercrime is reported as a $450B drag on the economy; the absolute number sounds big
The question to ask: How big is the global economy?
Turns out that this is only 0.57% of the global economy, in 2014 (nominal)
By way of contrast - how many minutes are in a day?
- What is 0.57% of your day?
What it means - were doing a good job. Fraud is low. Cybercrime might be on the rise, but for now, its at low relative percentages
Does it mean we dont matter? No. Dont be silly. Our efforts are why the numbers are low
Keep up the good work
http://www.en.netralnews.com/news/business/read/1249/cybercrime.costs.the.global.economy..450.billion
https://en.wikipedia.org/wiki/Gross_world_product

Home Depot to Pay Banks $25 Million in Data Breach Settlement

New settlement with banks
http://fortune.com/2017/03/09/home-depot-data-breach-banks/http://www.cnbc.com/2017/02/21/home-depot-earnings-q4-2016.html has autoplay with the same video

Survey: Experience Preferred Over Education When Hiring For Cybersecurity

The survey of 350 IT security professionals gauged their attitudes toward the skills shortage in cybersecurity. Some 93 percent agreed that experience is more important than qualifications. A further 73 percent claimed that it didn't matter whether IT staff were college graduates when it came to getting the job done.
Qualifications are considered degrees and certifications
- The rub -- and what they didnt ask -- is how do you assess the experience and capability of professionals to solve the sorts of problems you have?
- Straight Talk on hiring check it out.
Split results on whether communication or technical skill was more important; hint - its communication. You can be the smartest one in the room, but if no one understands you
- But its also awkward to suggest that you cant have both good technical and good communication skills. You can. Period.
http://www.channelpartnersonline.com/n

Tue, 14 Mar 2017 01:00:00 -0400

DtSR Episode 236 - Enterprise Architecture 2017

Check out episode 236 with Marie-Michelle Strah who is a repeat offender here on the podcast with her first appearance back in 2014 on Episode 122 (http://podcast.wh1t3rabbit.net/dtsr-episode-122-enterprise-architectures-role-in-security).

This episode is a revisitation on Enterprise Architecture and it's importance to security with a perspective on enterprise tech stack, business segmentation and micro services in a modern distributed enterprise. Marie-Michelle's experience and extensive insight into the topic should give you something to think about as you go back to your day job in security.

Guest:Marie-Michelle Strah ( @CyberSlate ) -Marie-Michelle Strah. PhDis currently Senior Principal in the Enterprise Architecture Group at Infosys Ltd and based in New York City. A highly collaborative, diplomatic and inspiring thought leader Michelle is able to effectively drive business and technology strategy and business insights across corporate boundaries and departmental silos. A seasoned management and technology consultant, she specializes in strategy development, cloud transformation enterprise information modernization and innovation management efforts to drive global growth while minimizing cost and risk in complex organizations. She has PhD from Cornell University, was a Javits Fellow and is a US Army veteran. Connect with Michelle onSkype/Twitter/Instagram/Snapchat @cyberslate | http://cyberslate.me

Tue, 07 Mar 2017 23:02:47 -0500

DtSR Episode 235 - NewsCast for March 7th 2017

A Note on the Passing of a Legend

Howard Schmidt passed away this week
Long, distinguished career as one of the CISOs who got it
He will be missed in government and private industry - he was on our show too (December 2015) http://podcast.wh1t3rabbit.net/dtsr-episode-166-cyber-security-from-board-room-to-white-house

Are SysAdmins Violating the CFAA?

This is, by all accounts, an insane criminal defense...or is it?
Can what sounds like a stretch logically, be used maliciously by employers?
The law is about intent - does this invalidate his claim?
Link: https://nakedsecurity.sophos.com/2017/02/27/it-admin-was-authorized-to-trash-employers-network-he-says/

Yahoo Board Sends Message That Echoes

After a string of breaches, the board conducted an investigation
CEO will not receive 2016 bonus or 2017 equity award
Top lawyer resigns (or was asked to, which ever)
Is this THE event that will put CEOs on notice?
Link: https://www.nytimes.com/2017/03/01/technology/yahoo-hack-lawyer-resigns-ceo-bonus.html?_r=0

Cloud-connected toys

The example of CloudPets and Spiral Toys is a doozy
Bluetooth + web (cloud) back-end
Great idea, allow parents to interact with kids through a toy
Execution is about as bad as it gets
- Dispute over disclosure
- 3rd party developer, apparently little security
- Silly statements in their discloure/release
Link: http://www.bankinfosecurity.com/yes-unicorns-bluetooth-problems-really-do-exist-a-9746
Link:

Wed, 01 Mar 2017 00:55:46 -0500

DtSR Episode 234 - Straight Talk on National Security

This week, the interview is extra special because we have a guest I've personally been following for a long while, and I finally got a chance to virtually sit down and talk through his considerable areas of expertise.

I'm pleasured to say we had a chance to sit down virtually with Professor Tom Nichols and talk international affairs, foreign policy and all the important things getting lost in the off-color political arguments lately. These are important issues to cyber security professionals that impact our daily lives - but rarely get discussed by someone with actual, credentialed expertise.

Enjoy this one, friends, I know we did recording it. I want to thank Tom for being an awesome guest and lending his time to our show.

If you want to read Tom's latest book, you can get it on Amazon, link HERE.

Guest

Tom Nichols ( @RadioFreeTom ):
Dr. Thomas M. Nichols is a Professor in the Department of National Security Affairs at the U.S. Naval War College and at the Harvard Extension School, where he worked with the U.S. Air Force to create the program for the Certificate in Nuclear Deterrence Studies. He is a former Secretary of the Navy Fellow, and held the Naval War College's Forrest Sherman Chair of Public Diplomacy. Dr. Nichols was previously the chairman of the Strategy and Policy Department at the Naval War College. Before coming to Newport, he taught international relations and Soviet/Russian affairs at Dartmouth College and Georgetown University.

Dr. Nichols was personal staff for defense and security affairs in the United States Senate to the late Sen. John Heinz of Pennsylvania, and was a Fellow at the Center for Strategic and International Studies in Washington, DC. He is currently a Senior Associate of the Carnegie Council on Ethics and International Affairs in New York City. He was recently a Fellow in the International Security Program at the John F. Kennedy School at Harvard University.

He is the author of several books and articles, including Eve of Destruction: The Coming of Age of Preventive War (University of Pennsylvania Press, 2008), and No Use: Nuclear Weapons and U.S. National Security (University of Pennsylvania, 2014). His most recent book, The Death of Expertise: The Campaign Against Established Knowledge and Why It Matters was released by Oxford in 2017.

Dr. Nichols holds a PhD from Georgetown, an MA from Columbia University, the Certificate of the Harriman Institute for Advanced Study of the Soviet Union at Columbia, and a BA from Boston University.

Tue, 21 Feb 2017 01:38:03 -0500

DtSR Episode 233 - Reflecting on RSA Conference 2017

This week, fresh on the close ofRSA Conference 2017James, Michael and I discuss the happenings of the conference, lessons, and features along with some inside anecdotes you won't get from anywhere else. Of course, we add our own unique blend of snark and humor - but that's what gets you listening and coming back for more.

We'd like to say a bigthank you to everyone who voted for us in the RSA Social Security (Security Bloggers) Awards. We didn't win, but we feel good aboutthe audience we've acquired and will keep working hard to spread the message. So to all of you, thank you.

Let's get on with the show!

Wed, 15 Feb 2017 12:29:06 -0500

DtSR Episode 232 - Security, Fraud, Digital Payments

This week, while the security world congregates at RSA Conference 2017 we present to you Neira Jones, discussing digital payments, fraud and the world of security as it applies to this domain. In a fascinating discussion, we discuss many of the topics security executives and leaders are talking about right now - but as you have come to expect this is less about 'security' and more about protecting what matters.

We want to thank Neira for taking the time out of her busy schedule to join us on the show, and encourage discussion on the topics we covered - if you listen, and you have an opinion (I know you do) then let's discuss using the hashtag #DtSR on twitter.

Guest

Neira Jones (@NeiraJones) -Independent Advisor & International Speaker| Payments | Digital Innovation | Information Security | Fraud
Non-Executive Director, Cognosec
Chairman, Comcarde
Chairman Advisory Board, Ensygnia
Advisory Board Member & Ambassador, Emerging Payments Association
Partner, Global Cyber Alliance
- Neira can also be found on LinkedIn:http://www.linkedin.com/in/neirajones

Wed, 08 Feb 2017 04:00:00 -0500

DtSR Episode 231 - NewsCast for February 7th 2017

It is that time of year of W-2 Scams

There have been multiple reports of companies releasing W-2s through email scams.
Link: http://cbs4indy.com/2017/01/31/scammer-gets-copy-of-w-2-form-for-every-scottys-brewhouse-employee-after-data-breach/

Cops use pacemaker data to charge homeowner with arson, insurance fraud

Becoming a common occurance with IoT devices. If you are creating these devices, are you considering:
- Storage of the data
- Privacy policy
- Education around how data is stored and could be used
From an enterprise perspective:
- How many of these devices are inside your organization
- How do any of these tools factor into your own forensics approaches?
- Have you explored any of the liabilities
- What if you were subpoenaed for the information in your IoT?
Links: http://www.networkworld.com/article/3162740/security/cops-use-pacemaker-data-as-evidence-to-charge-homeowner-with-arson-insurance-fraud.html
http://www.abajournal.com/news/article/data_on_mans_pacemaker_led_to_his_arrest_on_arson_charges/
Related Link: http://fortune.com/2017/02/04/amazon-alexa-phone-office/
- it's evident that Amazon is determined to embed Alexa in mobile devices and in offices.

Facebook rolls out 2FA Hardware

A move that goes past SMS. Not the first time we have seen this technique (many sites support Yubikey). What type of adoption will we see?
Can we check to see if facebook has stock in hardware key companies?
- Or what was that selection process like?
Enterprise: how does this work in your organization?

Tue, 31 Jan 2017 02:56:06 -0500

DtSR Episode 230 - The IoT You Got for Christmas

On this Down the Security Rabbithole podcast we're joined by Stephen A. Ridley & Jamison Utter (yes, again with this guy) for a discussion on the finer points of Internet of Things (IoT) security ... or complete lack thereof.

If you own gadgets that are 'connected' or you are ever around them (hint: you're surrounded by things that pull IP addresses right now) then you need to listen to this podcast. Some great discussion in what was the very first podcast we recorded in 2017.

Guests:

Stephen A. Ridley aka "@S7ephen"
Jamison Utter aka "@jamison_utter"

Wed, 25 Jan 2017 09:33:05 -0500

DtSR Episode 229 - NewsCast for January 24th 2017

Hi friends! We're honored to be finalists for the Security Blogger Awards 2017 "Best Security Podcast" so if you listen, go vote for "Wh1t3Rabbit" (as we're labeled)

Link:https://devops.com/2017-social-security-blogger-awards-open-voting/

Digital transformation forces businesses to rethink cybersecurity

A change where operations are being held accountable for security
- James has commented on this before. In order to get better security, it needs to be embedded in the teams within the organization, not just the security team.
Link:http://www.cio.com/article/3157478/security/digital-transformation-forces-businesses-to-rethink-cybersecurity.html

Mobile is still the safest place for your data

Most breaches are taking place in physical mediums, or traditional platforms
Mobile was designed in the midst of the discussion on digital threats - designed with security
Mobile platforms are encrypted, more secure by default
Link:http://www.infoworld.com/article/3155946/data-security/mobile-is-still-the-safest-place-for-your-data.html

The WhatsApp Backdoor That Isnt

Everyone freaked out that this is a government backdoor
But - check your threat model - are you really worried about this (even if it was?)
This is a design variation (if you freak out about this, you dont understand the problem)
Link: https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
Link: https://www.theregister.co.uk/2017/01/13/whatsapp_encryption_concerns/
Link: https://www.schneier.com/blog/archives/2017/01/whatsapp_securi.html

Organizational complexity is the greatest threat to cybersecurity

This article is in a healthcare IT publication, not security - interesting?

Tue, 17 Jan 2017 19:27:52 -0500

DtSR Episode 228 - Another Look at Endpoint Security

This week, Paul Hershberger joins us to talk about taking a fresh look at endpoint security for the new year. Paul has some insights into balancing risk/usability and how some of the things you've heard about endpoint may simply be ... wrong.

Join James and I as we let Paul endow us with his wisdom and experience... take some notes, this one's going to be good.

Guest

Paul Hershberger - @pjhersh13-Director IT Global Security Risk and Compliance at The Mosaic Company.

Thu, 12 Jan 2017 13:38:40 -0500

DtSR Episode 227 - NewsCast for January 10th 2017

St. Jude, MedSec and the FDA

FDA, St. Jude go through disclosure/fix cycle
No mention of MedSec - interesting for discussion; did they have an impact?
St. Jude does a fairly great job of notification, updating
Benefits outweigh the risks... thats a big statement
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm535843.htm
http://www.businesswire.com/news/home/20170109005921/en/St.-Jude-Medical-Announces-Cybersecurity-Updates
http://www.medsec.com/entries/stj-lawsuit-response.html
http://podcast.developsec.com/ep-56-security-contacts

New York financial regulator to delay cyber security rules

Originally supposed to go into effect Jan 1.. New Date is March 1
We discussed in passing in a previous episode
There are final adjustments being made, of course
http://www.reuters.com/article/us-cyber-new-york-idUSKBN14A224

Massachusetts makes data breach reports available online

http://turnto10.com/news/local/massachusetts-makes-data-breach-reports-available-online-01-04-2017
Seems less like a report and more of just the quick details of the notification
- http://www.mass.gov/ocabr/data-privacy-and-security/data/data-breach-notification-archive.html
- How much value does this provide?
- - Finding a company on the list doesnt indicate its current security posture.
  - Identifying that you did business with a company on the list.. Not much you can do anyway.
Still no indications of what happened, or who was actually affected
- Wouldnt you get an email or snail mail during the original notification procedures?

Tue, 03 Jan 2017 10:27:50 -0500

DtSR Episode 226 - Targeted Threats Facts From Fiction

Welcome to the first Down the Security Rabbithole Podcast episode of 2017!

We would like to kick off this year, and the run to episode 250 with an episode that dissects the facts from the fiction on the topic of "Advanced Threats". With all the talk in the news about the Russians "hacking the US election" (yes, that's absolutely silly to call it that) and talk of retaliation, it's important to have a frank discussion on the merits of the concept ofadvanced threats.

Sit back, grab a coffee and listen. I know you'll want to listen to this one more than once!

If you have a moment, and you actually read the show notes, we would love it if you could give us a rating on iTunes or actually leave a comment on the podcast page. Get engaged on Twitter, using the hashtag#DtSR!

Guest Biography

Sergio Caltagirone hunts evil. He spends his days hunting hackers and his evenings hunting human traffickers. After 9 years with the US Government, over 3 years at Microsoft and now at Dragos, Sergio not only hunted the most sophisticated targeted hackers in the world but also applied that intelligence to protect billions of users worldwide and safeguarding civilization through the protection of critical infrastructure and industrial control systems. He co-created the Diamond Model of Intrusion Analysis proudly helping thousands of others bring more pain to adversaries by strengthening hunters and intelligence analysts. He also proudly serves as the Technical Director of the Global Emancipation Network, a Non-Governmental Organization, leading a world-class all-volunteer team hunting human traffickers and finding their victims through data science and analytics working towards saving tens of millions of lives.

You can find Sergio on Twitter at @cnoanalysis

Links

Global Emancipation Network (NGO) -http://www.globalemancipation.ngo/
http://www.activeresponse.org/

Tue, 20 Dec 2016 12:50:09 -0500

DtSR Episode 225 - NewsCast for December 20th 2016

Merry Christmas, Happy New Year everyone!

May your holidays be filled with joy, love and family. From Michael, James and myself we wish you the very best and a healthy, prosperous and fulfilling 2017.

We will be back in 2017 with another great DtSR Episode... but before we go - here's one last NewsCast for 2016.

Yahoo - setting records again - biggest hack ever

It happened again: Yahoo says 1 billion user accounts stolen in what could be biggest hack ever
1 billion accounts.. But 1 billion users? Probably not
It was 2013 does it even matter?
Bigger issue - secret questions/answers can't be changed easily (if you're honest, which you shouldn't be)
What about the integrity of the Yahoo! brand?

Netgear Routers - Simple fix, Difficult fix

As with most devices that werent designed to be updated
The software fix (firmware) is quite easy according to Netgear
Problem is how to get users to install it
http://kb.netgear.com/000036386/CVE-2016-582384

Microsoft Patches dangerous backdoor in skype for Mac OSX

Issue on Mac only
Use of an unused or outdated API that provided access
http://www.darkreading.com/vulnerabilities---threats/microsoft-patches-dangerous-backdoor-in-skype-for-mac-os-x-/d/d-id/1327712

Flash being relegated by MSs Edge browser is it time?

So many vulnerabilities in Adobe Flash, exploitable
Chrome already has click-to-run
Next version of Edge will do click-to-run
Should we just nuke Flash? Isnt HTML5 prime-time already?
http://arstechnica.com/information-technology/2016/12/flash-will-become-click-to-run-in-edge-chrome-in-2017/

Tue, 13 Dec 2016 11:55:07 -0500

DtSR Episode 224 - Pointing the Finger of Responsibility

On this episode of Down the Security Rabbithole we tackle the question head on. Whose responsibility is security? Is it the end user who should be responsible for patching the devices they own? Is it the vendor who sells the wares? Is it the manufacturer who sells things with security issues?

What if it was everyone's problem? How do we police, legislate and ultimately assign blame? Should we be assigning blame, and more importantly what gives with this fascination for blaming the victim?

Lots of questions are asked and we start to tackle some of the answers...maybe.

Guests:

Shawn Tuma - @shawnetuma
Jonathan Nichols - @wvualphasoldier
Dave Dittrich - @davedittrich
Mark Zelcer - @markzelcer

Tue, 06 Dec 2016 09:46:52 -0500

DtSR Episode 223 - NewsCast for December 6th 2016

Federal Government Disproves the Myth of Cyber Talent Shortage

If the government can find and hire them - they exist
What does that mean for the rest of us hiring?
https://cio.gov/how-to-snag-talent-to-fill-critical-cybersecurity-positions-at-your-agency/

5 Mistakes to Avoid to Hire Qualified Application Security Talent

Not understanding current needs
Ignoring existing resources
Not sharing the workload
Not defining the role
Overly broad job requirements
General Idea: We say we need security talent, but we dont step back to really understand what we actually need given our current status and resources
https://www.jardinesoftware.com/5-mistakes-to-avoid-to-hire-qualified-application-security-talent/

Obama Cyber Security Commission to [Finally] Present Its Report

Seems like lots of fluff. But is there any actual substance here?
Protect, defend, and secure todays information infrastructure and digital networks
Innovate and accelerate investment for the security and growth of digital networks and the digital economy
Prepare consumers to thrive in a digital age
Build cybersecurity workforce capabilities
Better equip government to function effectively and securely in the digital age
Ensure an open, fair, competitive, and secure global digital economy
http://thehill.com/policy/cybersecurity/308332-presidential-commission-on-cybersecurity-to-present-final-report-friday

The First Question Security Leaders Need to Ask Before the Breach Happens

Article by Michael, gets to the heart of the matter
Turns out, figuring out what matters is hard work
http://www.csoonline.com/article/3146560/leadership-management/the-first-question-security-leaders-need-to-ask-before-a-breach-happens.html

AmazonUnveils Anti-DDoS Service for Customers

The company is offering two levels of protection
AWS Shield Standard monitors incoming web traffic for customers and uses anomaly algorithms and other analysis techniques to detect malicious traffic in real-time
The company also announced AWS Shield Advanced, a version designed to protect against more aggressive and sophisticated attacks
This is big news - because DDoS has become an effective tool of cyber extortionists
http://www.wsj.com/articles/amazon-cloud-computing-division-unveils-new-cyber-security-service-1480620359

Tue, 29 Nov 2016 23:06:34 -0500

DtSR Episode 222 - Zero Trust Security Model

This week, after a long wait, we have John Kindervag on the show! John talks us through the concept of "Zero Trust Security" and where and how it's implemented. It's a concept everyone should be familiar with by now - but I bet you aren't!

Join us, and as always provide feedback to the team using the hashtag #DtSR on Twitter, and you can always ping John directly at @Kindervag as well.

Tue, 22 Nov 2016 10:26:19 -0500

DtSR Episode 221 - NewsCast for Nov 22 2016

DHS Releases Strategic Principles for Securing the Internet of Things

https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL....pdf
These seem to be the same principles that we have been saying for all software (web, mobile, etc.)
NIST also has a more generic publication 800-160
What is the implication for the enterprise?
Do we prioritize anything differently as a result

What about the need for IoT legislation?

Is the marketplace broken?
If weve told people before but they didnt listen, does that actually mean they are wrong?
This is an area where we need to think about what were actually asking for
http://thehill.com/policy/cybersecurity/306418-house-subcommittee-chair-regulation-of-internet-connected-devices-not

Facebook buys black market passwords to keep your accounts safe

Password reuse is the single greatest cause of harm? Really?
Sounds too much like a lab experiment, rather than a legitimate use of capital
https://www.cnet.com/news/facebook-chief-security-officer-alex-stamos-web-summit-lisbon-hackers/

Michael just got back from Boston, hosting a CISO Leadership Conferences. We discuss the trends that came up

https://www.klogixsecurity.com/blog/boston-ciso-summit-recap

just the trends

Importance of a shared vision between the business and information security
Placing a higher value on skillsets vs. specific certifications/experience when seeking team members
How to enable the business and minimize asset loss
Creating a roadmap and measuring metrics/progress
Importance of reputational risk within an organization
Educating the board on your roadmap progress and threats, while keeping communication functional
Many organizations are placing a higher value on selecting the right cyber insurance
Chall

Tue, 15 Nov 2016 03:22:39 -0500

DtSR Episode 220 - Blaming the Breach Victim

This week, Patrick Dennis - the CEO of Guidance Software - joins us to talk about the Enterprise Security world's fascination with blaming the breach victim. We talk through some of the key issues and look for a way off the hamster wheel.

As always, #DtSR on Twitter to join in our conversation.

Tue, 08 Nov 2016 13:00:02 -0500

DtSR Episode 219 - NewsCast for Nov 8th 2016

It is election day.. Have you voted?

Beware, IPhone Users: Fake retail apps are surging before the holidays

The issue of brand protection and knock-off websites, apps and such is real
Spilling over into digital world, from physical
What is your company doing to protect yourself and your customers?
http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html?_r=0

Moving Beyond EMET

EMET is going away in a while
Most of the features are now built into Windows 10
This is a great thing (built in vs bolted on security)
https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/

Tesco Bank blames systematic sophisticated attack for account losses

Fraud system appears to be working - good
~40,000 accounts affected, of those lost money
Tesco is putting funds back, making things right
Core banking assets dont appear compromised, ATMs and such still work
Potentially an issue with website, fixable
http://www.bbc.com/news/business-37891742

Google Discloses Critical Flaw in Microsoft OS 10 Days After Notifying

Microsoft upset at Google
Google says it meets their 7-days-to-disclosure policy from 2013
How do you even patch an issue in 7 days - or write up a mitigation if there is none?
Is your company prepared to deal with this type of thing?
http://www.computerworld.com/article/3137192/security/google-clashes-with-microsoft-over-windows-flaw-disclosure.html

Tue, 01 Nov 2016 01:21:22 -0400

DtSR Episode 218 - The Business of Security

This week on DtSR Chad Boeckmann - President of Secure Digital Solutions - joins us to talk about the business of security. While the "bad guys" are running their criminal enterprise, security teams have struggled to be business-relevant. This discussion starts to dive into how to align security and business goals, answering the "how much is enough?" question and so much more.

Thanks to Chad for joining us. We encourage you to ask questions and leave comments here in the comments section or on Twitter at #DtSR. You can talk to Chad directly at @cboeckm on Twitter.

Tue, 25 Oct 2016 01:00:00 -0400

PodGrabber.comCybersecurity Podcast Archives (The Vault)

Application Security PodCast

Jet Anderson -- The AppSec Code Doctor

James Mckee -- Developer Security

Derek Fisher -- The Application Security Handbook

Rob van der Veer -- OWASP AI Security & Privacy Guide

Robyn Lundin -- Planning & organizing a penetration test as an AppSec team

Michael Bargury -- Low Code / No Code Security and an OWASP Top Ten

Alex Olsen -- Security champions, empowering developers, and AppSec training

Mark Curphey -- The future of OWASP

Tiago Mendo -- How to scan at scale with OWASP ZAP

Wolfgang Goerlich -- Security beyond vulnerabilities

Sam Stepanyan -- OWASP Nettacker Project

Nick Aleks and Dolev Farhi -- GraphQL Security

Guy Barhart-Magen -- Log4j and Incident Response

Brett Smith -- Security is a Necessary Evil

Chen Gour-Arie -- The AppSec Map

Dominique Righetto -- OWASP Secure Headers

Hillel Solow -- How to do AppSec without a security team

Chris Romeo -- The Security Journey Story

Kristen Tan and Vaibhav Garg -- Machine Assisted Threat Modeling

Patrick Dwyer -- CycloneDX and SBOMs

Omer Gil and Daniel Krivelevich -- Top 10 CI/CD Security Risks

Josh Grossman -- Building a High-Value AppSec Scanning Program

Alex Mor -- Application Risk Profiling at Scale

Brenna Leath -- Product Security Leads: A different way of approaching Security Champions

Will Ratner -- Centralized container scanning

Neil Matatall -- AppSec at Scale

Joern Freydank -- Security Design Anti Patterns Limit Security Debt

Ken Toler -- Blockchain, Cloud, and #AppSec

Jeroen Willemsen and Ben de Haan -- Dirty little secrets

Adam Shostack -- Fast, cheap and good threat models

Loren Kohnfelder -- Designing Secure Software

Ochaun Marshall -- IaC and SAST

Simon Bennetts -- Using OWASP Zap across an Enterprise

Timo Pagel -- DevSecOps Maturity Model

Mazin Ahmed -- Terraform Security

James Ransome and Brook Schoenfield -- trust and verify: Building in Security at Agile Speed

OWASP Top 10 2021 Peer Review

Anastasiia Voitova -- Encryption is easy, key management is hard

Eran Kinsbruner -- DevSecOps Continuous Testing

Mark Loveless -- Threat modeling in a DevSecOps environment.

Jeroen Willemsen -- Security automation with ci/cd

Thinking back, Looking forward - A Balanced Approach to Securing our Software Future

Jeevan Singh -- Threat modeling based in democracy

Dima Kotik -- Application Security and the Zen of Python

Dustin Lehr -- Advocating and being on the side of developers

Aaron Rinehart -- Security Chaos Engineering

Izar Tarandach and Matt Coles-- Threat Modeling: A Practical Guide for Development Teams

Charles Shirer -- The most positive person in security

Leif Dreizler -- Tactical tips to shift engineering right

Vandana Verma -- OWASP Spotlight Series

Dr. Anita DAmico -- Do certain types of developers or teams write more secure code?

Alyssa Miller -- Bringing security to DevOps and the CI/CD pipeline

Liran Tal Cloud native application security, whats a developer to do?

Chris Romeo DevSecOps Fails

Jim Routh Secure software pipelines

Andrew van der Stock Taking Application Security to the Masses

JC Herz and Steve Springett SBOMs and software supply chain assurance

Brian Reed Mobile Appsec: The Good, the Bad and the Ugly as We Head into 2021

The Threat Modeling Manifesto Part 2

The Threat Modeling Manifesto Part 1

Season 7 Guests The best of Season 7

Aviat Jean-Baptiste The AppSec report

Frank Rietta The convergence of Ruby on Rails and #AppSec

Dmitry Sotnikov REST API Security there is no silver bullet

Caroline Wong The state of Penetration Testing

Aaron Davis LavaMoat solving JavaScript software supply chain

Anastasiia Voitova Use Cryptography; Dont Learn It

Michael Furman SameSite Cookies

Chris Romeo The State of Security and the Importance of Empathy

Neil Matatall Content Security Policy

Grant Ongers Gamification of threat modeling

Elie Saad OWASP WSTG, Cheat Sheets, and Integration

Graham Holmes Adversarial Machine Learning

Ochaun Marshall Securing Web applications in AWS

Drew Dennison Security should make the computer sweat more

Aaron Guzman IoTGoat

Adam Shostack The Jenga View of Threat Modeling

Cindy Blake Aligning security testing with Agile development

PodGrabber.com
Cybersecurity Podcast Archives (The Vault)