Application Security PodCast

Tue, 19 Sep 2023 05:00:00 -0400

Harshil Parikh -- Deep Environmental and Organizational Context in Application Security

Harshil Parikh is a seasoned security leader with experience building security and compliance functions from the ground up. He notably built the security and compliance team at Medallia from scratch and led it through several transitions. He is also a conference speaker, and, most recently, he co-founded Tromzo. Harshil shares insights about AppSec, running a startup, selling effectively, and provides justification for his mantra, "Context is king."

Harshil underscores the importance of understanding context in security, emphasizing that it's the bedrock for making informed decisions. He also brings to light the significance of data-driven metrics in application security.

Harshil champions the cause of enhancing the developer experience in application security. He posits that security professionals should be more than just watchdogs; they should be enablers, aiding developers in making the right security decisions. This involves equipping developers with the necessary tools and knowledge and providing them with the relevant context to understand the bigger picture. Harshil's insights into the trend of developer autonomy, especially in modern companies, are particularly enlightening. He discusses how developers today often take ownership beyond just coding, emphasizing the need for security guardrails to guide them.

Rounding off the episode, Harshil touches upon the challenges of scaling application security programs in organizations. His main message resonates powerfully: the role of security professionals extends beyond mere problem detection. It's about risk management, improving developer experiences, and navigating the complex labyrinths of organizational hierarchies. This episode is a treasure trove of insights for anyone keen on understanding the nuances of application security in today's dynamic tech landscape.

Recommended Reading:
The Metrics Manifesto by Richard Seiersen. https://www.wiley.com/en-us/The+Metrics+Manifesto%3A+Confronting+Security+with+Data-p-9781119515418

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 12 Sep 2023 05:00:00 -0400

Jeff Williams -- The Tech of Runtime Security

Jeff Willams of Contrast Security joins Chris and Robert on the Application Security Podcast to discuss runtime security, emphasizing the significance of Interactive Application Security Testing (IAST) in the modern DevOps landscape. After reflecting on the history of OWASP, the conversation turns to the challenges organizations face in managing their application security (AppSec) backlogs. Jeff highlights the alarming number of unresolved issues that often pile up, emphasizing the inefficiencies of traditional security tools.

Jeff champions IAST, and here are a few highlights that he shares. IAST is ideally suited for DevOps by seamlessly transforming regular test cases into security tests. IAST can provide instant feedback, leading to a Mean Time To Repair (MTTR) of just three days across numerous applications. Unlike Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST), which can take hours or even days, IAST can complete security testing during the build, fitting within the tight SLAs of modern pipelines.

IAST offers developers comprehensive insights, which aids in a better understanding and quicker resolution of the identified issues. It is also adaptable, as IAST can detect vulnerabilities before they are exploited. Jeff argues that IAST's ability to work with existing test cases and provide rapid feedback makes it a perfect fit for the fast-paced DevOps environment.

Jeff emphasizes that while runtime security can be a game-changer, it doesn't replace other essential aspects of AppSec programs, such as training. In conclusion, Jeff Williams champions IAST as a revolutionary tool in the application security domain. Its adaptability, efficiency, and depth of insights make it a must-have in the toolkit of modern developers and security professionals.

Links:

Jeff on LinkedIn: https://www.linkedin.com/in/planetlevel/
Java Observability Toolkit (JOT): https://github.com/planetlevel/jot
Identified by John Wilander: https://www.amazon.com/IDENTIFIED-hacker-thriller-headlines-newspapers/dp/B09NRF399J
Venture in Security article about circle stickers: https://ventureinsecurity.net/p/solving-the-circle-sticker-problem

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 05 Sep 2023 05:00:00 -0400

Mark Curphey and John Viega -- Chalk

Mark Curphey and John Viega join Chris and Robert to explain the details of Chalk, Crash Override's new tool. Mark also talks about why ZAP departed from OWASP and joined the Software Security Project, highlighting some of the value and differences of both organizations. Open Source Software is important to the industry, but Mark calls on companies to contribute to the development and support of the projects they use.

The conversation explores the challenges faced by companies, especially large tech firms, in managing their software engineering processes. Many organizations grapple with identifying code ownership, determining code versions during incidents, and prioritizing alerts from static analysis tools. Chalk emerges as a solution to these challenges, providing clarity and reducing friction in the software development and maintenance process.

Toward the end, both speakers emphasize the importance of understanding the entire software engineering process to make informed decisions. They advocate for an "outside-in" perspective, urging listeners to step into the shoes of others and view challenges from a broader perspective. This holistic approach, they suggest, can lead to more effective decision-making in the realm of software development.

Listen until the end for book recommendations on cybersecurity, business, and personal growth.

Links:

Crash Override: https://crashoverride.com/about/
Chalk: https://crashoverride.com/docs/chalk/overview/
The Software Security Project: https://softwaresecurityproject.org/
The Open Worldwide Application Security Project (OWASP): https://owasp.org/

Books:

Cybersecurity Myths and Misconceptions... by Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra: https://www.pearson.com/en-us/subject-catalog/p/cybersecurity-myths-and-misconceptions-avoiding-the-hazards-and-pitfalls-that-derail/P200000007269/9780137929238
Crossing the Chasm by Geoffrey A. Moore: https://www.harpercollins.com/products/crossing-the-chasm-3rd-edition-geoffrey-a-moore?variant=32130444066850
The Pragmatic Framework: https://www.pragmaticinstitute.com/product/framework/
Atomic Habits by James Clear: https://jamesclear.com/atomic-habits
Start with Why by Simon Sinek: https://simonsinek.com/books/start-with-why/

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 29 Aug 2023 05:00:00 -0400

Maril Vernon -- You Get What You Inspect, Not What You Expect

Maril Vernon is passionate about Purple teaming and joins Robert and Chris to discuss the intricacies of purple teaming in cybersecurity. She underscores the significance of fostering a collaborative environment between developers and the security team. Drawing from her experiences, Maril shares the challenge of development overlooking her remediation recommendations. She chose to engage directly with the developers, understanding their perspective and subsequently learning to frame her remediations in developer-centric language. This approach made her recommendations actionable and bridged the communication gap between the two teams.

Maril also looks into the future of purple teaming, envisioning a landscape dominated by automation and AI tools. While these tools will enhance the efficiency of certain tasks, she firmly believes that the human element, especially the creativity and intuition of red teamers, will remain irreplaceable. She envisions a future where dedicated purple teams might be replaced by a more holistic approach, or white teams, emphasizing collaboration across all departments.

Maril's powerful message on the essence of security: "You get what you inspect, not what you expect." She emphasizes the importance of proactive inspection and testing rather than relying on assumptions. And she re-states the centrality of cooperation between teams. Maril's insights serve as a reminder of the dynamic nature of cybersecurity and the need for continuous adaptation and collaboration.

Helpful Links:

Follow Maril: @shewhohacks
Purple Team Exercise Framework: https://github.com/scythe-io/purple-team-exercise-framework
Scythe: https://scythe.io/
MITRE ATT&CK Framework: https://attack.mitre.org/
MITRE ATT&CK Navigator: https://github.com/mitre-attack/attack-navigator
AttackIQ: https://www.attackiq.com/
SafeBreach: https://www.safebreach.com/
PlexTrac - https://plextrac.com/
Atomic Red Team: https://atomicredteam.io/

Book Recommendations:

Security+ All-in-One Exam Prep: https://www.mheducation.com/highered/product/comptia-security-all-one-exam-guide-sixth-edition-exam-sy0-601-conklin-white/9781260464009.html
The Pentester BluePrint - https://www.wiley.com/en-us/The+Pentester+BluePrint:+Starting+a+Career+as+an+Ethical+Hacker-p-9781119684305
The First 90 Days - https://hbr.org/books/watkins

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 22 Aug 2023 05:00:00 -0400

Dan Kykendall -- Why All Application Security Products Suck

Dan Kykendall visits The Application Security Podcast to discuss his series "Why All AppSec Products Suck" and explain why software companies should understand the uses and limitations of any security tool. The series aims to highlight the limitations of each tool and to help users make informed decisions when selecting the right tools for their needs. In this field, there is no such thing as an expert; there is always something new to learn.

Dan, Chris, and Robert remember the late Kevin Mitnick, a well-known figure in the cybersecurity community. They share their personal experiences with Mitnick, highlighting his curiosity, humility, and the importance of remembering that everyone in the cybersecurity community is a regular person with feelings and concerns.

The hosts discuss the challenges of dealing with heavy client-side applications, such as those built with React, and the difficulties faced by Dynamic Application Security Testing (DAST) scanners in handling different data formats and client-side complexities. They share their experiences in redesigning DAST scanners to handle various data formats and the importance of separating data formats from attack payloads. Dan helps Chris see the usefulness of DAST in certain situations, such as a large enterprise, without hiding some of the limitations inherent in DAST.

The podcast also touches on the importance of training engineers in web security and the need for a collection of tools that address different security concerns. The hosts emphasize the value of designing security into applications from the beginning and the role of training in achieving this goal. Learning the basics, such as understanding TCP/IP, is still important for security and developers.

To gain more valuable insights and resources from Dan Kuykendall

The Dan On Dev website

- https://danondev.com

Social Media

- https://twitter.com/dan_kuykendall

- https://twitter.com/Dan_On_Dev

- https://instagram.com/dan_on_dev

- https://facebook.com/danondev

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 15 Aug 2023 05:00:00 -0400

Kevin Johnson -- Samurai Swords and Zap's Departure

Kevin Johnson is the CEO of Secure Ideas. He began his career as a developer but turned toward security when he discovered that the interface for an intrusion detection system, Snort, was out of date. This led him to create BASE (Basic Analysis and Security Engine), a testament to Kevin's proactive approach.

Kevin has a deep-rooted passion for open-source projects. He highlights the challenges and joys of initiating and sustaining such ventures, emphasizing the pivotal role of community contributions. Kevin also details how to install and start with SamuraiWTF, a tool tailored for those keen on mastering application security. He outlines two paths for developers: one focused on learning application security intricacies and another on actively contributing to the project's growth.

Kevin also discusses the notable departure of ZAP from OWASP. Kevin expresses his concerns and reflects on the broader implications of this decision on the cybersecurity community. The episode wraps up with a touch of nostalgia, as Kevin and Chris reminisce about their early tech adventures, showcasing Kevin's unwavering commitment to knowledge-sharing and community collaboration.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 08 Aug 2023 05:00:00 -0400

Tony Quadros -- The Life of an AppSec Vendor

Tony Quadros, the AppSec Lumberjack, shares the unique career path that led him to find his passion in Application Security. The discussion delves into the work of an AppSec vendor, with Tony explaining his role and the responsibilities it entails. He emphasizes the importance of understanding the needs and environment of the customer, and whether the product he represents can fulfill their requirements. Tony also shares his philosophy of sales, centered around solving problems and providing business value.

Tony reveals the challenges salespeople face in the cybersecurity industry, particularly the pressure to meet quotas and the need for good company culture. Chris, Robert, and Tony highlight the importance of setting realistic expectations at the executive level to avoid putting undue pressure on customers and prospects.

In addition, the conversation touches on the importance of sales leadership in setting processes and creating a positive company culture. Sales leaders need to educate themselves about their products and market segment. Tony stresses they should provide value to customers through their conversations.

He also talks about becoming involved with OWASP Maine and encourages community involvement for all members of the AppSec community.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 23 Jul 2023 21:00:00 -0400

Steve Giguere -- Cloud AppSec

Cloud security is on an evolutionary path, with newer platforms embracing secure-by-default settings. This has led to a significant improvement in security but also adds complexity as developers need to understand these defaults when deploying to the cloud.

Steve Giguere defines cloud application security, describes cloud-first development and cloud complexity, security by default, and the need to broaden AppSec by creating new security personas and being secure from idea to destination. Steve provides many nuggets of insight from his travels, including pointing us to Wing, a programming language for the cloud that includes code and IaC together.

We discuss the consolidation of application security, particularly Static Application Security Testing (SAST) and Software Composition Analysis (SCA). These should not be separate products but must provide actionable insights and be tied together for practical reachability analysis.

We introduce a new segment of rapid-fire questions, asking about what Steve would put on a billboard at RSA or Blackhat and asking for book recommendations. Steve recommends "Hacking Kubernetes," praising its use-case focus and engaging narrative.

We plan to revisit this conversation in a few years to see if Steve's predictions about the security pipeline and other aspects of cloud application security have come to fruition.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 14 Jul 2023 09:00:00 -0400

Paul McCarty -- The Burrito Analogy of the Software Supply Chain

"Visualizing the Software Supply Chain" is a project which aims to kick off a discussion about the scope and breadth of the software supply chain.

Paul McCarty emphasizes the importance of understanding what's in the software supply chain to secure it effectively. He uses the burrito analogy, stating that you can't decide if you want to eat it if you don't know what's in it. We discuss the nuances around the Software Bill of Materials (SBOM) and the importance of understanding the differences between various SBOMs, especially for companies that deploy frequently.

The conversation also covers third-party components, such as APIs, SaaS solutions, payment gateways, and identity providers, which are part of the software supply chain. Paul gives the example of Stripe, a payment platform that includes software components and SaaS.

Paul's project helps people understand the different threats associated with each category in the software supply chain. The episode concludes with a call to action for organizations to prioritize understanding their software supply chain and leveraging automation as much as possible.

Gain valuable insights into securing the software supply chain and consider guidance on actionable steps organizations can take to enhance their security.

Four key takeaways from the episode:

Understanding the Software Supply Chain: Paul McCarty emphasizes the importance of understanding the scope and breadth of the software supply chain. He suggests you can't secure or have a valuable conversation about the software supply chain if you don't know what's in it.
The Role of Third-Party Components: Third-party components in the software supply chain are crucial. These can include APIs, SaaS solutions, payment gateways, and identity providers. Paul uses Stripe as an example to illustrate this point.
The Nuances of the Software Bill of Materials (SBOM): SBOM has nuance. We highlight the importance of understanding the differences between various SBOMs, especially for companies that deploy frequently.
Threat Thinking in the Software Supply Chain: We appreciate the depth of threat thinking in Paul's project. This approach helps people understand the different threats associated with each category in the software supply chain.

Links:

https://github.com/SecureStackCo/visualizing-software-supply-chain
https://github.com/6mile/DevSecOps-Playbook

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 09 Jul 2023 19:00:00 -0400

Farshad Abasi -- Three Models for Deploying AppSec Resources

Farshad Abasi shares three models for deploying resources within application security teams:

The Dedicated AppSec Person Model involves assigning an AppSec person to work with each team. Farshad shares his experience of working with developers and the challenges faced in getting them to understand and implement threat modeling. He also discusses the transition from waterfall to Agile and how it affected threat modeling.
The Federated Model: A security consultant attends weekly standups and sprint planning sessions in this model. They work with a checklist to quickly determine if any user stories could be security sensitive. This model reduces the allocation required to 10 to 20% of an AppSec consultant.
The Champion or Deputy Model: The AppSec team deputizes developers to do the bulk of the application security work, and the AppSec team becomes a resource and escalation point for more complex problems. Each DevOps team appoints a security champion, and these champions form a working group supported by an AppSec person. The champions handle day-to-day issues and threat modeling, with the AppSec team providing mentorship and support.

Over several years, Farshad's journey progressed from the expert-led model to a fully-deputized, champion-driven approach to AppSec.

After careful consideration, we conclude that the fully deputized model is the only path to scalability.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 29 Jun 2023 05:00:00 -0400

Kim Wuyts -- The Future of Privacy Threat Modeling

Kim Wuyts discusses her work in privacy threat modeling with LINDDUN, a framework inspired by Microsoft's STRIDE for security threat modeling. LINDDUN provides a structure to analyze privacy threats across multiple categories such as linking, detecting data disclosure, and unawareness. The framework has been updated over the years to incorporate new knowledge and developments in privacy, and it has become recognized as a go-to approach for privacy threat modeling.

Kim believes that privacy and security can be combined and highlights the importance of protecting individuals' rights and data while securing systems and assets.

Privacy by design, which focuses on reducing unnecessary data collection and considering individual needs, is discussed in relation to secure architecture and threat modeling. The Threat Modeling Manifesto is emphasized as a significant resource for promoting privacy threat modeling.

Kim addresses emerging trends in privacy, including the concerns surrounding AI and responsible AI, and stresses the need for increased awareness among individuals and companies about privacy issues and the importance of privacy protection.

Listen in as Kim explains the importance of collaboration between security and privacy teams, integrating privacy into security practices, and recognizing the value of privacy for both privacy protection and overall security.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 22 Jun 2023 14:00:00 -0400

Francois Proulx -- Actionable Software Supply Chain Security

Software supply chain -- how deep does the problem go? Franois is here to help us realize how deep the rabbit hole of the supply chain is and enlighten us with strategies to get out of the hole.

Franois emphasizes the importance of branch protection in source code repositories as the cornerstone of any supply chain, highlighting the need for peer review and static code analysis before merging. He also discusses the concept of tag protection, which prevents anyone with rewrite access to the repository from modifying a tag. This is particularly important in the context of build systems, where an overwritten tag could compromise the entire system.

The conversation then shifts to a "Let's Encrypt" equivalent for package signing, which Franois believes is being addressed by the SIG store project. This project introduces the concept of keyless signatures, which eliminates the need to manage private keys, a process that can be risky and cumbersome.

Franois also discusses the importance of understanding your dependency tree and using package manager lock files to ensure that the version of a package you're downloading is the one you expect. He mentions the Terraform modules, where the lack of a lock file for modules can lead to security vulnerabilities.

Toward the end of the episode, Franois recommends listeners explore the OpenSSF (Open Source Security Foundation) and its various projects, such as the Scorecard project, which provides a security posture for your repo. He also mentions https://deps.dev, a free Google service that scans open-source repos and runs the Scorecard on those projects.

Look up towards the light if you find yourself at the bottom of the rabbit hole.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 15 Jun 2023 08:00:00 -0400

Steve Wilson -- OWASP Top Ten for LLMs

How do we do security in the world of AI and LLMs? A great place to start is with an OWASP project tasked with creating a standardized guideline for building secure AI applications with large language models such as ChatGPT. Enter OWASP Top Ten for LLMs, and Steve Wilson, the project leader.

You'll experience Large Language Models (LLMs) and their implications in AI. Steve explains how the introduction of ChatGPT marked a significant shift in the AI landscape. He elaborates on the concept of LLMs, their functioning, and the unique properties that emerge when used at a large scale.

Traditional OWASP Top Ten issues like SQL injection and broken authorization are still applicable when dealing with AI applications, and the OWASP API Top Ten could be layered onto these considerations. Think about it -- AI applications have web frontends.

A new discipline of AI security engineering is on the horizon, focusing on the security of large language models and the applications that access them. A focus on both AI safety AND security must occur.

We look forward to the release of the 1.0 version of the OWASP Top Ten for LLMs. Join the discussion today on OWASP Slack, and help form the new list.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 07 Jun 2023 12:00:00 -0400

JB Aviat -- The State of Application Security

What is the state of application security? JB Aviat answered that question, by creating the state of application security report based on data from Datadog customers using the application security and APM products. It provides insights into threat detection, vulnerability detection, prioritization, and general trends on where the most significant risks lie.

We discuss:

the prioritization of vulnerabilities;
the risks associated with non-production environments like staging or pre-production. They discuss how attackers often target these environments, potentially as practice grounds, before launching an attack on the production environment;
future trends of application security, particularly with the rise of low-code or no-code development tooling.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 01 Jun 2023 12:00:00 -0400

Joshua Wells -- Application Security in the Age of Zero Trust

What is zero trust, and how does it impact the world of applications and application security? We dive deep into zero trust with Joshua Wells, a seasoned cybersecurity expert with over ten years of experience. Joshua explores the intricacies of zero trust, a cybersecurity model that dictates no user or machine is trusted by default and must be authenticated every time.

Listen in as Joshua discusses his journey from aspiring to be an NFL player to becoming a leading voice in cybersecurity. He shares insights on how zero trust operates in different domains, including architectural security, endpoint detection, mobile device management, and risk assessment. He also touches on its implementation across various government bodies and private organizations.

Further, Joshua sheds light on the challenges of implementing zero trust, such as the need for a mix of different security tools and the stress of smaller teams when handling this robust framework. The episode also covers important considerations for Application Security (AppSec) professionals in a zero-trust environment and the role of attribute-based access control within this model.

Don't miss this enlightening discussion on cybersecurity's current landscape and future direction. Whether you're a cybersecurity professional, a tech enthusiast, or simply keen on understanding how your data is being kept secure, this episode will surely provide invaluable insights.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 15 May 2023 11:00:00 -0400

Jeevan Singh -- The Future of Application Security Engineers

Jeevan Singh, the director of product security at Twilio, discusses the future of application security engineers. Singh highlights the importance of embedding security into all aspects of software development and the need for a strong security culture within organizations. He also explains the skills required for a senior application security engineer, such as application security, software development, and teaching skills. Singh underscores the importance of empathy and influence, emphasizing that soft skills can significantly affect adequate application security. He also discusses the impact of AI, particularly OpenAI's GPT, in supporting the work of security engineers by providing valuable insights and information. Singh concludes by urging application security engineers to broaden their skills, particularly in software development, to ensure they can effectively handle the industry's evolving demands.

Five takeaways:

The future of application security engineering requires a blend of skills: Application Security (AppSec), software development, and teaching skills. Communicating and teaching others about security best practices is becoming as important as technical know-how.
The role of application security engineers is evolving: They are expected to identify and fix security issues and embed security considerations into the entire software development process. They are also tasked with educating other staff on security best practices.
Empathy and influence are crucial soft skills for application security engineers: It's essential to understand the perspectives of various stakeholders, from developers to executives, and influence them to prioritize security. This involves presenting data effectively and advocating for security measures.
Future demand for application security engineers is anticipated. As organizations increasingly realize the importance of securing their applications, there will be a growing need for professionals in this field. This is particularly the case for startups and smaller organizations.
Scaling application security efforts requires a team-based approach: To keep pace with growing engineering teams and increasing security demands, application security efforts must be scaled. This could involve creating "security champions" within development teams, implementing automated tools, and involving executive leadership to incentivize security improvements.

Jeevan's first appearance on the Application Security Podcast was entitled Jeevan Singh -- Threat modeling based in democracy.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 03 May 2023 11:00:00 -0400

Tony Turner -- Threat Modeling and SBOM

Have you ever considered using an SBOM to inform your threat modeling? Tony Turner has. Tony joins us to discuss SBOMs, threat modeling, and the importance of Cyber Informed Engineering.

Tony delves into the SBOM (Software Bill of Materials) concept, highlighting their value proposition in identifying vulnerabilities, demonstrating compliance with software licenses, and informing M&A activities and incident response indicators related to cyberattacks. We also explore the integration of SBOMs into the system engineering process and security engineering.

Tony further introduces the concept of Consequence-Driven Cyber Informed Engineering, which emphasizes understanding the potential consequences of cyberattacks on critical infrastructure rather than just on individuals or individual businesses. We discuss the four-step process of consequence-driven CIE. The conversation also addresses the challenges in communicating SBOM information, the importance of demanding transparency from suppliers, and the need to place trust in trusted third-party attestations.

Follow up:

- Research tools for integrating SBOMs into threat modeling
- Explore methods of communicating SBOM information
- Investigate Cyber Informed Engineering and Consequence-Driven principles in more detail

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 18 Apr 2023 17:00:00 -0400

Christian Frichot -- Threat Modeling with hcltm

Christian Frichot, an AppSec hacker, security leader, and developer of hcltm. He discusses the DevOps threat modeling tool he dreamed up and built. The tech was created to fit into developers' workflows and leverage tools they are familiar with. hcltm is designed to drive valuable change and be updated and maintained easily by software engineers. It is a developer-centric software product not heavily opinionated on diagramming, allowing users to employ their preferred methods for threat modeling. The solution is still evolving, and Frichot is open to user feedback and suggestions to improve it. He encourages people to try hcltm and see if it fits their threat modeling needs, as everyone approaches the process differently.

Critical actions for you to take from this episode:

Try out hcltm: familiarize yourself with the hcltm threat modeling tool, which uses HashiCorp Configuration Language (HCL) to help manage threat models alongside software code in a developer-friendly way.
Integrate threat modeling into your workflow: As a developer or security professional, explore ways to incorporate threat modeling into your current processes, such as using hcltm to manage threat models in a software repo and updating the model with each change.
Improve communication and collaboration: learn from Christian's experience and focus on building relationships and networks in the security community and improving communication and influencing skills.

Visit the OWASP Security & Privacy Guide here --> https://owasp.org/www-project-ai-security-and-privacy-guide/

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 10 Jan 2023 08:00:00 -0500

Robyn Lundin -- Planning & organizing a penetration test as an AppSec team

Robyn Lundin started working in tech after a coding boot camp as a developer for a small startup. She then discovered her passion for security, pivoted into pentesting for NCC Group, and now works as a Senior Product Security Engineer for Slack.

Robyn joins us to discuss the role of penetration testing within the application security realm. Robyn provides actionable guidance you can apply directly to your application pen testing program. We hope you enjoy this conversation with....Robyn Lundin.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 03 Jan 2023 08:00:00 -0500

Michael Bargury -- Low Code / No Code Security and an OWASP Top Ten

Michael Bargury is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past, he headed security product efforts at Azure, focused on IoT, APIs and IaC.

Michael is passionate about all things related to cloud, SaaS and low-code security and spends his time finding ways they could go wrong. He also leads the OWASP low-code security project and writes about it on DarkReading. Michael is a regular speaker at OWASP, BSides and DEFCON conferences.

Michael joins us to unpack Low Code / No Code and the new OWASP Top Ten that defines specific risks against Low/No Code. We hope you enjoy this conversation with...Michael Bargury.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 20 Dec 2022 08:00:00 -0500

Alex Olsen -- Security champions, empowering developers, and AppSec training

Alex leads the Cyber Security Consulting Group, part of Rakuten's Cyber Security Defense Department. The group's dedication is to providing global security services, including security architecture, DevSecOps tooling and integration services, delivery of technical training, and running Rakuten's Security Champion community. His focus is on empowering teams to improve security throughout the development lifecycle.

Alex joins us to discuss security champions, a topic near and dear to our hearts. We get into democratizing appsec, the value of security governance and empowerment activities for security champions and the organization, how scope, cost and effort fit, and the ROI of training and security champions. We hope you enjoy this conversation with...Alex Olsen.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 13 Dec 2022 08:00:00 -0500

Mark Curphey -- The future of OWASP

Mark Curphey is one of the creators of OWASP from the very early days. Mark worked in the background over the few decades of OWASP but has recently taken more to the spotlight. After running, he was elected and joined the OWASP Board of Directors.

This conversation starts with the historical story of Mark and his history with OWASP. Then we jump into the visions for OWASP in the future and the plans in place to reach those goals. We hope you enjoy this conversation with...Mark Curphey.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 06 Dec 2022 07:00:00 -0500

Tiago Mendo -- How to scan at scale with OWASP ZAP

Tiago Mendo is a co-founder and CTO of Probely. He has extensive experience in pentesting applications, training, and providing all-around security consultancy.

Tiago started working with security in the early 2000s, beginning with a tenure of 12 years at Portugal Telecom. While there, he built the web security team and worked with 150+ developers. He holds a Master's in Information Technology/Information Security from Carnegie Mellon University and a CISSP certification.

He is also a qualified member of AP2SI, a non-profit organization that promotes Information Security in Portugal, and Co-Leader of the Lisbon OWASP Chapter. He is a frequent speaker at security events, such as Confraria da Segurana da Informao, BSides Lisbon, BSides Krakw and LASCON.

Tiago Mendo joins us to discuss OWASP ZAP and DAST scanning at scale. Tiago shares what scanning at scale is, the common challenges development teams must overcome when scanning at scale, and how to overcome them using OWASP ZAP. We hope you enjoy this conversation with ... Tiago Mendo.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 29 Nov 2022 08:00:00 -0500

Wolfgang Goerlich -- Security beyond vulnerabilities

J. Wolfgang Goerlich is an Advisory CISO for Cisco Secure. He has been responsible for IT and IT security in the healthcare and financial services verticals. Wolfgang has led advisory and assessment practices for cybersecurity consulting firms.

Wolf joins us to talk about some security things that will stretch your mind, like security beyond vulnerabilities, how apps intended functionality can be misused, data privacy, and nudges and behavior science.

Wolf challenged my thinking in this episode and pointed out a new area of threat modeling I had never considered. We hope you enjoy this conversation with... J. Wolfgang Goerlich.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 08 Nov 2022 08:00:00 -0500

Sam Stepanyan -- OWASP Nettacker Project

Sam Stepanyan is an OWASP London Chapter Leader and an Independent Application Security Consultant with over 20 years of IT experience and a background in software engineering and web application development.

Sam has worked for various financial services institutions in the City of London, specializing in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management. He is also a Subject Matter Expert in Web Application Firewalls (WAF) and SIEM systems. Sam holds a Masters degree in Software Engineering and a CISSP certification.

Sam joins us to introduce us to OWASP Nettacker. He describes the tool's capabilities, how you can put it into use in various scenarios for asset generation and vuln scanning, and how to contribute to the project going forward. We hope you enjoy this conversation with...Sam Stepanyan.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 01 Nov 2022 13:00:00 -0400

Nick Aleks and Dolev Farhi -- GraphQL Security

Dolev Farhi is a security engineer and author with extensive experience leading security engineering teams in complex environments and scales in the Fintech and cyber security industries. Currently, he is the Principal Security Engineer at Wealthsimple. He is one of the founders of DEFCON Toronto (DC416). He enjoys researching vulnerabilities in IoT devices, participating in and building CTF challenges and contributing exploits to Exploit-DB.

Nick Aleks is a leader in Toronto's cybersecurity community and a distinguished and patented security engineer, speaker, and researcher. He is currently the Senior Director of Security at Wealthsimple, leads his security firm, ASEC.IO, and is a Senior Advisory Board member for HackStudent, George Brown, and the University of Guelph's Master of Cybersecurity and Threat Intelligence programs. A founder of DEFCON Toronto, he specializes in offensive security and penetration testing. He has over ten years of experience hacking everything from websites, safes, locks, cars, drones, and even intelligent buildings.

Dolev and Nick join us to unpack the world of GraphQL security. We introduce GraphQL, threats, and mitigations to secure your GraphQL instances. We hope you enjoy this conversation with....Dolev and Nick.

Important Links:

Link to the book https://nostarch.com/black-hat-graphql

CrackQL https://github.com/nicholasaleks/CrackQL

Chris Romeo -- The Security Journey Story

In this episode of the Application Security Podcast, Chris Romeo walks through the origin story of Security Journey and shares some experiences taking a security startup from bootstrap to acquisition. Chris talks about how and why he started the company, what defining factors made Security Journey successful and why they're being acquired now. He ends by giving an overview of what to expect from Security Journey moving forward. We hope you enjoy this conversation withChris Romeo.

Check out these resources for more information about the acquisition!
Press Release: https://www.accesswire.com/702562/HackEDU-Acquires-Security-Journey-to-Provide-the-Most-Comprehensive-Application-Security-Training-Offering-Helping-Development-Teams-Deliver-Secure-Code-and-Protect-Data

Chris's Blog Post: https://www.securityjourney.com/post/hackedu-acquires-security-journey

Joe's Blog Post: https://www.hackedu.com/blog/hackedu-acquires-security-journey-to-create-industry-leading-application-security-offering

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 10 May 2022 13:00:00 -0400

Kristen Tan and Vaibhav Garg -- Machine Assisted Threat Modeling

In this episode of the Application Security Podcast, we talk to Kristen Tan and Vaibhav Garg from Comcast. They wrote a paper called "An Analysis of Open-source Automated Threat Modeling Tools and Their Extensibility from Security into Privacy". They join us to share their story about what they were doing and why they did it. We hope you enjoy this conversation with...Kristen and VG.

https://www.usenix.org/publications/loginonline/analysis-open-source-automated-threat-modeling-tools-and-their

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 03 May 2022 14:00:00 -0400

Patrick Dwyer -- CycloneDX and SBOMs

Patrick is a Senior Product Security Engineer in the Application Security team at ServiceNow. He is also Co-Leader of the OWASP CycloneDX project. A lightweight Software Bill of Materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 25 Apr 2022 15:00:00 -0400

Omer Gil and Daniel Krivelevich -- Top 10 CI/CD Security Risks

Daniel Krivelevich is a cybersecurity expert and problem solver, with 15+ years of enterprise security experience with a proven track record working with 100+ enterprises across multiple industries, with a strong orientation to Application & Cloud Security. Daniel co-Founded Cider Security as the companys CTO. Cider is a startup focused on securing CI/CD pipelines, flows, and systems.

Omer is a seasoned application and cloud security expert with over 13 years of experience across multiple security disciplines. An experienced researcher and public speaker, Omer discovered the Web Cache Deception attack vector in 2017. Omer leads research at Cider Security.

Brian Reed is Chief Mobility Officer at NowSecure. Brian has over 30 years in tech and 15 years in mobile, security, and apps dating back to the birth of mobile including BlackBerry, Good Technology, BoxTone, and MicroFocus. Brian joins us to discuss mobile application security, the good, the bad, and the ugly as we head into 2021. We discuss recent issues in mobile apps, mobile firewalls, mobile vs. web, and how AppSec is different in a mobile world. We hope you enjoy this conversation withBrian Reed.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 24 Nov 2020 16:42:39 -0500

The Threat Modeling Manifesto Part 2

This is part two of the story of a diverse group of security and privacy people that love threat modeling and gathered to define threat modeling, encourage people to threat model, help them succeed, and change the world. This is our story of the Threat Modeling Manifesto. In this episode, we move on from definition to working through the values and principles that make up threat modeling, and then we ship the product.

The working group of the Threat Modeling Manifesto consists of individuals with years of experience in threat modeling for security or privacy.

Other episodes on threat modeling:

The Threat Modeling Manifesto Part 1
Adam Shostack Remote Threat Modeling
Kim Wuyts Privacy Threat Modeling
Izar Tarandach Command line threat modeling with pytm
Stephen de Vries Threat Modeling with a bit of #Startup

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 17 Nov 2020 07:14:04 -0500

The Threat Modeling Manifesto Part 1

This is part one of the story of a diverse group of security and privacy people that love threat modeling and gathered to define threat modeling, encourage people to threat model, help them succeed, and change the world. This is our story of the Threat Modeling Manifesto. Our intention is to share a distilled version of our collective threat modeling knowledge in a way that should inform, educate, and inspire other practitioners to adopt threat modeling as well as improve security and privacy during development.

We developed this Manifesto after years of experience thinking about, performing, teaching, and developing the practice of, Threat Modeling. We have diverse backgrounds as industry professionals, academics, authors, hands-on experts, and presenters. We bring together varied perspectives on threat modeling. Our ongoing conversations, which focus on the conditions and approaches that lead to the best results in threat modeling, as well as how to correct when we fail, continue to shape our ideas.

The working group of the Threat Modeling Manifesto consists of individuals with years of experience in threat modeling for security or privacy.

Other episodes on threat modeling:

Adam Shostack Remote Threat Modeling
Kim Wuyts Privacy Threat Modeling
Izar Tarandach Command line threat modeling with pytm
Stephen de Vries Threat Modeling with a bit of #Startup

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 27 Aug 2020 09:18:55 -0400

Elie Saad is an application security engineer, leading three different OWASP projects. He focuses on helping developers own and champion security in their projects by providing guidance, tests, secure pipeline design and aiding them in applying external security measures. In this conversation, Elie educates us about the current happenings with WSTG, Cheat Sheets, and the Integration Standard. He walks us through demos of each project.

We hope you enjoy this conversation with Elie Saad. @7hunderson

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 13 Jul 2020 14:41:53 -0400

Graham Holmes Adversarial Machine Learning

Graham Holmes is the founder and owner of AoP CyberSecurity, LLC whose mission is to enable organizations to create scalable and effective strategies for trustworthy outcomes. His career includes over 22 years as a leader at Cisco Systems, where he infamously served as my boss for a period of time, and before that he served in the US Navy as a commissioned officer for 9 years. Graham joins us to discuss adversarial machine learning. We explore the threats and attacks in an AI/ML world, and review solutions to address these challenges using trust as a foundation. Please enjoy this conversation with Graham Holmes.

Its Life 3.0

https://www.amazon.com/Life-3-0-Being-Artificial-Intelligence/dp/1101946598

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 07 Jul 2020 08:51:22 -0400

Ochaun Marshall Securing Web applications in AWS

Ochaun Marshall is a developer and security consultant. In his roles at Secure Ideas, he works on ongoing development projects utilizing Amazon Web Services and breaks other people's web applications. Ochaun joins us to talk about the changing tide of serverless and frustrations with AWS security. Before we got to the actual topic, we talked about how he currently works as a developer some times, and a pen tester/security person the rest of the time, and the conflict that arises from this split role. Please enjoy this conversation withOchaun Marshall.

@OchaunM

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 30 Jun 2020 08:32:30 -0400

Drew Dennison Security should make the computer sweat more

Drew Dennison is the CTO & co-founder of r2c, a startup working to profoundly improve software security and reliability to safeguard human progress. Drew joins us to introduce a tool called semgrep. Semgrep is a fast source code analysis tool, potentially faster than anything you've seen before. If you want to see the live demo of semgrep, head over to the Application Security Podcast Youtube channel to see the video.

We hope you enjoy this conversation with Drew Dennison.

Twitter: DrewDennison

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 23 Jun 2020 00:48:54 -0400

Aaron Guzman IoTGoat

Aaron Guzman specializes in IoT, embedded, and automotive security. Aaron is the Co-Author of IoT Penetration Testing Cookbook. He helps lead both OWASPs Embedded Application Security and Internet of Things projects; providing practical guidance for addressing top security vulnerabilities to the embedded and IoT community. Aaron joins us to explore IoTGoat. IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices. He describes what it is, where it comes from, and does a demo for us on how to put it to use.

For season 7 and beyond, weve launched our Youtube channel, Application Security Podcast, where we post the video feeds for all episodes. Youll want to check it out, as many interviews now have demos included, where we capture screen during the interview. We hope you enjoy this conversation withAaron Guzman.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 16 Jun 2020 09:00:23 -0400

Adam Shostack The Jenga View of Threat Modeling

Adam Shostack is a leading expert on threat modeling, and consultant, entrepreneur, technologist, author, and game designer. He has taught threat modeling at a wide range of commercial, non-profit, and government organizations. Adam joins us to discuss his new white paper called the Jenga View of Threat Modeling. For season 7 and beyond, we've launched our YouTube channel, Application Security Podcast, where we post the video feeds for all episodes. Youll want to check it out, as many interviews now have demos included, where we capture a screen during the interview.

You can grab a copy of the whitepaper on Adams site, https://associates.shostack.org/whitepapers.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 09 Jun 2020 09:00:48 -0400

Cindy Blake Aligning security testing with Agile development

Cindy Blake is the Senior Security Evangelist at GitLab. Cindy collaborates around best practices for integrated DevSecOps application security solutions with major enterprises. She is proud to introduce her new book, 10 Steps to Securing Next-Gen Software. The book combines her cyber security experience with a background in lean and software development, and simplifies the complexities of todays software evolution into pragmatic advice for security programs. Cindy joins us to discuss how to align security testing with Agile development.

For season 7 and beyond, weve launched our YouTube channel, Application Security Podcast, where we post the video feeds for all episodes. Youll want to check it out, as many interviews now have demos included, where we capture screen during the interview.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 02 Jun 2020 09:00:50 -0400

Jannik Hollenbach Multijuicer: JuiceShop with a side of Kubernetes

Jannik Hollenbach is a Security Automation Engineer at iteratec GmbH, working on and with open source security testing tools to continuously detect security vulnerabilities in the companies software and systems. He is also a member of the OWASP Juice Shop project team. Jannik joins us to discuss MultiJuicer, or how to run JuiceShop in a Kubernetes cluster, with a separate JuiceShop instance for each user.

We hope you enjoy this conversation with.. Jannik Hollenbach.

Links:

https://github.com/iteratec/multi-juicer

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 26 May 2020 08:00:59 -0400

Sebastien Deleersnyder and Bart De Win OWASP SAMM

Sebastien Deleersnyder is co-founder, CEO of Toreon, and Bart De Win is a director within PwC Belgium. They work together to co-lead both the OWASP Belgium Chapter and the OWASP SAMM project. Sebastien and Bart join us to introduce OWASP SAMM 2.0. OWASP SAMM (Software Assurance Maturity Model) is the OWASP framework to help organizations assess, formulate, and implement a strategy for software security they can integrate into an existing Software Development Lifecycle (SDLC). We explore where it came from, and walk through the framework.

We hope you enjoy this conversation with Sebastien and Bart.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 13 May 2020 21:10:09 -0400

Marc French, Steve Lipner, Maya Kaczorowski, DJ Schleen, Kim Wuyts Season Six Wrap up

Weve reached the end of season six, and here are a few of our favorite clips. Season seven is around the corner.

S06E01 Marc French The AppSec CISO
- What are some tips for someone who wants to become a CISO? Is there such a thing as a CISO school?
S06E05 Steve Lipner The Past, Present, and Future of SDL
- Lipner is a giant in the industry and someone that Ive looked up to for years. After some setup, I ask him for a definition of SDL.
S06E08 Maya Kaczorowski Container and Orchestration Security
- Containers are not a security tool. Do you agree or disagree? The philosophy of container security.
S06E10 DJ Schleen DevOps: The Sec is Silent
- DevOps/DevSecOps Unicorns.
S06E15 Kim Wuyts Privacy Threat Modeling
- We walk through the LINDUN privacy threat modeling framework, step by step.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sat, 11 Apr 2020 12:50:25 -0400

Mark Merkow Secure, Resilient, and Agile Software Development

Mark Merkow works at WageWorks in Tempe, Arizona, leading application security architecture and engineering efforts in the office of the CISO. Mark has over 40 years of experience in IT in a variety of roles, including application development, systems analysis, and design, security engineering, and security management. Mark has authored or co-authored 17 books on IT and has been a contributing editor to four others.

Erez Yalon heads the security research group at Checkmarx. With vast defender and attacker experience and as an independent security researcher, he brings invaluable knowledge and skills to the table. Erez joins us to speak about the new OWASP API Security Project, and more specifically, the new API Security Top 10. We hope you enjoy this conversation with Erez Yalon.

Find the Document on the OWASP GitHub: https://github.com/OWASP/API-Security

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 19 Dec 2019 22:12:53 -0500

Steve Lipner The Past, Present, and Future of SDL

Steve Lipner is a pioneer in cybersecurity, approaching 50 years experience. He retired in 2015 from Microsoft where he was the creator and long-time leader of Microsofts Security Development Lifecycle (SDL) team. While at Microsoft, Steve also created initiatives to encourage industry adoption of secure development practices and the SDL and served as a member and chair of the SAFECode board. Steve joins us to talk about all things SDL, and I must say, I was super excited for this interview, with way too many questions for someone who was there on day 1 of Secure Development Lifecycle. We hope you enjoy this conversation withSteve Lipner.

Youll find Steves Bio on the SafeCode website.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 15 Dec 2019 19:18:41 -0500

David Kosorok The Three Pillars of an AppSec Program: Prevent, Detect, and React

David Kosorok is a code security expert, software tester, father of 9, and a self-described major nerd. David is the Director of AppSec at Align Tech, and a fellow member of the Raleigh Durham tech community. David joins us to speak about the three pillars of building an application security program: Prevent, Detect, and React. When we think the program, weve never heard anyone relate a program this way, and thought you needed to hear about a different approach to program building. We hope you enjoy this conversation with. David Kosorok.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 01 Dec 2019 14:59:31 -0500

Chris and Robert: A Taste of Hi-5

As the hosts of the Application Security Podcast, we get the opportunity from time to time to mix it up. This week we gather a few security articles, share a summary, and offer our opinions (for what our opinions are worth). The source of the articles is Hi-5, a weekly newsletter containing five security articles that are worth your time. We scour the Interwebs looking for the best articles on application and product security and share those with you. You can subscribe to Hi-5 on the Security Journey website.

Hit us up on Twitter and let us know if you like this format and if we should do more of this type of content. We hope you enjoy this episode with, Chris and Robert.

These are the articles:

Interest In Secure Design Practices Is Increasing Leading To Two Predictions

Developers mentoring other developers: practices Ive seen work well

7 Web Application Security Best Practices

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 21 Nov 2019 16:43:28 -0500

Bill Dougherty INCLUDES NO DIRT, practical threat modeling for healthcare and beyond

Bill Dougherty is the vice president of IT and security at Omada Health, where he leads a team responsible for all aspects of internal IT including SaaS strategy, end-user support, vendor management, operational security and compliance. Bill along with Patrick Curry created the INCLUDES NO DIRT approach to threat modeling, which takes threat modeling to the next level, beyond STRIDE, and goes head on with a more modern set of real-world security considerations. We hope you enjoy this conversation with, Bill Dougherty.

Find Bill on Twitter @bdognet.

For an article about the methodology, see INCLUDES NO DIRT: A Practical Threat Modeling Approach for Digital Healthcare and Beyond

For the paper that describes the methodology and how to implement, see INCLUDES NO DIRT

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 10 Nov 2019 14:33:47 -0500

Marc French The AppSec CISO

Marc French is a security person, firearms geek, scuba guy, lousy golfer, and an aspiring blacksmith. We met Marc in the hallway at the Boston Application Security Conference. Marc has extensive experience as a CISO but came from the world of AppSec to the exec suite, which is not the normal path. We discuss what is a CISO, and what does a CISO actually do, the role of AppSec in the life of the CISO, and tips Marc has for those that wish to become a CISO someday. We hope you enjoy this conversation with Marc French.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sat, 26 Oct 2019 13:32:07 -0400

Season 5 Finale A cross section of #AppSec

Threat modeling, secrets, mentoring, self-care, program building, and much more. Clips from Georgia Weidman, Simon Bennetts, Izar Tarandach, Omer Levi Hevroni, Tanya Janca, Bjrn Kimminich, Caroline Wong, Adam Shostack, Steve Springett, Matt McGrath, Brook Schoenfield, and Ronnie Flathers.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 27 Sep 2019 21:12:35 -0400

Ronnie Flathers Security programs big and small

Ronnie Flathers is a security guy, a pentester, and a researcher. In this conversation, we explore his experiences in building application security programs. He's had the opportunity to program build inside of companies big and small.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 15 Sep 2019 16:33:49 -0400

Brook Schoenfield Security is a messy problem

Brook Schoenfield is a Master Security Architect @IOActive and author of Securing Systems, as well as an industry leader in security architecture and threat modeling, and a friend. "We have a static analysis tool. Why do we need a program?" This is what Brook overheard at one point in his past, from a company CTO, and it sums up the program issue. The CTO was trying to drive a technical strategy for an entire company, and security was just one piece of that. A mandate or a tool would have made life so easy.

Brook takes us on a journey based on his experience building programs, with advice, stories, comments, and quotes. We talk about architecture, culture, mindset, tools, compilers and so much more.

Catch Brooks next book, Secrets of a Cyber Security Architect which arrives in Fall 2019.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 29 Jul 2019 19:41:52 -0400

Erez Yalon and Liora Herman The Application Security Village @ DefCon

Erez Yalon and Liora Herman are both passionate security professionals. They joined forces to create the AppSec Village, an event at DefCon in Las Vegas. If you are in Vegas for BH/DC, stop by the village and say hi to Robert, who will be in attendance as well.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you've done anything with threat modeling, you've heard of Adam Shostack. We asked him the question, "why would anyone threat model?".

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 01 Jul 2019 10:00:58 -0400

Zoe Braiterman AI, ML, AppSec, and a dose of data protection

Zoe Braiterman is an Innovation Intelligence Strategist focused on both the Machine and Human and also the OWASP WIA Chair. We explore the intersection of application security with artificial intelligence and machine learning and end up discussing data protection. Zoe approaches AppSec from a different angle, and her perspectives get us thinking about the importance of appsec in the future of autonomous everything.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 13 Jun 2019 22:48:49 -0400

Caroline Wong Self-care and self-aware for security people

Caroline Wong has had a long career in security, starting with eBay and leading to her role today at Cobalt.IO as Chief Strategist. Caroline shares her explanation of self-care and tells her story about how neglecting self-care led to problems. She offers ideas about how to better approach self-care as a security professional, work-life balance, and ways for approaching a successful career in security.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 31 May 2019 22:17:50 -0400

Bjrn Kimminich The new JuiceShop, GSOC, and Open Security Summit

Bjrn Kimminich is the project leader for OWASP JuiceShop. This is his second visit to the podcast, and we discuss new features in JuiceShop, including XSS in jingle promo video, marketing campaign coupon hacking, GDPR related features and challenges, working 2FA with TOTP, and the DLP failure challenges. Then we get into the cool new things that will come as a result of the GSoC, where a developer will add new functionality to the JS where new vulns can be hidden. We end discussing the upcoming Open Security Summit from OWASP.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 26 May 2019 19:02:22 -0400

Bjrn Kimminich JuiceShop 5 minute AppSec

Bjrn Kimminich is the project leader for OWASP JuiceShop. He created JuiceShop out of necessity, after reviewing all the available vulnerable web apps years ago, and not finding what he needed. OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security training, awareness demos, CTFs, and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 21 May 2019 09:00:41 -0400

Nancy Garich and Tanya Janca DevSlop, the movement

Nancy Garich and Tanya Janca are two of the project leaders for the OWASP DevSlop Project. As we learn more about DevSlop, we realize that it is much more than a project: it's a movement. DevSlop is about the learning and sharing of four awesome women and is a platform for them to share what theyve learned with the community.

DevSlop consists of four different modules:

Patty An Azure DevSecOps pipeline
Pixi-CRS & Pixi-CRS-ZAP are two Circle-CI pipelines that demonstrate adding a WAF to your pipeline for automatic tuning before moving your apps to prod
Pixi is an intentionally vulnerable app and consists of a vulnerable web app and API service,
The DevSlop Show, a video streaming series where project members build things live, interview members of the OWASP and InfoSec community, and learn where they fit into DevOps.

We hope you enjoy.

Find Nancy, Tanya, and DevSlop on Twitter.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun, 19 May 2019 20:54:35 -0400

Tanya Janca Mentoring Monday 5 Minute AppSec

Tanya Janca is excited about mentoring. She's started a hashtag on Twitter for mentors to find mentee's, and for mentee's to search for mentors. Mentoring is such an essential part of growing our community, so if you are not mentoring anyone today, I can only ask, why not? Here is Tanya's take on mentoring and her advice on how to get involved with #MentoringMonday.

5 Minute AppSec is an AppSec Podcast experiment with micro-content. Hit us up on Twitter and tell us what you think, @AppSecPodcast.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 13 May 2019 17:42:25 -0400

Matt Clapham A perspective on appsec from the world of medical software

Matt Clapham is a product security person, as a developer, security engineer, advisor, and manager. He began his career as a software tester, which led him down the path of figuring out how to break things. Matt lives in the medical software world and visited the Healthcare Information and Management Systems Society (HIMSS) conference. Matt shares his perspectives on application/cybersecurity through the eyes of the healthcare industry. There is much for us to understand by viewing how other segments approach security and privacy. Matt believes in stepping outside the echo chamber and experiencing how other industries see security, and he achieved that by visiting this non-security conference and sharing his experiences with us. (And if he visits your booth at an event, you better know how your companies make a secure product or solution!)

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 06 May 2019 03:00:14 -0400

Jon McCoy Hacker outreach

Jon McCoy is a security engineer, a developer, and a hacker; and a passionate OWASP advocate. Maybe even a hacker first. Jon has a passion to connect people and break down barriers between hackers and corporate folks. Jon explains the idea of hacker outreach and breaks down what we can expect if we venture to the DefCon event in Las Vegas. Jon also remembered a cautionary tale of Roberts Fitbit out at a DefCon event. Jon is someone we can all learn from about giving back to our community.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 30 Apr 2019 23:07:22 -0400

Omer Levi Hevroni K8s can keep a secret?

Omer Levi Hevroni has written extensively on the topic of Kubernetes and secrets, and he's a super dev. He's the author of a tool for secrets management called Kamus. Kamus is an open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enables users to easily encrypt secrets that can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS, and AES).

Find Omer on Twitter to converse about all things K8s and secrets.

Show notes:

https://blog.solutotlv.com/can-kubernetes-keep-a-secret/

https://github.com/Soluto/kamus

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 23 Apr 2019 21:52:18 -0400

Izar Tarandach Command line threat modeling with pytm

Izar Tarandach is a threat modeling pioneer, seen as one of the movers and shakers in the threat modeling world. Izar leads a small team that develops the pytm tool, which is self-described as a "A Pythonic framework for threat modeling". The GitHub page goes on to say define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram (DFD), a Sequence Diagram and most important of all, threats to your system.

Fri, 11 Jan 2019 18:04:42 -0500

Josh Grossman, Avi Douglen, and Ofer Maor -- AppSec in Israel and Three Talks to watch from AppSec USA

Josh Grossman, Avi Douglen, and Ofer Maor at AppSec USA join Chris. They discuss the AppSec group in Israel and a few critical talks you should watch from AppSec USA this year.

You can find Josh on Twitter @JoshCGrossman

You can find Avi on Twitter @sec_tigger

You can find Ofer on Twitter @OferMaor

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 01 Jan 2019 13:22:09 -0500

Daniel Miessler -- OWASP IoT Top 10

Daniel Miessler joins Chris and Robert to talk about the upcoming Top 10 list for IoT.

You can find Daniel on Twitter @DanielMiessler

Christian Folini -- CRS and an Abstraction Layer

Christian Folini joins Chris at AppSec EU for this episode about ModSecurity and the Core Rule Set project from OWASP. They dive into the timeline for the abstraction layer piece of the project and much more.

You can find Christian on Twitter @ChrFolini.

OWASP ModSecurity Core Rule Set

Jim Routh joins the podcast to discuss selling #AppSec up the chain. Jim has built five successful software security programs in his career and serves as a CISO now. Jim shares his real-world experience with successfully selling #AppSec to senior management (as well as many other pieces of wisdom for running an AppSec program).

You can find Jim on Twitter @jmrouth01

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 09 Mar 2018 05:00:29 -0500

Chris and Robert -- #AppSec Recommendations

Chris and Robert go over a plethora of recommendations they have accumulated over their years of experience in the industry.

Chriss recommendations

1. Book: Agile Application Security: Enabling Security in a Continuous Delivery Pipeline

by Laura Bell (Author), Michael Brunton-Spall (Author), Rich Smith (Author), Jim Bird (Author)

https://amzn.com/1491938846

2. Website: Iron Geek

Adrian Crenshaw records many major, non-commercial security conferences and posts the talks to Youtube

http://www.irongeek.com/

3. Book: The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations

by Gene Kim (Author), Patrick Debois (Author), John Willis (Author), Jez Humble (Author)

https://amzn.com/1942788002

4. News Source: The Register

News site, but has great sources and a bit of British humor attached to technology failures

http://www.theregister.co.uk/security/

5. Blog: TechBeacon

https://www.techbeacon.com

6. Book: Threat Modeling: Designing for Security

by Adam Shostack (Author)

https://amzn.com/1118809998

7. Book: The Tangled Web: A Guide to Securing Modern Web Applications

by Michal Zalewski (Author)

https://amzn.com/B006FZ3UNI

8. Book: Start with Why: How Great Leaders Inspire Everyone to Take Action

by Simon Sinek (Author)

Not a security book, but a good approach for those trying to change a security culture

https://amzn.com/B002Q6XUE4

Roberts Recommendations

1. Books by Martin Fowler (Author)

He wrote many books on understanding Architecture.

https://martinfowler.com/books/

2. Book: Software Security: Building Security In

by Gary McGraw (Author)

http://a.co/5EIlu4h

3. Book: Core Software Security: Security at the Source
by James Ransome (Author) and Anmol Misra (Author)

http://a.co/hEwCflz

4. Book: Threat Modeling: Designing for Security

by Adam Shostack (Author)

https://amzn.com/1118809998

5. Websites: Troy Hunt

https://www.troyhunt.com/

https://haveibeenpwned.com/

6. Conferences: #AppSec USA, , B-Sides, Source, Converge

https://2018.appsecusa.org/

http://www.securitybsides.com

https://sourceconference.com/

https://www.convergeconference.org/

7. Website: Google Alerts

Use this to be notified about specific topics you want to learn about.

https://www.google.com/alerts

8. Book: The Checklist Manifesto: How to Get Things Right

by Atul Gawande (Author)

http://a.co/dirHpwq

9. Book Securing Systems: Applied Security Architec

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 02 Mar 2018 05:00:03 -0500

Magen Wu -- Hustle and Flow: Dealing With Burnout in Security

Magen Wu works through the topic of burnout and mental health in security. She gives examples of handling this and recognizing if people around you are burning out.

You can find her on Twitter @infosec_tottie

Additional information on this topic:

Jack Daniel often speaks on this topic of burnout

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 23 Feb 2018 05:00:02 -0500

Katy Anton -- OWASP Top 10 #4 XXE

Katy Anton joins this week to discuss number four on the OWASP Top 10. She dives into what XXE is, how to deal with it, and other new items on the OWASP Top 10 2017.

You can find Katy on Twitter @KatyAnton

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 15 Feb 2018 21:00:51 -0500

Pete Chestna -- SAST, DAST, and IAST. Oh My!

Pete Chestna is an advocate for SAST, DAST, and IAST tools and a passionate #AppSec enthusiast. Pete shared A moving quote during this episode: "an #AppSec program is the byproduct of building secure developers. #Truth

Pete describes the differences between SAST, DAST, IAST, and RASP. The struggles developers encounter using new tools, false positives and how to reduce them, and advice for building an #AppSec program from scratch versus adding tools to a mature program.

You can find Pete on Twitter @PeteChestna.

Additional information on this topic:

TechBeacon learning article for more details on the differences between AppSec testing tools
- SAST, DAST, IAST, and RASP: Pros, cons and how to choose

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fri, 09 Feb 2018 11:35:26 -0500

Irene Michlin -- We Are Not Making It Worse

Irene Michlin operates at the intersection of security and agility. She teaches about incremental threat modeling and how to make threat modeling when living in an Agile or DevOps world.

Irene ends the discussion by saying that her goal when working with a team on threat modeling is that they all conclude, We are not making it worse.

You can find Irene on Twitter @IreneMichlin, and check out Irenes talk on Incremental Threat Modeling last year at AppSec EU.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

This is the conclusion of Season 02 for the AppSec PodCast. This episode focuses on all the OWASP goodness weve experienced this year. Youll hear our favorite clips and explanations from a season full of OWASP.

With the publication of this episode, season 02 is a wrap, and on to season 03, which will roll out in March.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 24 Oct 2017 10:00:31 -0400

Brian Andrzejewski -- Containers Again

This is the final interview from the #AppSecUSA Conference in Orlando, and Brian Andrzejewski joins Chris and Robert.

He talks about containers, their usage within #AppSec, and orchestrations.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 17 Oct 2017 10:00:05 -0400

Tin Zaw -- ModSecurity and #AppSec

Tin Zaw, an advocate for ModSecurity, joins Robert and Chris.

He dives into its background, the use of rules, and the many advantages.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 10 Oct 2017 14:16:24 -0400

Aditya Gupta -- The Exploitation of IoT

Aditya Gupta joins Robert and Chris.

They speak with him about the many facets of IoT and some of its effects on pen testing, training, and mobile application security.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 03 Oct 2017 10:00:19 -0400

Tanya and Nicole join Chris and Robert. They talk about what APIs are, how they are used, and some of the threats involved with them. They also look at what DevSlop and ZAP are in combination with APIs.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 29 Aug 2017 10:00:52 -0400

Jon Mccoy and Jonathan Marcil -- Agile #AppSec

Robert and Chris speak with Jon Mccoy and Jonathan Marcil about using Agile #AppSec in the Secure Development Lifecycle.

They dive deeper into what agile is, how it can be used, some practical applications using security champions, and much more.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 22 Aug 2017 11:55:47 -0400

Jay Beale -- Docker Security and AppSec

A listener asked for a recommendation for a PodCast or Blog post about Docker security. We looked but couldnt find one, so we created one. Robert interviews Jay Beale from Inguardians and asks what docker is, what threats it introduces, and the specific tie-ins with AppSec.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 17 Aug 2017 16:25:26 -0400

Chris and Robert -- Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing

Robert and I try a new format for discussing a few topics per episode. We discuss changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing.

We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 08 Aug 2017 10:00:43 -0400

Robert Hurlbut -- Blackhat Security Conference

We talk with Robert about his experiences at the Blackhat Security Conference.

He will explain some of the AppSec-focused parts of the conference and more about the Alec Stamos Keynote.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 25 Jul 2017 15:38:39 -0400

Dave Ferguson -- The OWASP Top 10 Proactive Controls

Dave Ferguson discusses the OWASP Top 10 Proactive Controls in this episode with Chris.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 04 Jul 2017 10:00:07 -0400

Jim Manico -- MORE OWASP!

Were here today with Jim Manico, a project lead with OWASP. We dive deep into some of the projects on his plate.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 27 Jun 2017 10:00:08 -0400

Mike Goodwin -- The OWASP Threat Dragon

In this episode, we speak with Mike Goodwin, the founder of the OWASP Threat Dragon.

We dive into what the threat dragon is and how it can work for you

You can find the tool here: https://github.com/mike-goodwin/owasp-threat-dragon

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 19 Jun 2017 10:00:02 -0400

Mark Willis -- I Just Like Static Analysis. Static Analysis is My Favorite

Were back with another episode of The Application Security Podcast.

This time, we talked to Mark Willis about the many facets of static analysis and how it affects the DevOps world.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 14 Jun 2017 01:24:31 -0400

Eric Johnson -- Continuous Integration in .NET

Welcome back to season two of the Application Security Podcast. In this week's episode, we talk to Eric Johnson about static analysis, pen testing, continuous integration, etc.

Thanks for listening!

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 06 Jun 2017 14:05:17 -0400

Matt Clapham -- The Technical Debt Ceiling

Our topic today is technical debt and how security plays into it. Chris was at Converge Conference 2017 in Detroit, Michigan (which he says is the best security conference around) and continued the AppSec PodCast series of hallway conversations. Matt Clapham joins Chris. This is Matts second time on the podcast.

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 30 May 2017 13:10:01 -0400

Chris and Robert -- Controversy within the OWASP Top 10 RC

On this episode of the application security podcast, Robert and I jump over a wall. Just kidding. This isnt Top Gear.

This is our second episode of season two of the #AppSec PodCast. Robert and I talk about the OWASP Top 10 2017 release candidate. We walk through what the OWASP Top 10 is and what some of the controversies surround the changes made for this year.

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 22 May 2017 18:21:19 -0400

Brook S.E. Schoenfield -- Security in the Design and Architecture

This episode is an interview Robert and I did with Brook Schoenfield (@BrkSchoenfield) during the RSA Conference 2017.

Brook S.E. Schoenfield is a Distinguished Engineer at Intel Security Group. At Intel Security (including the former McAfee), Mr. Schoenfield is the senior technical leader for delivering software products that protect themselves and Intel Securitys customers. He has been a security architecture leader at global technology companies for over 15 years of his 30+ years in high tech. He is a founding member of IEEEs Center For Secure Design.

We discuss secure design, architecture, and threat modeling. Brook has been an advocate for security across the industry for many years and has a knack for explaining complex things uncomplicatedly. What a pleasure to speak with him!

Rate us on iTunes and provide a positive comment, please!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 25 Jan 2017 20:55:00 -0500

Conclusion: The Endof Season 1

Good day, friends. The Application Security PodCast has concluded our first season. With many friends' help, we could record 18 episodes. Weve done something different for this final episode of season 1. Our producer, Daniel Romeo, has collected some of our favorite clips from this season, the things that stood out to us. Enjoy! And we look forward to the release of season 2 in a few months.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thu, 12 Jan 2017 09:52:29 -0500

Rafal Los, James Jardine, and Michael Santarcangelo -- #DtSR and What Makes a Good Security Consultant?

Greetings all! We have a treat for you in this episode. The crew joins Robert and me from the Down the Security Rabbit Hole Podcast. This includes Rafal Los (@wh1t3rabbit), James Jardine (@jardinesoftware), and Michael Santarcangelo (@catalyst). This is a unique conversation for me because the AppSec PodCast was born from my first interview with #DtSR. I was featured on DtSR Episode 204 in July 2016 after a friend suggested me to Raf on Twitter. (Thanks, Nigel!) The DtSR episode was entitled On Changing Culture. I had listened to these guys on and off for years and now had the chance to be interviewed by them. The experience pushed me to start this podcast.

In this conversation, we answer the question, What Makes a Good Security Consultant? We quickly admit that a consultant does not have to mean someone that charges per hour for security. These guys have a wealth of knowledge and experience on the topic, and I know youll walk away with multiple ideas to apply. Enjoy!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 04 Jan 2017 14:17:37 -0500

Adam Shostack -- Think like an Attacker or Accountant?

On this episode, Robert and I are joined by Adam Shostack (@adamshostack). Adam is a well-known speaker and thought leader in application security. We speak with Adam about how to connect with development teams. This all started about a year ago when Adam tackled the issue of thinking like a hacker and why he wanted people to think differently. We dive deep into this issue, but many other exciting nuggets also fall out in conversation.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Wed, 21 Dec 2016 09:31:01 -0500

Jon McCoy -- The Mindset to Reverse Engineer

Today we talk to Jon McCoy (@thejonmccoy), a developer turned security person. Hes been helping developers learn more about security. We talk about reverse engineering malware and .NET security, as well as a bit of security community and the mindset to Reverse Engineer.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 13 Dec 2016 13:27:40 -0500

Chris Romeo -- AppSec Awareness: A Blue Print for Security Culture Change

We bring you a recorded version of Chriss security conference talk from 2016 for this episode. The talk is AppSec Awareness, A Blue Print for Security Culture Change. He covers The Problem Space, why we need application security, how to create sustainable security culture, and introduces the idea of Application Security Awareness. Chris had the luxury of building such a program while at Cisco and shares his experiences with the community.

There are slides available to correspond with this talk. They arent required, but some may want to follow along. Check out https://speakerdeck.com/edgeroute to get a copy.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 06 Dec 2016 12:14:44 -0500

Tracy Maleeff -- Natural Paranoia as a Career Path? A Transition to Security

In this episode, Robert and I are joined by Tracy Maleeff. Tracy is an InfoSec enthusiast with an MLIS degree. She has mad research and organizational skills. She co-hosts the PVCSec podcast. You can find Tracy on Twitter @InfoSecSherpa.

Tracy is in the midst of a career transition. She began her career in Library Sciences and is moving into Information Security. We discussed the challenges of transition, how to network and connect, a process for transition, and three actionable things for those that want to make a transition. Enjoy!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 29 Nov 2016 09:17:19 -0500

Chris Romeo -- Security Community at Any Scale

In this episode, Robert interviews Chris about the security community. Chris talks about his experiences doing security community at a large organization for 5+ years. Robert keeps pushing Chris to make this applicable to small companies as well. Youll hear best practices for building a security community in your org, including monthly training sessions, lunch and learns, and even an internal security conference. Chris also offers the profound statement that everyone eats lunch.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 15 Nov 2016 23:12:25 -0500

Deidre Diamond -- The Soft Skills of AppSec

We are joined by Deidre Diamond, Founder, and CEO @cyber_sn & the Founder of @brain_babe. We discuss employment in the world of application security. We also dive deep into soft skills, exploring why they are foundational in the workforce. Deidre explains the benefits of win-win conversation, how words and everyday language connect, and how to have fun, compassion, love, integrity, and productivity all in one at work.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 08 Nov 2016 13:50:17 -0500

On this two-part episode of the Application Security PodCast, Robert and I speak with Daniel Ramsbrock about Web App Penetration testing. In part two, we focus on the process of pen testing and web app pen testing.

I (Chris) connected with Daniel through the RVASec security conference in Richmond, Virginia. Daniel has been in security for over ten years, focusing most of that time on application security. He spent two years as a full-time consultant at Cigital and is now doing independent AppSec consulting through his company, Enigma Technologies. We hope you enjoy it!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 17 Oct 2016 22:41:15 -0400

Daniel Ramsbrock -- Web Application Pen Testing Part 1

On this two-part episode of the Application Security PodCast, Robert and I speak with Daniel Ramsbrock about Web App Penetration testing. In part one, we focus on the difference between pen testing and web app pen testing, where pen testing fits your development methodology (waterfall, agile, and DevOps), and why someone should care about it.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 10 Oct 2016 21:29:10 -0400

Matt Clapham -- Development Security Maturity

Robert and I are joined today by Matt Clapham. Matt makes products more secure I mean, hey, his Twitter handle is @ProdSec.

The topic of this interview is what Matt calls development security maturity. This concept is based on Matts research and his talk at RSA. Matt created a simple process to measure the maturity of development security by looking at five key behaviors. We cover the what and why of development security, the five key behaviors, and scoring and reporting. In conclusion, we discuss how to make the results of an assessment actionable.

Matts RSA slides are a great resource to review in conjunction with the interview: str-w05-estimating-development-security-maturity-in-about-an-hour-final.pdf

Bio: Matt Clapham makes products more secure. His career is a rare blend of both product development and enterprise operations. He is currently a Principal of Product Development Security at GE Healthcare. Matt previously worked as a Software Tester, IT Policy Author, and Security Advisor to all things games at Microsoft. He is familiar with the security foibles of the Industrial Device Internet of Things and how to overcome them. Matt is a frequent speaker and author of magazine articles on IT, security, games, or some combination thereof. He holds degrees in engineering and music from the University of Michigan.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 04 Oct 2016 09:46:05 -0400

Elena Elkina -- Privacy and Data Protection

Welcome to the first of many interviews on the #AppSec Podcast. In this episode, Robert and I interview Elena Elkina (@el0chka) on privacy. We cover privacy, data protection, and customer data protection. This is a quick chat for around 20 minutes. In the future, well dive deeper into the crossroads of security and privacy.

Elena is a Senior Global Privacy & Data Protection Management Executive. She has worked with financial and healthcare institutions, software and internet companies, major law firms, and the government sector on both international and domestic levels. She co-founded Women in Security and Privacy, a non-profit organization focusing on advancing women in security and privacy. She is also a board member for Leading Women in Technology, a non-profit organization dedicated to unlocking the potential of female professionals who advise technology businesses.

We hope you enjoy this conversation with Elena about privacy and data protection!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 26 Sep 2016 12:23:52 -0400

Chris and Robert -- Security in the Methodology

In this episode, we talk about product development methodologies and the impact of security. We explore how to apply security activities to waterfall and Agile and discuss the pros and cons. Weve both had experience with these methodologies and freely share what weve seen work and what weve seen fail. This applies whether you are new to security or have been doing security for decades. If you have anything to add, share your wisdom by catching us @AppSecPodcast on Twitter!

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mon, 19 Sep 2016 22:04:28 -0400

Chris and Robert -- The Activities of the Secure Development Lifecycle

On this episode of the Application Security PodCast, we continue our journey through the foundations of application security. We explore the activities of the secure development life cycle. We cover requirements, secure design, secure coding, 3rd party SW, static analysis, vulnerability scanning, and others.

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tue, 13 Sep 2016 08:06:34 -0400

Chris and Robert -- Introductions and why #AppSec?

In the inaugural episode of the Application Security PodCast, Robert and I introduce ourselves to the audience, explain our journeys into the security world, and answer the burning question, What the heck is application security?

The key takeaways from this episode are:

Application security is:
- foundational
- required by customers
- a worthy investment
- a people issue supported by tools

FOLLOW OUR SOCIAL MEDIA:

Twitter: @AppSecPodcast
LinkedIn: The Application Security Podcast
YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Darknet Diaries

Tue, 05 Sep 2023 07:00:00 -0000

137: Predator

A new type of mercenary spyware came on the radar called Predator. Itll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/. We also hear from Bill Marczak and John Scott-Railton from Citizen Lab. If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 01 Aug 2023 07:00:00 -0000

136: Team Xecuter

Team Xecuter was a group involved with making and selling modchips for video game systems. They often made mods that allowed the video game system to rip games or play pirated games. It was a crowd favorite in the modding scene. Until it all fell apart. The story of what happened to Team Xecuter must be heard to believe. This episode features Gary Bowser. You can find more about Gary here: https://twitter.com/Bowser_GaryOPA https://garyopa.com/ https://www.gofundme.com/f/garyopa-restarting-his-life?utm_location=darknetdiaries Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthens youre infrastructure from the ground up with a zero trust posture. ThreatLockers allow-listing give you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provices zero trust control at the kernel level. Learn more at www.threatlocker.com. Sources https://www.washingtonpost.com/archive/politics/1994/10/27/ringleader-pleads-guilty-in-phone-fraud/56e551bb-a727-43e8-a3ca-1c1f4cf6ef82/ https://www.justice.gov/sites/default/files/usao/legacy/2010/10/12/usab4304.pdf https://www.eurogamer.net/nintendo-to-appeal-not-guilty-judgement-of-flash-cart-sellers-7 https://www.gamesindustry.biz/nintendo-pounces-on-global-piracy-outfit https://www.justice.gov/opa/pr/two-members-notorious-videogame-piracy-group-team-xecuter-custody https://medium.com/swlh/watch-paint-dry-how-i-got-a-game-on-the-steam-store-without-anyone-from-valve-ever-looking-at-it-2e476858c753#.z05q2nykc https://www.lemonde.fr/police-justice/article/2022/05/27/voler-des-societes-qui-font-des-milliards-qu-est-ce-que-j-en-ai-a-faire-max-louarn-c-ur-de-hackeur_6127821_1653578.html https://www.theverge.com/2020/11/20/21579392/nintendo-big-house-super-smash-bros-melee-tournament-slippi-cease-desist https://www.youtube.com/watch?v=U7VwtOrwceo https://www.youtube.com/watch?v=5sNIE5anpik Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 04 Jul 2023 07:00:00 -0000

135: The D.R. Incident

Omar Avilez worked in the CSIRT of the Dominican Republic when a major cyber security incident erupted. Omar walks us through what happened and the incident response procedures that he went through. Breakmaster Cylinders new album: https://breakmastercylinder.bandcamp.com/album/the-moon-all-that. Sponsors Support for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Flare. Flare automates monitoring across the dark & clear web to detect high-risk exposure, before threat actors have a chance to leverage it. Their unified solution makes it easy to rapidly identify risks across thousands of sources, including developers leaking secrets on public GitHub Repositories, threat actors selling infected devices on dark web markets, and targeted attacks being planned on illicit Telegram Channels. Visit https://flare.io to learn more. Sources https://www.wired.com/story/costa-rica-ransomware-conti/ https://malpedia.caad.fkie.fraunhofer.de/details/win.bandook https://www.youtube.com/watch?v=QHYH0U66K5Q https://www.youtube.com/live/prCr7Z94078 https://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/ https://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/ Attribution Darknet Diaries is created by Jack Rhysider. Assembled by Tristan Ledger. Episode artwork by odibagas. Mixing by Proximity Sound. Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 06 Jun 2023 07:00:00 -0000

134: Deviant

Deviant Ollam is a physical penetration specialist. That means hes paid to break into buildings to see if the building is secure or not. He has done this for a long time and has a lot of tricks up his sleeve to get into buidings. In this episode we hear 3 stories of him breaking into buildings for a living. You can find more about Deviant on the following sites: https://twitter.com/deviantollam https://www.instagram.com/deviantollam https://youtube.com/deviantollam https://defcon.social/@deviantollam https://deviating.net/ Sponsors Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthens youre infrastructure from the ground up with a zero trust posture. ThreatLockers allow-listing give you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provices zero trust control at the kernel level. Learn more at www.threatlocker.com. This show is sponsored by Packetlabs. Theyve created the Penetration Testing Buyers guide - a comprehensive resource that will help you plan, scope, and execute your Penetration Testing projects. Inside, youll find valuable information on frameworks, standards, methodologies, cost factors, reporting options, and what to look for in a provider. https://guide.packetlabs.net/. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 02 May 2023 07:00:00 -0000

133: I'm the Real Connor

One day Connor Tumbleson got an email saying his identity has been stolen. And this was one of the strangest days hes ever had. Sponsors Support for this show comes from Quorum Cyber. Their mantra is: We help good people win. If youre looking for a partner to help you reduce risk and defend against the threats that are targeting your business and especially if you are interested in Microsoft Security reach out to Qurotum Cyber at quorumcyber.com. Skiff is a collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators can see what youve created. Try it out at https://skiff.com. Support for this show comes from AttackIQ. AttackIQs security optimization platform emulates the adversary with realism to test your security program, generating real-time performance data to improve your security posture. They also offer free training. Head to attackiq.com to get a closer look at how AttackIQ can help you today. Sources https://connortumbleson.com/ https://krebsonsecurity.com/2022/10/glut-of-fake-linkedin-profiles-pits-hr-against-the-bots/ Snippet from Darknet Diaries ep 119 about North Koreans getting tech jobs to steal bitcoin https://www.youtube.com/watch?v=v1ik6bAwELA Attribution Assembled by Tristan Ledger. Sound design by Garrett Tiedemann. Episode artwork by odibagas. Mixing by Proximity Sound. Theme music created by Breakmaster Cylinder. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 04 Apr 2023 07:00:00 -0000

132: Sam the Vendor

Sam Bent, a.k.a. DoingFedTime, brings us a story of what it was like being a darknet market vendor. Learn more about Sam at https://www.doingfedtime.com/. Sponsors Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 14 Feb 2023 08:00:00 -0000

Presenting: Spycast "Black Ops: The Life of a Legendary CIA Shadow Warrior"

Jack is currently on a break. Here is a an episode from the Spycast podcast called "Black Ops: The Life of a Legendary CIA Shadow Warrior". To learn more about Spycast visit: https://www.spymuseum.org/podcast/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 27 Dec 2022 08:00:00 -0000

131: Welcome to Video

Andy Greenberg (https://twitter.com/a_greenberg) brings us a gut wrenching story of how criminal investigators used bitcoin tracing techniques to try to find out who was at the center of a child sexual abuse darkweb website. This story is part of Andys new book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. An affiliate link to the book on Amazon is here: https://amzn.to/3VkjSh7. Sponsors Support for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 13 Dec 2022 08:00:00 -0000

130: Jason's Pen Test

Join us as we sit down with Jason Haddix (https://twitter.com/Jhaddix), a renowned penetration tester who has made a name for himself by uncovering vulnerabilities in some of the worlds biggest companies. In this episode, Jason shares his funny and enlightening stories about breaking into buildings and computers, and talks about the time he discovered a major security flaw in a popular mobile banking app. Sponsors Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and response through our patented Concierge Security model. They work with your existing tools and become an extension of your existing IT team. Visit arcticwolf.com/darknet to learn more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 29 Nov 2022 08:00:00 -0000

129: Gollumfun (Part 2)

Brett Johnson, AKA Gollumfun (twitter.com/GOllumfun) was involved with the websites Counterfeit Library and Shadow Crew. He tells his story of what happened there and some of the crimes he committed. In part 2, his past catches up to him. Listen to more of Brett on his own show. https://www.thebrettjohnsonshow.com/. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 15 Nov 2022 08:00:00 -0000

128: Gollumfun (Part 1)

Brett Johnson, AKA Gollumfun (twitter.com/GOllumfun) was involved with the websites Counterfeit Library and Shadow Crew. He tells his story of what happened there and some of the crimes he committed. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 01 Nov 2022 07:00:00 -0000

127: Maddie

Maddie Stone is a security researcher for Googles Project Zero. In this episode we hear what its like battling zero day vulnerabilities. Sponsors Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Sources https://www.sophos.com/en-us/medialibrary/pdfs/technical%20papers/yu-vb2013.pdf https://www.youtube.com/watch?v=s0Tqi7fuOSU https://www.vice.com/en/article/4x3n9b/sometimes-a-typo-means-you-need-to-blow-up-your-spacecraft Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 18 Oct 2022 07:00:00 -0000

126: REvil

REvil is the name of a ransomware service as well as a group of criminals inflicting ransomware onto the world. Hear how this ransomware shook the world. A special thanks to our guest Will, a CTI researcher with Equinix. Sponsors Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com. Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and response through our patented Concierge Security model. They work with your existing tools and become an extension of your existing IT team. Visit arcticwolf.com/darknet to learn more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 04 Oct 2022 07:00:00 -0000

125: Jeremiah

Jeremiah Roe is a seasoned penetration tester. In this episode he tells us about a time when he had to break into a building to prove it wasnt as secure as the company thought. You can catch more of Jeremiah on the Were In podcast. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs finding and fixing vulnerabilities in real time. Create your free account at snyk.co/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 20 Sep 2022 07:00:00 -0000

124: Synthetic Remittance

What do you get when you combine social engineering, email, crime, finance, and the money stream flowing through big tech? Evaldas Rimaauskas comes to mind. He combined all these to make his big move. A whale of a move. Sponsors Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 06 Sep 2022 07:00:00 -0000

123: Newswires

Investing in the stock market can be very profitable. Especially if you can see into the future. This is a story of how a group of traders and hackers got together to figure out a way to see into the future and make a lot of money from that. Sponsors Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Support for this show comes from Juniper Networks. Juniper Networks is dedicated to simplifying network operations and driving superior experiences for end users. Visit juniper.net/darknet to learn more about how Junipers Zero Trust Data Center provides uncompromising visibility across all your data center environments. Visit juniper.net/darknet to learn more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 23 Aug 2022 07:00:00 -0000

122: Lisa

In this episode we hear some insider threat stories from Lisa Forte. Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs finding and fixing vulnerabilities in real time. Create your free account at snyk.co/darknet. Attribution Darknet Diaries is created by Jack Rhysider. Editing by Damienne. Assembled by Tristan Ledger. Sound designed by Andrew Meriwether. Episode artwork by odibagas. Mixing by Proximity Sound. Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 26 Jul 2022 07:00:00 -0000

121: Ed

In this episode we hear some penetration test stories from Ed Skoudis (twitter.com/edskoudis). We also catch up with Beau Woods (twitter.com/beauwoods) from I am The Cavalry (iamthecavalry.org). Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com/darknet. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. View all active sponsors. Attribution Darknet Diaries is created by Jack Rhysider. Editing by Damienne. Assembled by Tristan Ledger. Sound designed by Andrew Meriwether. Episode artwork by odibagas. Audio cleanup by Proximity Sound. Theme music created by Breakmaster Cylinder. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 12 Jul 2022 07:00:00 -0000

Presenting: Click Here "Lapsus$"

We're going to play two stories for you today. First is a story that comes from the podcast Click Here, hosted by Dina Temple Raston. It's about Lapsus$. Then after that Jack Rhysider tells a story about a sewage plant in Australia that had a big problem. You can find more episode of Click Here on your favorite podcast player or by visiting https://ClickHereShow.com. Sponsors Support for this show comes Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs finding and fixing vulnerabilities in real time. Create your free account at https://snyk.co/darknet. Support for this show comes from Linode. Linode supplies you with virtual servers. Visit [linode.com/darknet](https://linode.com/darknet) and get a special offer. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defender's hands. End cyber attacks. From endpoints to everywhere. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 28 Jun 2022 07:00:00 -0000

120: Voulnet

This is the story about when Mohammed Aldoub, AKA Voulnet, (twitter.com/Voulnet) found a vulnerability on Virus Total and Tweeted about it. Sponsors Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Support for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Sources https://www.cyberscoop.com/story/trial-error-kuwait-mohammed-aldoub-case/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 14 Jun 2022 07:00:00 -0000

119: Hot Wallets

In this episode we interview journalist Geoff White to discuss some of the recent crypto currency heists that have been happening. Geoff has been tracking a certain group of thieves for some time and shares his knowledge of what hes found. Much of what we talk about in this episode has been published in Geoffs new book The Lazarus Heist: From Hollywood to High Finance: Inside North Koreas Global Cyber War (https://amzn.to/3mKf1qB). Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. axonius.com/darknet Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 31 May 2022 07:00:00 -0000

118: Hot Swaps

This is the story of Joseph Harris (https://twitter.com/akad0c). When he was a young teen he got involved with stealing video game accounts and selling them for money. This set him on a course where he flew higher and higher until he got burned. Joseph sometimes demonstrates vulnerabilities he finds on his YouTube channel https://www.youtube.com/channel/UCdcuF5Zx6BiYmwnS-CiRAng. Listen to episode 112 Dirty Coms to hear more about what goes on in the communities Joseph was involed with. Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Support for this show comes from Synack. Synack is a penetration testing firm. But they also have a community of, people like you, who earn regular money by legally hacking. If youre interested in getting paid to hack, visit them now at synack.com/red-team, and click apply now. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 17 May 2022 07:00:00 -0000

117: Daniel the Paladin

Daniel Kelley (https://twitter.com/danielmakelley) was equal parts mischievousness and clever when it came to computers. Until the day his mischief overtook his cleverness. Sponsors Support for this show comes from Keeper Security. Keeper Securitys is an enterprise password management system. Keeper locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization. Get started by visiting keepersecurity.com/darknet. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 03 May 2022 07:00:00 -0000

116: Mad Dog

Jim Lawler, aka Mad Dog, was a CIA case officer for 25 years. In this episode we hear some of the stories he has and things he did while working in the CIA. Jim has two books out. Affiliate links below. Living Lies: A Novel of the Iranian Nuclear Weapons Program https://amzn.to/3s0Ppca In the Twinkling of an Eye: A Novel of Biological Terror and Espionage https://amzn.to/3y7B4OL Sponsors Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Support for this show comes from Juniper Networks. Juniper Networks is dedicated to simplifying network operations and driving superior experiences for end users. Visit juniper.net/darknet to learn more about how Junipers Zero Trust Data Center provides uncompromising visibility across all your data center environments. Visit juniper.net/darknet to learn more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 19 Apr 2022 07:00:00 -0000

115: Player Cheater Developer Spy

Some video game players buy cheats to win. Lets take a look at this game cheating industry to see who the players are. Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 05 Apr 2022 07:00:00 -0000

114: HD

HD Moore (https://twitter.com/hdmoore) invented a hacking tool called Metasploit. He crammed it with tons of exploits and payloads that can be used to hack into computers. What could possibly go wrong? Learn more about what HD does today by visiting rumble.run/. Sponsors Support for this show comes from Quorum Cyber. They exist to defend organisations against cyber security breaches and attacks. Thats it. No noise. No hard sell. If youre looking for a partner to help you reduce risk and defend against the threats that are targeting your business and specially if you are interested in Microsoft Security - reach out to www.quorumcyber.com. Support for this show comes from Snyk. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs finding and fixing vulnerabilities in real time. And Snyk does it all right from the existing tools and workflows you already use. IDEs, CLI, repos, pipelines, Docker Hub, and more so your work isnt interrupted. Create your free account at snyk.co/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 22 Mar 2022 07:00:00 -0000

113: Adam

Adam got a job doing IT work at a learning academy. He liked it and was happy there and feeling part of the team. But a strange series of events took him in another direction, that definitely didnt make him happy. Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Support for this show comes from Varonis. Do you wonder what your companys ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 08 Mar 2022 08:00:00 -0000

112: Dirty Coms

This episode we talk with a guy named Drew who gives us a rare peek into what some of the young hackers are up to today. From listening to Drew, we can see that times are changing for the motive behind hacking. In the 90s and 00s it was done for fun and curiosity. In the 10s Anonymous showed us what Hacktivism is. And now, in the 20s, the young hackers seem to be profit driven. Sponsors Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Support for this show comes from Juniper Networks. Juniper Networks is dedicated to simplifying network operations and driving superior experiences for end users. Visit juniper.net/darknet to learn more about how Juniper Secure Edge can help you keep your remote workforce seamlessly secure wherever they are. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 22 Feb 2022 08:00:00 -0000

111: ZeuS

ZeuS is a banking trojan. Designed to steal money from online bank users accounts. This trojan became so big, that it resulted in one of the biggest FBI operations ever. Sponsors Support for this show comes from Axonius. Securing assets whether managed, unmanaged, ephemeral, or in the cloud is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Keeper Security. Keeper Securitys is an enterprise password management system. Keeper locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization. Get started by visiting keepersecurity.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 08 Feb 2022 08:00:00 -0000

110: Spam Botnets

This episode tells the stories of some of the worlds biggest spamming botnets. Well talk about the botnets Rustock, Waledac, and Cutwail. Well discover who was behind them, what their objectives were, and what their fate was. Sponsors Support for this show comes fromJuniper Networks(hyperlink:juniper.net/darknet). Juniper Networks is dedicated to simplifying network operations and driving superior experiences for end users. Visitjuniper.net/darknetto learn more about how Juniper Secure Edge can help you keep your remote workforce seamlessly secure wherever they are. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 25 Jan 2022 08:00:00 -0000

109: TeaMp0isoN

TeaMp0isoN was a hacking group that was founded by TriCk and MLT (twitter.com/0dayWizard). They were responsible for some high profile hacks. But in this story its not the rise thats most interesting. Its the fall. Sponsors Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 11 Jan 2022 08:00:00 -0000

108: Marq

This is the story of Marq (twitter.com/dev_null321). Which involves passwords, the dark web, and police. Sponsors Support for this podcast comes from Cybereason. Cybereason reverses the attackers advantage and puts the power back in the defenders hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet. Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. View all active sponsors. Sources Court records and news articles were used to fact check this episode. However Marq requested that links to his full name not be made available. https://techcrunch.com/2019/12/19/ring-doorbell-passwords-exposed/ https://www.wired.com/2010/03/hacker-bricks-cars/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 21 Dec 2021 08:00:00 -0000

107: Alethe

Alethe is a social engineer. Professionally she tries to trick people to give her passwords and access that she shouldnt have. But her journey to this point is interesting and in this episode she tells us how she became a social engineer. Follow Alethe on Twitter: https://twitter.com/AletheDenis Sponsors Support for this show comes from Skiff. Skiff is a collaboration platform built for privacy from the ground up. Every document, note, and idea you write is end-to-end encrypted and completely private. Only you and your trusted collaborators can see what youve created. Try it out at https://www.skiff.org/darknet. Support for this show comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 07 Dec 2021 08:00:00 -0000

106: @Tennessee

How much online abuse are you willing to take before you decide to let your abuser have what they want? Unfortunately, this is a decision that many people have to ask themselves. If someone can threaten you physically, it bypasses whatever digital security you have in place. Thanks to https://twitter.com/jw for sharing this harrowing story with us. Affiliate links to books: The Smart Girls Guide to Privacy: https://www.amazon.com/gp/product/1593276486/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1593276486&linkCode=as2&tag=tunn01-20&linkId=0a8ee2ca846534f77626757288d77e00 Extreme Privacy:https://www.amazon.com/gp/product/B0898YGR58/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B0898YGR58&linkCode=as2&tag=tunn01-20&linkId=575c5ed0326484f0b612f000621b407f Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET. Support for this show comes from Ping Identity, champions of identity for the global enterprise. Give your users a loveable login solution. Visit www.pingidentity.com/. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 23 Nov 2021 08:00:00 -0000

105: Secret Cells

Joseph Cox (https://twitter.com/josephfcox), Senior Staff Writer at Motherboard (https://www.vice.com/en/topic/motherboard), joins us to talk about the world of encrypted phones. Books Affiliate links to books: The Smart Girls Guide to Privacy: https://www.amazon.com/gp/product/1593276486/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1593276486&linkCode=as2&tag=tunn01-20&linkId=0a8ee2ca846534f77626757288d77e00 Extreme Privacy:https://www.amazon.com/gp/product/B0898YGR58/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=B0898YGR58&linkCode=as2&tag=tunn01-20&linkId=575c5ed0326484f0b612f000621b407f Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET. Support for this show comes from Ping Identity, champions of identity for the global enterprise. Give your users a loveable login solution. Visit www.pingidentity.com/. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 09 Nov 2021 08:00:00 -0000

104: Arya

Arya Ebrahami has had quite a personal relationship with darknet marketplaces. In this episode youll hear about his adventures on tor. Aryas current project is https://lofi-defi.com. Sponsors Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Support for this show comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Sources https://www.nbcwashington.com/news/local/27-arrested-in-prince-william-county-narcotics-investigation/58441/ https://patch.com/virginia/manassas/undercover-narcotics-operation-nets-27-arrrests-xanax-distribution-ring Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 26 Oct 2021 07:00:00 -0000

103: Cloud Hopper

Fabio Viggiani is an incident responder. In this episode he talks about the story when one of his clients were breached. Sponsors Support for this show, and for stretched security teams, comes from SOC.OS. Too many security alerts means alert fatigue for under-resourced SecOps teams. Traditional tools arent solving the problem. SOC.OS is the lightweight, cost-effective, and low-maintenance solution for your team. Centralise, enrich, and correlate your security alerts into manageable, prioritised clusters. Get started with an extended 3-month free trial at https://socos.io/darknet. Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET. Sources https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper https://www.reuters.com/article/us-china-cyber-cloudhopper-companies-exc-idUSKCN1TR1D4 https://www.fbi.gov/wanted/cyber/apt-10-group https://www.youtube.com/watch?v=277A09ON7mY https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061 https://www.technologyreview.com/2018/12/20/239760/chinese-hackers-allegedly-stole-data-of-more-than-100000-us-navy-personnel/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 12 Oct 2021 07:00:00 -0000

102: Money Maker

Frank Bourassa had an idea. He was going to make money. Literally. Listen to the story of a master counterfeiter. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 28 Sep 2021 07:00:00 -0000

101: Lotera

In 2014 the Puerto Rico Lottery was mysteriously losing money. Listen to this never before told story about what happened and who did it. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET. Support for this show comes from Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Sources https://en.wikipedia.org/wiki/Puerto_Rico_Lottery https://www.justice.gov/usao-pr/pr/10-individuals-indicted-drug-trafficking-and-money-laundering https://www.dea.gov/press-releases/2014/07/22/caribbean-corridor-strike-force-arrests-10-individuals-indicted-drug https://casetext.com/case/united-states-v-delfin-robles-alvarez-7 Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 31 Aug 2021 07:00:00 -0000

100: NSO

The NSO Group creates a spyware called Pegasus which gives someone access to the data on a mobile phone. They sell this spyware to government agencies around the world. How is it used and what kind of company is the NSO Group? Thanks to John Scott-Railton and Citizen Lab for investigating this and sharing their research. Sponsors Support for this show comes from Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNET Support for this show comes from Ping Identity, champions of identity for the global enterprise. Give your users a loveable login solution. Visit www.pingidentity.com/. Support for this show comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. For a full list of sources used in this episode and complete transcripts visit https://darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 17 Aug 2021 07:00:00 -0000

99: The Spy

Igor works as a private investigator in NYC. Hes often sitting in cars keeping a distant eye on someone with binoculars. Or following someone through the busy streets of New York. In this episode we hear about a time when Igor was on a case but sensed that something wasnt right. Sponsors Support for this show comes from Exabeam. Exabeam lets security teams see what traditional tools cant, with automated threat detection and triage, complete visibility across the entire IT environment and advanced behavioral analytics that distinguishes real threats from perceived ones, so security teams stay ahead and businesses keep moving without fear of the unknown. When the security odds are stacked against you, outsmart them from the start with Exabeam. Learn more at https://exabeam.com/DD. Support for this show comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Sources Article: The Case of the Bumbling Spy Podcast: The Catch and Kill Podcast with Ronan Farrow Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 03 Aug 2021 07:00:00 -0000

98: Zero Day Brokers

Zero day brokers are people who make or sell malware thats sold to people who will use that malware to exploit people. Its a strange and mysterious world that not many people know a lot about.Nicole Perlroth, who is a cybersecurity reporter for the NY Times, dove in head first which resulted in her writing a whole book on it. Affiliate link for book:This is How They Tell Me The World Ends (https://www.amazon.com/gp/product/1635576059/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1635576059&linkCode=as2&tag=tunn01-20&linkId=0aa8c966d98b49a7927bfc29aac76bbe) Audiobook deal:Try Audible Premium Plus and Get Up to Two Free Audiobooks (https://www.amazon.com/Audible-Free-Trial-Digital-Membership/dp/B00NB86OYE/?ref_=assoc_tag_ph_1485906643682&_encoding=UTF8&camp=1789&creative=9325&linkCode=pf4&tag=tunn01-20&linkId=31042b955d5e6d639488dc084711d033) Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET. Support for this show comes fromPrivacy.com. Privacy allows you to create anonymous debit cards instantly to use for online shopping. Visitprivacy.com/darknetto get a special offer. View all active sponsors. Sources Nicoles Book: This is How They Tell Me the World Ends https://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 20 Jul 2021 07:00:00 -0000

97: The Pizza Problem

What if someone wanted to own your Instagram account? Not just control it, but make it totally theirs. This episode tells the story of how someone tried to steal an Instagram account from someone. Sponsors Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Sources Vid: The $5 Million Phone Hack True Life Crime Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 06 Jul 2021 07:00:00 -0000

96: The Police Station Incident

Nicole Beckwithwears a lot of hats. Shes a programmer, incident responder, but also a cop and a task force officer with the Secret Service. In this episode she tells a story which involves all of these roles. https://twitter.com/NicoleBeckwith Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET. Support for this show comes fromExabeam. Exabeam lets security teams see what traditional tools cant, with automated threat detection and triage, complete visibility across the entire IT environment and advanced behavioral analytics that distinguishes real threats from perceived ones, so security teams stay ahead and businesses keep moving without fear of the unknown. When the security odds are stacked against you, outsmart them from the start with Exabeam. Learn more athttps://exabeam.com/DD. View all active sponsors. Sources https://www.secjuice.com/unusual-journeys-nicole-beckwith/ Talk from Nicole: Mind Hacks Psychological profiling, and mental health in OSINT investigations Talk from Nicole: Whos guarding the gateway? Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 22 Jun 2021 07:00:00 -0000

95: Jon & Brian's Big Adventure

JonandBrianare penetration testers who both worked at a place calledRedTeam Security. Theyre paid to break into buildings and hack into networks to test the security of those buildings. In this episode they bring us a story of how they prepare and execute a mission like this. But even with all the preparation, something still goes terribly wrong. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET. Support for this show comes fromPing Identity, champions of identity for the global enterprise. Give your users a loveable login solution. Visitwww.pingidentity.com/. View all active sponsors. Sources Video: Jon and Brian on ABC Nightline Video: RedTeam Security breaks into a power station https://www.redteamsecure.com/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 08 Jun 2021 07:00:00 -0000

94: Mariposa

Chris Davishas been stopping IT security threats for decades. Hes currently running the companyHyasthat he started. In this episode he tells a few tales of some threats that he helped stop. Sponsors Support for this show comes fromExabeam. Exabeam lets security teams see what traditional tools cant, with automated threat detection and triage, complete visibility across the entire IT environment and advanced behavioral analytics that distinguishes real threats from perceived ones, so security teams stay ahead and businesses keep moving without fear of the unknown. Learn more by visitingexabeam.com/dd. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Sources https://www.zdnet.com/article/hacker-curador-pleads-guilty-to-credit-card-theft/ https://www.pbs.org/wgbh/pages/frontline/shows/hackers/ https://archive.org/details/frontline_202009/Frontline-+Hackers/VIDEO_TS/VTS_01_1.VOB https://defintel.com/docs/Mariposa_Analysis.pdf https://krebsonsecurity.com/2020/03/french-firms-rocked-by-kasbah-hacker/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 25 May 2021 07:00:00 -0000

93: Kik

Kik is a wildly popular chat app. Their website says that 1 in 3 American teenagers use Kik. But something dark is brewing on Kik. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 11 May 2021 07:00:00 -0000

92: The Pirate Bay

The Pirate Bay is a website, a search engine, which has an index of torrent files. A lot of copyrighted material is listed on the site, but the site doesnt store any of the copyrighted material. It just points the user to where you can download it from. So for a while The Pirate Bay has been the largest places you can find pirated movies, music, games, and apps. But this site first came up 2003. And is still up and operation now, 18 years later! You would think someone would shut this place down by now. How does the biggest source for copyrighted material stay up and online for that long? Listen to this episode to find out. Sponsors Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 27 Apr 2021 07:00:00 -0000

91: webjedi

What happens when an unauthorized intruder gets into the network of a major bank? Amlie Koran akawebjediwas there for one of these intrusions and tells us the story of what happened. You can find more talks from Amlie at her websitewebjedi.net. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. This podcast is sponsored byNavisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next. VisitNavisite.com/go. View all active sponsors. Sources https://www.foxnews.com/story/0,2933,435681,00.html https://w2.darkreading.com/risk-management/world-bank-(allegedly)-hacked/d/d-id/1072857 https://www.washingtonpost.com/nation/2020/05/18/missionary-pilot-death-coronavirus/ https://webjedi.net/ CLAIM=8f61b1a2cab60fab354cc5b111ea154705b363d3=CLAIM Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 13 Apr 2021 07:00:00 -0000

90: Jenny

MeetJenny Radcliffe, the People Hacker. Shes a social engineer and physical penetration tester. Which means she gets paid to break into buildings and test their security. In this episode she tells us a few stories of some penetration testing jobs shes done. Sponsors Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. This podcast is sponsored byNavisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next. VisitNavisite.com/go. View all active sponsors. Sources humanfactorsecurity.co.uk Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 06 Apr 2021 07:00:00 -0000

89: Cybereason - Molerats in the Cloud

The threat research team at Cybereason uncovered an interesting piece of malware. Studied it and tracked it. Which lead them to believe they were dealing with a threat actor known as Molerats. Sponsors This episode is sponsored byCybereason. Cybereason reverses the attackers advantage and puts the power back in your hands. Their future-ready attack platform gives defenders the wisdom to uncover, understand, and piece together multiple threats. And the precision focus to end cyberattacks instantly on computers, mobile devices, servers, and the cloud. They do all this through a variety of tools theyve developed such as antivirus software, endpoint monitoring, and mobile threat detection tools. They can give you the power to do it yourself, or they can do all the monitoring and respond to threats in your environment for you. Or you can call them after an incident to get help cleaning up. If you want to monitor your network for threats, check out what Cybereason can do for you. Cybereason. End cyber attacks. From endpoints to everywhere. Learn more atCybereason.com/darknet. View all active sponsors. Sources https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf https://malpedia.caad.fkie.fraunhofer.de/actor/molerats https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 30 Mar 2021 07:00:00 -0000

88: Victor

Victorlooks for vulnerabilities on the web and reports them responsibly. This is the story about discloser number 5780. Listen to episodes 86, and 87 before this one to be caught up on the story leading up to this. Sponsors This podcast is sponsored byNavisite. Accelerate IT transformation to respond to new demands, lower costs and prepare for whatever comes next. VisitNavisite.com/go. This podcast is sponsored by theJSCM Group. They have a service called ClosedPort: Scan, and its is a monthly Penetration Test performed by Cyber Security Experts. Contact JSCM Group today atjscmgroup.com/darknet. Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 16 Mar 2021 07:00:00 -0000

87: Guild of the Grumpy Old Hackers

In 2016 the LinkedIn breach data became available to the public. What the Guild of the Grumpy Old Hackers did with it then is quite the story. Listen toVictor,Edwin, andMattijstell their story. Sponsors Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Support for this show comes fromPrivacy.com. Privacy allows you to create anonymous debit cards instantly to use for online shopping. Visitprivacy.com/darknetto get a special offer. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 02 Mar 2021 08:00:00 -0000

86: The LinkedIn Incident

In 2012, LinkedIn was the target of a data breach. A hacker got in and stole millions of user details. Username and password hashes were then sold to people willing to buy. This episode goes over the story of what happened. For a good password manager, check out LastPass. Sponsors Support for this episode comes fromQuadrant Information Security. If you need a team of around the clock analysts to monitor for threat in your network using a custom SIEM, check out what Quadrant can do for you by visitingwww.quadrantsec.com. Support for this show comes fromThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out athttps://canary.tools. Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 16 Feb 2021 08:00:00 -0000

85: Cam the Carder

This is the story ofCam Harrison, aka kilobit and his rise and fall as a prominent carder. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes fromOracle for Startups. Oracle for Startups delivers enterprise cloud at a startup price tag, with free cloud credits and 70% off industry-leading cloud services to help you reel in the big fishconfidently. To learn more, visitOracle.com/goto/darknet. View all active sponsors. Sources https://www.justice.gov/opa/pr/member-organized-cybercrime-ring-responsible-50-million-online-identity-theft-sentenced-115 https://nakedsecurity.sophos.com/2014/11/14/carder-su-fraudster-jailed-for-9-years-and-ordered-to-pay-50-8m/ https://www.justice.gov/usao-nv/operation-open-market Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 02 Feb 2021 08:00:00 -0000

84: Jet-setters

How bad is it if you post your boarding pass on Instagram? Our guest,Alexdecides to figure this out for themself and has quite a story about what happened. You can read more from Alex on their bloghttps://mango.pdf.zone. We also hear fromTProphetwhos here to give us some travel hacks to save tons on airfare when we start traveling again. You can learn more about TProphets travel hacks athttps://seat31b.comorhttps://award.cat. Sponsors Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Support for this show comes fromTanium. With Tanium you can gain real-time security and operational data directly from your endpoints along with the ability to take action on, and create reports from, that data in just minutes, so that you and your teams can have the insight and capability necessary to accomplish the mission effectively. Learn more athttps://federal.tanium.com. View all active sponsors. Sources https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagram https://seat31b.com https://award.cat Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 19 Jan 2021 08:00:00 -0000

83: NSA Cryptologists

In this episode we interview two NSA Cryptologists,Marcus J. CareyandJeff Man. We hear their story of how they got into the NSA and what they did while there. To hear more stories from Jeff tune intoPauls Security Weeklywhere Jeff is a regular co-host and shares a lot of stories and insights. Marcus has written several books on security. They areTribe of Hackers,Tribe of Hackers Blue Team,Tribe of Hackers Red Team,Tribe of Hackers Security Leaders,Think in Code, and a childrens book calledThree Little Hackers. Also check out theTribe of Hackers podcastto hear interviews with all these amazing people! Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 05 Jan 2021 08:00:00 -0000

82: Master of Pwn

TheZero Day Initiativeruns a hacker contest calledPwn2Own. The contest calls the best hackers in the world to demonstrate they can hack into software that should be secure. Like browsers, phones, and even cars. A lot of vulnerabilities are discovered from this event which means vendors must fix them. Whoever can demonstrate the most vulnerabilities will be crowned the Master of Pwn. Thanks toDustin ChildsandBrian Gorencfrom ZDI to hear all about Pwn2Own. Thanks toRadekandPedrofor sharing their experiences of becoming the Masters of Pwn. Sponsors Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Support for this show comes fromKars 4 Kids. Donate your car today, this organization will sell to use for their charity. View all active sponsors. Sources https://www.forbes.com/profile/lee-junghoon/?sh=49ee055fc9c7 https://www.cyberscoop.com/pwn2own-chinese-researchers-360-technologies-trend-micro/ https://twitter.com/BrendanEich/status/697889208380293120 https://www.techtimes.com/articles/247111/20200130/google-bug-bounty-2019-became-the-highest-paid-google-hackers-reaching-6-5-million.htm Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 22 Dec 2020 08:00:00 -0000

81: The Vendor

This is the story of a darknet marketplace vendor well name V. V tells his story of how he first became a buyer, then transitioned into seller. This episode talks about drugs. Listener discretion is advised. If you want to contact V his email is at https://darknetdiaries.com/episode/81. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 08 Dec 2020 08:00:00 -0000

80: The Whistleblower

In this episode we hear a story from a social engineer whos job it is to get people to do things they dont want to do. Why? For profit. Sponsors Support for this episode comes fromSentinelOnewhich can protect and assistwith ransomeware attacks. On top of that, SentinelOne offers threat hunting, visibility, and remote administration tools to manage and protect any IoT devices connected to your network. Go toSentinelOne.com/DarknetDiariesfor your free demo. Your cybersecurity future starts today with SentinelOne. Support for this show comes fromThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out athttps://canary.tools. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. View all active sponsors. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 24 Nov 2020 08:00:00 -0000

79: Dark Basin

What do you do when you find yourself the target of a massive hacking campaign, and you are getting thousands of phishing emails and someone following you in your car. You might turn to Citizen Lab who has the ability to research who is behind this and help bring the hackers to justice. Our guests this episodes are Adam Hulcoop and John Scott-Railton ofCitizen Lab. This episode also has an interview with Matthew Earl ofShadowfall. Sponsors Support for this show comes fromLastPassby LogMeIn. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 10 Nov 2020 08:00:00 -0000

78: Nerdcore

Nerdcore music is music for nerds. In this episode we hear from some of the musicians who make Nerdcore music. This episode features guestsytcracker,Ohm-I, andDual Core. Content warning: This episode has explicit lyrics. Music For a playlist of music used in this episode visit darknetdiaries.com/episode/78. Sponsors Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 27 Oct 2020 07:00:00 -0000

77: Olympic Destroyer

In February 2018, during the Winter Olympics in Pyeongchang South Korea, a cyber attack struck, wiping out a lot of the Olympics digital infrastructure. Teams rushed to get things back up, but it was bad. Malware had repeatedly wiped the domain controllers rendering a lot of the network unusable. Who would do such a thing? We will talk withAndy Greenbergto discuss Olympic Destroyer, a chapter from his bookSandworm (affiliate link). Sponsors Support for this show comes fromLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand get a special offer. Support for this show comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 13 Oct 2020 07:00:00 -0000

76: Knaves Out

This is the story about how someone hacked into JP Morgan Chase, one of the biggest financial institutions in the world. Its obvious why someone would want to break into a bank right? Well the people who hacked into this bank, did not do it for obvious reasons. The hackers are best described as knaves. Which are tricky, deceitful fellows. Sponsors Support for this show comes fromLastPassby LogMeIn. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. Support for this episode comes fromSentinelOnewhich can protect and assistwith ransomeware attacks. On top of that, SentinelOne offers threat hunting, visibility, and remote administration tools to manage and protect any IoT devices connected to your network. Go toSentinelOne.com/DarknetDiariesfor your free demo. Your cybersecurity future starts today with SentinelOne. Support for this show comes from IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. For a complete list of sources and a full transcript of the show visit darknetdiaries.com/episode/76. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 29 Sep 2020 07:00:00 -0000

75: Compromised Comms

From 2009 to 2013 the communication channels the CIA uses to contact assets in foreign countries was compromised. This had terrifying consequences. Guests this episodes areJenna McLaughlinandZach Dorfman. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. This episode was sponsored byThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out athttps://canary.tools. View all active sponsors. Sources https://finance.yahoo.com/news/cias-communications-suffered-catastrophic-compromise-started-iran-090018710.html Video: Fostering Bipartisanship in Intelligence Oversight CNAS2019 https://www.mcclatchydc.com/news/nation-world/national/article28348576.html https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/ https://www.nytimes.com/2017/05/20/world/asia/china-cia-spies-espionage.html https://www.nytimes.com/2018/01/17/world/asia/jerry-lee-cia-china-mole-hunt-suspect.html https://news.yahoo.com/cia-fix-communications-system-left-trail-dead-agents-remains-elusive-100046908.html https://www.washingtonpost.com/archive/sports/1988/03/21/cuban-defector-impeaches-cia-spies/10cec17c-076b-4867-96c5-628b8435a852/ https://en.wikipedia.org/wiki/Aldrich_Ames Attribution Darknet Diaries is created byJack Rhysider. Research assistance this episode fromYael Grauer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 15 Sep 2020 07:00:00 -0000

74: Mikko

Poker is a competitive game. Unlike other casino games, poker is player vs player. Criminal hackers have understood this for a while and sometimes hack the other players to get an edge. And that small edge can result in millions of dollars in winnings. This episode contains a story fromMikko HypponenofF-Secure. We also interview Mikko to know more about him and the history of malware. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. This episode was sponsored byThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out athttps://canary.tools. Sources https://www.cardplayer.com/poker-news/18318-wsop-bracelet-winner-jailed-for-web-poker-cheating https://forumserver.twoplustwo.com/29/news-views-gossip/my-unbelievable-ept-barcelona-story-hotel-rooms-arts-barcelona-broken-into-plant-trojans-1369171/ Mikkos research on bypassing hotel room keys https://archive.f-secure.com/weblog/archives/00002647.html https://pokerfuse.com/news/live-and-online/more-stories-of-tampered-laptops-emerge-in-wake-of-ept-barcelona-scam-24-09/ https://forumserver.twoplustwo.com/showpost.php?p=40050535&postcount=410 https://forumserver.twoplustwo.com/showpost.php?p=40099537&postcount=794 https://igaming.org/poker/news/danish-former-high-stakes-pro-reported-to-police-for-massive-fraud-1602/ https://nyheder.tv2.dk/krimi/2019-12-02-dansk-pokerspiller-far-konfiskeret-26-millioner-kroner https://www.flushdraw.net/news/peter-jepsen-verdict-a-mixed-victory-for-poker-justice/ https://www.bankrollmob.com/poker-news/2019123/danish-poker-pro-sentenced-jail-cheating-others-online-poker Video: Peter Jepsen talks about an attempted hack on him https://www.sijoitustieto.fi/comment/29593#comment-29593 https://forumserver.twoplustwo.com/29/news-views-gossip/sad-conclusion-my-barcelona-incident-1397551/ Video: Brain Searching for the first PC virus in Pakistan https://archive.org/details/malwaremuseum Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 01 Sep 2020 07:00:00 -0000

73: WannaCry

It is recommend to listen to episodes53 Shadow Brokers,71 FDFF, and72 Bangladesh Bank Heistbefore listening to this one. In May 2017 the world fell victim to a major ransomware attack known as WannaCry. One of the victims was UKs national health service. Security researchers scrambled to try to figure out how to stop it and who was behind it. Thank you toJohn HultquistfromFireEyeand thank you toMatt Suichefounder ofComae. Sponsors Support for this episode comes fromLastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. This episode was sponsored byLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand when signing up with a new account use code darknet2020 to get a $20 credit on your next project. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 18 Aug 2020 07:00:00 -0000

72: Bangladesh Bank Heist

A bank robbery with the objective to steal 1 billion dollars. This is the story of the largest bank robbery in history. And it was all done over a computer. Our guest this episode wasGeoff White. Learn more about him atgeoffwhite.tech. Check out Geoffs new bookCrime Dot Com. Affiliate link: https://www.amazon.com/gp/product/1789142857/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1789142857&linkCode=as2&tag=darknet04-20&linkId=bb5a6aa7ba980183e0ce7cee1939ea05 Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 04 Aug 2020 07:00:00 -0000

71: Information Monopoly

In this episode, were going into the depths of North Korea to conduct one of the greatest hacks of all time. To find a way to inject information into a country run by totalitarian regime. A big thanks toYeonmi Parkfor sharing her story with us. Also thanks toAlex Gladsteinfor telling us the inside story. You can find more about Flash Drive For Freedom atflashdrivesforfreedom.org. Yeonmis book "In Order to Live": https://www.amazon.com/gp/product/014310974X/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=014310974X&linkCode=as2&tag=darknet04-20&linkId=88ebdc087c6ce041105c479b1bb6c3d2 Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 21 Jul 2020 07:00:00 -0000

70: Ghost Exodus

Ghost Exodus is a hacker. He conducted various illegal activities online. Some of which he documents on YouTube. Hes also a great musician. He got into some trouble from his hacking. This is his story. A big thanks toGhost Exodusfor sharing his story with us. Also thanks toWesley McGrewfor telling us the inside story. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. This episode was sponsored by Detectify. What vulnerabilities will their crowdsource-powered web vulnerability scanner detect in your web applications? Find out with a 14-day free trial. Go tohttps://detectify.com/Darknet Sources https://www.pcworld.com/article/167756/article.html https://archives.fbi.gov/archives/dallas/press-releases/2011/dl031811.htm Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 07 Jul 2020 07:00:00 -0000

69: Human Hacker

We all know that computers and networks are vulnerable to hacking and malicious actors, but what about us, the humans who interface with these devices? Con games, scams, and strategic deception are far older than computers, and in the modern era, these techniques can make humans the weakest link in even the most secure system. This episode, security consultant and master social engineer, Christopher Hadnagy, joins us to share his stories and wisdom. He describes what it was like to be a social engineer before the world knew what social engineering was and tells some of his amazing stories from his long career in penetration testing. A big thanks toChristopher Hadnagyfromsocial-engineer.orgfor sharing his stories with us. Check out his bookSocial Engineering: The Science of Human Hacking, affiliate link here. Check out his podcast calledThe Social-Engineerpodcast. Sponsors This episode was sponsored byThinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out athttps://canary.tools. Support for this episode comes fromLastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. Sources https://www.social-engineer.org/ How phishing scammers manipulate your amygdala and oxytocin TEDxFultonStreet DEF CON 22 - Chris Hadnagy - What Your Body Tells Me - Body Language for the SE https://en.wikipedia.org/wiki/George_C._Parker Book Recommendations with affiliate links: Social Engineering Influence What Every Body is Saying Emotions Revealed Presence Its Not About Me, Top 10 Techniques for Building Rapport Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 23 Jun 2020 07:00:00 -0000

68: Triton

A mysterious mechanical failure one fateful night in a Saudi Arabian chemical plant leads a cast of operational technology researchers down a strange path towards an uncommon, but grave, threat. In this episode, we hear how these researchers discovered this threat and tried to identify who was responsible for the malware behind it. We also consider how this kind of attack may pose a threat to human life wherever there are manufacturing or public infrastructure facilities around the world. A big thanks toJulian Gutmanis,Naser Aldossary,Marina Krotofil, andRobert M. Leefor sharing their stories with us. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. This episode was sponsored byLinode. Linode supplies you with virtual servers. Visitlinode.com/darknetand when signing up with a new account use code darknet2020 to get a $20 credit on your next project. Sources https://www.fireeye.com/blog/threat-research/2019/04/triton-actor-ttp-profile-custom-attack-tools-detections.html https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html https://dragos.com/wp-content/uploads/TRISIS-01.pdf Video S4 TRITON - Schneider Electric Analysis and Disclosure Video S4 TRITON - Mandiant Analysis at S4x18 Video S4 TRITON - Reverse Engineering the Tricon Controller by Dragos Video S4 TRITON - A Report From The Trenches Video - Safety Orientation video for the Chemical Plant Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 09 Jun 2020 07:00:00 -0000

67: The Big House

John Strandis a penetration tester. Hes paid to break into computer networks and buildings to test their security. In this episode we listen to stories he has from doing this type of work. Thanks toJohn Strandfor coming on the show and telling your story. Sponsors Support for this episode comes fromLastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Sources How a Hackers Mom Broke Into a Prisonand the Wardens Computer Video: How not to suck at pen testing John Strand Video: I Had My Mom Break Into Prison Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 26 May 2020 07:00:00 -0000

66: freakyclown

Freakyclown is a physical penetration tester. His job is to break into buildings to test the security of the building. In this episode we hear stories of some of these missions hes been on. Thanks toFreakyclownfor coming on the show and telling your story. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visitingITPro.tv/darknet. And use promo code DARKNET25. This episode was sponsored by Molekule, a new air purifier that completely destroys air pollutants to help you breath easier.https://molekule.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 12 May 2020 07:00:00 -0000

65: PSYOP

PSYOP, or Psychological Operations, is something the US military has been doing to foreign audiences for decades. But what exactly is it? And whats the difference between white, gray, and black PSYOP missions? We talk to PSYOP specialists to learn more. Thanks toJon Nicholsfor telling us about this fascinating world. Sponsors Support for this episode comes fromLastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. VisitLastPass.com/Darknetto start your 14 day free trial. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Sources https://www.democracynow.org/2006/3/24/the_psyops_war_a_look_at https://en.wikipedia.org/wiki/Lincoln_Group https://www.goarmy.com/careers-and-jobs/special-operations/psyop/psyop-mission.html# https://en.wikipedia.org/wiki/Operation_Wandering_Soul_(Vietnam_War) https://en.wikipedia.org/wiki/Torches_of_Freedom http://cgsc.contentdm.oclc.org/cdm/ref/collection/p16040coll3/id/182 https://archive.org/details/PropagandaAudiobook/Propaganda+Chapter+01.mp3 https://www.newsweek.com/us-military-gets-mysterious-and-false-text-message-evacuate-korean-peninsula-669875 https://www.cbinsights.com/research/future-of-information-warfare/ https://en.wikipedia.org/wiki/National_Defense_Authorization_Act_for_Fiscal_Year_2013#Smith%E2%80%93Mundt_Modernization_Act_of_2012 Videos Vietnam War Ghost Audio Tape used in PSYOPS Wandering Soul Jon Nichols Part 0 - Unallocated Spaces Talk on Russian Propaganda Cyber-Influence: Cyberwar and Psychological Operations WWII Psych Ops MISO Marines broadcast important information to Afghans The War You Dont See Edward L. Bernays interview, 1986-10-23 As it fights two wars, the Pentagon is steadily and dramatically increasing money spent on propaganda Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 28 Apr 2020 07:00:00 -0000

64: The Athens Shadow Games

Vodafone Greece is the largest telecom provider in Greece. But in 2004 a scandal within the company would pin them to be top of the news cycle in Greece for weeks. Hackers got in the network. And what they were after took everyone by surprise. Sponsors Support for this episode comes fromOkta. Learn more about how you can improve your security posture with the leader in identity-driven security atokta.com/darknet. This episode is supported byPlexTrac. PlexTrac is the purple teaming platform and is designed to streamline reporting, tracking and attestation so you can focus on getting the realcybersecurity work done. Whether you're creating pen test reports on the red team, or tracking and remediating on the blue team, PlexTrac can help. Support for this episode comes fromBlinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check outBlinkist.com/DARKNETto start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 14 Apr 2020 07:00:00 -0000

63: w0rmer

The hacker named w0rmer was active within AnonOps. These are Anonymous Operations which often organize and wage attacks on websites or people often with the purpose of social justice. Eventually w0rmer joined in on some of these hacking escapades which resulted in an incredible story that he will one day tell his kids. Thanks to w0rmer for telling us your story. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes from LastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. Visit LastPass.com/Darknet to start your 14 day free trial. SourcesArchived Tweets Feb 7, 2012 Twitter user @Anonw0rmer posts @MissAnonFatale I managed to pwn1 a site , get my papers , find my required primary IDS , yeah baby, i deservers em :) Feb 8, 2012 1:17 AM, Twitter user @Anonw0rmer posted, ROFL! WaS that us? https://www.wvgazettemail.com/news/legal_affairs/hackers-group-posts-police-chiefs-information-online/article_77f79fd5-f76f-5825-ae19-43a398361fdf.html o yeah oops #OpPigRoast #CabinCr3w Feb 9, 2012 12:35 AM, Twitter user @Anonw0rmer posted, DB Leak http://dps.alabama.gov https://pastehtml.com/view/bnik8yo1q.html. The bottom of this post originally showed this NSFW image. Feb 9, 2012 at 8:42 PM, Twitter user @Anonw0rmer posted, Mobile Alabama Police Criminal Record Database Logins Failing To Protect And Serve I Via @ItsKahuna I http://pastehtml.com/view/bnmjxxgfp.html #OpPiggyBank. Feb 9, 2012 at 8:39 PM, Twitter user @CabinCr3w posted, Texas Dept. of safety Hacked By @AnonWOrmer for #OpPiggyBank http://bit.ly/x1KH5Y #CabinCr3w #Anonymous Bottom of pastebin also shows a woman holding a sign saying We Are ALL Anonymous We NEVER Forgive. We NEVER Forget. <3 @Anonw0rmer Feb 10, 2012 at 9:07 PM, Twitter user @Anonw0rmer posted, My baby SETS standards ! wAt U got? https://i.imgur.com/FbH2K.jpg https://i.imgur.com/zsPvm.jpg https://i.imgur.com/S2S2C.jpg https://i.imgur.com/TVqdN.jpg #CabinCr3w. Links Criminal Complaint - United States Western District Court of Texas https://gizmodo.com/these-breasts-nailed-a-hacker-for-the-fbi-5901430 https://www.tomsguide.com/us/Anonymous-CabinCr3w-w0rmer-Ochoa-Australia,news-14803.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 31 Mar 2020 07:00:00 -0000

62: Cam

Cams story is both a cautionary tale and inspirational at the same time. Hes been both an attacker and defender. And not the legal kind of attacker. He has caused half a million dollars in damages with his attacks. Attacks that arose from a feeling of seeing injustices in the world. Listen to his story. Sponsors This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Sources BBC: The teenage hackers whove been given a second chance https://www.bbc.com/news/av/technology-40655656/uk-s-first-boot-camp-hopes-to-reform-teenage-hackers https://www.ncsc.gov.uk/ https://www.csa.limited/ https://www.tripwire.com/state-of-security/latest-security-news/teenager-who-ddosed-governments-seaworld-receives-no-jail-time/ https://www.ncsc.gov.uk/section/education-skills/11-19-year-olds Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 17 Mar 2020 07:00:00 -0000

61: Samy

Samy Kamkar is a hacker. And while hes done a lot of stuff, hes best known for creating the Samy Worm. Which spread its way through a popular social media site and had crazy results. Thanks to our guest Samy Kamkar for telling his story. Learn more about him by visiting https://samy.pl/. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes from LastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. Visit LastPass.com/Darknet to start your 14 day free trial. Sources Samys YouTube Channel Video: MySpace Worm Animated Story https://samy.pl/myspace/ https://www.vice.com/en_us/article/wnjwb4/the-myspace-worm-that-changed-the-internet-forever Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 03 Mar 2020 08:00:00 -0000

60: dawgyg

This is a story about the hacker named dawgyg and how he made over $100,000 in a single day, from hacking. Thanks to our guest dawgyg for telling his story. Sponsors This episode is sponsored by SentinelOne - to learn more about their endpoint security solutions and get a 30-day free trial, visit sentinelone.com/darknetdiaries This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2020 to get a $20 credit on your next project. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Sources Video: The Million-Dollar Hacker | Bloomberg Video: Hacker makes big money as a bug bounty hunter | Kim Komando Show https://hackerone.com/dawgyg dawgyg wins h1415 https://www.hackerone.com/blog/meet-six-hackers-making-seven-figures USA v. DeVoss court records Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 18 Feb 2020 08:00:00 -0000

59: The Courthouse

In this episode we hear from Gary and Justin. Two seasoned penetration testers who tell us a story about the time when they tried to break into a courthouse but it went all wrong. Sponsors This episode was sponsored by Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNET This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Sources https://arstechnica.com/information-technology/2019/11/how-a-turf-war-and-a-botched-contract-landed-2-pentesters-in-iowa-jail/ https://krebsonsecurity.com/2020/01/iowa-prosecutors-drop-charges-against-men-hired-to-test-their-security/ https://www.coalfire.com/News-and-Events/Press-Releases/Coalfire-CEO-Tom-McAndrew-statement https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/10/iowa-supreme-court-justice-cady-policies-courthouse-break-ins-senate-polk-dallas-burglary-ia-cyber/3930656002/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/09/19/iowa-state-senator-calls-oversight-committee-investigate-courthouse-break-ins-crime-polk-dallas/2374576001/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/28/iowa-courthouse-break-ins-men-security-firm-plead-not-guilty-trespassing/2488314001/ https://www.desmoinesregister.com/story/news/crime-and-courts/2019/10/30/courthouse-break-in-ceo-cyber-security-coalfire-charges-dropped/4097354002/ https://www.desmoinesregister.com/story/news/crime-and-courts/2020/01/30/courthouse-break-ins-charges-dropped-against-coalfire-employees/4611574002/ Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 04 Feb 2020 08:00:00 -0000

58: OxyMonster

OxyMonster sold drugs on the darknet at Dream Market. Something happened though, and it all came crashing down. Sponsors This episode was sponsored by Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNET This episode was sponsored by Molekule, a new air purifier that completely destroys air pollutants to help you breath easier. https://molekule.com to use check out code DARKNET10 to get a discount. See complete list of sources at https://darknetdiaries.com/episode/58. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 21 Jan 2020 08:00:00 -0000

57: MS08-067

Hear what goes on internally when Microsoft discovers a major vulnerability within Windows. Guest Thanks to John Lambert for sharing this story with us. Sponsors Support for this episode comes from ProCircular. Use the team at ProCircular to conduct security assessments, penetration testing, SIEM monitoring, help with patches, or do incident response. Visitwww.procircular.com/to learn more. This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Sources https://blogs.technet.microsoft.com/johnla/2015/09/26/the-inside-story-behind-ms08-067/ https://www.justice.gov/opa/pr/payment-processor-scareware-cybercrime-ring-sentenced-48-months-prison https://www.nytimes.com/2019/06/29/opinion/sunday/conficker-worm-ukraine.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601 https://www.wired.com/story/nsa-windows-10-vulnerability-disclosure/ Book: Worm Attribution Darknet Diaries is created by Jack Rhysider. Episode artwork by odibagas. Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 07 Jan 2020 08:00:00 -0000

56: Jordan

This is the story of Jordan Harbinger. A bit of a misfit teenager, who was always on the edge of trouble. In this story we hear what happened that lead to a visit from the FBI. Guest Thanks to Jordan Harbinger for sharing his story with us. You can find hist podcast by searching for The Jordan Harbinger Show wherever you listen to podcasts. Sponsors This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. More information at https://darknetdiaries.com/episode/56. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 25 Dec 2019 08:00:00 -0000

55: NoirNet

A holiday special episode. A private pen tester takes on a job that involves him with another eccentric pen tester, a mischievious smile, and his quest to gain access to the network. Guest Thanks to TinkerSec for telling us the story. Sources https://twitter.com/TinkerSec/status/1206410740099366918 Attribution Darknet Diaries is created by Jack Rhysider. Artwork this episode by habblesthecat. More information at DarknetDiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 24 Dec 2019 08:00:00 -0000

54: NotPetya

The story of NotPetya, seems to be the first time, we see what a cyber war looks like. In the summer of 2017 Ukraine suffered a serious and catastrophic cyber attack on their whole country. Hear how it went down, what got hit, and who was responsible. Guest Thanks to Andy Greenberg for his research and sharing this story. I urge you to get his book Sandworm because its a great story. Sponsors This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2019 to get a $20 credit on your next project. Support for this episode comes from Honeybook. HoneyBook is an online business management tool that organizes your client communications, bookings, contracts, and invoices all in one place. Visit honeybook.com/darknet to get 50% off your subscription. This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit cmd.com/dark to get a free demo. For more show notes visit darknetdiaries.com/episode/54. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 10 Dec 2019 08:00:00 -0000

53: Shadow Brokers

The NSA has some pretty advanced, super secret, hacking tools. What if these secret hacking tools were to end up in the wrong persons hands? Well, that happened. Guest Thanks to Jake Williams from Rendition Security for telling us the story. Sponsors This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 26 Nov 2019 08:00:00 -0000

52: Magecart

Credit card skimming is growing in popularity. Gas pumps all over are seeing skimmers attached to them. Its growing in popularity because its really effective. Hackers have noticed how effective it is and have began skimming credit cards from websites. Guest Thanks to Yonathan Klijnsma from RiskIQ. Sponsors This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2019 to get a $20 credit on your next project. Support for this episode comes from Honeybook. HoneyBook is an online business management tool that organizes your client communications, bookings, contracts, and invoices all in one place. Visit honeybook.com/darknet to get 50% off your subscription. This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. Visit darknetdiaries.com for full show notes and transcripts. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 12 Nov 2019 08:00:00 -0000

Ep 51: The Indo-Pak Conflict

Kashmir is a region right in between India, Pakistan, and China. For the last 70 years Pakistan and India have fought over this region of the world, both wanting to take control of it. Tensions sometimes heat up which can result in people being killed. When tensions get high in the real world, some people take to the internet and hack their rivals as a form of protest. In this episode well explore some of the hacking that goes on between India and Pakistan. Sponsors Support for this episode comes from Check Point. Check Point makes firewalls and security appliances you can use to combat the latest generation of cyber attacks. Upgrade your cybersecurity at CheckPoint.com Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. For more show notes and links visit https://darknetdiaries.com/episode/51. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 30 Oct 2019 20:44:00 -0000

Ep 50: Operation Glowing Symphony

Operation Inherent Resolve was started in 2016 which aimed to combat ISIS. It was a combined joint task force lead by the US military. Operation Inherent Resolve sent troops, ships, and air strikes to Iraq and Syria to fire weapons upon ISIS military. Its widely known that US military engaged with ISIS in this way. But what you may not have heard, is the story of how the US military also combated ISIS over the Internet. This is the story of how the US hacked ISIS. Sponsors This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2019 to get a $20 credit on your next project. Support for this episode comes from Honeybook. HoneyBook is an online business management tool that organizes your client communications, bookings, contracts, and invoices all in one place. Visit [honeybook.com/darknet] to get 50% off your subscription. Support for this episode comes from Check Point. Check Point makes firewalls and security appliances you can use to combat the latest generation of cyber attacks. Upgrade your cybersecurity at CheckPoint.com Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 15 Oct 2019 07:00:00 -0000

Ep 49: Elliot

In this episode we meet Elliot Alderson (@fs0c131y) from Twitter. Who is this strange masked person? What adventures have they gotten themselves into? Many stories will be told. The mask will be lifted. Sponsors This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Go to https://nordvpn.com/darknet to get 70% off a 3 year plan and use code darknet for an extra month for free! Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 01 Oct 2019 07:00:00 -0000

Ep 48: Operation Socialist

This is the story about when a nation state hacks into a company within another nation. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25 to get 25% off. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code DARKNET to get 75% off when signing up for 3 years. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 17 Sep 2019 07:00:00 -0000

Ep 47: Project Raven

This is the story about an ex-NSA agent who went to work for a secret hacking group in the UAE. Sponsors This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldnt be. Check them out at https://canary.tools. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 03 Sep 2019 07:00:00 -0000

Ep 46: XBox Underground (Part 2)

This is the story about the XBox hacking scene and how a group of guys pushed their luck a little too far. This is part 2 of a 2 part series. Sponsors This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. Learn more about stocks and investing from MyWallSt. Visit mywallst.com/darknet to learn more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 20 Aug 2019 07:00:00 -0000

Ep 45: XBox Underground (Part 1)

This is the story about the XBox hacking scene and how a group of guys pushed the hacking a little too far. This is part 1 of a 2 part series. Sponsors This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "DARKNET". This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn't be. Check them out at https://canary.tools. This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. Use promot code "DARKNET25". Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 06 Aug 2019 07:00:00 -0000

Ep 44: Zain

Ransomware is ugly. It infects your machine and locks all the the data and to unlock you have to pay a fee. In this episode we dive into some of the people behind it. Sponsors This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. This episode was sponsored by MyWallSt. Their app can help you find good looking stocks to invest in. Visit MyWallSt.com/dark to start your free 30 day trial. For more show notes and links check out darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 23 Jul 2019 07:00:00 -0000

Ep 43: PPP

This is the story about how I acquired a black badge from DEFCON (pictured above). We also hear the story about who PPP is, and their CTF journey at DEFCON. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code DARKNET. This episode was sponsored by Detectify. Try their web vulnerability scanner free. Go to https://detectify.com/?utm_source=podcast&utm_medium=referral&utm_campaign=DARKNET Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 09 Jul 2019 07:00:00 -0000

Ep 42: Mini-Stories: Vol 2

Three stories in one episode. Listen in on one of Dave Kennedy's penetration tests he conducted where he got caught trying to gain entry into a datacenter. Listen to a network security engineer talk about the unexpected visitor found in his network and what he did about it. And listen to Dan Tentler talk about a wild and crazy engagement he did for a client. Guests A very special thanks to Dave Kennedy. Learn more about his company at trustedsec.com. Thank you Clay for sharing your story. Check out the WOPR Summit. Viss also brought an amazing story to share. Thank you too. Learn more about him at Phobos.io. I first heard Clay's story on the Getting Into Infosec Podcast. Thanks Ayman for finding him and bring that story to my attention. Sponsors This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn't be. Check them out at https://canary.tools. For more show notes and links check out darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 25 Jun 2019 07:00:00 -0000

Ep 41: Just Visiting

Join JekHyde and Carl on a physical penetration test, a social engineering engagagement, a red team assessment. Their mission is to get into a building they shouldn't be allowed, then plant a rogue computer they can use to hack into the network from a safe place far away. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "DARKNET". This episode was sponsored by Hostinger. Go to https://hostinger.com/darknet and use code DARKNET to get 15% off a hosting plan and check out this weeks free feature. For more information visit darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 11 Jun 2019 07:00:00 -0000

Ep 40: No Parking

Take a ride with a red teamer. A physical penetration tester as he tries to make his away into unauthorized areas, steal sensitive documents, hack into the computers, and escape with company property. This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. This episode was sponsored by Hostinger. Go to https://hostinger.com/darknet and use code DARKNET to get 15% off a hosting plan and check out this weeks free feature. For complete show notes and links go to darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 28 May 2019 07:00:00 -0000

Ep 39: 3 Alarm Lamp Scooter

A talk at Defcon challenged people to find a way to destroy a hard drive. A young man was inspired by this challenge and was determined to find a way to destroy a hard drive. But this is not a typical young man, with a typical plan. For pictures of Daniel and his projects visit darknetdiaries.com/episode/39. This episode was sponsored by Nord VPN. Visit nordvpn.com/darknet and use promo code "DARKNET". This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 14 May 2019 07:00:00 -0000

Ep 38: Dark Caracal

A journalist wrote articles critical of the Kazakhstan government. The government did not like this and attempted to silence her. But they may have done more than just silence her. Perhaps they tried to spy on her too. The EFF investigated this case and went down a very interesting rabbit hole. Thanks to Cooper Q from EFF's new Threat Lab. Also big thanks to Eva from EFF, Andrew Blaich and Michael Flossman from Lookout. For another story about the EFF listen to episode 12 "Crypto Wars". This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 30 Apr 2019 07:00:00 -0000

Ep 37: LVS

The Venetian casino in Las Vegas Nevada was the largest hotel in the world until 2015. The parent company is Las Vegas Sands (LVS) which owns 10 properties around the world. And the CEO and founder of LVS is Sheldon Adelson. One day the CEO said something which sparked quite a firestorm. This episode was sponsored by Nucleus. Visit nucleussec.com to start your free trial. This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. For more show notes visit DarknetDiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 16 Apr 2019 07:00:00 -0000

Ep 36: Jeremy from Marketing

A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn't go as planned. Thanks to @TinkerSec for telling us this story. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "DARKNET". This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. For more show notes visit https://darknetdiaries.com/episode/36. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 02 Apr 2019 07:00:00 -0000

Ep 35: Carbanak

ATM hacking. Hollywood has been fantasizing about this since the 1980's. But is this a thing now? A security researcher named Barnaby Jack investigated ATMs and found them to be vulnerable. Once he published his data the ATM hacking scene rose in popularity and is is a very serious business today. One of the first big ATM robberies was done with the malware called Carbanak. Jornt v.d. Wiel joins us to discuss what this malware is. This episode was sponsored by Nucleus. Visit nucleussec.com to start your free trial. This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. For more show notes and links visit darknetdiaries.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 19 Mar 2019 07:00:00 -0000

Ep 34: For Your Eyes Only

Nude selfies. This episode is all about nude selfies. What happens if you take one and give it to a vengeful boyfriend. What happens when a hacker knows you have them and wants to steal them from your phone. What happens is not good. This episode was sponsored by Nord VPN. Visit nordvpn.com/darknet and use promo code "DARKNET". This episode was sponsored by Molekule, a new air purifier that completely destroys air pollutants to help you breath easier. Visit molekule.com to use check out code "DARKNET" to get a discount. For references, sources, and links check out the show notes at darknetdiaries.com/episode/34/. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 05 Mar 2019 08:00:00 -0000

Ep 33: RockYou

In 2009 a hacker broke into a website with millions of users and downloaded the entire user database. What that hacker did with the data has changed the way we view account security even today. This episode was sponsored by CuriosityStream. A streaming service showing non-fiction and documtnaries. Visit https://curiositystream.com/darknet and use promo code "darknet". This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit https://cmd.com/dark to get a free demo. To see more show notes visit darknetdiaries.com/episode/33. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 19 Feb 2019 08:00:00 -0000

Ep 32: The Carder

A carding kingpin was tracked by the Secret Service. How did he steal the cards? Where was he stealing them from? How much was he making doing this? And where did he go wrong? Find out all this and more as we listen to how the Secret Service investigated the case. This episode was sponsored by Eero. A solution to blanket your home in WiFi. Visit https://eero.com/darknet and use promo code "darknet". This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code "darknet". Cover image this episode created by r lr. Go to Darknet Diaries for additional show notes. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 05 Feb 2019 08:21:00 -0000

Ep 31: Hacker Giraffe

In late November 2018, a hacker found over 50,000 printers were exposed to the Internet in ways they shouldn't have been. He wanted to raise awareness of this problem, and got himself into a whole heap of trouble. For show notes and links visit DarknetDiaries.com. This episode was sponsored by CuriosityStream. A documentary streaming service. Visit curiositystream.com/darknet and use promo code "darknet". This episode is also sponsored by Cover. Visit cover.com/darknet to get insured today. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 22 Jan 2019 08:00:00 -0000

Ep 30: Shamoon

In 2012, Saudi Aramco was hit with the most destructive virus ever. Thousands and thousands of computers were destroyed. Herculean efforts were made to restore them to operational status again. But who would do such an attack? Very special thanks goes to Chris Kubecka for sharing her story. She is author of the book Down the Rabbit Hole An OSINT Journey, and Hack The World With OSINT (due out soon). This episode was sponsored by Eero. A solution to blanket your home in WiFi. Visit https://eero.com/darknet and use promo code "darknet". This episode is also sponsored by Cover. Visit cover.com/darknet to get insured today. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 08 Jan 2019 08:00:00 -0000

Ep 29: Stuxnet

Stuxnet was the most sophisticated virus ever discovered. It's target was a nuclear enrichment facility in Iran. This virus was successfully able to destroy numerous centrifuges. Hear who did it and why. Special thanks to Kim Zetter for joining us this episode. You can find more about Stuxnet from her book Count Down to Zero Day. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sat, 15 Dec 2018 08:00:00 -0000

Ep 28: Unit 8200

Israel has their own version of the NSA called Unit 8200. I was curious what this unit does and tried to take a peek inside. Hear what I found by listening along to this episode. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code darknet. This episode is also sponsored by Mack Weldon. Visit mackweldon.com to shop for premium men's casual wear and get a 20% off discount with your first order by using promo code diaries. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sat, 01 Dec 2018 08:00:00 -0000

Ep 27: Chartbreakers

Something is wrong with the Apple Podcasts top charts. As a podcaster, this personally annoyed and intrigued me. I investigate how this is happening and who is behind it. For show notes visit https://darknetdiaries.com/episode/27. This episode was sponsored by Nord VPN. Visit https://nordvpn.com/darknet and use promo code 'darknet'. This episode is sponsored by LPSS Digital Marketing, your source for honest, transparent marketing services for businesses of all sizes.Visit LPSS at https://www.lpss.co/ for details. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Thu, 15 Nov 2018 08:00:00 -0000

Ep 26: IRS

The IRS processes $3 trillion dollars a year. A lot of criminals want to get a piece of that. In 2015 the IRS had a large data breach. Hundreds of thousands of tax records were leaked. What happened and who was behind this? Listen to this episode to find out. For show notes visit https://darknetdiaries.com Learn more about your ad choices. Visit podcastchoices.com/adchoices

Thu, 01 Nov 2018 07:00:00 -0000

Ep 25: Alberto

Alberto Hill was sent to prison for a long time for hacking. For a crime he said he did not commit. Listen to his story and you be the judge on whether he's guilty or not. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Mon, 15 Oct 2018 08:00:00 -0000

Ep 24: Operation Bayonet

Darknet markets are online black markets. They are highly illegal, and dangerous to run. Hear exactly how dangerous it was for Alphabay and Hansa dark markets. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Mon, 01 Oct 2018 08:00:00 -0000

Ep 23: Vladimir Levin

When banks started coming online, they almost immediately started being targeted by hackers. Vladimir Levin was one of the first ever known hacker to try to rob a bank. He succeeded a little, and failed a lot. Vladimir would go down in the history books as one of the most notorious hackers of all time because of his attempted online bank robberies. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sat, 15 Sep 2018 08:00:00 -0000

Ep 22: Mini-Stories: Vol 1

Three stories in one! In this episode we hear about a penetration test from Mubix that he'll never forget, a incident response from Robert M. Lee which completely stunned him, and a social engineering mission from Snow. Podcast recommendation: Moonshot. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sat, 01 Sep 2018 08:00:00 -0000

Ep 21: Black Duck Eggs

Ira Winkler's specialty is assembling elite teams of special forces and intelligence officers to go after companies. Ira shares a story about a time he and his team broke into a global 5 company. A company so large that theft of intellictual property could result in billions of dollars of damage. Ira's consulting company: Secure Mentum. His books: Spies Among Us, Advanced Persistent Security, Through the Eyes of the Enemy. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 15 Aug 2018 08:00:00 -0000

Ep 20: mobman

Chances are, if you were downloading shady programs in the early 2000's, you were infected with malware he wrote called SubSeven. Hacking changed mobman's life. Hear how it happened by listening to this episode. Image for this episode created by dr4w1ngluc4s. Check out his Instagram to see some amazing artwork! Check out the podcasts Van Sounds and True Crime Island Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 01 Aug 2018 08:00:00 -0000

Ep 19: Operation Aurora

In 2009, around Christmas time, something terrible was lurking in the network at Google. Google is the most popular website on the Internet. Its so popular many people just think Google is the Internet. Google hires many of the most talented minds and has been online since the 90s. Hacking into Google is no easy task. Theres a team of security engineers who test and check all the configurations on the site before they go live. And Google has teams of security analysts and technicians watching the network 24/7 for attacks, intrusions, and suspicious activity. Security plays a very vital role at Google, and everything has to have the best protections. But this attack slipped past all that. Hackers had found their way into the network. They compromised numerous systems, burrowed their way into Googles servers, and were trying to get to data they shouldnt be allowed to have. Google detected this activity. And realized pretty quickly they were dealing with an attack more sophisticated than anything theyve ever seen. Podcast recommendation: Twenty Thousand Hertz Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sun, 01 Jul 2018 08:00:00 -0000

Ep 18: Jackpot

A man addicted to gambling finds a bug in a video poker machine that lets him win excessive amounts of money. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sun, 03 Jun 2018 08:00:00 -0000

Ep 17: Finn

A 14-year-old kid who finds himself bored in class decides to hack someone's twitter account and ends up with more than he bargained for. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Tue, 01 May 2018 08:00:00 -0000

Ep 16: Eijah

In 2007, a hacker named Eijah got fed up with the way DRM prevented him from being able to play the content he paid for. He decided to fight back against the AACS and find a way to circumvent the DRM. By the time Eijah was done, his life wasn't the same. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sun, 01 Apr 2018 08:00:00 -0000

Ep 15: Ill Tills

A major retailer was hacked. Their point of sales machines were riddled with malware. Listen to hear how digital forensics and incident responders handled the situation. What malware was found? Where was it found? How was it stopped? And most importantly, how much data was leaked? Learn more about your ad choices. Visit podcastchoices.com/adchoices

Thu, 01 Mar 2018 08:00:00 -0000

Ep 14: #OpJustina

In 2013 a hospital was accused of conducting a medical kidnapping against a young girl name Justina. This enraged many people across the country, including members of anonymous. A DDOS attack was waged against the hospital. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Thu, 15 Feb 2018 08:00:00 -0000

Ep 13: Carna Botnet

In 2012 the Carna Bot was built and unleashed on the world. But it didn't have any intentions on doing anything malicious. It was built just to help us all understand the Internet better. This botnet used the oldest security vulnerable in the book. And the data that came out of it was amazing. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Thu, 01 Feb 2018 08:00:00 -0000

Ep 12: Crypto Wars

In the 1990's the Internet started to take shape. But the US goverment had strict laws regulating what type of cryptography is allowed to be used online. A few brave people stood up to the government in the name of civil rights and won the right to use strong encryption. Listen to their battle and what they had to do through to accomplish this. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Mon, 15 Jan 2018 08:00:00 -0000

Ep 11: Strictly Confidential

What happens when an innovative tech company, that's trying to develop the next big thing, detects a hacker in their network? We hear the story from a digital forensics investigator which has a surprising result. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Mon, 01 Jan 2018 08:00:00 -0000

Ep 10: Misadventures of a Nation State Actor

In today's world of intelligence gathering, governments hack other governments. This episode takes you on a ride with a nation state actor to see exactly how it's done. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Fri, 15 Dec 2017 08:00:00 -0000

Ep 9: The Rise and Fall of Mt. Gox

Mt. Gox was the largest bitcoin exchange in the world. It suddenly went offline. What happened? Learn more about your ad choices. Visit podcastchoices.com/adchoices

Fri, 01 Dec 2017 08:01:00 -0000

Ep 8: Manfred (Part 2)

Manfred found a way to turn his passion for video games and reverse engineering into a full time business. He exploited video games and sold virtual goods and currency for real money. This was his full time job. Listen to this episode to hear exactly how he did this. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Fri, 01 Dec 2017 08:00:00 -0000

Ep 7: Manfred (Part 1)

Manfred has had the most epic story of all online video game stories. For the last 20 years, he's been hacking online games. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 15 Nov 2017 08:00:00 -0000

Ep 6: The Beirut Bank Job

Jayson E. Street tells us a story about the time he broke into a bank in Beirut Lebanon. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Wed, 01 Nov 2017 09:00:00 -0000

Ep 5: #ASUSGATE

Security researcher Kyle Lovett bought a new Asus router in 2013. He found it was riddled with security vulnerabilties. He set out on a mission to resolve these vulnerabilities not only for his own router, but for thousands of others who were also vulnerable. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sun, 15 Oct 2017 12:00:00 -0000

Ep 4: Panic! at the TalkTalk Board Room

Mobile provider TalkTalk suffered a major breach in 2015. The CEO tried her best to keep angry customers calm and carry on. The UK government and Metropolitan Police investigate the breach. We get a rare glimpse of how the CEO handles the crisis. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Sun, 01 Oct 2017 12:00:00 -0000

Ep 3: DigiNotar, You are the Weakest Link, Good Bye!

The 2011 DigiNotar breach changed the way browsers do security. In this episode, we learn what role a CA plays, how browsers work with CAs, and what happens when a CA is breached. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Fri, 15 Sep 2017 12:00:00 -0000

Ep 2: The Peculiar Case of the VTech Hacker

VTech makes toy tablets, laptops, and watches for kids. In 2015, they were breached. The hacker downloaded gigs of children's data. Discover what the hacker did once he took the data. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Fri, 01 Sep 2017 12:00:00 -0000

Ep 1: The Phreaky World of PBX Hacking

Farhan Arshad and Noor Aziz Uddin were captured 2 years after being placed on the FBI's Cyber's Most Wanted list for PBX hacking. In this episode, we explain PBX hacking and how hackers are racking up billions of dollars in phone bills. We also learn how the two men were captured. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Digital Forensic Survival Podcast

Tue, 19 Sep 2023 04:25:00 +0000

DFSP # 396 - URL Leak

This week I will talk about investigating data spill cases involving exposed URLs. This is a typical privacy investigation many incident response teams handle and I thought it would be useful to go over some standard guidelines for handling such cases. To be effective with these investigations you need to know how to determine liability and responsibility, a little Google foo, and a number of odds and ends concerning mitigation, containment and remediation strategies....

Tue, 12 Sep 2023 04:02:00 +0000

DFSP # 395 - Lateral Movement and Admin Logons

This week is on lateral movement detection techniques. Inspecting Domain Admin account logons is a key component to lateral movement triage. Admin accounts are sought after by attackers for their elevated privileges. Evidence is often left behind both on the targeted system and on the domain controller. Both these factors provide protection opportunity through Windows event log analysis. Ill break down the method....

Tue, 05 Sep 2023 04:22:00 +0000

DFSP # 394 - Functional Documentation

This week I want to talk about the value of having functional documentation for your organization, or, at least for your team. Functional documentation means you have thoughtful and up-to-date incident run books, and play books that provide utility and usefulness for a responder. Without such documentation, you are always in danger of some dangerous pitfalls, some of which I'll discuss. This episode I cover what functional documentation is, it's investigative value for an organization, how to get started...

Tue, 29 Aug 2023 04:15:00 +0000

DFSP # 393 - Linux Subsystems for Windows

The linux subsystem for windows, create both opportunity and challenges for forensic analysts. It makes Windows an excellent platform for multi platform forensic analysis tasks, allowing it to take it vantage of the many many Linux tools available. The challenges are foreseeable, you have Linux artifacts, now commingled on a Windows platform, which makes forensic analysis that much more difficult when examining such a system as evidence. This week I'm going to break down the linux subsystems for forensic investigators

Tue, 22 Aug 2023 04:09:00 +0000

DFSP # 392 - Simulation Training

This week I'm going to talk about tabletop exercises as part of a security training program. I feel that there is too much focus on technical skill training and not enough focus on actual incident management training in the industry. There are plenty of highly skilled professionals that can do DFIR work However, a roadblock, many organizations and practitioners encounter is in the struggle of how to actually implement their knowledge and skills for a security incident response investigation within a specific organization. They may know what to do, but there are many challenges in identifying actually how to do it when the time comes. I will share my thoughts on how to improve your security program through simulation training

Tue, 15 Aug 2023 04:07:00 +0000

DFSP # 391 - Investigation Lifecycle

This week I'm talking about The NIST (National Institute of Standards and Technology) investigation lifecycle. The NIST investigation lifecycle encompasses a series of well-defined steps, starting from problem identification and scoping, through data collection and analysis, to the formulation of conclusions and recommendations. This comprehensive framework ensures that investigations conducted by NIST are rigorous, unbiased, and provide reliable results that can be used to inform decision-making, improve practices, and promote innovation across a wide range of disciplines. More about it...

Tue, 08 Aug 2023 04:05:00 +0000

DFSP # 390 - SSH Triage

This week I'm talking about linux forensic triage strategy. In particular, I'm covering SSH. SSH traffic comes up in many different types of investigations. For that reason, it is a common and standard artifact every examiner should be familiar with. I will provide you the artifact background and the triage strategy..

Tue, 01 Aug 2023 04:03:00 +0000

DFSP # 389 - $Usnrl

The USN Journal, also known as the Update Sequence Number Journal, is a feature of the Windows operating system that serves as a record of changes made to files and directories on a disk volume. It provides valuable information and insights into file system activities, which can aid investigators in reconstructing events, understanding system behavior, and uncovering evidence. This week I break down the artifact from a DFIR point of view provide triage strategy.....

Tue, 25 Jul 2023 04:19:00 +0000

DFSP # 388 - Web 3.0 Talk with SUMURI

This week Jason Roslewicz from SUMURI returns for some web 3.0 and virtual reality talk.

Tue, 18 Jul 2023 04:18:00 +0000

DFSP # 387 - Network Share Modifications

This week I talk about adding, modifying, and removing network shares through the lens of detecting lateral movement.

Tue, 11 Jul 2023 04:17:00 +0000

DFSP # 386- The Three Task Hosts

This week I break down the three Windows task hosts from a DFIR point of view.

Tue, 04 Jul 2023 04:12:00 +0000

DFSP # 385 - Network Share Access

This week I talk about network share access events and lateral movement detection.

Tue, 27 Jun 2023 04:15:00 +0000

DFSP # 384 - Cloud Talk with SUMURI

This week Jason Roslewicz from SUMURI returns for some cloud talk.

Tue, 20 Jun 2023 04:13:00 +0000

DFSP # 383 - WMI Exploitation

This week I talk about the exploitation of the Windows Management Instrumentation application.

Tue, 13 Jun 2023 04:08:00 +0000

DFSP # 382 - Protocol Buffers

This week Chris Currier and I talk about mobile forensics and protocol buffers.

Tue, 06 Jun 2023 04:07:00 +0000

DFSP # 381 - Spoliation

This week I cover Windows events commonly associated with data spoliation and insider threats.

Tue, 30 May 2023 04:26:00 +0000

DFSP # 380 - Ransomware Talk with SUMURI

This week Jason Roslewicz from SUMURI returns for some ransomware talk.

Tue, 23 May 2023 04:24:00 +0000

DFSP # 379 - New Process Creation

This week I Cover my all-time favorite Windows event, security event 4688: new process creation. If you do windows, incident, response, forensics, this is a must-know know artifact.

Tue, 16 May 2023 04:22:00 +0000

DFSP # 378 - SVCHOST Revisited

This week I talk about SVCHOST; how it fits into the Windows operating system, and how to think about it from a DFIR point of view.

Tue, 09 May 2023 04:20:00 +0000

DFSP # 377 - Interview with Yugal Pathak

This week I talk with Interview with Yugal Pathak about organizational forensic readiness.

Tue, 02 May 2023 04:18:00 +0000

DFSP # 376 - Zero-Day and DFIR

This week I talk about the role and typical responsibilities DFIR professionals may be called up to take to assist with a zero-day response.

Tue, 25 Apr 2023 04:55:00 +0000

DFSP # 375 - More AI with SUMURI

This week Jason Roslewicz from SUMURI returns to talk more about AI issues.

Tue, 18 Apr 2023 04:54:00 +0000

DFSP # 374 - SRUM

This week I break down the Windows System Resource Usage Monitor from a DFIR point of view.

Tue, 11 Apr 2023 04:52:00 +0000

DFSP # 373 - Linux File Poisoning

This week I cover some malware detection methods for Linux.

Tue, 04 Apr 2023 04:48:00 +0000

DFSP # 372 - Windows Processes

This week I talk about different ways to approach windows process triage. There are so many processes, especially in enterprise environments, having a standard approach that is fast and effective is key for security incident response.

Tue, 28 Mar 2023 05:26:00 +0000

DFSP # 371 - AI with SUMURI

This week Jason Roslewicz from SUMURI shares his insights about the impact of artificial intelligence and provides advice for navigating through changing times.

Tue, 21 Mar 2023 05:06:00 +0000

DFSP # 370 - UserAssist

This week is a Windows artifact breakdown on a common source of evidence.

Tue, 14 Mar 2023 05:05:00 +0000

DFSP # 369 - Linux Malware

This week I cover malware on Linux file systems for new examiners.

Tue, 07 Mar 2023 05:01:00 +0000

DFSP # 368 - SVCHOST

This week is a guide to understanding SVCHOST from a DFIR point of view. It is one of the most abused Windows processes, and having a firm working knowledge for investigations is essential.

Tue, 28 Feb 2023 05:35:00 +0000

DFSP # 367 - Shimcache Amcache

This week is a Windows artifact breakdown on a common source of evidence.

Tue, 21 Feb 2023 05:33:00 +0000

DFSP # 366 - Linux File System

This week I cover the Linux file system for new examiners.

Tue, 14 Feb 2023 05:31:00 +0000

DFSP # 365 - CVSS Triage

This week I breakdown the elements within a standard CVSS report for fast triage application.

Tue, 07 Feb 2023 05:26:00 +0000

DFSP # 364 - Network Triage

This week I talk about how to triage Windows events for network connection activity.

Tue, 31 Jan 2023 05:16:00 +0000

DFSP # 363 - RDP Forensics

This week I talk about how to approach investigations involving remote desktop connections.

Tue, 24 Jan 2023 05:08:00 +0000

DFSP # 362 - Windows Core Processes

This week I talk about Windows core processes from a DFIR point of view.

Tue, 17 Jan 2023 05:00:00 +0000

DFSP # 361 - Powershell Breakdown

This week I talk about Powershell attack IOCs.

Tue, 10 Jan 2023 05:54:00 +0000

DFSP # 360 - Permitted Events

This week I talk about how to triage Windows events for network connection activity.

Tue, 03 Jan 2023 05:42:00 +0000

DFSP # 359 - Career Checkpoint

This week is my annual career assessment review - or, my guidelines of how to evaluate your past performance and your future goals.

Tue, 27 Dec 2022 05:05:00 +0000

DFSP # 358 - Listening Ports

This week I talk about how to triage Windows events for network listening activity.

Tue, 20 Dec 2022 05:03:00 +0000

DFSP # 357 - EVTX Analysis

This week I talk about an approach for reviewing Windows event logs.

Tue, 13 Dec 2022 05:02:00 +0000

DFSP # 356 - CMD Triage

This week I talk about an approach for reviewing CMD syntax for findings.

Tue, 06 Dec 2022 05:58:00 +0000

DFSP # 355 - Network Triage

This week I talk about essential network basics necessary for triage.

Tue, 29 Nov 2022 04:05:00 +0000

DFSP # 354 - Fast Triage

This week I talk about Webshell forensics.

Tue, 22 Nov 2022 04:03:00 +0000

DFSP # 353 - Webshells

This week I talk about Webshell forensics.

Tue, 15 Nov 2022 04:02:00 +0000

DFSP # 352 - Startup Locations

This week I talk about Windows startup locations.

Tue, 08 Nov 2022 04:00:00 +0000

DFSP # 351 - Prefetch

This week I talk about Windows Prefetch forensics.

Tue, 01 Nov 2022 04:57:00 +0000

DFSP # 350 - Linux Fileless Attacks

This week I talk about fileless attacks Linux systems.

Tue, 25 Oct 2022 04:06:39 +0000

DFSP # 349 - Registry Modification Events

This week I talk about how to find evidence of malicious autoruns in the windows registry using Windows event codes.

Tue, 18 Oct 2022 04:04:40 +0000

DFSP # 348 - Root Cause

This week I talk about strategies to determine root cause early during an investigation.

Tue, 11 Oct 2022 04:02:54 +0000

DFSP # 347 - Weblogs

This week is a breakdown of HTTP log forensic triage.

Tue, 04 Oct 2022 04:58:22 +0000

DFSP # 346 - Masquerading

This week I talk about finding evidence of Kernel file masquerading on Linux systems.

Tue, 27 Sep 2022 04:22:08 +0000

DFSP # 345 - AutoRuns

This week I talk about how to find evidence of malicious autoruns in the windows registry.

Tue, 20 Sep 2022 04:19:46 +0000

DFSP # 344 - Mac Spotlight DB

This week I talk about the forensic value of the Apple Spotlight DB.

Tue, 13 Sep 2022 04:17:39 +0000

DFSP # 343 - Registry aka The Dungeon Maze

When you talk autoruns you must talk about the Windows registry. This artifact is very dense and it may be difficult to zero in on the elements that are important for compromise assessment. Given that, I am going to begin the series with a breakdown of the Windows Registry from a DFIR point of view. This is crucial in understanding ...

Tue, 06 Sep 2022 04:42:45 +0000

DFSP # 342 - FLUX It

This week I talk about the attack methodology known as Fast Flux.

Tue, 30 Aug 2022 04:52:57 +0000

DFSP # 341 - Those other taskers

This weeks focus is on other scheduled task events useful for DFIR triage.

Tue, 23 Aug 2022 04:51:06 +0000

DFSP # 340 - PSEXEC, ready or not

This week I talk about a popular Windows utility attackers often exploit.

Tue, 16 Aug 2022 04:49:28 +0000

DFSP # 339 - That SUDO that you do

This week I breakdown the SUDOERS file for forensic triage.

Tue, 09 Aug 2022 04:47:13 +0000

DFSP # 338 - Taskers

This weeks focus is on new scheduled tasks, which are a common way of establishing longevity on system. I will have my breakdown of the artifact and how to interpret it for fast analysis coming up.

Tue, 02 Aug 2022 04:03:58 +0000

DFSP # 337 - ResponderCon

The must-attend event for Cyber First Responders who must detect and deal with ransomware, zero-day events, and more!

Tue, 26 Jul 2022 04:26:35 +0000

DFSP # 336 - BAM!

This week I talk about the Windows Background Activity Monitor, an artifact that may be used to find evidence of execution.

Tue, 19 Jul 2022 04:24:13 +0000

DFSP # 335 - CRON

This week Ibreakdown CRON for the uninitiated.

Tue, 12 Jul 2022 04:21:12 +0000

DFSP # 334 - Service Changes

This week is about persistence artifacts. Namely the records for when services fail to start, are either started or stopped, have crashed have had their start type changed. Since services are one of the common ways attackers achieve persistence, understanding how these events may be used for triage purposes is very important...

Tue, 05 Jul 2022 04:18:25 +0000

DFSP # 333 - Mac Autoruns

This week I talk Mac autoruns.

Tue, 28 Jun 2022 10:49:52 +0000

DFSP # 332 - Bash Histories

This week is about bash history forensics.

Tue, 21 Jun 2022 10:47:19 +0000

DFSP # 331 - New Services

In the past Ive talked about fast triage from a high-level, addressing the different artifacts and some interesting elements in each of those artifacts. I decided to start going a bit deeper and focus on one or a few artifacts at a time and really talk about the important details they may record for your investigation and how to interpret that information quickly. Im going to start with the New Service Installation details recorded in Windows event logs. These have a number of advantages for your triage methodology and I will have all the details coming up.

Tue, 14 Jun 2022 10:45:06 +0000

DFSP # 330 - Certifications

Every so often I like to revisit certifications. Everyone seems to have their own opinion as to the value of one certification over another, whether or not certifications should carry as much weight as they do, or preference of certain certifications over others, and so on. In this episode Im sharing my thoughts on the topic as well as how I would approach certifications if I were new in the field but also retained everything I have learned over the years about the impact certifications have or can have on your career.

Tue, 07 Jun 2022 04:41:39 +0000

DFSP # 329 - Shellbags

This week is a back to basics episode where I cover Windows shell bags. This is a core Windows artifact that gets included in pretty much every file use and knowledge investigation. Any investigation where youre looking to tie a specific account to directory access activity. Like most Windows artifacts you must know how user interaction affects the artifact in order to properly interpreted as evidence and you must also be aware of any caveats or pitfalls that may affect your evidence. Spoiler alert, there is a huge one associated with Windows shell bags that Ill cover at the end of the episode-its nothing new but if youre unfamiliar with it you definitely need to know about it.

Tue, 31 May 2022 04:47:42 +0000

DFSP # 328 - Linux Executables

If you are accustomed to Windows forensics you may find you have to shift your way of thinking about executables when you are dealing with a Linux system. Unlike Windows, in Linux there is no fixed file extension to designate an executable. Everything on a Linux system of the file and any file can be executable, so where do you even begin? In this episode I am going to address how to approach Linux executables to help those newer to Linux exams deal with the nuances.

Tue, 24 May 2022 04:46:13 +0000

DFSP # 327 - Persistence Part 1

One of the first things attackers attempt to accomplish on a compromised system is to establish persistence. Unless you are dealing with a denial of service attack, most other attacker goals are centered on maintaining the degree of control over a compromise system in order to use system resources for things like cryptomining or to maintain a foothold to further an attack strategy. This week I am going to talk about a fast triage methodology for persistence, which is one of the first triage strategies I normally recommend for a compromise assessment. Because I am focusing on a fast triage methodology I am going to focus on the artifacts most examiners will have readily at hand and how to make the most of them during the initial pass.

Tue, 17 May 2022 04:44:52 +0000

DFSP # 326 - MFT

This week Im covering the Master file table as a core forensic artifact for Windows investigations. This artifact has value is both a primary and secondary artifact and offers opportunity to decode evidence in a number of different situations. In this episode Im covering the forensic basics, some use cases and tools you can use to bring the value of the artifact to its full potential.

Tue, 10 May 2022 04:43:12 +0000

DFSP # 325 - Malware Triage Part 2

This week of talking malware fast triage. These are the techniques that are short of malware reverse engineering and allow analysts to identify malware and also get a sense of what it is does. This is a necessary skill set for all DFIR professionals as you typically deal with malware and you need a way to do some basic forensics on it for context to advance your investigation. This is going to be a two-part episode where I first go over the foundational information you need to have four common malware triage tasks and the second part will go over specific methods, tools, and indicators for different types of artifacts.

Tue, 03 May 2022 04:40:55 +0000

DFSP # 324 - Malware Triage Part 1

Tue, 26 Apr 2022 04:26:24 +0000

DFSP # 323 - SRUM

This week Im talking about SRUM, a Windows artifact that you dont hear that much about. It has a lot of great potential as evidence and it is something worth the time to check it out and see how it fits into your daily DFIR work.

Tue, 19 Apr 2022 04:24:42 +0000

DFSP # 322 - Live evidence integrity

This week is some thoughts on live evidence integrity. Years ago evidence validation was fairly standard with few exceptions. Nowadays its more of a challenge when considering live evidence collections either on scene, remotely or even in lab environments where physical level access to your evidence is becoming more the exception. It is something that needs to be part of your collection process as it may impact the reliability of your results.

Tue, 12 Apr 2022 04:22:43 +0000

DFSP # 321 - URL Leaks

Tue, 05 Apr 2022 04:02:00 +0000

DFSP # 320 - Lateral MM and Event Logs

This week Im going to cover detecting lateral movement using Windows event logs. This is not the Windows fast triage method I covered in previous episodes. This is more in-depth and focuses on specific attack tools and strategies seen in actual cases. Going into this level of detail is beyond the scope of a typical episode, however there is some research that has very granular details on the tools and methods you can use. Ill have that coming up right after this.

Tue, 29 Mar 2022 07:33:43 +0000

DFSP # 319 - Shellbags

This week is a back to basics episode where I am going to cover Windows shellbags. This is a core Windows artifact that gets included in pretty much most every file use and knowledge investigation or any investigation where youre looking to tie a specific account to directory access activity. Like most Windows artifacts you must know how user interaction affects the artifact in order to properly interpreted it as evidence. You must also be aware of any caveats or pitfalls that may affect your evidence. Spoiler alert, there is a huge one associated with Windows shellbags that Ill cover at the end of the episode-its nothing new but if youre unfamiliar with it you definitely need to know about it.

Tue, 22 Mar 2022 07:32:43 +0000

DFSP # 318 - Rust and Chainsaw

This week I am talking about a program language called rust and the advantages it has for DFIR analyst. Im also covering Chainsaw, a toolset that you can use for Windows event log analysis.

Tue, 15 Mar 2022 07:30:44 +0000

DFSP # 317 - UserAssist

This week its back to basics with a Windows artifact for tracking program execution. Im covering the user assist key which is a mainstay for both live triage and dead box forensics. This artifact is useful for profiling system usage, identifying malware, and general file use and knowledge applications. There are some caveats you need to be aware of and in this episode Im covering five different experiments to document the effects that different types of user activity had on the artifact. If you want to better understand this artifact and how to work with it stay tuned.

Tue, 08 Mar 2022 13:00:32 +0000

DFSP # 316 - Cloud Traffic Security

This week I am covering how different common protocols are secured in the cloud. Part of your effectiveness as a security analyst is your knowledge and understanding of how environments work in a typical scenario. I know that all environments are different but there is some foundational knowledge that you can learn that will be useful no matter what environment youre working. My goal with this episode is to provide you with a better understanding of how insecure protocols are handled in cloud environments.

Tue, 01 Mar 2022 07:00:10 +0000

DFSP # 315 - ARTHIR

This we can talk about Arthir, an open source platform for windows incident response and threat hunting.

Tue, 22 Feb 2022 05:11:00 +0000

DFSP # 314 - Future of Cyber Security

This week Max Lamothe-Brassard talks about the future of cyber security.

Tue, 15 Feb 2022 05:11:00 +0000

DFSP # 313 - Shimcache and Amcache

This week is a back to basic episode featuring Shimcache and Amcache. Learn what they are, why they are important to many investigations and the pitfalls to avoid.

Tue, 08 Feb 2022 05:11:00 +0000

DFSP # 312 - Cloud Network Security Services

This week is about Cloud Network Security Services.

Tue, 01 Feb 2022 05:02:00 +0000

DFSP # 311 - Data Spoliation Fast Triage

This week we continue with the Windows fast triage series and talk about data spoliation detection.

Tue, 25 Jan 2022 05:00:00 +0000

DFSP # 310 - Cloud Network Segmentation

This week is about cloud network segmentation. Network segmentation has security advantages, and thats regardless of whether or not security is the intention. There are some big differences between traditional on-prem network segmentation and cloud infrastructure segmentation. As a DFIR practitioner, knowing the difference is vital for your incident response preparedness. This week I will break it down from a DFIR point of view and provide some necessary insight that will help you better structure your investigations involving cloud assets.

Tue, 18 Jan 2022 05:00:00 +0000

DFSP # 309 - Insider Threats

This week I cover insider threat, which is sort of a gray area between traditional investigations and DFIR investigations.

Tue, 11 Jan 2022 05:00:00 +0000

DFSP # 308 - Cloud Access Controls

This week Im talking about identity access controls commonly encountered in cloud environments. These come up during DFIR investigations and high-level awareness, at the least, is necessary for analysts in order to be effective during investigations. These are the things that may be part of root cause, part of the attack escalation, or part of mitigation will remediation. This week all cover the basics to help with your incident response preparedness.

Tue, 04 Jan 2022 05:00:00 +0000

DFSP # 307 - Career Strategy Checkup

This week is my advice for conducting a career critique as well as to plan for the future - or at least for 2022. I do this episode every year at this time with the intention of helping newer analysts maximize their efforts to achieve the desired career goals in both the short term and long term.

Tue, 28 Dec 2021 05:00:00 +0000

DFSP # 306 - Lateral MM Fast Triage 5

This week we continue with the Windows fast triage series and talk about lateral movement evidence that may be found in DC records.

Tue, 21 Dec 2021 05:00:00 +0000

DFSP # 305 - CSA Cloud Threats 8

This week is a continuation of the threats to cloud computing miniseries. We are stepping through the top 11 threats to cloud computing as identified by the Cloud Security alliance. When you are protecting cloud assets or investigating breaches of cloud assets, there is a lot to keep in mind. You must remember the standard security infrastructure, the new cloud infrastructure as well as any changes to the standard infrastructure that could be affected for your investigation. The top 11 threats to cloud computing help identify where you, as an analyst, should prioritize your time both as a starting point and how you use your limited time for continuing education.

Tue, 14 Dec 2021 05:00:00 +0000

DFSP # 304 - Detecting File Poisoning on Linux

This week I review a great method to detect file poisoning on Linux using all native commands.

Tue, 07 Dec 2021 05:00:00 +0000

DFSP # 303 - Mac Artifacts with SUMURI

This week SUMURI's Steve Whalen (a.k.a. 'MacBoy') talks Mac artifacts

Tue, 30 Nov 2021 05:00:00 +0000

DFSP # 302 - Lateral MM Fast Triage 4

This week we continue with the Windows fast triage series and talk about lateral movement evidence that may be found in logon event records.

Tue, 23 Nov 2021 05:00:00 +0000

DFSP # 301 - OSDFCON 2021

This week Brian Carrier of Basis Technology joins me to talk about OSDFCon. The DFIR community relies on open source tools and the conference is a great way to get exposure to new tools and to learn how to use them. There's a great lineup this year with something for everyone. Registration is free for everyone.

Tue, 16 Nov 2021 05:00:00 +0000

DFSP # 300 - Case Study Ocean Lotus

This week is a case study where we look at an actual attack strategy and compared it against standard triage methods to see how well they hold up.In this episode I break down some attack methods attributed to APT32, also known as Ocean Lotus, and well see how standard triage techniques hold up against the attack chain.

Tue, 09 Nov 2021 05:00:00 +0000

DFSP # 299 - Malicious Powershell with Blumira

Amanda Berlin of Blumira speaks on malicious Powershell attacks and defense techniques.

Tue, 02 Nov 2021 04:00:00 +0000

DFSP # 298 - Mac Forensics with SUMURI

This week SUMURI's Steve Whalen (a.k.a. 'MacBoy') talks Mac forensics.

Tue, 26 Oct 2021 04:00:00 +0000

DFSP # 297 - Nested Groups

This week Im talking about Nested Groups and the risk they pose for security. Built-in to the functionality of Active Directory is the ability to attach a group to another group. While this has advantages for account administration across an organization, it also offers attackers opportunity if certain precautions are not taken. This week Ill break down Nested Groups in DFIR terms, talk about how attackers take advantage of it and what analysts need to know for investigations.

Tue, 19 Oct 2021 04:00:00 +0000

DFSP # 296 - Case Study Turla-Comrat

This week is a case study where we look at an actual attack strategy and compared it against standard triage methods to see how well they hold up. The Turla group using ComRat malware is our case example, lets see if standard triage techniques can save the day.

Tue, 12 Oct 2021 04:00:00 +0000

DFSP # 295 - Ransomware with Blumira

Matt Warner, Blumira CTO and Co-Founder, talks ransomware investigations.

Tue, 05 Oct 2021 04:00:00 +0000

DFSP # 294 - CSA Cloud Threats 7

Tue, 28 Sep 2021 04:00:00 +0000

DFSP # 293 - Case Study: Ransomware

This week is a case study that demonstrates how fundamental DFIR triage methods can detect advanced attacks. Examiners, especially newer examiners, should find confidence in the fact that standard triage techniques have such a powerful impact on security investigations.

Tue, 21 Sep 2021 04:00:00 +0000

DFSP # 292 - Top Cloud Threats with Blumira

This week Nato Riley from Blumira pays a visit to talk about the top threats to cloud computing.

Tue, 14 Sep 2021 04:00:00 +0000

DFSP # 291 - Lateral MM Fast Triage 3

This week we continue with the Windows fast triage series and talk about lateral movement evidence that may be found in admin shares event records. Four different types of logs are covered, each containing different information for triage purposes.

Tue, 07 Sep 2021 04:00:00 +0000

DFSP # 290 - Mac Training with SUMURI

This week SUMURI's Steve Whalen (a.k.a. 'MacBoy') and Dave Melvin talk about the latest in Mac training and certification. Learn the advantages of vendor neutral training and how to prioritize it in your own training regiment.

Tue, 31 Aug 2021 04:00:00 +0000

DFSP # 289 - Framing Root Cause

As an analyst, it is important to identify root cause and link it back to security governance strategies. This is dealt with through root cause statements typically. What exactly should you be doing for a root cause statement? How important is it? If you produce a findings report you can count on the root cause statement being read. Other parts of the document may be skimmed through, or even ignored, but the root cause statement is going to draw the attention of a variety of different audiences. Therefore this is something you want to get right. In this episode Im going to deliver a simple approach you can use.

Tue, 24 Aug 2021 04:00:00 +0000

DFSP # 288 - Max DFIR Impact

Most of my episodes are about computer forensic artifacts and methods. Once in a while I like to cover non-technical topics, such as thoughts and recommendations about career development, subject matter expertise strategies, and impact exposure or delivery of your work. These soft skills are important to your career success. So this week will be on maximizing DFIR exposure in your current role, whatever that role may be. I will cover how to connect the work you do with the high-level strategies that are important to your management or your customers.

Tue, 17 Aug 2021 04:00:00 +0000

DFSP # 287 - CSA Cloud Threats 6

Tue, 10 Aug 2021 04:00:00 +0000

DFSP # 286 - Lateral MM Fast Triage 2 [5145]

This week we continue with the Windows fast triage series. We are up to lateral movement and talking about admin shares. On topic this week is event 5145 which is a Windows log that records verbose information about network share objects and it is an artifact you can use to triage a system or group of systems for evidence of malicious lateral movement.

Tue, 03 Aug 2021 04:00:00 +0000

DFSP # 285 - Linux Malware Triage

This week I wanted to take a break from Windows forensics and talk about Linux malware triage. The Linux platform offers forensic analysts the opportunity to do a very decent job performing malware triage. What I mean by this is that you do not need any special tools installed, all you essentially need is the knowledge of a handful of commands in the ability to make sense of the output. Armed with this, any analyst can do a malware triage quickly and efficiently.

Tue, 27 Jul 2021 04:00:00 +0000

DFSP # 284 - Fast Triage case study: non-Windows core processes

This week were going to take a look at how standard triage methodology can detect advanced attack techniques. Even as a newer examiners, if you learn the standard triage methods that I have covered in the fast triage series, you will find the skills provide ample opportunity to detect all sorts attack activity-even very advanced attack activity. This is because there are natural chokepoints in the attack chain that can be used to your advantage. This week we are going to see the non-Windows core process triage in action through the lens of a very advanced attack dubbed operation ghost.

Tue, 20 Jul 2021 04:00:00 +0000

DFSP # 283 - CSA Cloud Threats 5

This week we take another look at the top threats to cloud computing. On tap This week is account hijacking. All analysts working in the DFIR field today must be aware of threats to cloud computing in order to be effective in their roles.

Tue, 13 Jul 2021 04:00:00 +0000

DFSP # 282 - Lateral MM Fast Triage

This week I talk about lateral movement fast triage. This is the next topic in the Windows fast triage miniseries and it aligns with the goal of the entire series, which is to help new or any analyst identify the most accessible artifacts that may be quickly analyzed to find evidence of compromise. So far we have dealt with persistence, suspicious network activity, and suspicious processes. As always, I will provide a simple yet effective approach to work with lateral movement artifacts.

Tue, 06 Jul 2021 04:00:00 +0000

DFSP # 281 - Fast Triage case study: persistence

This week Im doing another walk-through to illustrate how standard triage methodology can detect advanced attack techniques. Sometimes as a newer examiner, its easy to become overwhelmed with the technical detail necessary to understand and attack. Its also easy to become discouraged and convince yourself that its way too complicated for your current skill set and you may not even feel useful as a team member. This episode is going to dispel all of that and show you how a focus on the standard fast triage method provides all the knowledge you need to detect and advanced breach into an environment.

Tue, 29 Jun 2021 04:00:00 +0000

DFSP # 280 - Malware Fast Triage

This week Im covering malware fast triage. It occurred to me that I should revisit this issue for a couple of different reasons. I remember covering this many years ago and I believe thats why I havent thought about doing anything on it lately. However, it does go hand-in-hand with the Windows fast triage series that I am doing. Part of that strategy is to look for common malware patterns. In an effort to maximize what the listeners get from the episodes I figured this topic definitely needs to be revisited so that when I use that term, you are at least clear on what I mean by it and the method it represents.

Tue, 22 Jun 2021 04:00:00 +0000

DFSP # 279 - CSA Cloud Threats 4

This week is about the top threats to cloud computing.

Tue, 15 Jun 2021 04:00:00 +0000

DFSP # 278 - Process Triage & CMD

This week is a continuation of the Windows fast triage miniseries. While other aspects of the triage miniseries had fairly contained artifacts to examine, new process triage presents a large and complex landscape to the analyst. I have already broken down a number of effective analysis methods to make this more manageable. This week I focus on key applications to look for during a review. These applications tend to be associated more with malicious activity, at least according to threat intelligence research, so being aware of them and recognizing the potential is important. I also spend some time talking about the nuances of CMD.

Tue, 08 Jun 2021 04:00:00 +0000

DFSP # 277 - Learning from the Red Team II

A while back I did an episode on learning from the red team which focused on methods blue team members can utilize to better understand attacks and the artifacts affected by those attacks. One of the advantages of this method that I did not mention in that episode was how to use open source vulnerability scanners for the same purpose. This week, will be part two and I will go over freely available resources and the method to help you gain better insight into forensic artifacts.

Tue, 01 Jun 2021 04:00:00 +0000

DFSP # 276 - CVSS Fast Analysis

This week is about how size up a reported vulnerability quickly.

Tue, 25 May 2021 04:00:00 +0000

DFSP # 275 - dotNET

This week I tackle .NET. It is an ecosystem that is associated with malicious Powershell activity.

Tue, 18 May 2021 04:00:00 +0000

DFSP # 274 - Powershell Revisited

This week I revisited powershell from a process fast triage context.

Tue, 11 May 2021 04:00:00 +0000

DFSP # 273 - CSA Cloud Threats 3

This week is about the top threats to cloud computing.

Tue, 04 May 2021 04:00:00 +0000

DFSP # 272 - 4688

This week I continue with the fast triage method for processes with a focus on historical records.

Tue, 27 Apr 2021 04:00:00 +0000

DFSP # 271 - DREAD and STRIDE

This week I cover threat modeling from a DFIR point-of-view. It provides a standard framework to classify and rate the severity of vulnerabilities discovered during investigations.

Tue, 20 Apr 2021 04:00:00 +0000

DFSP # 270 - CAPEC

This week I run through a threat intel resource you may use for standardized attack information.

Tue, 13 Apr 2021 04:00:00 +0000

DFSP # 269 - Svchost Revisited

This week I revisit Svchost and the triage methods to apply.

Tue, 06 Apr 2021 04:00:00 +0000

DFSP # 268 - CSA Cloud Threats 2

This week is about the top threats to cloud computing.

Tue, 30 Mar 2021 04:00:00 +0000

DFSP # 267 - Sunscreen

This week is a case study that demonstrates the power behind IR fundamental methodology.

Tue, 23 Mar 2021 04:00:00 +0000

DFSP # 266 - Windows non-core processes

This week I continue with the fast triage method for processes with a focus on, well, everything else!

Tue, 16 Mar 2021 04:00:00 +0000

DFSP # 265 - CSA Cloud Threats 1

This week is about the top threats to cloud computing.

Tue, 09 Mar 2021 05:00:00 +0000

DFSP # 264 - Golden SAML

This week is about preparing for Golden SAML attacks for both Incident Response and Threat Hunting.

Tue, 02 Mar 2021 05:00:00 +0000

DFSP # 263 - Threat Hunt with Statistics

This week is about applying basic statistical analysis to threat hunting. The results are effective!

Tue, 23 Feb 2021 05:00:00 +0000

DFSP # 262 - Security Theatre

This week is about theatrics in security and how to avoid the trap.

Tue, 16 Feb 2021 05:00:00 +0000

DFSP # 261 - Wincore Processes Revisited part 2

This week I revisit Windows Core Processes and the triage methods to apply to them.

Tue, 09 Feb 2021 05:00:00 +0000

DFSP # 260 - Learn from the Red Team

This week I talk about vulnhub, a free resource to practice ethical hacking skills and sharpen your DFIR skills.

Tue, 02 Feb 2021 05:00:00 +0000

DFSP # 259 - Wincore Processes Revisited part 1

This week I revisit Windows Core Processes and the triage methods to apply to them.

Tue, 26 Jan 2021 05:00:00 +0000

DFSP # 258 - Network Triage Part 4

This week is the fourth part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record blocked network activity.

Tue, 19 Jan 2021 05:00:00 +0000

DFSP # 257 - Supply Chain Attacks

This week is about supply chain security posture from a DFIR point-of-view.

Tue, 12 Jan 2021 05:00:00 +0000

DFSP # 256 - Kernel Process Masquerading

This week I go over a method to detect kernel process masquerading on Linux systems.

Tue, 05 Jan 2021 05:00:00 +0000

DFSP # 255 - The Worship of Intelligence in Tech

This week I interview author Shawn Livermore about the myth of the "tech-genius."

Tue, 29 Dec 2020 05:00:00 +0000

DFSP # 254 - Network Triage Part 3

This week is the third part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record network port-binding.

Tue, 22 Dec 2020 05:00:00 +0000

DFSP # 253 - Network Triage Part 2

This week is the second part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record network connections.

Tue, 15 Dec 2020 05:00:00 +0000

DFSP # 252 - Werfault

This week I cover triage techniques for werfault.exe. The process does not have the best documentation which makes it a challenge to triage.

Tue, 08 Dec 2020 05:00:00 +0000

DFSP # 251 - The Rise of Crypto SIM Swapping

This week I interview Haseeb Awan, CEO of EFANI, about the rise of SIM swapping attacks. Haseeb explains the attack, how attackers carry it out, and provides some mitigation strategies.

Tue, 01 Dec 2020 05:00:00 +0000

DFSP # 250 - Network Triage Part 1

This week is the first part of the Network-Fast-Triage mini-series. The first installation is the network investigation primer.

Tue, 24 Nov 2020 05:00:00 +0000

DFSP # 249 - Linux Fileless Attacks

This week I go over a method to detect fileless malware on Linux systems.

Tue, 17 Nov 2020 05:00:00 +0000

DFSP # 248 - Searchsploit

This week I talk utilizing the ExploitDB for DFIR investigations. Searchsploit isa command line search tool for Exploit-DB that allows you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access.

Tue, 10 Nov 2020 05:00:00 +0000

DFSP # 247 - Startup Locations

This week is the last part of the Persistence-Fast-Triage mini-series. The final installation covers Windows startup locations.

Tue, 03 Nov 2020 05:00:00 +0000

DFSP # 246 - Investigation Lifecycle

This week I talk about the IR Investigation Lifecycle, or, the elements included within the incident handling process to ensure a complete investigation.

Tue, 27 Oct 2020 04:00:00 +0000

DFSP # 245 - Fetch and Execute

This week I talk about the use of RUNDLL32 to exploit information files (.INF) to "fetch and execute" malware.

Tue, 20 Oct 2020 04:00:00 +0000

DFSP # 244 - Registry Persistence Part 3

This week is part 3 of examining the Windows Registry for evidence of persistence and the focus is on Windows Registry Modification Event Records.

Tue, 13 Oct 2020 04:00:00 +0000

DFSP # 243 - Stomping the Clock

This week I talk about detecting time stomping on Windows and Linux systems.

Tue, 06 Oct 2020 04:00:00 +0000

DFSP # 242 - Registry Persistence Part 2

This week I talk about examining the Windows Registry for evidence of persistence.

Tue, 29 Sep 2020 04:00:00 +0000

DFSP # 241 - Forensic Hardware

This week I interview JASON ROSLEWICZ of SUMURI about the hardware that drives your forensics system.

Tue, 22 Sep 2020 04:00:00 +0000

DFSP # 240 - MDM

This week is part 3 of the Mobile Attack series.

Tue, 15 Sep 2020 04:00:00 +0000

DFSP # 239 - Registry Persistence Part 1

This week I talk about examining the Windows Registry for evidence of persistence.

Tue, 08 Sep 2020 04:00:00 +0000

DFSP # 238 - Bash Attacks

This week I talk about the use of Bash commands in crypto-mining attacks.

Tue, 01 Sep 2020 04:00:00 +0000

DFSP # 237 - Attack Shimming

This week I talk about detecting persistence via Attack Shimming artifacts.

Tue, 25 Aug 2020 04:00:00 +0000

DFSP # 236 - Apple FSEvents

This week I interview Steve Whalen of SUMURI about Apple FSEvent artifacts. Learn what they are and how to leverage them for investigations.

Tue, 18 Aug 2020 04:00:00 +0000

DFSP # 235 - Scheduled Task Change

This week I talk about examining Windows Scheduled Task change events for evidence of persistence.

Tue, 11 Aug 2020 04:00:00 +0000

DFSP # 234 - Divide & Conquer with Brian Carrier

This week I interview Brian Carrier, SVP & CTO of Basis Technology about his "Divide & Conquer" approach to DFIR investigations.

Tue, 04 Aug 2020 04:00:00 +0000

DFSP # 233 - New Scheduled Tasks

This week I talk about examining Windows New Scheduled Task events for evidence of persistence.

Tue, 28 Jul 2020 04:00:00 +0000

DFSP # 232 - Exam Process - Soup-to-Nuts

This week Chris of MSAB shares his recommended process for DFIR exam standardization.

Tue, 21 Jul 2020 04:00:00 +0000

DFSP # 231 - Service Change Triage

This week I talk about examining Windows Service modification events for evidence of persistence.

Tue, 14 Jul 2020 04:00:00 +0000

DFSP # 230 - User Activity Artifacts

This week I talk about the artifacts and methodology for examining user activity on Windows systems.

Tue, 07 Jul 2020 04:00:00 +0000

DFSP # 229 - Mobile Attacks Part 2

This week is part 2 of the Mobile Attack series.

Tue, 30 Jun 2020 04:00:00 +0000

DFSP # 228 - Psychology of Reporting

This week I interview Steve Whalen of SUMURI and we talk about effective ways to report forensic findings.

Tue, 23 Jun 2020 04:00:00 +0000

DFSP # 227 - New Service Triage

This week I talk about examining Windows systems for evidence of persistence.

Tue, 16 Jun 2020 04:00:00 +0000

DFSP # 226 - User Logons

This week I talk about a triage methodology for examining user activity.

Tue, 09 Jun 2020 04:00:00 +0000

DFSP # 225 - Mobile Device Attacks

This week I talk about mobile device compromise.

Tue, 02 Jun 2020 04:00:00 +0000

DFSP # 224 - Conhost Forensics

This week I talk about examining Conhost data for evidence of execution.

Tue, 26 May 2020 04:00:00 +0000

DFSP # 223 - Apple Meta

This week I interview Steve Whalen of SUMURI about Apple metadata.

Tue, 19 May 2020 04:00:00 +0000

DFSP # 222 - User Enumeration

This week I talk about a triage methodology for examining suspicious user accounts.

Tue, 12 May 2020 04:00:00 +0000

DFSP # 221 - Mobile Device Security

This week I talk about mobile device operating system and file system security, focusing specifically on applications.

Tue, 05 May 2020 04:00:00 +0000

DFSP # 220 - Mobile Forensics For New Investigators

This week I interview MSAB instructor Chris Currier about mobile forensics for new examiners.

Tue, 28 Apr 2020 04:00:00 +0000

DFSP # 219 - Forensic Grab Bag

This week I talk about persistence, malware analysis and identifying system owners.

Tue, 21 Apr 2020 04:00:00 +0000

DFSP # 218 - Plaso & Elk Timelines

This week I talk about SOF-ELK to take your timelines to a new level

Tue, 14 Apr 2020 04:00:00 +0000

DFSP # 217 - Static Malware Analysis

This week I talk about CFF Explorer.

Tue, 07 Apr 2020 15:37:50 +0000

DFSP # 216 - DHASH

This week I talk with MSAB about DHASH, learn what it is and its use in DFIR investigations

Tue, 31 Mar 2020 04:00:00 +0000

DFSP # 215 - CMSTP Forensics

This week I cover triaging CMSTP for remote execution

Tue, 24 Mar 2020 04:00:00 +0000

DFSP # 214 - CyberChef

This week I explain why you need CyberChef in your toolbox

Tue, 17 Mar 2020 04:00:00 +0000

DFSP # 213 - Trusted Developer Utilities

This week I talk DFIR triage for Microsoft Trusted Dev Utilities

Tue, 10 Mar 2020 04:00:00 +0000

DFSP # 212 - Learning Python

This week I review resources aimed at teaching you Python

Tue, 03 Mar 2020 05:00:00 +0000

DFSP # 211 - Mac Forensics with Steve Whalen

This week I interview Steve Whalen from SUMURI about the current Mac Forensic landscape

Tue, 25 Feb 2020 05:00:00 +0000

DFSP # 210 - Pivot Tables for Forensics

This week I talk about Pivot Tables and their value for DFIR investigations

Tue, 18 Feb 2020 05:00:00 +0000

DFSP # 209 - Mac Autoruns

This week I talk about common autorun locations to check during Mac exams

Tue, 11 Feb 2020 05:00:00 +0000

DFSP # 208 - Persistence Fast Triage

This week I talk about a fast triage methodology to detect persistence on Windows systems

Tue, 04 Feb 2020 05:00:00 +0000

DFSP # 207 - Forensic Grab Bag

This week I talk about tools available on the SIFT workstation... that you may not know or even there!

Tue, 28 Jan 2020 05:00:00 +0000

DFSP # 206 - Certutil Abuse

This week I talk breakdown certutil exploitation; what it is and methods to detect malicious usage

Tue, 21 Jan 2020 05:00:00 +0000

DFSP # 205 - Layered Drivers

This week I talk about using layered drivers as an artifact to identify persistence

Tue, 14 Jan 2020 05:00:00 +0000

DFSP # 204 - SOF ELK

This week I talk about SOF ELK, a freely available pre-built virtual appliance for DFIR work

Tue, 07 Jan 2020 05:00:00 +0000

DFSP # 203 - Profile of a modern analyst

This week I start the year with my traditional "back-to-basics" episode, focusing on self-improvement themes and goals to consider

Tue, 31 Dec 2019 05:00:00 +0000

DFSP # 202 - Base64 Forensics

This week I talk about dealing with Base64 evidence.

Tue, 24 Dec 2019 05:00:00 +0000

DFSP # 201 - Regsvcs Triage

This week I talk about identifying REGSVC \ REGASM abuse

Tue, 17 Dec 2019 05:00:00 +0000

DFSP # 200 - Audit Log Clearing

This week I talk about different types of audit log clearing and detection strategies

Tue, 10 Dec 2019 05:00:00 +0000

DFSP # 199 - Hashdeep

This week I talk about using Hashdeep for forensic triage

Tue, 03 Dec 2019 05:00:00 +0000

DFSP # 198 - Linux Malware Detect

This week I talk about LMD, an openly available tool to increase Linux security posture.

Tue, 26 Nov 2019 05:00:00 +0000

DFSP # 197 - Approaching Network Forensics

This week I talk about network forensic methodology.

Tue, 19 Nov 2019 05:00:00 +0000

DFSP # 196 - autoLLR

This week I talk about autoLLR, a script to automate evidence collection on live Linux systems as well as artifact post processing.

Fri, 15 Nov 2019 21:08:06 +0000

DFSP # 195 BAM!

This week I talk about the Windows Background Activity Monitor, an artifact that may be used to find evidence of execution.

Tue, 05 Nov 2019 05:00:00 +0000

DFSP # 194 - Powershell Collection Tools

This week I talk about some issues surrounding powershell when used as a digital forensic collection tool.

Tue, 29 Oct 2019 13:30:00 +0000

DFSP # 193 - LOKI

This week I talk about LOKI, a tool designed to help analyst scan for APT IOCs.

Tue, 22 Oct 2019 13:30:00 +0000

DFSP # 192 - KAPE

This week I talk about KAPE, a freely available forensic evidence collection and triage tool.

Tue, 15 Oct 2019 13:27:42 +0000

DFSP # 191 - Linux File Systems

This week I talk about the common Linux file systems and what to expect when dealing with different hosts.

Wed, 09 Oct 2019 13:53:20 +0000

DFSP # 190 - Dead Simple Boot Disks

This week I go over how to create a boot disk using the native capability of Ubuntu. You'll never have to rely on third-party tools again!

Tue, 01 Oct 2019 13:12:58 +0000

DFSP # 188 - Container Attack Vectors

This week I breakdown container attack vectors for Cloud Incident Response.

Tue, 01 Oct 2019 13:11:01 +0000

DFSP # 187 - SUDOERS File and Forensics

This week I breakdown the SUDOERS file for forensic triage.

Tue, 01 Oct 2019 13:08:59 +0000

DFSP # 186 - Powershell Forensics

This week I talk about Powershell through the lens of the Service Control Manager.

Tue, 01 Oct 2019 13:05:11 +0000

DFSP # 189 - NVMe

This week I talk about NVMe, a data storage technology, from a forensic point of view.

Mon, 30 Sep 2019 13:02:26 +0000

DFSP # 185 - Understanding Linux Executables

This week I cover how to approach Linux binaries during investigations.

Tue, 27 Aug 2019 13:30:00 +0000

DFSP # 184 - Cloud Incident Response

This week I continue the series about the DFIR changes on the horizon with cloud technology and focus on AWS EC2 forensics.

Tue, 20 Aug 2019 13:30:00 +0000

DFSP # 183 - WMI Forensics

This week I talk about using WMI to create processes remotely.

Tue, 13 Aug 2019 13:30:00 +0000

DFSP # 182 - Density Scout

This week I talk about Density Scout, an open source tool for malware triage.

Tue, 06 Aug 2019 13:30:00 +0000

DFSP # 181 - Remote Execution One-Liners

This week I cover a resource you can use to develop windows remote execution triage methodology and threat hunting.

Tue, 30 Jul 2019 13:30:00 +0000

DFSP # 180 - Credential Guard

This week I talk about the Windows credential guard process.

Tue, 23 Jul 2019 13:30:00 +0000

DFSP # 179 - OWASP: Insufficient logging and monitoring

This week Italk about OWASP's Number 10 vulnerability category from their top 10 list, insufficient logging and monitoring.

Tue, 16 Jul 2019 13:30:00 +0000

DFSP # 178 - Attacker Recon Commands

This week I talk about the most frequently seen attacker recon commands.

Tue, 09 Jul 2019 13:30:00 +0000

DFSP # 177 - PSEXEC Forensics

This week I talk about a popular Windows utility attackers often exploit.

Tue, 02 Jul 2019 13:30:00 +0000

DFSP # 176 - Cloud Incident Response

This week I talk about incident response in container deployments.

Tue, 25 Jun 2019 13:30:00 +0000

DFSP # 175 - OWASP: Components with Known Vulnerabilities

This week Italk about OWASP's Number 9 vulnerability category from their top 10 list, components with known vulnerabilities.

Tue, 18 Jun 2019 13:30:00 +0000

DFSP # 174 - The VMEM Experience

This week Italk about the challenges of working with VMEM files for memory forensics.

Tue, 11 Jun 2019 16:00:00 +0000

DFSP # 173 - Cloud Incident Response

This week Italk about the DFIR changes on the horizon with cloud technology.

Tue, 04 Jun 2019 13:30:00 +0000

DFSP # 172 - High Optane

This week Italk about Intel's emerging technology called Optane end it anticipated affects on DFIR investigations.

Tue, 28 May 2019 13:30:00 +0000

DFSP # 171 - OWASP: Breakfast Cereal

This week Italk about OWASP's Number 8 vulnerability category from their top 10 list, insecure deserialization.

Tue, 21 May 2019 13:30:00 +0000

DFSP # 170 - The Crypto-Landscape

This week Italk about the crypto attack landscape.

Tue, 14 May 2019 13:30:00 +0000

DFSP # 169 - Will The Future Kill DFIR?

DFIR are professionals often worry if advances in artificial intelligence and automation are going to put them out of work. This week I address the issue and give my projection, based on expert sources, of what the future of forensics will look like.

Tue, 07 May 2019 13:30:00 +0000

DFSP # 168 - Is CEH Still Relevant?

I recently passed my certified ethical hacker certification test. This week I thought I would talk about why I chose the certification.

Tue, 30 Apr 2019 13:30:00 +0000

DFSP # 167 - OWASP: XSS

This week Italk about OWASP's Number 7 vulnerability category from their top 10 list, cross site scripting.

Tue, 23 Apr 2019 13:30:00 +0000

DFSP # 166 - SVCHOST Abuse

This week I talk about SVCHOST. This Windows core process is one of the most targeted artifacts that comes up again and again during investigations.

Tue, 16 Apr 2019 13:30:00 +0000

DFSP # 165 - Windows Core Processes

This week I go over how to approach windows core processes from the standpoint of fast triage methodology. Since these processes are found on all window systems it makes sense to develop and investigative approach that focuses on quickly reviewing each process for anomalies.

Tue, 09 Apr 2019 13:30:00 +0000

DFSP # 164 - Mobile Device Compromise Assessment

This week I talk about the investigative value of creating a mobile compromise assessment strategy.

Tue, 02 Apr 2019 13:30:00 +0000

DFSP # 163 - DFIR Job Interviews

This week I share my thoughts on DFIR job interviews. How to prepare. Things to consider. Pitfalls to avoid.

Tue, 26 Mar 2019 13:30:00 +0000

DFSP # 162 - OWASP: Security Misconfigurations

This week Italk about OWASP's Number 6 vulnerability category from their top 10 list, Security Misconfiguration. I explore the issue from a DFIR point of view.

Tue, 19 Mar 2019 13:30:00 +0000

DFSP # 161 - Social Engineering Toolkit

This week Italk about all the fun you can have ethically hacking with SET

Tue, 12 Mar 2019 13:30:00 +0000

DFSP # 160 - Serpico

Serpico makes report writing suck less! Check it out.

Tue, 05 Mar 2019 14:30:00 +0000

DFSP # 159 - Linux Triage

This week Italk more about Linux triage methods.

Tue, 26 Feb 2019 14:30:00 +0000

DFSP # 158 - OWASP: Broken Access Control

This week Italk about OWASP's Number 5 vulnerability category from their top 10 list, Broken Access Control. I explore the issue from a DFIR point of view.

Tue, 19 Feb 2019 14:30:00 +0000

DFSP # 157 - File Comparison Strategies

This week I discuss some techniques for comparing files and folders for DFIR investigations.

Tue, 12 Feb 2019 14:30:00 +0000

DFSP # 156 - B2B: Career Maintenance

This week I share my thoughts on assessing DFIR career path progression.

Tue, 05 Feb 2019 14:30:00 +0000

DFSP # 155 - YARA Almighty

This week Italk about the forensic value of YARA.

Tue, 29 Jan 2019 14:30:00 +0000

DFSP # 154 - OWASP: XXE

This week Italk about OWASP's Number 4 vulnerability category from their top 10 list, XXE attacks. I explore the issue from a DFIR point of view.

Tue, 22 Jan 2019 14:30:00 +0000

DFSP # 153 - Google Dorks

This week Italk about the Google Hacking Database.

Tue, 15 Jan 2019 14:30:00 +0000

DFSP # 152 - CEWL

This week Italk about CEWL, a freely available tool for crawling websites to produce unique wordlists (think password attacks!)

Tue, 08 Jan 2019 14:30:00 +0000

DFSP # 151 - Autoweb Project

This week Italk about my new Github page and the autoweb script.

Thu, 03 Jan 2019 14:30:00 +0000

DFSP # 150 - AppLocker Bypass

This week Italk about Applocker Bypass from a DFIR point of view.

Thu, 27 Dec 2018 14:30:00 +0000

DFSP # 149 - OWASP: Sensitive Data Exposure

This week Italk about OWASP's Number 3 vulnerability category from their top 10 list, sensitive data exposure. I explore the issue from a DFIR point of view.

Tue, 18 Dec 2018 14:30:00 +0000

DFSP # 148 - Threat Hunting Tips

This week Italk about tips for building a threat hunting program.

Tue, 11 Dec 2018 14:30:00 +0000

DFSP # 147 - Webshell Breakdown

This week I break down webshells for threat hunting and incident response triage.

Tue, 04 Dec 2018 14:30:00 +0000

DFSP # 146 - Mimikatz Detection

This week Italk about contacting Mimikatz through windows event log.

Tue, 27 Nov 2018 14:30:00 +0000

DFSP # 145 - PDF Forensics

This week I talk about PDF analysis tools to check for malicious indictors in PDFs.

Tue, 20 Nov 2018 14:30:00 +0000

DFSP # 144 - OWASP: Broken Authentication

This week Italk about OWASP and why you should be paying attention.

Tue, 13 Nov 2018 14:30:00 +0000

DFSP # 143 - Tips from the Trenches

Tips from the DFIR Trenches

Tue, 06 Nov 2018 14:30:00 +0000

DFSP # 142 - CRON 101

This week Ibreakdown CRON for the uninitiated.

Tue, 30 Oct 2018 13:30:00 +0000

DFSP # 141 - Logon Triage

This week Italk about investigation strategies for logon events.

Tue, 23 Oct 2018 13:30:00 +0000

DFSP # 140 - PCAP Hunting

This week I talk about PCAP hunting strategies.

Tue, 16 Oct 2018 13:30:00 +0000

DFSP # 139 - Linux Crypto-Mining Malware Tactics

This week IinterviewCraig Rowland ofSandfly Security about crypto-mining attacks on Linux systems.

Learn more about Sandfly athttps://www.sandflysecurity.com

Tue, 09 Oct 2018 13:30:00 +0000

DFSP # 138 - OWASP Top 10

This week Italk about OWASP and why you should be paying attention.

Tue, 02 Oct 2018 13:30:00 +0000

DFSP # 137 - Fast Flux

This week I talk about the attack methodology known as Fast Flux.

Tue, 25 Sep 2018 13:30:00 +0000

DFSP # 136 - Scheduled Task Triage Part 2

This week Italk about details about what to look at in Scheduled Task records for forensic triage.

Tue, 18 Sep 2018 13:30:00 +0000

DFSP # 135 - Scheduled Task Triage Part 1

This week Italk about details about what to look at in Scheduled Task records for forensic triage.

Tue, 11 Sep 2018 13:30:00 +0000

DFSP # 134 -OfficeMalScanner

This week I talk OfficeMalScanner, a malware scanner for Microsoft document

Tue, 04 Sep 2018 13:30:00 +0000

DFSP # 133 - Know Thy Logs

This week I talk Ultimate windows security

Tue, 28 Aug 2018 13:30:00 +0000

DFSP # 132 - Root Cause

This week I talk about methodologies to investigate root cause during incident response investigations.

Tue, 21 Aug 2018 13:30:00 +0000

DFSP # 131 - PIDS

This week Italk about PIDS in their uses and computer forensic investigations.

Tue, 14 Aug 2018 13:30:00 +0000

DFSP # 130 - Network Scoping

This week Italk about scoping network connections as part of incident response triage

Tue, 07 Aug 2018 13:30:00 +0000

DFSP # 129 - Excel Fu for Frequency Analysis

This week I talk more excel fu tips

Tue, 31 Jul 2018 13:30:00 +0000

DFSP # 128 - GREP vs SED vs AWK

This week I talk the difference between common text processing utilities used in forensic analysis

Tue, 24 Jul 2018 13:30:00 +0000

DFSP # 127 - DNS & Forensics

This week I talk about DNS and forensics

Tue, 17 Jul 2018 13:30:00 +0000

DFSP # 126 - Star Grepping

This week I talk about the value of Grep as a forensic skillset

Tue, 10 Jul 2018 13:30:00 +0000

DFSP # 125 - Distributed Hash Cracking

This week Italk about distributed password cracking with Hashtopolis for Hashcat

Tue, 03 Jul 2018 13:30:00 +0000

DFSP # 124 - iOS USB Restricted Mode

This week Italk about the security changes coming with iOS 11.4

Tue, 26 Jun 2018 13:30:00 +0000

DFSP # 123 - IP Triage

This week I talk about IP address and domain triage for computer forensic investigations.

Tue, 19 Jun 2018 13:30:00 +0000

DFSP # 122 - ATT&CK Matrix

This week I talkabout ATT&CK for Enterprise

Tue, 12 Jun 2018 13:30:00 +0000

DFSP # 121 - Adventures in Scripting

This week I talk about getting started in scripting

Tue, 05 Jun 2018 13:30:00 +0000

DFSP # 120 - Rita

This week I talk about Rita, a free Threat Hunting Tool from Black Hills Information Security

Tue, 29 May 2018 13:30:00 +0000

DFSP # 119 - MFT2CSV

This week Ireview mft2csv

Tue, 22 May 2018 13:30:00 +0000

DFSP # 118 - .bash_history forensics

This week Italk about Linux triage using the /.bash_history artifact

Tue, 15 May 2018 13:30:00 +0000

DFSP # 117 - USNJRNL Tool Review

This week I review two tools for extracting and parsing USNJRNL evidence.

Tue, 08 May 2018 13:30:00 +0000

DFSP # 116 - Automatic Detection of Malware from Memory Analysis

This week I talk about a clever way to leverage Volatility to triage malware on a target system

Tue, 01 May 2018 13:30:00 +0000

DFSP # 115 - Prefetch Tools

This week I talkabout 6 different prefetch tools that are FREE!

Tue, 24 Apr 2018 13:30:00 +0000

DFSP # 114 - Go Norse!

This week I talk about keeping up with attack intelligence.

Tue, 17 Apr 2018 13:30:00 +0000

DFSP # 113 - Dead Simple Timelines

This week Ido a tool review of CYLR and CDQR - perhaps the easiest way to build an awesome timeline

Tue, 10 Apr 2018 13:30:00 +0000

DFSP # 112 - Port Forensics?

This week I talk how common ports plays into network forensics.

Tue, 03 Apr 2018 13:30:00 +0000

DFSP # 111 - Network Triage

This week Igo over some Network Forensic artifacts and what they offer to an investigation.

Tue, 27 Mar 2018 13:30:00 +0000

DFSP # 110 - Web Browser Forensics with Foxton

This week Ireview two freely available forensic tools from Foxton Forensics

Tue, 20 Mar 2018 13:30:00 +0000

DFSP # 109 - OLEDump

This week I talk about OLEDump, a malware analysis tool for investigating suspicious macros in MS Office documents

Tue, 13 Mar 2018 13:30:00 +0000

DFSP # 108 - Under the Radare

This week I talk about Cutter,a static malware analysis tool by Radare

Tue, 27 Feb 2018 14:30:00 +0000

DFSP # 106 - Cryptocurrency 1-2-3

This week Igo over an easy way to get set-up to start using crypto-currency to testing \ validation \ and self-training purposes

Tue, 20 Feb 2018 14:30:00 +0000

DFSP # 105 - from Zero to JTAG

This week Iinterview an industry expert about mobile device JTAG and ISP forensics.

Tue, 13 Feb 2018 14:30:00 +0000

DFSP # 104 - UserAssist Forensics

This week Italk about the userassist artifact for file use and knowledge investigations.

Tue, 06 Feb 2018 14:30:00 +0000

DFSP # 103 - B2B USB Forensics

This week I talk aboutresolving USB usage back to specific systems and user accounts.

Tue, 30 Jan 2018 14:30:00 +0000

DFSP # 102 - B2B Windows Explorer

This week I talk about Windows Explorer evidence.

Tue, 23 Jan 2018 14:30:00 +0000

DFSP # 101 - B2B Shellbags

This week I talk aboutWindows Shellbags.

Tue, 16 Jan 2018 14:30:00 +0000

DFSP # 100 - B2B Shimcache

This week Icontinue the back to basics series with talk on the Windows Shimcache.

Tue, 09 Jan 2018 14:30:00 +0000

DFSP # 099 - B2B with Prefetch

This weekit's a refresher on the Windows Prefetch, a core Microsoft artifact every examiner shouldknow.

Tue, 02 Jan 2018 17:00:00 +0000

DFSP # 098 - Back to basics 2018

This week I kick off a revisit of the fundamentals helpful to all new examiners.

Tue, 26 Dec 2017 14:30:00 +0000

DFSP # 097 - The Main Event

This week Igo over some "go to" Windows Event Logs.

Tue, 19 Dec 2017 14:30:00 +0000

DFSP # 096 - OS X Unified Logging

This week I talk about Mac Logs, namely the new Unified Logging in OS X and how this impacts forensic exams.

Tue, 12 Dec 2017 14:30:00 +0000

DFSP # 095 - freE-DISCOVERY?

This week Italk about the "built-in" eDiscovery tools for Office 365

Tue, 05 Dec 2017 14:30:00 +0000

DFSP # 094 - 31 Flavors of Malware Analyst

This week I break down the different variations of the "malware analyst." Do you qualify as one?

Tue, 28 Nov 2017 14:30:00 +0000

DFSP # 093 - Chocolate Peanut Butter Moment

This week I talk about the volatility plug-ins for autopsy that allow you to do memory forensics in the autopsy forensic console.

Tue, 21 Nov 2017 14:30:00 +0000

DFSP # 092 - New Apple File System

This week I talk about the new file system released by Apple, APFS, and what it means for forensic examiners.

Tue, 14 Nov 2017 14:30:00 +0000

DFSP # 091 - Red Team Field Manual

This week I talk aboutRTFM, the companion to the blue team field manual that's filled with over 1000 commands for windows and Linux.

Tue, 07 Nov 2017 14:30:00 +0000

DFSP # 090 - Microsoft Evaluation Center

This week talk about the Microsoft Evaluation Center, a resource Microsoft office to obtain evaluation versions of operating systems and products.

Tue, 31 Oct 2017 13:30:00 +0000

DFSP # 089 - So you want to DFIR?

This weekI interview a DFIR practitioner about some of the little known facts about a career in the industry.

Tue, 24 Oct 2017 13:30:00 +0000

DFSP # 088 - Perfect Execution

This weekI talk about the most popular artifacts to prove application execution

Tue, 17 Oct 2017 13:30:00 +0000

DFSP # 087 - DFIR Degrees

This weekI interview a DFIR professional about his decision to get a Masters Degree in cyber security.

Tue, 10 Oct 2017 13:30:00 +0000

DFSP # 086 - BambiRaptor

This weekI review a freely available Windows Live Response collection tool available from BriMor Labs.

Tue, 03 Oct 2017 13:30:00 +0000

DFSP # 085 - Leggo my Stego

This weekItalk Stego; what it is and what challenges is presents to DFIR professionals.

Tue, 26 Sep 2017 13:30:00 +0000

DFSP # 084 - Blue Team Field Manual

This weekIreviewBlue Team Field Manual, a reference guide for DFIR practitioners.

Tue, 19 Sep 2017 13:30:00 +0000

DFSP # 083 - cree.py

This weekItalkabout cree.py, an OSINT tool to profile social media accounts by geolocation.

Tue, 12 Sep 2017 13:30:00 +0000

DFSP # 082 - iPhone Forensics on the Cheap

This weekItalk how to make a forensic iPhone backup using iTunes and triage of iPhone backup files using free forensic tools.

Tue, 05 Sep 2017 13:30:00 +0000

DFSP # 081 - OS X Collector

This weekI go over OSX Collector, a freely available tool to collect and preprocess Mac artifacts for DFIR investigations.

Tue, 29 Aug 2017 13:30:00 +0000

DFSP # 080 - DFIR Operational Assessment

This week I talk about 4 questions about your DFIR unit from an operations standpoint to identify holes and get a better sense of your investigative capabilities.

Tue, 22 Aug 2017 13:30:00 +0000

DFSP # 079 - Thoughts on DASH Forensics

This weekItalk about crypto currency 2.0 and feature DASH as the example.

Tue, 15 Aug 2017 13:30:00 +0000

DFSP # 078 - Bitcoin Forensics

This weekIprovide an overview of Bitcoin forensics for examiners new to these investigations.

Tue, 08 Aug 2017 13:30:00 +0000

DFSP # 077 - Crypto Currency 101

This weekIbreak down crypto currency concepts for new computer forensic examiners.

Tue, 01 Aug 2017 13:30:00 +0000

DFSP # 076 - Strings!

This weekIlooktalk about one of the most versatile tools for forensic triage and analysis - Strings!

Tue, 25 Jul 2017 13:30:00 +0000

DFSP # 075 - Capturing Websites as Evidence

This weekIlook at a methodology of capturing websites as evidence using HTTrack

Tue, 18 Jul 2017 13:30:00 +0000

DFSP # 074 - Detecting Lateral Movement

This weekIreview a document put out by the Japan Computer Emergency Response Team Coordination Center on "Detecting Lateral Movement through Tracking Event Logs."

Tue, 11 Jul 2017 13:30:00 +0000

DFSP # 073 - Jump Lists

This weekIbreak down the forensic value of Windows Jump lists.

Tue, 04 Jul 2017 13:30:00 +0000

DFSP # 072 - Free Training & Free Beer

This weekI talk about how to design your own training programs using low cost\ no cost options.

Tue, 27 Jun 2017 13:30:00 +0000

DFSP # 071 - Automated Malware Triage

This week I take a look atonline sandboxes for malware analysis.

Tue, 20 Jun 2017 13:30:00 +0000

DFSP # 070 - Notepad++

This weekItalk a Notepad++, a freely available code editing tool with some great options built in that are useful for inspecting forensic artifacts.

Tue, 13 Jun 2017 13:30:00 +0000

DFSP # 069 - Automated Memory Triage

This week I take a look at Redline by Mandiant, a tool that offers automated memory triage and much more.

Tue, 06 Jun 2017 13:30:00 +0000

DFSP # 068 - Is Scanning On-Scene Legit?

This weekI explore the idea of using scanning tools as part of an on scene triage process in order to find hidden devices and\or to document the systems of the local network.

Tue, 30 May 2017 13:30:00 +0000

DFSP # 067 - IR A-Z

Looking for the ultimate DFIR checklist? This weekIcheck out a freely available guidebook that, as the name implies, is aimed at addressing all things DFIR related A-Z.

Tue, 23 May 2017 13:30:00 +0000

DFSP # 066 - Skype Forensics

This weekI talk about the Skype artifacts forensic examiners need to be aware of.

Tue, 16 May 2017 13:30:00 +0000

DFSP # 065 - Is CSA+ Certification right for you?

This weekI take a look at CompTia's CSA+ certification and how it fits into a DFIR career.

Tue, 09 May 2017 13:30:00 +0000

DFSP # 064 - Chrome Forensics

This week it's back to browsers with Chrome Forensics.

Tue, 02 May 2017 13:30:00 +0000

DFSP # 063 - Bulk Extractor

This weekis tool review week featuring Bulk Extractor. This is a great triage tool, lab tool and all around tool to help generate leads for your case.

Tue, 25 Apr 2017 13:30:00 +0000

DFSP # 062 - Building a Forensic VM with VirtualBox

This week I take you through some of the "pain points" of using VirtualBox as a forensic machine virtualization platform. VirtualBox is freely available and is a great tool to scale your lab and field systems at a low cost. VirtualBox does not have the "easy" buttons the pay tools have but do not let that stop you. In this episode I talk aboutthe solutions that will have you up and running.

Tue, 18 Apr 2017 16:00:00 +0000

DFSP # 061 - Firefox Forensics

This week I talk Firefox forensics and identify the artifacts examiners need to know about.

Tue, 11 Apr 2017 13:30:00 +0000

DFSP # 060 - Browsing on the Edge

This week Im talking about the Windows browser some are still surprised to learn about, MS Edge. Windows 10 comes with two browsers and in this weeks podcast Im going to go over one of them, MS Edge, and what computer forensic examiners need to know about it.

Tue, 04 Apr 2017 13:30:00 +0000

DFSP # 059 - Thumbcache Forensics

This weekI talk aboutsurviving Windows Thumbcache forensics. A great source of evidence for File Use & Knowledge investigations.

Tue, 28 Mar 2017 13:30:00 +0000

DFSP # 058 - Linux FU&K Artifacts

This weekI talkLinux forensics and breakdown some useful artifacts that may generate leads forinvestigations.

Tue, 21 Mar 2017 13:30:00 +0000

DFSP # 057 - Webmail Collections

This weekI talk about a methodology to collect webmail using freely available tools as well as the things you must consider before you do so.

Tue, 14 Mar 2017 13:30:00 +0000

DFSP # 056 - Surviving Solid State Drives

This weekIgo over my survival tips for imaging solid state drives (SSDs).

Tue, 07 Mar 2017 14:30:00 +0000

DFSP # 055 - Automated Host Intelligence

This weekItalk about threat intelligence tool Hostintel by Keith Jones.

Tue, 28 Feb 2017 14:30:00 +0000

DFSP # 054 - Surviving the Conference Season

This weekIshare some thoughts on how to approach DFIR conferences to maximize the experience. There are many to choose from and having an analytical approach may get you exactly what you want for your time and money.

Tue, 21 Feb 2017 14:30:00 +0000

DFSP # 053 - Top FU&K Plugins

This weekI talk aboutmy favorite Volatility plugins for File Use & Knowledge investigations to get at the volatile evidence most often targeted during a dead box exam.

Tue, 14 Feb 2017 14:30:00 +0000

DFSP # 052 - Free Your Mind

This weekI talk about FreeMind, a freely available visualization tool that can be used to enhance the computer forensic investigation process.

Tue, 07 Feb 2017 14:30:00 +0000

DFSP # 051 - Analyzing PE Signatures

This weekI talkabout an openly available library and tool repository all examiners should be aware of as well as a tool by Didier Stevens called "AnalyzePESig" which is perfect for bulk analysis of executables on Windows systems.

Tue, 31 Jan 2017 14:30:00 +0000

DFSP # 050 - Virtual Machine Forensics

This weekI talk File Use & Knowledge investigations involving virtual machines. This is mainly from a dead-box exam point-of-view.

Tue, 24 Jan 2017 14:30:00 +0000

DFSP # 049 - Get your SRUM on!

This week I talk aboutSRUM, a windows artifact with some significant forensic value for both File Use & Knowledge investigations as well as Incident Response.

Tue, 17 Jan 2017 14:30:00 +0000

DFSP # 048 - Evidence Integrity On-Scene

This weekI talkabout considerations for digital evidence integrity when collection evidence on-scene from a live system.

Tue, 10 Jan 2017 14:30:00 +0000

DFSP # 047 - Epoch Time Survival

This week I talk about surviving mobile App timestamps.

Tue, 03 Jan 2017 14:30:00 +0000

DFSP # 046 - DFIR New Year

This weekIshare my thoughts on setting DFIR goals for the coming year. I go over seven pointsworth focusing on for professional development.

Tue, 27 Dec 2016 14:30:00 +0000

DFSP # 045 - RUN DMA

This weekI talk DMA (direct memory access) exploits as a technique to bypass passwords of a live system to conduct imaging - with legal authority of course.

Tue, 20 Dec 2016 14:30:00 +0000

DFSP # 044 - Automated File Intelligence

This weekItalk about a useful automated file intelligence resource for dead box exam as well as IR investigations.

Tue, 13 Dec 2016 14:30:00 +0000

DFSP # 043 - Imaging a Mac: Survival Tips

This week I go over survival tips for imaging a Mac.

Tue, 06 Dec 2016 14:30:00 +0000

DFSP # 042 - Windows 10 Prefetch

This weekIabout the format change for Windows 10 Prefetch files as well as a freely available tool to decompress and present .pf file data.

Tue, 29 Nov 2016 14:30:00 +0000

DFSP # 041 - Trash Talkin'

This weekI'm talking .Trash. I cover the forensic basics of this Mac artifact that examiners need to know.

Tue, 22 Nov 2016 14:30:00 +0000

DFSP # 040 - Mac Log Files

This weekI talk about Mac Log files that are useful for File Use & Knowledge investigations as well as Incident Response.

Tue, 15 Nov 2016 14:30:00 +0000

DFSP # 039 - Apache Weblogs & SDF Announcement

This weekI talk about Apache weblogs and a great resource for foundational knowledge at aid newer examiners with forensic analysis. In addition, big news for the SDF series!

Tue, 08 Nov 2016 14:30:00 +0000

DFSP # 038 - Finder Sidebar Forensics

This weekit's back to Mac forensics with a look at the the Finder Sidebar and it's value for File Use & Knowledge investigations.

Tue, 01 Nov 2016 13:30:00 +0000

DFSP # 037 - The DFIRONOMICON

This weekIpull back the focus for newer examiners andshare some thoughts on creating a system that works for you to organize, and keep readily accessible, all the knowledge you accumulate..... and a few words about Shimcache on Windows 10.

Tue, 25 Oct 2016 13:30:00 +0000

DFSP # 036 - iCloud Forensic Evidence

This week I breakdown iCloud forensic artifacts.

Tue, 18 Oct 2016 13:30:00 +0000

DFSP # 035 - "Recent" File Listings on a Mac

This weekI talkaboutwhere to find different listing of different recently accessed files on a Mac as well as how to break out the data for interpretation.

Tue, 11 Oct 2016 13:30:00 +0000

DFSP # 034 - Forensic tools for your Mac

This week I go over some of myfavorite Mac tools.

Tue, 04 Oct 2016 13:30:00 +0000

DFSP # 033 - PLISTS for Mac Triage

This weekI talkaboutsome common PLISTS to check as part of an initial system triage.

Tue, 27 Sep 2016 13:30:00 +0000

DFSP # 032 - Mac Formats, Libraries & Keychains

This weekI talkabout common Mac file formats, Libraries and Keychains.

Tue, 20 Sep 2016 13:30:00 +0000

DFSP # 031 - Mac User Home Folder

This weekI talkaboutMac Home Folders to give Mac Examiners an idea of how it is structured and where to look for certain artifacts.

Tue, 13 Sep 2016 13:30:00 +0000

DFSP # 030 - OS X Spotlight

This weekI talkabout OS X's Spotlight feature, a powerful indexing and search engine built into your Mac that may be harnessed for computer forensic purposes.

Tue, 06 Sep 2016 13:30:00 +0000

DFSP # 029 - Mac Cooties?!

This weekI talk Apple double files and what to make of them during a forensic exam.

Tue, 30 Aug 2016 13:30:00 +0000

DFSP # 028 - Microcast

This week I am taking a breather and doing some planning for future topics. If you have a topic you would like to see covered mention it in the show notes. Full episodes will return the first week of September.

Tue, 23 Aug 2016 13:30:00 +0000

DFSP # 027 Mac as a forensic platform

This week I go over some of my top reasons why Macs should be considered as a computer forensic platform.

Tue, 16 Aug 2016 13:30:00 +0000

DFSP # 026 - File Juicer

File Juicer is an easy to use data carving tool that runs on OS X. Take most any file, drop it on File Juicer, and watch it spin out embedded image, movie, document files and text. Perfect for on-scene triage, lab work and exploring new file types.

Tue, 09 Aug 2016 13:30:00 +0000

DFSP # 025 - RAM Extraction Tools - Part 2

This is part twoofRAM extraction tools. Part 1 looked at why RAM extraction is an important part of forensic analysis. In Part 2 the results ofa benchmark experiment withfour different RAM Extraction tools is discussed: DumpIt, Belkasoft's RAM Capturer, Magnet RAM Capture and the RAM extraction feature in FTK Imager.

Tue, 02 Aug 2016 13:30:00 +0000

DFSP # 024 - RAM Extraction Tools - Part 1

This episode is a two-parter looking at RAM extraction tools. Part 1 will take a look at why RAM extraction is an important part of forensic analysis. Part 2 will go over an experiment I did with four different tools: DumpIt, Belkasoft's RAM Capturer, Magnet RAM Capture and the RAM extraction feature in FTK Imager.

Mon, 25 Jul 2016 13:30:00 +0000

DFSP # 023 - Battle Royale: FTK vs EnCase vs WinHEX

This week I take a look at three popular computer forensic suites: FTK, Encase and WinHex. I offer my opinion as to the strengths and weaknesses of each.

Tue, 19 Jul 2016 13:30:00 +0000

DFSP # 022 - DFIR Certification Planning & Considerations

If you take a look at all the different DFIR certifications that exist today you can easily get overwhelmed. There are so many to choose from it puts meaning to the saying that too many choices is no choice at all. In this episode I take a look at digital forensic certifications from two different vantage points to provide a little guidance to those that may be trying to advance themselves through a certification or two.

Tue, 12 Jul 2016 13:30:00 +0000

DFSP # 021 - The Honeynet Project

For those looking to get some real world hands-on experience in DFIR to build up or expand your skill set, check outhoneynet.org. The non-profit offers information and challenges to help sharpen your skills.

Tue, 05 Jul 2016 13:30:00 +0000

DFSP # 020 - Amcache Forensics - Find Evidence of App Execution

This week I talk about Amcache Forensics, a Windows artifact that collects details about programs that have been run on a given system. This evidence can support malware/ intrusion investigations, file use and knowledge exams and data spoliations inquiries.

Tue, 28 Jun 2016 00:46:12 +0000

DFSP # 019 - Password Cracking with Hashcat

The last talk in the Open-Source password cracking series focuses on a tool that rivals the pay tools in function and capability - Hashcat.

Mon, 20 Jun 2016 13:30:00 +0000

DFSP # 018 - John the Ripper

Last episode I talked about using Cain to attack Windows LANMAN and NTLM hashes. Next we will discuss John the Ripper, Linux password files and rainbow tables.

Mon, 13 Jun 2016 13:30:00 +0000

DFSP # 017 - Cracking Passwords with Cain

In the last episode I talked about PW psychology, an important part of operationalizing any PW cracking tool effectively. Face it, the math is against you so understanding a persons probable PW patterns is important.In this episode we will talk about our first tool that can be used against a PW file. First lets go over some general features you will likely find in a PW cracking tool.

Mon, 06 Jun 2016 13:30:00 +0000

DFSP # 0016 - Password Psychology

The next mini series will focus on open source password attack tools.There are some pay options out there, however, most IR teams do not have a need for it and disk forensic teams use if infrequently. Despite this many labs want the capability so it makes sense to explore the open source options first before spending the money. My goal here is talk about these options to provide some insight and to open the series I thought I's talk about password psychology since the weakness link in any password algorithm is usually the person using it.

Tue, 31 May 2016 13:30:00 +0000

DFSP # 015 - $UsnJrnl File

The$UsnJrnl is an artifact that logs certain changes to files in NTFS volumes. It is a great source of timeline information for malware\ IR investigations, time stomping concerns and anti-forensics activities (i.e. wiping) as well as an additional source of file use and knowledge evidence for disk forensics.

Mon, 23 May 2016 13:30:00 +0000

DFSP # 014 - Shimcache

In this episode Italk Shimcache, otherwise known as the Application Compatibility Cache. This registry key has existed since Windows XP and tracks executableon a system, making it a great source of digital evidence for both disk forensics and incident response cases. In addition, there are freely available tools that will parse the data. It is not a difficult artifact to understand. Once an analyst spends the time learning how to pull, parse and interpret the data it is easily incorporated into an investigation and aligns well with other Windows artifacts.

Mon, 16 May 2016 13:30:00 +0000

DFSP # 013 - Windows 10 Artifacts

In this episode I cover something I have been intending to do for some time: a Windows 10 artifacts overview. Here, I explore some key artifacts changes and what has stayed the same. Once I got into it I found there was a lot to talk about so, to start, I will discuss the topics from a high level. In future episodes I will dig in deeper to each artifact.

Mon, 09 May 2016 13:30:00 +0000

DFSP # 012 - Just-Metadata

This episodeI talk Just-Metadata, a freely available tool that gathers data about IP addresses from publicly available resources. Check outTruncer's websiteto learn more. I put together my quick start notes (below) for anyone interested in getting set up. This tool is very powerful and useful for Incident Response investigations, especially since you can batch upload IP addresses and quickly get useful details.

Mon, 02 May 2016 13:30:00 +0000

DFSP # 011 - PALADIN

This episodeI talk about PALADIN from SUMURI.PALADIN is a modified live Linux distribution based on Ubuntu that simplifies various forensics tasks in a forensically sound manner via the PALADIN Toolbox andused by thousands of digital forensic examiners from Law Enforcement, Military, Federal, State and Corporate agencies.

Mon, 25 Apr 2016 13:30:00 +0000

DFSP # 010 - Investigation Survival Tips

This episode covers Investigation Survival Tips.... for the new guy. Newer examiners are often thrown into a world where it is there mission to find "everything." Not on that, they are usually given inadequate investigative support to accomplish their assigned goals. I have seen this happen often so I thought I would spend an episode giving some advice on how to steer the conversation to keep expectation realistic and in-check.

Mon, 18 Apr 2016 13:30:00 +0000

DFSP #009 - Linux for Computer Forensics

In this episode Icover using Linux as a forensic platform... for the new guy. I find many examiners are very Windows-centric. There is nothing wrong with that as most tools and evidence is Windows based. However, Linux comes in handy from time to time and knowing some basic commands is always helpful.

Mon, 11 Apr 2016 13:30:00 +0000

DFSP # 008 - Virtual Machines & Computer Forensics

In this episode I talk all about virtual machines; the reasons you should be using them (more), prebuilt ones that are freely available and loaded with digital forensic tools and a free virtual machine application that has the same functionality you need as the pay tools.

Mon, 04 Apr 2016 13:30:00 +0000

DFSP #007 - File Use & Knowledge Wrap Up

In this episode we wrap up the File Use & Knowledge artifacts discussed previously and talk about how they connect to help strengthen a case.

Mon, 28 Mar 2016 13:30:00 +0000

DFSP #006 - Resolving Attached USBs

Have you ever been asked to find out what the "F" drive is? Have you ever needed to prove a USB drive was attached to a target system? Collecting and presenting this information is a core skill all computer forensic analysts need know. This episode breaksdown the process of collecting and interpreting the data necessary to make the connection between USB device and Windows systems.

Mon, 21 Mar 2016 13:30:00 +0000

DFSP #003 - What the Shellbag!

In this episode we examine how to use Windows Shellbag records to help prove file use and knowledge. Shellbag records are created by certain user activity and can be used to show where a user has navigated to on a computer system and when they did so. Very powerful evidence!

Mon, 14 Mar 2016 13:30:00 +0000

DFSP #004 - Windows Prefetch

Windows Prefetch data is a great source of evidence to help determine file use and knowledge of applications running on the system.

Wed, 17 Feb 2016 01:36:03 +0000

DFSP #003 - Windows Explorer Evidence

Oftentimes you will be asked to find information on a target system that shows if a user accessed certain files, the last time they did and/ or how often they did. Being able to put a picture together that answers these questions can be critical and make or break the case.

Mon, 15 Feb 2016 20:28:48 +0000

DFSP #002 - Windows Link Files

Windows LINK files are a great source of information when your aim is proving file use and knowledge during a computer forensic investigation. Knowing how to interpret these files will break reliance on automated tools and give you the versatility to quickly examine - interpret - and gain investigative insight.

Sun, 14 Feb 2016 16:58:29 +0000

DFSP #001: Premiere Episode

Listen totalkabout computer forensic analysis, techniques, methodology, tool reviews and more.

Down the Security Rabbithole Podcast

Tue, 19 Sep 2023 00:00:00 -0400

DtSR Episode 569 - Keeping Secrets a Secret

TL;DR:
This week's show features Oded Hareven, Co-Founder & CEO at Akeyless, and we cover some topics that are important, but brand new to us. Oded started a secrets management company and addressed some of the challenges and new technology with us.
First, we discuss the "secret zero" problem (the one I worry about quite often), then zero-knowledge secrets management, and finally, this thing called "distributed fragmented crypto" (which is a bit mind-blowing honestly). I think you'll enjoy this podcast, as it's a little more technical than most, and something you may not hear elsewhere.

YouTube Video:https://youtube.com/live/uNtoFbFrTjo

Guest:

Oded Hareven
- LinkedIn: https://www.linkedin.com/in/odedhareven/
- Akeyless website: https://akeyless.io

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 12 Sep 2023 00:00:00 -0400

DtSR Episode 568 - Breaches Cyber Insurance White Castle and the SEC

TL;DR:
This week we are starting a quarterly segment with Sean Scranton and Shawn Tuma - that's right folks, you'll get our favorite breach coach aka "The oh-shit moment guy" and one of the most knowledgeable cyber insurance people together on the podcast four times a year (at least).
So what did we cover on this show? Oye - looks like White Castle (yeah, my favorite of all time burger place from back in Illinois!) is in hot water, the SEC is ... well, being the SEC, and there's a bunch of stuff to catch up on in the insurance industry.

Buckle up!

YouTube Video:https://youtube.com/live/VduC2baCtoA

Guests

Shawn Tuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/
Sean Scranton:
- LinkedIn: https://www.linkedin.com/in/sean-scranton-2b24948/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 05 Sep 2023 00:00:00 -0400

DtSR Episode 567 - SMBs The Forgotten CyberSecurity Voices

TL;DR:
I'm so excited to announce this podcast. This week the one and only Dominic Vogel joins me on the show to talk about SMBs - you know, those building blocks of the economy that most vendors pretend don't exist because it doesn't make them big $$$. And it's a whopper of a conversation with insights, ideas, and conversation that is looking to change things for the better. Hell, at least raise the awareness (wilful?) of the problems SMBs face.

YouTube Video Stream: https://youtube.com/live/6IyGJHcMv7I

Guest:

Dominic Vogel
- LinkedIn: https://www.linkedin.com/in/domvogel/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 29 Aug 2023 00:00:00 -0400

DtSR Episode 566 - Kellman's Irreverent Cloud Security Take

TL;DR:
Kellman's been one of the guests I've been chasing for years but he's always been too busy or too tied up in corporate requirements to be on the podcast - but now he's available and here we are. Kellman's got a lot of years behind him slinging network security gear, so it's a bit of a surprise to some that he has pivoted hard into cloud concepts and has some harsh truths for people who still think of old security paradigms when it comes to new technologies like, ahem, the cloud.
Join us, this is a really fun episode!

YouTube video: https://youtube.com/live/DuzbIsxxdxM

Guest

Kellman Meghu
- LinkedIn: https://www.linkedin.com/in/kellman/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 22 Aug 2023 10:00:00 -0400

DtSR Episode 565 - All Tiller, No Filler

TL;DR:
This week's episode is packed with content, as the one and only Jim Tiller joins James and me for a podcast that ...well ...does a fair bit of analysis of Black Hat, the industry, and several other things that are probably top of mind for you as well. Let's not spoil it for you - give it a listen (and watch the video, it's good)

YouTube Video: https://youtube.com/live/se5M5vq5bcI

Guest

Jim Tiller
- LinkedIn: https://www.linkedin.com/in/jimtillersecurity/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 15 Aug 2023 00:00:00 -0400

DtSR Episode 564 - What Happens at Black Hat 23

TL;DR:
On this episode of post-Black Hat 2023, my buddy Will Gragido joins me to talk about what we saw, what we learned, and what shenanigans transpired. We're focused on marketing and booths - how do vendors differentiate, what do conferencegoers take away, and what makes your booth or offering unique? What about AI?
Yeah, we talk about all of that.

YouTube Video: https://youtube.com/live/cWwKA-2XsQU

Guest

Will Gragido
- LinkedIn: https://www.linkedin.com/in/gragido/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 08 Aug 2023 00:00:00 -0400

DtSR Episode 563 - AI Washing Black Hat 2023 Pre-Gaming

TL;DR
This week is Black Hat 2023, or "Hacker Summer Camp" if you prefer. That means that the hype machine will be working overtime, times 10, so here's an episode made to throw some cold water on the madness, and poke a little fun before things go entirely sideways.

I hope you enjoy this show, and as always, I welcome your comments on LinkedIn!

Guest

Karim Hijazi
- LinkedIn: https://www.linkedin.com/in/karimhijazi/
Damian Profancik
- LinkedIn: https://www.linkedin.com/in/damianprofancik/

YouTube Video: https://youtube.com/live/CcoPUTSjPdI- honestly, my new favorite part of this podcast. I love the video we release...solid gold.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 01 Aug 2023 00:00:00 -0400

DtSR Episode 562 - Is There Even a BYOD Debate Anymore?

TL;DR:
I crashed a party on Security Uncorked and the crew that was having the discussion was kind enough to indulge me and my "bombs" (questions, really) - so I decided to have JJ and Josh on DtSR, and James and I continued the debate and conversation.
This was so much more fun than it should have been, but the result is something I think we can be happy with - a healthy debate, some conclusions reached, and a lot of "it depends".
Take a listen and make up your own mind.

Security Uncorked episode that started it all: https://www.linkedin.com/events/byod-makeitorbreakit-securityun7087427632488722432/comments/

YouTube video: https://youtube.com/live/3zeyKpwuneU

Guests

Jennifer ("JJ") Minella
- LinkedIn: https://www.linkedin.com/in/jenniferminella/
Josh Marpet
- LinkedIn: https://www.linkedin.com/in/joshuaviktor/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 25 Jul 2023 00:00:00 -0400

DtSR Episode 561 - Telling Generative AI Your Corporate Secrets

TL;DR:
This week my old buddies Jason Clark and James Robinson join James and me to talk about "AI" and the realm of possibilities (and risks) that it is.
We discuss Artificial Intelligence (AI) as a generational leap in technology - but also the risks it poses for corporations (and real-life, real people too).

Listen to the pod in your ears, and watch the video - trust me, you'll laugh along.

YouTube Livestream (replay): https://youtube.com/live/HyxhBVdTdB8

Guests

Jason Clark
- LinkedIn: https://www.linkedin.com/in/jasonclarkfl/
James Robinson
- LinkedIn: https://www.linkedin.com/in/0xjames/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 18 Jul 2023 10:00:00 -0400

DtSR Episode 560 - AppSec Philosophers

TL;DR:
This week's episode is a come-back episode from the appearance I did on Dan Kuykendall's "Dan on Dev" podcast a couple of days ago. We started such a fun conversation, we just couldn't let it end there. We go through some interesting (in my opinion) history of the AppSec space, Dan does a little "back in my day" stuff, and I get all "Get off my lawn".
You'll enjoy the episode if for no other reason than the nostalgia...oh sweet nostalgia.

Go subscribe to Dan's channel on YouTube, he's an old-timer like me, and he always good great insights.

Dan-on-Dev Episode you should catch first (for context and stuff): https://www.youtube.com/watch?v=PJ3X6YiHw5E

YouTube Video Stream: https://youtube.com/live/P2o-SAGQMkU

Guest

Dan Kuykendall
- LinkedIn: https://www.linkedin.com/in/dankuykendall/
- Dan on Dev Podcast: https://www.youtube.com/@DanOnDev

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 11 Jul 2023 00:00:00 -0400

DtSR Episode 559 - The Law of Diminishing Returns Ride Again

TL;DR
You've got a slightly different episode this week - it's just James and I on the mic to talk through one of my favorite topics. But first! ... we have to talk about "Threads" and the social media "too much" that's happening. Then we talk about the Law of Diminishing Returns in cyber security -from budget to effort - "How much is good enough?"

YouTube Link:https://youtube.com/live/eA6ugisBZb4

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 04 Jul 2023 12:00:00 -0400

DtSR Episode 558 - The Problems Of Massive Scale

Tl;DR:
** Happy Birthday America! **

This week the podcast is celebrating America's birthday by releasing an episode that is a conversation with one of my favorite Canadians. Mark Nunnikhoven is one ofthe foremost cloud and large scale security professionals, and if anyone in security understands how to explain some of the stresses and strains of security at massive scale it's Mark. We talk about what he's working on, and how we as an industry can start addressing security problems at massive scale.

YouTube Video: https://youtube.com/live/KIm5m8cAM0Q

Guest

Mark Nunnikhoven
- LinkedIn: https://www.linkedin.com/in/marknca/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 26 Jun 2023 18:00:00 -0400

DtSR Episode 557 - Changing Culture and Not Getting Fired

TL;DR:
On this week's episode we have an expert in leadership with experience in the Federal/Military sector as well as the civilian side. Bo talks about how culture can be changed, ways to approach your constituents, and which styles of information dissemination work best in organizations both large and small.
If you're thinking about how to getyour team more "security aware" and more bought in - this is an episode you must hear.

Guest:

Bo Birdwell
- LinkedIn: https://www.linkedin.com/in/bobirdwell/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 20 Jun 2023 11:00:00 -0400

DtSR Episode 556 - Will Regulation Price Out the Competition

TL;DR:
On this software security and regulation-focused episode of the podcast, the OG of AppSec (Jeff Williams) joins James & I to talk about the latest spate of regulations that require self-attested transparency about what companies are doing with respect to securing their software via supply chain and direct action.
Jeff contends this is a good thing and it's hard to argue that transparency drives good - however - I'm always curious what this does to those who struggle toafford to do better, which is what the vast majority of vendors to FedGov are.
Interesting discussion, join us!

YouTube Video: https://youtube.com/live/iavtEVADp4g

Guest

Jeff Williams
- LinkedIn: https://www.linkedin.com/in/planetlevel/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 13 Jun 2023 00:00:00 -0400

DtSR Episode 555 - Why Can't We Figure Out the Developer Security Relationship

TL;DR:
On this 555th episode, James Wickett joins James and me on an interesting discussion on AppSec, developer relationships, and why we just can't seem to make it work. Or maybe we're making it work but not giving ourselves credit? Listen in to this conversation and find out. This one will hook you in, as James, James, and I have a slightly depressing conversation that I think ends in something to be hopeful about.

YouTube video stream replay: https://youtube.com/live/UIXtZy61CKU

Guest:

James Wickett
- LinkedIn: https://www.linkedin.com/in/wickett/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 06 Jun 2023 00:00:00 -0400

DtSR Episode 554 - This is Why AppSec Can't Have Nice Things

TL;DR
This week's episode goes down the AppSec rabbit hole with Francesco Cipollone (call him "Frank") as we discuss some of the ins and outs of the modern software security challenge. We're all over the place on topics, but the message, in the end, is sane.

YouTube video replay: https://youtube.com/live/tJ6pvV3f0uA

Guest:

Francesco Cipollone
- LinkedIn: https://www.linkedin.com/in/fracipo/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 31 May 2023 10:00:00 -0400

DtSR Episode 553 - Leadership Series - Selling Cyber Security

TL;DR:
In case you missed the epic LinkedIn Live livestream, here's the podcast version of the conversation with Chris Scanlan (President and Chief Commercial Officer at ExtraHop). James and I talk to Chris about his career, how he picks his next job, his team, and his thoughts on high-performance organizations. Sales is a topic many of our competitive podcasts in this space don't cover much - but I think it's worth the conversation to understand the seller-buyer relationship better because it's SO necessary to your work lives. Besides, Chris is a fantastic interview... enjoy it!

LinkedIn Live replay: https://www.linkedin.com/events/dtsrepisode553-sellingcybersecu7062465900553146368/about/

Guest:

Chris Scanlan
- LinkedIn: https://www.linkedin.com/in/cscanlan/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 23 May 2023 00:00:00 -0400

DtSR Episode 552 - VPN And Other Dinosaur Tales

TL;DR:
On this week's episode of Down the Security Rabbithole Podcast - Steve Riley visits to talk tall tales of VPN and other connectivity of yore, what it's evolving to, and why it's a generational leap.
The conversation with Steve is always a good one, and catch Steve here before you catch him on the Cloud Security Podcast (beat you to it guys!)

Guest

Steve Riley
- LinkedIn: https://www.linkedin.com/in/steverileysea/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 16 May 2023 00:00:00 -0400

DtSR Episode 551 - Patching Prioritizing and Punting

TL;DR:
On this week's show, Grant joins us to discuss an episode that draws inspiration from a LinkedIn discussion with Patrick Garrity [original post] (whom could not make our recording, sorry Patrick). The gist of it is this - patching is hard, there are now 925 KEVs (known exploited vulnerabilities) on CISAs list, and that's a truck-ton. The discussion threads the needle between whether prioritization matters at that scale, alternatives, and some reasons to give up hope altogether.
Buckle up, this one's a rough one to be a passenger on.

Join (or start?) the discussion on the podcast's LinkedIn Page, here.

Video stream replay here: https://youtube.com/live/0L2aKUqjmQE

Guest

Grant Sewell
- LinkedIn: https://www.linkedin.com/in/grantsewell/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 09 May 2023 10:00:00 -0400

DtSR Episode 550 - Lift Shift and Fail to the Cloud

TL;DR:
On this week's episode, the one and only Jeff Collins joins Rafal & James to talk about the shift to the cloud and what's gone wrong in the years since the collective "we" announced that the cloud was the answer. Feels like a decade has passed, and I think it has, since the start and we're observing increased complexity and varying degrees of security increase/decrease. What's next? Where are we right now? And what does it mean for security?
Tune in, find out.

YouTube video stream: https://youtube.com/live/Vdx73wpKzGA

Guest:

Jeff Collins
- LinkedIn: https://www.linkedin.com/in/jmcollins/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 02 May 2023 19:00:00 -0400

DtSR Episode 549 - Wheres The Beef From RSAC 2023

TL;DR:
This episode is a bit of a rant, a bit of an analysis, and an interview with returning podcast guest Ray Canzanese, Jr. from RSA Conference 2023. Yep, I went so you didn't have to... so in this show you'll get a few impressions, and maybe you'll agree or disagree on the themes and things we're seeing.
Maybe you'll even be compelled to write something up or leave a comment back?

Guest

Ray Canzanese, Jr (Cloud Threat Research, @ Netskope)
- LinkedIn: https://www.linkedin.com/in/raymond-canzanese-jr-178a846/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 25 Apr 2023 00:00:00 -0400

DtSR Episode 548 - What's HR Got to Do With It

TL;DR:
Cyber Security seems to always be a technical topic. This week, we're taking it down a different lane as we discuss HR (right, Human Resources, remember those folks?) with Tom Venables. Tom's got seat time in the space, consulting with HR partners for various clients so he knows a thing or two about the processes and where they break down.
Listen in, and then go take a look at your own processes. Maybe you've learned something?

Guest

Tom Venables
- LinkedIn: https://www.linkedin.com/in/tom-venables-1346592/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 18 Apr 2023 12:00:00 -0400

DtSR Episode 547 - Don't Believe All the Cyber Hype

TL;DR:
This week on the podcast we have Nathan Hamiel, Senior Director of Research at Kudelski Security on the podcast to talk about HYPE. It's a conversation rooted in skepticism, but also optimism in a strange mix that only Nathan can bring from his extensive experience and well-thought-out talking points.

YouTube Recorded LiveStream: https://youtube.com/live/ayPrWr-VWv0

Guest

Nathan Hamiel
- LinkedIn: https://www.linkedin.com/in/nathanhamiel/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 11 Apr 2023 00:00:00 -0400

DtSR Episode 546 - Rethinking SecOps Tooling Strategy

TL;DR:
Mark Simos of Microsoft joins Rafal & James this week to talk about why the 'tools-centric' security operations (SecOps) approach is failing us, and what an 'outcome centric' approach means and more importantly, how we get there. We discuss "vision versus execution", the history of "how we got here" and answer some questions we didn't know we had in the process. Mark's a wealth-spring of information on the topic, and his experience and time with the Open Group is huge for the work he's doing now to make tomorrow better for you all. Check out the podcast, and let us know what you think!

Article Link (the one we discuss)

https://www.linkedin.com/pulse/secops-tools-strategy-2023-part-1-mark-simos/

Guest

Mark Simos
- https://www.linkedin.com/in/marksimos/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 04 Apr 2023 00:00:00 -0400

DtSR Episode 545 - Security Products Are Too Complex

TL;DR:
This week's guest is Will Gragido, who has some significant experience developing security products. Will and I (Rafal) have a sit-down for a conversation about security products, their complexity then, now, and in the future. Point solutions, platforms, and portfolios - we discuss all the options you're faced with as a buyer - and attempt to suggest some solutions to the madness.

Guest

Will Gragido
- LinkedIn: https://www.linkedin.com/in/gragido/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 28 Mar 2023 11:00:00 -0400

DtSR Episode 544 - CrowdStrike Global Threat Report March 2023

TL;DR:
This week on the podcast, my buddy Adam Meyers graciously joins the show from his "undisclosed location" deep under the Meyers compound to break apart the latest threat report. I'm sure you've read it, but if you haven't you can get it at the link below. On this show, Adam and Rafal talk about what's in the report, what's not in the report, and the delta which brings up some interesting things in the evolution of threat actors and "bad guys".
It's a podcast you don't want to miss because it feels like it's both a bellwether of what you'll be experiencing in your environments shortly, if you aren't already.

Check out the show on our new podcast distribution site (BuzzSprout) and update your RSS feeds if you haven't already. Go check out the video (link below), and don't forget to catch it on LinkedIn, and Twitter!

CrowdStrike Report: https://www.crowdstrike.com/global-threat-report/
YouTube Video Replay: https://youtube.com/live/HN9Qg42HCks?feature=share

Guest

Adam Meyers
- LinkedIn: https://www.linkedin.com/in/adam-meyers-7a58481/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 21 Mar 2023 00:00:00 -0400

DtSR Episode 543 - National Cyber Security Policy Daydreams (2023)

TL;DR
This week, on the podcast, Rafal and James host Brian Chidester and Jordan Burris to talk about the latest National Cyber Security Strategy from the Biden White House. It's an interesting piece of national policy that outlines our cyber security priorities as a nation - and you'll have to forgive me for calling it "aspirational".
The four of us discuss the likelyhood of this strategy ever being fully implemented, which pieces are most likely to work and which ones will struggle, and ultimately what will be the result here.
This is an important document - and if you're a defender or serious about cyber security at a national level - you should listen in.

YouTube video replay: https://youtube.com/live/O8lePu4ings?feature=share

Links:

White house release: https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/

Guests:

Brian Chidester
- Linked: https://www.linkedin.com/in/abchidester/
Jordan Burris
- LinkedIn: https://www.linkedin.com/in/jordan-burris-60588a70/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 14 Mar 2023 00:00:00 -0400

DtSR Episode 542 - Distilling 20 Years of CISO Wisdom

TL;DR:

On this week's episode of the podcast, James joins me to co-host a great episode with an old friend - Ray Emerly. Ray is a long-time veteran of the CISO chair, and no stranger to working at all aspects of the security leadership role. We talk through a number of important topics, ask him what's changed (and what hasn't) and of course we have a stumper at the end. Listen to the end, or you'll miss a golden nugget.

Guest

Raymond Umerly
- LinkedIn: https://www.linkedin.com/in/rumerley/

Watch the Video on our YouTube channel

https://youtube.com/live/x1trGIgZSF0

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 13 Mar 2023 21:30:00 -0400

DtSR Episode 541 - The Calculus of Cyber Insurance

** This episode is being re-published due to an issue with the RSS feed/provider **

TL;DR:

We've talked about cyber insurance a lot here on this podcast, and this episode is yet another angle on the topic. Nate Smolenski joins us to discuss his view, from the perspective of a CISO. This is a great conversation for those who are still investigating Cyber Insurance, or realizing that their policies are astronomical, or trying to right-size their security program along with insurance.

Video link: https://youtube.com/live/O0gpapA_r08?feature=share

Guest:

Nate Smolenski
- LinkedIn: https://www.linkedin.com/in/nathansmolenski/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 27 Feb 2023 19:17:02 -0500

DtSR Episode 540 - David Barton on Simplifying the Complex

** This episode is being re-published due to an issue with the RSS feed/provider **

TL;DR:

This week I brought on David Barton the CTO of HighWire Networks - who knows a few things about a few things. We discuss the complex nature of our business, where things get weird, and how we can work to make them better. We talk about complexity, specifically, and what makes this such a difficult thing for our industry where simple is the arch-enemy of secure.

Join us, and catch the video on the YouTube page (smash that subscribe button), or on LinkedIn.

Video Stream (replay):https://youtube.com/live/_rykxVh_VBw?feature=share

Guest:

David Barton
- LinkedIn: https://www.linkedin.com/in/davidbarton1/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 21 Feb 2023 12:37:00 -0500

DtSR Episode 539 - SBOM Paving the Road of Good Intent

TL;DR

It's been said that the road to hell is paved with good intentions. I feel like this applies to SBOM so much it's scary. All the good intentions in the world seemed to have led us to a place where we have tools that produce inconsistent results, tool sets that aren't necessarily integrated or mission-focused to deliver results, and a lot of confusion. Varun joins us with a boatload of entrepreneurial expertise and an eye for problem-solving so it's an interesting conversation.

Join Rafal & James in a conversation that you'll want to listen to a few times, and take notes.

Link to YouTube video

https://youtube.com/live/pZgiiRQeou0?feature=share

Guest

Varun Badhwar
- LinkedIn: https://www.linkedin.com/in/vbadhwar/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 14 Feb 2023 12:45:00 -0500

DtSR Episode 538 - What the heck is a vCISO

TL;DR:

This DtSR podcast brings back a good friend of the show, and one of the most experienced leaders I know - Mr. Jim Tiller. We talk about an interesting topic - the "virtual CISO". vCISO is interesting because as markets tighten, and it becomes more difficult tofind andafford good CISOs and security leaders in this market. So how can a company best utilize this part-time resource?

We discuss...

What are the best ways to utilize vCISO?
What questions should you be asking?
What are things to look out for?

YouTube video

https://youtube.com/live/OaYS0yEajQw?feature=share

Guest

Jim Tiller
- LinkedIn: https://www.linkedin.com/in/jimtillersecurity/
- Jim's Security Bytes newsletter: https://www.linkedin.com/newsletters/security-bytes-6943286067194187776/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 07 Feb 2023 15:53:00 -0500

DtSR Episode 537 - Sergio Talks Threat Intelligence

TL;DR:

I'm extremely excited to present to you, dear listeners and friends, a wonderful conversation with Sergio Caltagirone, who is quite the authority on 'threat intelligence' - where others talk tools and limited knowledge, Sergio literally was there at the birth of the cyber dawn of the threat intelligence operations we know (or don't know) today.

Sergio has been at an agency, at Microsoft, at Dragos - and he knows threat intelilgence from theory to applications. Listen in, learn a bit, and laugh along as the Chinese spy baloon (that's my story and I'm sticking to it) disrupts our communications with our pal, Sergio.

Video Link(unedited, and hilarious):https://youtube.com/live/SuH4uxBiX3E

Guest

Sergio Caltagirone
- LinkedIn: https://www.linkedin.com/in/sergiocaltagirone/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 31 Jan 2023 00:00:00 -0500

DtSR Episode 536 - Incident Response Automation Dreaming

Tl;DR:

Automation. It's a precarious thing in cyber security. Whether you're thinking about SOAR, or incident investigation, or maybe SIEM (I'm sorry) - this conversation will be worth your time. Anton and Jonathan join us to talk about how "automation" has evolved over the last decade or so, and where it's largely failed. We also start to explore the future and requirements for how things can collectively improve.

We think you'll enjoy the podcast... share it and we'd love to hear from you.

Guests

Anton Goncharov
- LinkedIn: https://www.linkedin.com/in/cybernode/
Jonathan Cran
- LinkedIn: https://www.linkedin.com/in/jcran/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 24 Jan 2023 00:00:00 -0500

DtSR Episode 535 - Let's Ask AI Security Questions

TL;DR

A few days ago, my pal Kevin asked me if I had seen the LinkedIn post by Helen Patton that asked an interesting question of the podcast space... Her post made me think - why the heck not? So, I did. Thanks to Helen, whose idea this was - I hope you get a chance to watch and enjoy the outcome of your request ... we had far too much fun recording it.

Here on this episode - which I promise you is 100x better on video, we have Anton Chuvakin, Kevin Thompson, and Jeff Collins joining Rafal & James on the podcast to have a little fun and ask "ChatGPT" some questions. Anton drove the screen share, and we had a lot of fun. I have to wonder - how did some of those answers (you'll know when you see/hear them) make it on there. Holy cow... wow.

LinkedIn video replay -https://www.linkedin.com/video/event/urn:li:ugcPost:7021885147977314304/

Guests

Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
Jeff Collins
- LinkedIn: https://www.linkedin.com/in/jmcollins/
Kevin Thompson
- LinkedIn: https://www.linkedin.com/in/blackfist/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 17 Jan 2023 11:12:00 -0500

DtSR Episode 534 - The AppSec is Still a Mess

TL;DR

On this episode, we welcome Josh Grossman - who has a pretty interesting perspective on AppSec, or Software Security, or (cringe) "DevSecOps". Josh has a bit of an edge on the subject, so he fits in with myself & James perfectly. We talk about where things stand from the vendor perspective, building programs, and why it takes to make a real impact, versus continuing to push a very large boulder up a very steep hill.

Oh, hey, want to be on the show? Let us know a topic and your background and let's talk.

Guest

Josh Grossman
- LinkedIn: https://www.linkedin.com/in/joshcgrossman/
- Twitter: https://twitter.com/JoshCGrossman

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 10 Jan 2023 00:00:00 -0500

DtSR Episode 533 - Maybe 2023 Won't Suck

TL;DR

This week on 2023's first live-streamed episode (technical our first recorded in '23) our friend Larry Whiteside, Jr. joins us to talk about the prospects for 2023 and beyond. We discuss trends, make some rather sad predictions, and attempt to be hopeful about what the new year could bring us - if we don't find a way to walk ourselves off a cliff, first. It's a light discussion, that dives into some deep topics, and ultimately ends with some hope... 'ish. Join us!

Oh, hey, since some of you are looking for a new opportunity in the new year, Larry's hiring (check out his LinkedIn page).

Guest

Larry Whiteside, Jr.
- LinkedIn: https://www.linkedin.com/in/larrywhitesidejr/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 03 Jan 2023 22:45:00 -0500

DtSR Episode 532 - Its the End of 2022 As We Know It

TL;DR

Shawn Tuma, our favorite cyber legal eagle, joins Rafal & James to talk about the sorts of things we learned about 2022, in what could be confused for a year-in-review episode. We saw ransomware, big incidents, but overall ... things weren't the worst out there. If you missed our live-stream on LInkedIn (link below) you can replay that any time, or listen to this episode as a podcast. For 2023, I'm going to be tweaking some things to get us talking, sharing, and hopefully an even better experience of the podcast you already love.

LinkedIn Live-stream re-play:https://www.linkedin.com/video/event/urn:li:ugcPost:7013670254237163520/

Guest

Shawn Tuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/
- Twitter: https://twitter.com/shawnetuma/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 20 Dec 2022 10:58:00 -0500

DtSR Episode 531 - Security Guarantees, Warranties, and Insurance

Prologue

This week James and I are joined by my good friend and many-timer on the podcast Brandon Dunlap, and our mad genius and serial entrepreneur pal Paul Calatayud to talk about all of these guarantees, warranties, and insurance. It's a strange discussion but quite necessary as the industry is littered with some of these offerings by providers and various software (security) vendors. These guarantees and warranties are made to make you feel better, but rest assured lawyers wrote these and there'salways a catch. The insurance conversation, that's a little different (way different) and Paul's got some interesting things to say here. Don't miss a great episode!

Guests

Paul Calatayud
- LinkedIn: https://www.linkedin.com/in/whitehat/
Brandon Dunlap
- LinkedIn: https://www.linkedin.com/in/bsdunlap/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 13 Dec 2022 00:00:00 -0500

DtSR Episode 530 - The Bold and the Invasive

Prologue

Karim Hijazi joins Rafal & James this week on the podcast to talk about some interesting trends and developments in the world of bad actors. It's an interesting update including some things I wasn't expecting to hear about how threat actors "hit back at" incident responders and threat hunters. This is a good conversation about the current threat landscape with an eye on the Russian hackers out there, and pretty good listening for anyone who wants an added dose of situational awareness.

Links:

Sneaky Hackers Reverse Defense Mitigations When Detected - https://www.bleepingcomputer.com/news/security/sneaky-hackers-reverse-defense-mitigations-when-detected/
https://cybernews.com/editorial/russian-hacktivist-real-dangers/

Guest

Karim Hijazi
- LinkedIn: https://www.linkedin.com/in/karimhijazi/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 06 Dec 2022 00:00:00 -0500

DtSR Episode 529 - The CISOs Guide to Liability

Prologue

This is a very interesting episode... Gadi Evron joins James and me on this slightly technically difficult (the IPoCP - IP over Carrier Pigeon - was awful at times) episode to talk about the CISO role and the potential liabilities that lie within. Whether we're talking about the Joe Sullivan case (and we're not, or we try not to), or we're generalizing about employment and legal culpability - this show traverses a lot of land and it's all worth your time.

Hopefully if I did an OK job, you won't notice all the edits :)

Pre-reading

Blog post from Gadi & Team 8: https://team8.vc/rethink/cyber/cisos-guide-to-legal-risks-and-liabilities/
The CISO guide: https://lp.team8.vc/cisosguide

Guest

Gadi Evron
- LinkedIn: https://www.linkedin.com/in/gadievron/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 29 Nov 2022 00:00:00 -0500

DtSR Episode 528 - So Many Vendors, So Few Solutions

Prologue

It's always a pleasure when I can get some friends together and banter on about a topic we all find interesting. This week's topic was supposed to be released a bit later, but it couldn't wait. We hadso much fun that I thought it needed publication right now. The premise is simple - have you looked around at how many security vendors there are and just asked yourself ... "Are we solving anything, or just adding to the mess?" That's what we did on this podcast. And yeah, we'd know because we have some life experience in this industry.

Required Reading: https://www.linkedin.com/pulse/security-tools-crash-coming-mark-curphey/

Guests

Mark Curphey
- LinkedIn: https://www.linkedin.com/in/curphey/
Jim Tiller
- LinkedIn: https://www.linkedin.com/in/jitiller/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
Vikas Bhatia
- LinkedIn: https://www.linkedin.com/in/vikasbhatiauk/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 22 Nov 2022 00:00:00 -0500

DtSR Episode 527 - Fun With Machines Learning

Prologue

On this episode Rafal & James re-visit the concepts of machine learning, "artificial intelligence", and applicability to cyber security from Sven Krasser, Chief Scientist at CrowdStrike. Dr Krasser has been working on algorithms and computers analyzing massive amounts of data since the early 2000's so his analysis of today's "state of the art" and projections for the future are likely spot on. We have a little fun poking at industry buzzwords and make some real projections for where things are moving.

If you're trying to sift through the hype and asking yourself is any of the "AI + ML" hype is real, right now, listen to this podcast. Some of your questions are likely answered here.

Guest

Sven Krasser, Ph. D. - SVP & Chief Data Scientist at Crowdstrike
- LinkedIn: https://www.linkedin.com/in/svenkrasser/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 15 Nov 2022 00:00:00 -0500

DtSR Episode 526 - Downmarket SecOps Reality

Prologue

This podcast has attempted to go down-market a few times, with some success in discussing the important issues that service providers and security vendors oddly ignore. If you're not in the enterprise, you get ignored by 90%+ of the security vendor space, that's just fact, and that means that you're left to fend for yourself at the worst scale possible.

That's unfortunate, in the long run, because as all the vendors chase enterprise vendors, they at the same time lament the poor state of downmarket security. This podcast addresses something that may be able to help. A long-time colleague and friend has started a company and has a philosophy that we think y'all should hear about.

I'm going to encourage you to give ContraForce a look -- not just because they're named after one of my favorite video games of all time -- but because they are working hard to solve a fundamental problem that we have in the security space...small companies have big problems too.

Guest

Stanislav Golubchik
- LinkedIn: https://www.linkedin.com/in/stan-golubchik/
- Company LinkedIn: https://www.linkedin.com/company/contraforce/
- Company website: https://www.contraforce.com/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 08 Nov 2022 00:00:00 -0500

DtSR Episode 525 - Practical Zero Trust

Prologue

Are you sick of hearing "Zero Trust"? Do you, like us, also feel like it's a marketing buzzword, and then a cute concept that has a very difficult time in reality? Yeah, this episode is for you.

David Fairman and Jason Clark, join Rafal to talk about what is essentially continuous signals evaluation, least privilege, and default deny with segmentation. All those things we love, and haven't done right.

Guests

Jason Clark
- LinkedIn: https://www.linkedin.com/in/jasonclarkfl/
David Fairman
- LinkedIn: https://www.linkedin.com/in/dfairman/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 01 Nov 2022 00:00:00 -0400

DtSR Episode 524 - Cybersecurity Starts and Ends with Assets

Prologue

This week, we take it back to the basics, that's right, thebasics, as we talk to Huxley Barbee about the need to identify and understand the assets on your network and in your various environments. A fascinating conversation with some history, some laughs, and some honest discussion a topic that's absolutely critical to cyber security.

If you've not done so, go check out the conversation with Dell Technologies' John Scimone -- a CSO's perspective onfundamentals:https://ftwr.libsyn.com/dtsr-episode-513-cso-perspective-on-security-fundamentals which will give you some additional perspective on this issue.

Guest

Huxley Barbee
- LinkedIn: https://www.linkedin.com/in/jhbarbee/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 25 Oct 2022 00:00:00 -0400

DtSR Episode 523 - Practical SASE for the Masses

Prologue

Today's guest helps James and Rafal attempt to unravel the completely confusing space of "modern remote access". Some call it SASE, some SSE, some ZTE and some are completely mad and still use the term VPN. Who knows who's right, or why any one is preferred over the other ...except Carlos Salas from NordLayer. Listen in, and give it some thought. Maybe you'll understand this big mess a little better by the end of the episode.

Guest

Carlos Salas, Engineering Manager, NordLayer
- LinkedIn: https://www.linkedin.com/in/carlos-salas-b89480187/
- Get a special offer from NordLayer, because you're a listener of DtSR: https://nordlayer.com/dtsr

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 19 Oct 2022 16:09:00 -0400

DtSR Episode 522 - Insuring Corporate Survival

Prologue

It's been a while since we have done an episode on cyber insurance, in fact, the last episode was https://ftwr.libsyn.com/dtsr-episode-454-tpa-cyber-insurance-fact-vs-fiction back in July of 2021. So we revisit with the two experts plus a bonus guest for you.

We look at the issues from the perspective of the broker, buyer, and lawyer -- a complete picture if I do say so myself!

Story link in FastCompany: https://www.fastcompany.com/90781786/cyber-insurance-price-hikes-have-left-local-governments-reeling

LinkedIn Live video stream (on-demand): https://www.linkedin.com/video/event/urn:li:ugcPost:6980210814192402434/

Guests

Shawn Tuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/
Sean Scranton
- LinkedIn: https://www.linkedin.com/in/sean-scranton-2b24948/
Sebastian Avarvarei
- LinkedIn: https://www.linkedin.com/in/sebastianavarvarei/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 11 Oct 2022 15:17:00 -0400

DtSR Episode 521 - The Peanut Gallery Takes on XDR

Prologue

Our industry has been talking aboutXDR for a while now. Some people think it's the savior, some people think it's marketing garbage - and neither of them really understands what this "thing" named XDR is. Well, I figure we'll get some smart people on the podcast, people who live in this field and use this word a lot, and giddy up.

This episode is slightly PG-13'ish ... because Anton has a potty mouth and I don't want to edit.

Guests:

Anton Chuvakin (Google)
- LinkedIn: https://www.linkedin.com/in/chuvakin/
Jamie Moles (ExtraHop)
- LinkedIn: https://www.linkedin.com/in/jamiemoles/
Bryan Lee (CrowdStrike)
- LinkedIn: https://www.linkedin.com/in/obiwanblee/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 04 Oct 2022 00:00:00 -0400

DtSR Episode 520 - The War With Online Scammers

Prologue

We start Cyber Security Awareness Month - the 30-day window where corporate law requires you to check the box and take boring security 'awareness' training, then forget it November 1st. Not my favorite month... so what about scammers, criminals, and bad people who prey upon those who aren't covered by corporate mandated training? Join us, let's talk about it.

Guest

Michael Magrath
- LinkedIn: https://www.linkedin.com/in/michaelmagrath/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 27 Sep 2022 22:52:58 -0400

DtSR Episode 519 - Insights From an Industry Leader

Prologue

This week, Rafal takes the show on the road (literally) to Las Vegas for Fal.Con '22 -- this is CrowdStrike's premier global get-together of customers, partners, and industry experts to showcase some innovation and share ideas and insights.

I wanted to say a big thank you to CrowdStrike -- all the folks who helped make this happen and continue to support this podcast and provide access to these fantastic guests.

Thank you to Nick Lowe, Geeta Schmidt, Kapil Raina, and Bryan Lee for taking the time to share their unique insights.

Guests

Nick Lowe
- LinkedIn: https://www.linkedin.com/in/nick-lowe-cissp-7751a05b/
Geeta Schmidt
- LinkedIn: https://www.linkedin.com/in/geetaschmidt/
Kapil Raina
- LinkedIn: https://www.linkedin.com/in/kapilraina/
Bryan Lee
- LinkedIn: https://www.linkedin.com/in/obiwanblee/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 20 Sep 2022 00:00:32 -0400

DtSR Episode 518 - Go Big or Go Home

Prologue

Solving problems is a challenge not everyone is up for. The industry is littered with people and companies that bring small-time solutions to an industry begging and pleading for actual solutions. Jason Clark of Netskope, and long-time friend, joins James and Rafal to talk about the mindset and approach needed to solve BIG problems that change the game, change the landscape, and change our lives.

Guest

Jason Clark
- LinkedIn: https://www.linkedin.com/in/jasonclarkfl/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 13 Sep 2022 12:31:34 -0400

DtSR Episode 517 - Two Truths and a Lie

For those of you paying attention - DtSR is officially 11 years old.

This episode is the first episode of year (season) 12. WOW. Thank you for listening, sharing, commenting, and watching us live!

Prologue

We work in a weird industry where marketing has to make ever-more outrageous claims that product and service teams then have to attempt to live up to, but it's a way of life. Now, I'm not strictly speaking blaming product marketing people, but they do have some blame in this insane climate we find ourselves in. On this episode, two good friends - and professional snark'ists - join James and I to talk about where our industry has over-marketed, over-hyped, and simply failed to deliver ...and where it may actually be meeting expectations. It's a fun conversation, and I bet you won't see the ending coming.

Guests

Jeff Collins
- LinkedIn: https://www.linkedin.com/in/jmcollins/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
- Twitter: https://twitter.com/anton_chuvakin

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 06 Sep 2022 13:49:32 -0400

DtSR Episode 516 - Breaking Bad on EAS

Prologue

Fresh off his presentation at Defcon 2022, Ken Pyle joins Rafal to talk about the Emergency Alert System (EAS) he's been hacking since 2019 and discusses findings, challenges, and the work left to do.

It's a fascinating conversation that will leave you wondering - how do we fix this clear and present problem, and more importantly...where else should we be looking?

Guest

Ken Pyle
- LinkedIn: https://www.linkedin.com/in/ken-pyle/
- LinkedIn Stream (recorded): https://www.linkedin.com/video/event/urn:li:ugcPost:6971199601311694848/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 30 Aug 2022 00:00:07 -0400

DtSR Episode 515 - Gadi Evron Talks PostBreach and Disinformation

Prologue

This week's guest is always a great interview. Gadi Evron has been around the industry longer than it's been an officially named discipline. In this episode, he talks about post-breach standards and the apparent but not previously discussed need. He also breaks your brain with disinformation, which we only lightly touch on before realizing we need at least one more podcast to go deeper into the topic.

Join us, and share this one, it's awesome.

Guest

Gadi Evron
- LinkedIn: https://www.linkedin.com/in/gadievron/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 23 Aug 2022 00:00:31 -0400

DtSR Episode 514 - Adam Explains Everything

Prologue

We've covered "threat intelligence" on the show a few times now, but the evolving nature of what threat data is, how it's useful, and how it enables defenders of a specific type identify malicious activity keep it interesting. This time around Adam Meyers of CrowdStrike joins Rafal to discuss threat intelligence, threat hunting, and clarifies some of the mis-conceptions and utilities around the topic. A good conversation for those defending their infrastructure and useful data points from someone who is a recognized expert. Adam joins us from his bunker, with all the elements you'd expect from Adam, so it's definitely worth your time to listen closely.

Check out Fal.Con, where you can catch the cutting-edge on CrowdStrike kit, industry knowledge, and hear some great industry speakers. Rafal will be there speaking on the topic of operationalizing and making the SOC more effective and efficient at small scale, check it out (link below).

Guest

Adam Meyers
- LinkedIn: https://www.linkedin.com/in/adam-meyers-7a58481/
- CrowdStrike: https://www.crowdstrike.com
- Fal.Con: https://www.crowdstrike.com/events/fal-con/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 16 Aug 2022 15:27:05 -0400

DtSR Episode 513 - CSO Perspective on Security Fundamentals

Prologue

"Just do the basics!"

"Remember the security fundamentals."

...sick of hearing those catch phrases without anything to actually get it DONE? Yeah, us too. This week we're joined by John Scimone of Dell Technologies to talk about his take on fundamentals both security and IT. His approach is notunique, per se, but it's one that works and it's repeatable. More importantly, he's willing to share his expertise and what he's done to be successful in raising the bar to his level of "good enough" -- so unless you've gotten where YOU want to be in those security fundamentals, it's time to listen to John's podcast and take notes. Take lots of notes.

By the way, if you want the video on LinkedIn Live where you can post questions too, click here: https://www.linkedin.com/video/event/urn:li:ugcPost:6953043382164209664/

Guest

John Scimone - President, Chief Security Officer at Dell Technologies
- LinkedIn: https://www.linkedin.com/in/john-scimone-0b2041a1/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 09 Aug 2022 00:00:48 -0400

DtSR Episode 512 - Why is Enterprise Security Program Maturity so Tough?

Prologue

This week, long-time friend and well-known industry personality, Jessica Hebenstreit joins Rafal to talk about her journey in consulting to very large security programs and why maturity is elusive in many of those programs. As it turns out, maturity is influenced by many factors but highly dependent on actually solving problems and being able to show progress. This is an interesting conversation for anyone who wants to understand what's inside the head of a former practitioner who has ventured into the field to help others solve large-scale, complex, problems.

Guest

Jessica Hebenstreit
- LinkedIn: https://www.linkedin.com/in/jessicahebenstreit/
- LinkedIn Live stream: (video!) https://www.linkedin.com/video/event/urn:li:ugcPost:6960010458405756928/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 02 Aug 2022 10:03:23 -0400

DtSR Episode 511 - Managing Technical Teams

Prologue

This week on the podcast, the one and only Tom Eston joins Rafal & James to talk about managing teams. Tom is a well-known personality who runs the "Shared Security Show" podcast -- which has been running even longer than we have, give them a listen if you don't already.

Tom talks about the difficulties of managing, coping with various types of personalities, and helping employees thrive while finding the right balance between in-office and remote. Great show if you're in a leadership position, or hoping to be, managing technical teams.

Guest

Tom Eston
- https://www.linkedin.com/in/tomeston/
The Shared Security Show
- https://sharedsecurity.net/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 26 Jul 2022 00:00:53 -0400

DtSR Episode 510 - The Big Services Discussion - Part 1

Prologue

It's always a pleasure to have someone on the show who is an expert in their trade, someone who has experience, expertise, and depth of understanding like few others. In this case, James and I host Jim tiller - one of the people I consider a mentor and long-time friend, who is all of those things and more.

Jim is a quintessential expert on cybersecurity services - and in this discussion we push some of the buttons that really get him talking, passionate, and dispensing wisdom. I hope you brought a notepad, because you'll want to be taking notes.

This episode is for those out there who work in, or manage, services organizations. Truckloads of information here...

Guest

Jim Tiller
- https://www.linkedin.com/in/jitiller/
- Subscribe to Security Bytes: https://www.linkedin.com/newsletters/security-bytes-6943286067194187776/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 19 Jul 2022 10:25:46 -0400

DtSR Episode 509 - The Shift Left Debate

Prologue

James has been talking about "shift left" for a while so when Jeff Williams posted interesting research on LinkedIn - we jumped on an opportunity to have him on the show to talk about the subject. Let's face it, everyone is shifting left, and most of this is just marketing nonsense, but some of it is actually an attempt to push security "earlier" into the cycles - but is that good? Does it even make sense?

Jeff kills one of my favorite, go-to, security myths about software security...and a fun discussion ensues. Join us, and maybe add to the conversation!

Guest

Jeff Williams
- LinkedIn: https://www.linkedin.com/in/planetlevel/
- The post that started the discussion: https://www.linkedin.com/feed/update/urn:li:activity:6948662117398962177?updateEntityUrn=urn%3Ali%3Afs_feedUpdate%3A%28V2%2Curn%3Ali%3Aactivity%3A6948662117398962177%29

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 12 Jul 2022 10:29:17 -0400

DtSR Episode 508 - DNS Under Siege, So What?

Prologue

DNS is a big topic, and you may be asking yourself why. Well, as we noted in a recent show ( https://ftwr.libsyn.com/dtsr-episode-504-dns-turns-40 ) DNS is officially middle-aged. And with that middle-age comes some more problems. These issues have caused a situation where it's increasingly evident that DNS needs to evolve, mature, or simply revise (2.0?) itself ... but into what? And why? Listen to Ken Carnesi from DNSFilter who joins James & Rafal to talk about the challenges and the future, and why it's still such a sh*tshow today.

Guest

Ken Carnesi
- LinkedIn: https://www.linkedin.com/in/kencarnesi/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 05 Jul 2022 12:13:27 -0400

DtSR Episode 507 - Beyond NDR: Of Badguys and Bottlenecks

Prologue

Let's start with NDR - Network Detection and Response - because it's not new, but the discussions lately have been very interesting. Is it still relevant? Does it have a place in today's hybrid and cloud world? Well, in this conversation with Raja Mukerji, co-founder of ExtraHop, Rafal tackles these questions and gets some interesting answers.

For those of you who have followed for a while - I have a surprise reveal for you at the end.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 28 Jun 2022 00:00:13 -0400

DtSR Episode 506 - What the Heck is ASPM

Prologue

As some of you know, I've been either in the AppSec space, or adjacent, since the fairly early days. I built a program at GE a million years ago, and worked selling dynamic web app testing software for many years. If you've been in the space, you can feel a little bit hopeless with all the different options, tools, and advice only to look at the stale OWASP Top 10 and wonder ...why aren't things improving? Matt Rose joins me in a post-RSA conversation about ASPM (Application Security Posture Management), and before you dismiss it as another analyst buzzword, let's talk about why this may actually (and finally) start to solve some of the complex issues around developing, releasing, and maintaining reasonably secure software.

This is a space I've been passionate about for a long time, and I feel like everyone should listen to this.

Guest

Matt Rose
- LinkedIn:https://www.linkedin.com/in/mattarose/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 21 Jun 2022 10:32:45 -0400

DtSR Episode 505 - Reflections on RSA Conference 2022

Prologue

RSA Conference 2022 has come and gone. Rafal was there for all the circus and madness, and sits down with James to discuss what was seen and heard.

Also, you'll get some clips in here from some of the interviews from the show as Rafal caught up with some interesting vendors, old friends, and even some poetry.

Guests

Tyler Moffitt
- LinkedIn: https://www.linkedin.com/in/tyler-moffitt-29752050/
Rock Lambros
- LinkedIn: https://www.linkedin.com/in/rocklambros/
Matt Rose
- LinkedIn: https://www.linkedin.com/in/mattarose/
Dr. Khawaja Saeed
- LinkedIn: https://www.linkedin.com/in/khawaja-asjad-saeed-29b2a6a/
Ray Canzanese
- LinkedIn: https://www.linkedin.com/in/raymond-canzanese-jr-178a846/
Deidre Diamond
- LinkedIn: https://www.linkedin.com/in/deidrediamond/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 07 Jun 2022 00:00:45 -0400

DtSR Episode 504 - DNS Turns 40

Prologue

In this RSA conference-themed episode, I bring on Jonathan Barnett from OpenText Security Solutions to discuss DNS turning 40 years old. Yeah, it was originally invented in 1983 y'all. As DNS turns 40, some of the lingering problems are getting worse, some of the new solutions open up other problems, and we're all about solutions here so we tackle some of the things Jonathan is doing to address the issues.

Interesting episode to ponder, and reflect on, as DNS turns 40 years old next year and we try and figure out "now what?"

Guest

Jonathan Barnett
- LinkedIn: https://www.linkedin.com/in/jonathan-barnett-61417313/
- OpenText Security Solutions: https://security.opentext.com/?_ga=2.120496974.732014807.1654199211-1391672637.1654199211

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Thu, 02 Jun 2022 14:13:31 -0400

DtSR Episode 500 - Looking Back to Look Forward in Tech - Part 3

Prologue

This is a bonus episode for the Episode 500 live-stream we did. I brought togetherCrowdstrike, OpenText,andNetskope technologists to talk about the technology they've worked with over the last 10 years, where it stands today, and what the future outlook looks like.

It's a fascinating conversation from some of the most common vendors out there in security - and you're probably using or relying on their platforms -- so it makes sense to get their take on the past, present, and future of technology in our industry.

Special thanks to Adam, Grayson, and Mark for taking the time out and sharing their expertise!

Guests

Adam Meyers (Crowdstrike) -https://www.linkedin.com/in/adam-meyers-7a58481/
Grayson Milbourne (OpenText) -https://www.linkedin.com/in/themilbourne/
Mark Day (Netskope) -https://www.linkedin.com/in/markstuartday/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 31 May 2022 16:39:40 -0400

DtSR Episode 503 - Blowing Up Your Cloud (Permissions Structure)

Prologue

This week, we talk about the cloud in a different way than we have previously. We discuss "blast radius" with regard to vast numbers of roles and permissions inside of a public cloud infrastructure. The numbers are staggering and you'll likely find yourself asking the obvious question -- "How does anyone manage all of this, with any hope of getting it right?" The beginnings of that answer lie in this show.

Guest:

Arick Goomanovsky
- LinkedIn: https://www.linkedin.com/in/arick-goomanovsky/
- Twitter: https://twitter.com/g00manoid/
- Ermetic: https://ermetic.com/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 24 May 2022 00:00:45 -0400

DtSR Episode 502 - Why Can't Gov Figure Out Supplier Security

Prologue

CMMC may be something you know nothing of, but if you're a government contractor, or work with government contractors of the DIB - you're probaby alll too familiar.

For some, it's hell. For the rest, it's mostly insane. Jacob joins Rafal & James to educate us, and give us the reality of this set of standards.

Guest

Jacob Horne
- LinkedIn: https://www.linkedin.com/in/jacob-horne-cissp/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 17 May 2022 11:25:09 -0400

DtSR Episode 501 - Netskope's Bad SaaS Report

Prologue

This week, on the first post-500 episode, we welcome Netskope's Ray Canzanese to talk about the Cloud & Threat Report they just published ( https://www.netskope.com/netskope-threat-labs/cloud-threat-report ) which has some interesting bits in it.

Ray discusses the details and some of the things that you won't find in the text of the report. Good conversation as Rafal & James break down the headlines.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Thu, 12 May 2022 00:00:19 -0400

DtSR Episode 500 - Looking Back to Look Forward - Part 2

Prologue - Part 2 of 2

First - thank you to everyone who listens to this show, shares it, and has left us a review. You all are the reason these past 500 episodes got published, and why this show will keep going into the forseeable future!

Link to video:https://www.linkedin.com/video/event/urn:li:ugcPost:6917850703235321856/

This episode features some of my favorite guests from the last 500 episodes, with something to say. We cover a lot of ground, totally unscripted, and we have opinions.

Guests

Jim Tiller
- LinkedIn: https://www.linkedin.com/in/jitiller/
Will Gragido
- LinkedIn: https://www.linkedin.com/in/gragido/
Diana Kelley
- LinkedIn: https://www.linkedin.com/in/dianakelleysecuritycurve/
Rob Hansen
- LinkedIn: https://www.linkedin.com/in/roberthansen3/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
Jeff Moss
- LinkedIn: https://www.linkedin.com/in/jeffmoss/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 10 May 2022 00:00:51 -0400

DtSR Episode 500 - Looking Back to Look Forward - Part 1

Prologue - Part 1 of 2

Link to video:https://www.linkedin.com/video/event/urn:li:ugcPost:6917850703235321856/

This episode features some of my favorite guests from the last 500 episodes, with something to say. We cover a lot of ground, totally unscripted, and we have opinions.

Guests

Jim Tiller
- LinkedIn: https://www.linkedin.com/in/jitiller/
Will Gragido
- LinkedIn: https://www.linkedin.com/in/gragido/
Diana Kelley
- LinkedIn: https://www.linkedin.com/in/dianakelleysecuritycurve/
Rob Hansen
- LinkedIn: https://www.linkedin.com/in/roberthansen3/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
Jeff Moss
- LinkedIn: https://www.linkedin.com/in/jeffmoss/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 03 May 2022 01:45:29 -0400

DtSR Episode 499 - Four Hundred Ninety Nine and Counting

Prologue

Friends and colleagues - I want to thank you from the bottom of my heart. It almost brings me to tears that over the last 11 years you've been sharing, downloading, and talking about this little thing I started back in 2011. Incredible doesn't even begin to describe the ride so far.

And to top it off, we've hit almost 32,000 downloads this month - the most we'veever gotten by almost 2,000 more. I'm flabbergasted.

So this episode, it's just James and I - just us doing what we do.

Thank you. We love you. Keep listening!

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 26 Apr 2022 00:00:24 -0400

DtSR Episode 498 - Living in the Tornado

Prologue

Super pumped this week to have James Azar on the show. James hosts a collection of podcasts including one I try to catch as often as possible - https://www.linkedin.com/company/cyberhubpodcast/.

We cover a lot of ground, but you'll walk away with James' words ringing in your head, I can almost promise you that.

Guest

James Azar
- LinkedIn: https://www.linkedin.com/in/james-j-azar/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 19 Apr 2022 12:49:16 -0400

DtSR Episode 497 - Security Buzzword Bingo

Prologue

This week, as we approach episode 500 and the extravaganza that it will be, James and I welcome my personal friend and all-around wonderful marketing dude, Russell Wurth. We joke about what's wrong with cyber-security, and why it's mostly marketing's fault.

Join us, prep your buzzword bingo card, and have a drink in hand (unless you're driving, then please don't).

Guest:

Russell Wurth
- LinkedIn: https://www.linkedin.com/in/russellwurth/
- Twitter: https://twitter.com/rswurth

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 12 Apr 2022 00:00:47 -0400

DtSR Episode 496 - How to Win Friends and Influence CISOs

Prologue

Have you noticed that the relationship between buyer and seller, or more precisely, between CISO and seller is... eh ... tenuous lately? OK, maybe it's a lot worse than that in some cases. Why is that? How did we get here? And how do we fix a relationship that is quite clearly necessary, but just so broken? Yaron Levi, long-time industry veteran joins Rafal to discuss the challenges and opportunities of the CISO - vendor relationship.

Guest

Yaron Levi
- LinkedIn: https://www.linkedin.com/in/yaronrl/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 04 Apr 2022 00:00:18 -0400

DtSR Episode 495 - Analyzing Russia's Offensive Cyber Ops

Prologue

This week, as Vladimir Putin's Russia continues to commit war crimes and genocide against the people of Ukraine, DtSR gathered a panel of experts to discuss and dissect the threat of a Russian-based cyber offensive against the west. Our panelists helped separate fact from fiction, and gave us some take-aways that we can use to rationally and realistically protect ourselves from this and other related threats.

LinkedIn Livestream video recording: https://www.linkedin.com/video/event/urn:li:ugcPost:6915354239766568960/

Guests

Karim Hijazi
- LinkedIn: https://www.linkedin.com/in/karimhijazi/
Joe Slowik
- LinkedIn: https://www.linkedin.com/in/joe-slowik/
Mattias Whln
- https://www.linkedin.com/in/mattias-w%C3%A5hl%C3%A9n-9b3b58201/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 29 Mar 2022 00:00:00 -0400

DtSR Episode 494 - Forensics The Art of the Science Plus a Cat

Prologue

Special thanks on this episode to OpenText for bringing Mike to us on this show. What a fantastic conversation about the state of forensics and a little bit of reminiscing too!

This episode we talk forensics, and the art and science, plus how to build that back-fill of talent this entire industry is short on. Michael has decades of knowledge and experience, and it's a joy of a conversation.

Also, if you're into nothing else on this episode, check out the world's cutest kitten. Come for the kitten, stay for the forensics goodness.

Guest

Michael Hill -- You'll have to go look him up yourself :)

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 22 Mar 2022 00:00:49 -0400

DtSR Episode 493 - Breaches: Is Anyone Learning Anything

Prologue A big Texas welcome back to the podcast to our friend Shawn Tuma, our legal-eagle in residence. This week Shawn talks to us about the cases he's involved in, and the types of trends he's seeing in his client base when being their breach coach, and fire-fighter guide.

With all these breaches, and all this money and productivity lost - is anyone paying attention? Is anyone learning anything? Join us, Shawn will tell you.

Guest

Shawn Tuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/
- Shawn's recent appearence on The Above Board Show: https://www.linkedin.com/feed/update/urn:li:activity:6909959787845730304/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 15 Mar 2022 21:38:47 -0400

DtSR Episode 492 - Operationally Useful Blocklists

Prologue

This week, the guy with the best vendor hoodies ever is back! Philippe Humeau of Crowdsec joins us again to talk about some of the data his team have gathered, analyzed, and are using to crowd-source protection in the form of block lists. Anton Chuvakin joins us to bring his useful manner of snarkasm, just to keep us honest.

Guests

Philippe Humeau
- LinkedIn: https://www.linkedin.com/in/philippehumeau/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 08 Mar 2022 17:08:50 -0500

DtSR Episode 491 - SOAR is Boring

Prologue

I read an article the other day that got me thinking, and inspired me to get Wesley onto the podcast to talk about SOAR. Yes, SOAR is absolutely boring - but that's OK, isn't it? What's the actual purpose of SOAR technology, and where is it being utilized today? Are we getting the most of this, or is it just a boring fad? All this and more on today's show.

Guest

Wesley Belleman
- LinkedIn: https://www.linkedin.com/in/cyberwes/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 01 Mar 2022 00:00:06 -0500

DtSR Episode 490 - CISO Ascending Beyond Enterprise Security

Prologue

We open this episode with an acknowledgement of the crisis in Ukraine, as Putin's madness is unleashed. We stand with the brave people of Ukraine as they defend themselves from unprecedented evil.

That said, this week James and I bring Grant Sewell onto the show. Grant has experience being a "behind the scenes" CISO, and more recently in a customer-facing role. We discuss the evolution of the CISO into a "trust officer" and the focus that takes.

Guest

Grant Sewell
- LinkedIn: https://www.linkedin.com/in/grantsewell/
- Twitter: https://twitter.com/grantsewell

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 22 Feb 2022 00:00:37 -0500

DtSR Episode 489 - Crowdstrike Global Threat Report Feb 22

LinkedIn Live stream (recorded): https://www.linkedin.com/video/event/urn:li:ugcPost:6895440886222643201/

DtSR LinkedIn Page (subscribe here!): https://www.linkedin.com/company/down-the-security-rabbithole-podcast/

Prologue

This week is a slightly longer (oops) episode of the DtSR Podcast with a three-timer, Adam Meyers of Crowdstrike. Adam joins James and Rafal to talk about the latest Global Threat Report and all the trends and insights.

There is a lot of good insight here, and if you want to catch the LIVE (recorded) video you can get that too! Don't forget to subscribe to our DtSR page on LinkedIn to get all the latest content.

Guest

Adam Meyers
- LinkedIn: https://www.linkedin.com/in/adam-meyers-7a58481/
- Twitter: https://twitter.com/adam_cyber

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 15 Feb 2022 00:00:53 -0500

DtSR Episode 488 - Essential CISO Business Skills

Prologue

This week I'm so thankful that James and I have the opportunity to talk to the authors of "The CISO Evolution" -- a fantastic book for anyone who wants to be, or is working as, a security leader. Rock and Matt join us to talk about the book, share some insights, and maybe answer a tough question or two.

Guests:

Rock Lambros
- LinkedIn: https://www.linkedin.com/in/rocklambros/
- Rock Cyber: https://www.linkedin.com/company/rockcyber/
Matthew Sharp
- LinkedIn: https://www.linkedin.com/in/ciso-mba/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 08 Feb 2022 13:33:22 -0500

DtSR Episode 487 - Software Supply Chain is a BFD

Prologue

Continuing our thread on the software supply chain and SBoM (Software Bill of Materials) we bring in Ed Moyle who is writing a series on the subject for his column. Ed brings up some very interesting points on some key aspects of software supply chain including feasibility and asks that difficult question "So what if you get it?"

Guest

Ed Moyle
- LinkedIn: https://www.linkedin.com/in/edmoyle/
- Must-read article: https://www.techtarget.com/searchsecurity/tip/4-software-supply-chain-security-best-practices

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 02 Feb 2022 01:17:50 -0500

DtSR Episode 486 - SBOM in the Real World

Prologue

SBoM ("Software Bill of Materials") is the new rage. Everyone's talking about it. What it means is you're expecting a list of software components and includes, libraries, etc that make up the software you're buying or using.

The problem is, in real life, SBoM is exceptionally difficult and maybe even slightly impractical. Listen in as Rafal & James discuss SBoM in real-life scenarios with Paul Caiazzo -- a guy who's trying to make this idea work in his day-job.

Guest

Paul Caiazzo
- LinkedIn: https://www.linkedin.com/in/pcaiazzo/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 25 Jan 2022 00:00:45 -0500

DtSR Episode 485 - YGHT Beating Ransomware at Its Game

Prologue

Back in episode 469 ( https://ftwr.libsyn.com/dtsr-episode-469-yght-they-hacked-ransomware ) we brought Steve Perkins of Nubeva ("Cloud Go" in Portuguese) to talk about a very interesting "accidental" development. They'd figured out a way to steal encryption keys from ransomware, thus rendering itpotentially toothless. Well, now Steve's back with a product, and a way toreverse ransomware's encryption with minimal friction and withoutpaying the ransom. So ... yeah. Listen in.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 18 Jan 2022 00:00:00 -0500

DtSR Episode 484 - Defrauding Mobile Payments

Prologue

Have you ever made a payment from your mobile device, wirelessly using NFC? Of course you have, most of us have by now. Did you know there are some (or at least were) fairly significant design flaws, otherwise known as "features", in the various platforms? On this show, we're interested in learning more about Timur's research and what he's uncovered. You'll want to do what I did, check your phone's NFC payments settings, once this show is over.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 11 Jan 2022 00:00:00 -0500

DtSR Episode 483 - How Not to Screw Up Your Cloud

Prologue

We have a repeat guest today! Mr. Mark Simos joins me once again to talk about Microsoft's Cloud Adoption Framework (CAF) and it's applicability to not only Azure, but also your other clouds.

Building resilient and secure clouds isn't just about security, it's about design and architecture that adheres to good practices. Microsoft's CAF is fantastic place to start - listen here to learn more.

Guest

Mark Simos
- LinkedIn: https://www.linkedin.com/in/marksimos/
- Twitter: @marksimos

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 04 Jan 2022 16:53:36 -0500

DtSR Episode 482 - Tales of Wireless Hacking

Prologue

This week, on a good start to the new year, Eric Escobar joins us to talk about hacking wireless - and a little bit of history on the topic. Taking us back to early wireless hacking where you had to have the right wireless PCMCIA card and drivers, to today where things are a little more complicated but oddly not too much has changed.

Guest

Eric Escobar
- LinkedIn: https://www.linkedin.com/in/eric-escobar/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 28 Dec 2021 00:00:00 -0500

DtSR Episode 481 - Spies In Your Tech

Prologue

Bentsi is a guy with some experience in the bad guy world when it comes to devices and gadgets getting compromised. In this episode, he tells us stories and anecdotes on things he's seen and the threats gadgets face. It's a very interesting discussion, and might just make you a little more paranoid before it's over.

Guest

Bentsi ben-Atar
- https://www.linkedin.com/in/bentsi-ben-atar-6b0128/
- Check out Sepio - https://sepio.systems/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 21 Dec 2021 00:00:00 -0500

DtSR Episode 480 - Juice Jacking

Prologue

Have you ever plugged your smart phone, tablet or other "smart thing" into a power cable that wasn'tyours? I'm guessing you've answered yes - and if so, you need to listen to this episode.

As we travel and move around with our smart devices, we don't always have our charging cables & blocks with us, and that can lead to disaster. Hear more from Robert Rowley on how "juice jacking" can cause security problems we aren't even aware of.

Guest

Robert Rowley
- LinkedIn: https://www.linkedin.com/in/robertlei/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 14 Dec 2021 13:39:05 -0500

DtSR Episode 479 - Productivity of Jump Boxes and Bastion Hosts

Prologue

In a technically deeper episode, Ev joins Rafal to discuss how security has made productivitychallenging at times, in terms of having to jump through hoops to get work done, and what we should be doing about it. Ev asks us to image an entirely new paradigm of productive access to necessary resources - so listen in and dream big with us.

Guest:

Ev Kontsevoy
- LinkedIn: https://www.linkedin.com/in/kontsevoy/
- Teleport: https://www.linkedin.com/company/go-teleport/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 07 Dec 2021 11:10:45 -0500

DtSR Episode 478 - Beyond Buzzwords: XDR

Prologue

This week's episode is one of my favorite topics - marketing buzzwords. You've all heard the term "XDR" and wondered (probably like me) what the heck it is and how it's different than EDR or MDR. Do we really need more buzzwords?

Mark Alba from Anomali joins me this week to discuss this, and I think it'll help sort things out for you, it sure did for me. I'm still not a big fan of new buzzwords, but at least I get it now.

Guest

Mark Alba
- LinkedIn: https://www.linkedin.com/in/markalba/
- Anomali XDR Info: https://www.anomali.com/learn/the-impact-of-xdr-in-the-modern-soc-v2

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Thu, 02 Dec 2021 15:20:36 -0500

DtSR Episode 477 - Passwords are Dead and Other Fables

Prologue

Welcome to the last month of 2021 - December. This month we have a few bonus episodes, starting with this gem on identity. We've got a great guest and Mike Kiser has some interesting opinions he's definitely not holding back on.

Thanks for listening - we hope you enjoy this episode. And special thanks to SailPoint for bringing Mike to the mic.

Guest

Mike Kiser
- LinkedIn: https://www.linkedin.com/in/mike-kiser/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 30 Nov 2021 00:00:00 -0500

DtSR Episode 476 - Securing Public Cloud with Azure ASB v3

Prologue

Folks, the video of this episode which was live-streamed to our YouTube channel is here: https://youtu.be/IYVB_LNhURQ - and if you can, watch it.

Huge mega-thanks to Microsoft and Lightstream for bringing together Jeff and Mark on this one to deliver some truly phenomenal content.

This week is Azure Security Benchmark (not baseline, oops) version 3.0 hot off the presses. We talk about what it is, how to apply it, and where and why it's so useful for keeping not just your Azure public cloud safe, but also the "other" public clouds you use too.

Guests

Mark Simos
- LinkedIn: https://www.linkedin.com/in/marksimos/
- Twitter: https://twitter.com/marksimos
Jeff Collins
- LinkedIn: https://www.linkedin.com/in/jmcollins/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 23 Nov 2021 00:00:00 -0500

DtSR Episode 475 - Community Sourced Threat Instructions

Prologue

Fair warning y'all, this episode may have been just slightly more fun than the Surgeon General allows. That said, on this one we not only made up some new terms ("Threat Instructions", Anton) but also had some fun describing what a well-functioning system of highly automate-able threat data would look like. And as it turns out, it's CrowdSec's "Fire" data set.

Fascinating conversation, and most fascinating of all is that as Philippe described how it functions, Anton could find nothing wrong with it. Call me gobsmacked.

If you're interested in participating in the Crowd, click this link - because a typo will put you in a very weird and very different sort of crowd.

Guests

Philippe Humeau, CEO at CrowdSec
- LinkedIn: https://www.linkedin.com/in/philippehumeau/
- Twitter: @Crowd_Security
- Website: https://crowdsec.net/
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
- Twitter: @Anton_Chuvakin

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Thu, 18 Nov 2021 11:31:26 -0500

DtSR Episode 474 - Unraveling Mountains of Evidence

Prologue

Hey! Are you attending OpenText World Enfuse? If not, click here and check it out - it's virtual!

Straight from Enfuse Chuck Dodson joins Rafal & James to talk about digital evidence collection, management, and processing in the realm of law enforcement. A fascinating look at the law enforcement side of things, and a topic perspective most of us never have occasion to think about, unless you're in the fight.

Guest

Chuck Dodson
- https://www.linkedin.com/in/chuckdodson/
OpenText World - Enfuse https://www.opentextworld.com/event/7653eae4-3cf3-4dfc-89f2-7c41e260aa89/websitePage:4b6071b8-edc1-4efc-888b-520c728292ff

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 15 Nov 2021 13:00:00 -0500

DtSR Episode 473 - Cyber Security by Executive Order

Prologue

In this episode, we host a lady who only needs one name, like a movie or rock star. But "Jax" deals with topics we normal people don't have the stomach for, like CMMC and government security. In this episode, she joins us to talk about the current Executive Order on Cybersecurity ( Executive Order 14028, May 12, 2021 - https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity ) and the implications and impact it will, might, and could have. A fascinating discussion that's worth listening to, whether you spend time in FedGov, or not.

Guest

Jaclyn Jax Scott
- LinkedIn: https://www.linkedin.com/in/iamjax/
- Company site: Outpostgray.com
- Blog: http://www.beansandbytesblog.com/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 09 Nov 2021 00:00:00 -0500

DtSR Episode 472 - Rick Howard on Trust and Tech

Prologue

Let me start by saying how much I enjoy chatting with Rick Howard, today's podcast guest. Rick's been on before, and we always go long (especially on this one, sorry not sorry), but the content is well worth your time.

On today's episode, we chat about "Zero Trust" and where technology meets concept, what's missing, and what's next. If you think you know all these is to know about Zero Trust, I promise you, you'll learn something new.

Guest

Rick Howard
- LinkedIn: https://www.linkedin.com/in/rickhoward/
- Twitter: https://twitter.com/racebannon99
- Rick's Show on CyberWire (Pro, subscription required): https://thecyberwire.com/podcasts/cso-perspectives

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 02 Nov 2021 00:00:00 -0400

DtSR Episode 471 - TPA Threat Modeling the Software

Prologue

On Episode 471, as we rapidly hurl towards our 500th episode, we bring back Chris Romeo to talk about threat modeling. Specifically, we discuss threat modeling of software - with developers, methodologies, silos, incentives, and outcomes all in play for discussion.

Chris has been doing this a while, and has some deep insights into what it takes to make things work - and he we welcome your feedback on howyou do it.

Guest

Chris Romeo
- LinkedIn: https://www.linkedin.com/in/securityjourney/
- Twitter: https://twitter.com/edgeroute

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 26 Oct 2021 10:48:23 -0400

DtSR Episode 470 - Security Leadership Insights from Ann

Prologue

On this episode of the DtSR Podcast - Ann Johnson joins special guest-host Ken Fishkin of NJ ISC2 chapter, along with James & Rafal to talk about leadership, and sports apparently.

Thanks to the NJ Chapter of ISC2 ( https://www.linkedin.com/groups/4425593/ )for submitting questions and Ken for joining us to guest-host.

On this episodes, we ask Ann to talk to us about leadership challenges, and what's in store for the future. Also, we briefly talk sports teams and discover Ann is a Cowboys fan.

Guests

Ann Johnson
- LinkedIn: https://www.linkedin.com/in/ann-johnsons/
- Twitter: https://twitter.com/ajohnsocyber
Ken Fishkin
- LinkedIn: https://www.linkedin.com/in/kfishkin/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 19 Oct 2021 00:00:00 -0400

DtSR Episode 469 - YGHT They Hacked Ransomware

Prologue

This week on a ridiculously awesome episode of the DtSR Podcast the one and only Mr. Steve Perkins of Nubeva joins Rafal & James to talk about something worth shouting about. They've figured out how to beat ransomware... yes, there are a few 'catch' things, but the tech seems solid and the possibilities endless.

Give this episode a listen, then scroll below to click the links, and give this a look for yourself!

Guest

Steve Perkins
- LinkedIn: https://www.linkedin.com/in/steve-perkins-1604b31/

Relevant Links

Webinar coming up on session key intercept: https://info.nubeva.com/fall_2021
Email info@nubeva.com if you want to hear more, or partner with them to deliver their tech to YOUR customers
Learn about the tech: https://info.nubeva.com/ransomless_decryption

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 12 Oct 2021 00:00:00 -0400

DtSR Episode 468 - TPA Another Journey Into Security

Prologue

This week, we get to meet Sean Jackson. You may not know Sean, but his journey may feel familiar. He got here much like many of you, and his story of discovery and understanding of his role in the business as "the security guy" is something you should probably know. There are many paths into our profession, and there are many different ways to view what we do - Sean's is compelling as it is timeless. Give it a listen, and join me on his journey.

Guest

Sean Jackson
- LinkedIn: https://www.linkedin.com/in/74rku5/
- Twitter: https://twitter.com/shunkydave

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 04 Oct 2021 23:31:28 -0400

DtSR Episode 467 - TPA Chips and SLSA

Prologue

This week, Kim Lewandowski joins Rafal & James to talk about Google's latest contribution to the Open Source software movement - Supply-chain Levels for Software Artifacts (SLSA). We have a great conversation, and I hope you guys go watch the video (when it comes out) and check out the axe in the background. I never did find the interesting logo Kim talks about- maybe one of you will find it and post it to #DtSR on Twitter!

Guest

Kim Lewandowski
- LinkedIn: https://www.linkedin.com/in/kimsterv/
- Twitter: https://twitter.com/kimsterv

SLSA Links

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 28 Sep 2021 00:00:00 -0400

DtSR Episode 466 - TPA Vulnerability Management Goat Rodeo

Prologue

This week, fresh off his Twitter rant, Travis McPeak joins Rafal to talk about the goat rodeo that vulnerability management in the enterprise. Travis talks about the multitude of reasons vulnerability management is so difficult, and what we can be done about the whole mess.

Great episode, lots of great discussion and big thanks to Travis for the contribution to the topic. This needs more discussion, folks!

Guest

Travis McPeak
- LinkedIn:https://www.linkedin.com/in/travismcpeak/
- Twitter:@TravisMcPeak

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 21 Sep 2021 00:00:00 -0400

DtSR Episode 465 - TPA Nic-NAC-Security-is-Whack

Prologue

I have no excuses, and no ideas, how this show has made it so far without having the one and only JJ as a guest. She's been doing network security and architecture for a long time, in addition to being a force for good. Her focus on NAC (Network Access Control) shines through in this discussion too. Hilarity ensues.

Guest

Jennifer ("JJX") Minella
- LinkedIn: https://www.linkedin.com/in/jenniferminella/
- Twitter: https://twitter.com/jjx

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 14 Sep 2021 00:00:00 -0400

DtSR Episode 464 - TPA An Empowering Discussion on the Grid

Prologue

This week our pal and previous guest Patrick Miller joins us to talk about the power grid, current state of the thing, and what he's working on in the power generation and distribution sector. It's a strange place where 8" floppy disks and DOS 2.2 still live. Yeah, go search those, you think there's a 0-day for DOS 2.2?

Guest

Patrick C. Miller
- LinkedIn: https://www.linkedin.com/in/millerpatrickc/
- Twitter: https://twitter.com/PatrickCMiller/
- Ampere Security: https://amperesec.com

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 07 Sep 2021 00:00:00 -0400

DtSR Episode 463 - TPA Human Security Engineering

Prologue

This week our friend Ira Winkler joins Rafal & James to talk about the human element in cyber security. Ira, like us, absolutely loathes the phrase "stupid user" - so you'll want to hear what he's working on, and his comments on the space.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 31 Aug 2021 00:00:00 -0400

DtSR Episode 462 - TPA Aki Peritz on Open Source Intel

Prologue

With all the craziness going on in the world, from terrorism, to catastrophically botched withdraws from a 20 year war, to the incredible proliferation of ransomware, and "cyber privateering" making a comeback in the news - it's as good a time as any to discuss open source intelligence, collection, and analysis.

Aki is a guy who would know a little bit of something about the topic, because anytime someone has to choose the way they describe their past "work" - you know their background is pretty colorful.

Guest

Aki Peritz
- LinkedIn: https://www.linkedin.com/in/aki-peritz-483a994/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Thu, 26 Aug 2021 00:00:00 -0400

DtSR Episode 461 - TPA Peacocking Without PCAPS

Prologue

Let me start off by saying that this episode isn't about politics. It's about facts, claims made, and election security facts and myths.

I want to thank Rob Graham for getting on the show and sharing his experience on short notice, and providing insights from Mike Lindell's "Symposium". It's truly eye-opening, and hopefully a conversation that strikes at the core of what we need to hear right now.

Guest

Robert Graham
- Twitter - https://twitter.com/erratarob

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 23 Aug 2021 13:00:00 -0400

DtSR Episode 460 - TPA About CIAM and Other Auth

Prologue

Thanks to Okta, for providing what is surely an entertaining (at least to record) and informative episode with some really cool guests. Bharat and John join James and Raf to talk about CIAM (a term Raf had to look up) and all things authentication history, past, and present.

By the way, if you haven't registered, you should register for this very cool Okta Developer Day "Auth for All".

Guests

John Pritchard
- LinkedIn: https://www.linkedin.com/in/jpritchard/
Bharat Bhat
- LinkedIn: https://www.linkedin.com/in/bharatbhat/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 17 Aug 2021 00:00:00 -0400

DtSR Episode 459 - TPA A Defenders Endpoint Perspective

Prologue

Big thanks this week to OpenText for providing access to Fabian Franco (go check out his bio below). He joins James & Rafal to talk about protecting endpoints, and some of the interesting things that go along with state-of-the-art detection and response capabilities. Also, if you'd be so kind as to support those who keep this show going, go check out the OpenText link below and give it a click, won't you?

Why are there so many acronyms for endpoint defense? What do EPP, EDR, MDR, XDR mean and are they at all any different? Let's dive into this, on today's episode.

Guest

Fabian Franco
- Bio:Fabian Franco, Senior Manager of Digital Forensics and Incident Response (DFIR), Threat Hunting and SOC. Fabian specializes in digital forensics, incident response, memory forensics, malware analysis, reverse engineering of malware and threat hunting.
- LinkedIn: https://www.linkedin.com/in/fabian-franco-434646a/
- OpenText: https://security.opentext.com/solutions/managed-detection-and-response

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 09 Aug 2021 23:51:27 -0400

DtSR Episode 458 - TPA Staffing Disasters We Created

Prologue

This week we have the pleasure of having Kevin Pope, one of Raf's close and long-time friends, and someone who's had one heck of a journey into and through our industry. Kevin is a veteran, a security-curious, and cyber security professional - and he's also got some metered opinions too. We discuss hiring, staffing, and some of the issues we've collectively - and he specifically - have seen. Give this one a listen if you want to understand why we have the staffing problem in cyber-security that we do. Seriously.

Guest

Kevin Pope
- LinkedIn: https://www.linkedin.com/in/screamingbyte/
- Twitter: https://twitter.com/screamingbyte

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 02 Aug 2021 22:19:43 -0400

DtSR Episode 457 - TPA Foreign Adversaries Killing People

Prologue

Huge thanks to Prevailion's Karim Hijazi for taking the time with us to dissect this Gartner headline and article on "adversaries killing people using OT". As we expected, a sensationalist headline, followed by some mildly fluffy stuff, with a kernel of truth. Good discussion nonetheless, though, and I even learned a thing.

Links

The Gartner article referenced: https://www.gartner.com/en/newsroom/press-releases/2021-07-21-gartner-predicts-by-2025-cyber-attackers-will-have-we

Guest

Karim Hijazi
- LinkedIn: https://www.linkedin.com/in/karimhijazi/
- Previous episode: http://ftwr.libsyn.com/dtsr-episode-426-tpa-winning-intelligence-collecting-zombies

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 26 Jul 2021 23:35:30 -0400

DtSR Episode 456 - TPA The Pandemic Meat Grinder

Prologue

Frankly, we have no idea how we got through 450 episodes without interviewing Rich. No clue. Rich is a man of many talents including a trained responder for situations like we've been facing. He's also a cloud security specialist, and happens to do a half-dozen other things in his "spare time" too. In this episode we chat about what the pandemic has taught cyber security professionals, and what we'll come out the other side looking like.

Warnings:

Loki spoiler alert - oops, Rafal did this one
Explicit language warning - Rich dropped some colorful language, deal with it

Guest

Rich Mogull
- LinkedIn:https://www.linkedin.com/in/richmogull/
- Twitter: https://twitter.com/rmogull

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 21 Jul 2021 23:41:32 -0400

DtSR Episode 455 - TPA All The Reminiscing

Prologue

It's been a long time, maybe forever, since James and I sat down and just chatted on the podcast. With all these amazing guests we have on the show it's easy to get caught up in the fun and forget to just have a two-person conversation every once in a while. With that in mind, we did it this week. We sat down, just the two of us, and chatted about the last few hundred episodes, the things that have stayed with us, and some things we wished would "get better" but alas...

Jump in, this is a special episode.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 13 Jul 2021 00:08:10 -0400

DtSR Episode 454 - TPA Cyber Insurance Fact vs Fiction

Prologue

Sean Scranton joins Shawn Tuma and myself to talk about cyber insurance, specifically, as it is a massive topic of discussion lately. Building on top of the "does cyber insurance even pay out?" question and exploring if cyber insurance will actually change the industry (as Jeremiah hints in episode 447) we traverse a lot of related topics and answer some good questions. This is one of the most informative episodes on this specific topic I've found out there - without all the usual propaganda.

Huge thank you to Sean and Shawn for agreeing to take time away from client work to speak with DtSR, and leave this information accessible to my listeners.

Guests

Sean Scranton
- LinkedIn:https://www.linkedin.com/in/sean-scranton-2b24948/
Shawn Tuma
- LinkedIn:https://www.linkedin.com/in/shawnetuma/
- Twitter:https://twitter.com/shawnetuma

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 06 Jul 2021 02:29:30 -0400

DtSR Episode 453 - TPA On Prioritizing Enterprise Vulnerabilities

Prologue

Vulnerability Management has been a bit of a soapbox for me lately, and this episode brings in two experts on the topic directly from the enterprise to talk about how we prioritization, spreadsheets, and today's big vulnerability problem produces serious issues for enterprise professionals. The problem is as old as our profession, but in spite of the tools, testimonials, and hand-waving it's still a massive problem.

Guests

Britney Hommertzheim
- LinkedIn: https://www.linkedin.com/in/bhommertzheim/
- Twitter: https://twitter.com/bhommertzheim
Ace Moore
- Ace is incognito :)

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 29 Jun 2021 01:03:46 -0400

DtSR Episode 452 - TPA Burning It At Both Ends

Prologue

On this episode of the podcast I have the pleasure of hosting one of my long-time friends and industry titan - Dawn-Marie "Rie" Hutchinson. She's fresh off of a stint as a CISO, and talking about burnout in our industry and beyond.

It's always a pleasure chatting with a friend, but this is an important topic so extra thanks for sharing her knowledge and insights with us; working in a globally diverse and multi-timezone workforce isn't easy, and the lessons are useful!

Guest

Dawn-Marie "Rie" Hutchinson
- LinkedIn: https://www.linkedin.com/in/riehutch/
- Twitter: https://twitter.com/CISO_Advantage

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 14 Jun 2021 19:03:08 -0400

DtSR Episode 451 - TPA Rockin It

Prologue

My pal Rock has ventured off on his own, so I wanted to catch up with him and get a quick update on the state of business, but also get a sense for what he's seeing in the industry as he's advising companies and helping them through compliance and regulatory challenges. Fascinating conversation, always fun stuff.

Guest

Rock Lambros
- LinkedIn: https://www.linkedin.com/in/rocklambros/
- Twitter: https://twitter.com/rocklambros
- Twitter: https://twitter.com/rockcyberllc
- Website: https://www.rockcyber.com/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 07 Jun 2021 00:00:00 -0400

DtSR Episode 450 - TPA 3rd Party Risk Shitshow

Prolgue

Ladies and Gentlemen - we've hit ** 450 ** episodes.

Let me just take a moment and reflect on the number of awesome guests, long hours recording and editing, and all of you phenomenal fans and listeners spreading the show content.

Episode 450 feels like the right one to drop an episode with one of my real-life best friends, British sensation, and perennial entrepreneur Vikas Bhatia. We drop the gloves and go after the shitshow that is third party risk management in modern day enterprise.

There are answers, but not if you don't address it head-on.

Guest

Vikas Bhatia
- LinkedIn: https://www.linkedin.com/in/vikasbhatiauk/
- Twitter: https://twitter.com/vikasbhatiauk
- Company URL: https://justprotect.co

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 02 Jun 2021 22:39:17 -0400

DtSR Episode 449 - TPA Tuma on A Watershed Moment for US Cyber

Prologue

In this episode, our legal eagle Shawn Tuma is back to discuss the Colonial Pipeline incident and whether it could be a watershed moment for US Cyber interests. As Toby Keith's "Courtesy of the Red, White, and Blue" plays in the background, we discuss what's happened, what could happen, and what it all means.

Guest

Shawn Tuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/
- Twitter: https://twitter.com/shawnetuma/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 25 May 2021 00:00:00 -0400

DtSR Episode 448 - YGHT Knock Knock Who's There

Prologue

You've GOT to hear this!

This week on the podcast, I invited Martin Zizi of Aerendir, to talk about how we can use technology to not only distinguish between humans and non-humans (bots?) but also how to identify humans with staggering levels of precision - usingcommonly available and inexpensive components. He's got humor, an eclectic background, and great knowledge of the topic. Join us!

Guest

Martin Zizi
- Bio: Dr. Martin Zizi, MD-Ph.D, deep expertise in Molecular Biophysics and Neurosciences. He is one of the Founders & CEO of Aerendir Mobile Inc. He is the inventor of the NeuroPrint, a cloudless AI-supported neural-tapping technology that can be used for authentication, identification, encryption, secure TLS, and bot segregation. Following his early years in the United States as a Scientist at the Walter Reed Army Institute of Research where he worked on very advanced projects, he had a 20-years dual-track career, leading both academic and strategic projects as a top scientist in 3 fields and was also a Chief Scientific Officer for Belgian DoD. Martin was a sought-after advisor for the Belgian, the EU governments, international organizations (UN) and the industry.
  Aerendir Mobile Inc. is his second start-up. He was #2 at another start-up in the Medical technology vertical.
- LinkedIn: https://www.linkedin.com/in/martinzizi/
- Twitter: https://twitter.com/MartinZ_uncut
- Aerendir Mobile, Inc.
  - LinkedIn: https://www.linkedin.com/company/aerendir-mobile-inc
  - Twitter: https://twitter.com/AerendirMobile/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 18 May 2021 00:00:00 -0400

DtSR Episode 447 - TPA Software Security Liability and Insurance

Prologue

I don't know about you, but I have Jeremiah in a list on Twitter that allows me to read/think about some of the things he posts without the noise of the rest of Twitter.

Should a company that develops software be held responsible when a bug they missed is exploited? Why do we "Agree" on all those click-through agreements which basically disavow any responsibility, anyway?

What about security tools - if they scan and miss a flaw that's later exploited, shouldn't they be liable?

These and other salient topics are discussed in fairly great detail without all the usual hype you hear around this topic. Please join us, this is a wonderful episode to listen to more than once.

Guest

Jeremiah Grossman
- LinkedIn: https://www.linkedin.com/in/grossmanjeremiah/
- Twitter: https://twitter.com/jeremiahg

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 11 May 2021 01:07:31 -0400

DtSR Episode 446 - TPA AppSec Philosophy

Prologue

When in Austin, TX ... meet up with some friends right? This week I have the pleasure of sitting down in-person with Joel whom has been doing the "AppSec thing" for longer than many of you who are reading this have been in our profession. Joel knows a thing or two - so we discuss a thing or two.

Philosophy, history, and some ugly truths come out in a conversation that can only happen in-person.

Guest

Joel Scambray
- LinkedIn: https://www.linkedin.com/in/joelscambray/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 04 May 2021 00:00:00 -0400

DtSR Episode 445 - TPA Non-Random Cyber Thoughts with Dave Marcus

Prologue

I honestly am having a difficult time understanding how this show has gone so long, so many episodes, without sitting down with Dave Marcus 1:1. It hurts my brain. So I rectified this situation and here you are. Dave is one of the best humans in the industry, has a few truckloads of knowledge, and you could stand to learn something from him. Give this episode a shot.

Warning: Dave drops a pair of F-bombs, and the show goes a little longer than most at >40 minutes. But it's well worth your time. I promise.

Guest

Dave Marcus
- Twitter: https://twitter.com/DaveMarcus
- LinkedIn: https://www.linkedin.com/in/marcusdavid/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 27 Apr 2021 12:16:52 -0400

DtSR Episode 444 - TPA Gary is Awful at Retirement

Prologue

I'm honored to have Gary McGraw on with James and myself on this episode. I hadn't realized, but Gary retired from (what was formerly) Cigital - and by retired I mean "started something new". Gary sucks at retirement, but he's brilliant and has a lot to say about machine learning and its applications, so you shouldreally listen in. No, "AI" isn't going to take over security - but it's work exploring the enormous contributions machine learning make to our lives and how they can be abused.

Guest

Gary McGraw
- Twitter: https://twitter.com/noplasticshower
- Home: https://www.garymcgraw.com/
- Boards he's on: https://www.garymcgraw.com/technology/business/
- Info on Berryville Institute: https://berryvilleiml.com/
- ARA for ML: https://berryvilleiml.com/results/ara.pdf

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 20 Apr 2021 17:53:44 -0400

DtSR Episode 443 - TPA Addressing AppSec Tech Debt

Prologue

Chris Eng has been elbows deep in software security for a very long time. Times have changed over the last 20 years, as have tools, methods, and outcomes - what hasn't changed is how much security debt we keep amassing in our applications. How bad is the problem, and what can be done? Tune in and find out what we think.

Guest

Chris Eng
- LinkedIn: https://www.linkedin.com/in/chris-eng-ab51331/
- Twitter: https://twitter.com/chriseng

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 13 Apr 2021 12:54:24 -0400

DtSR Episode 442 - S11E15 - TPA Fighting the Good Fight

Prologue

This week, the show is back after a brief spring break, and we have with us Dmitri Alperovitch - who has taken on a new venture in his latest role. We discuss cybersecurity policy, government's role in private enterprise defense, and why you should probably never run your own MS Exchange Server.

Lots of great content from the always informative and entertaining Dmitri.

Guest

Dmitri Alperovitch
- LinkedIn: https://www.linkedin.com/in/dmitrialperovitch/
- Twitter: https://twitter.com/DAlperovitch
- Silverado Policy Accelerator: https://silverado.org/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 29 Mar 2021 10:29:20 -0400

DtSR Episode 441 - TPA State Secrets and Diplomatic Protection

Prologue

** First, before I say anything else, I want to thank Lonnie and his staff for their service to our country. Protecting diplomats is not an easy task I imagine, and being the most powerful nation on Earth, our diplomats are likely a target 24x7x365. **

This week, Lonnie Price joins me and James on the show for an intriguing talking through some very, very cool stuff. Now, this episode is special. Of course, every episode is special but some are more special than others. In this edition of the show we're talking to someone who keeps state secrets, well ... secret, as America's diplomats travel internally and abroad.

I can safely say I hadno idea how much there was to concern yourself with beyond just encryption.

Guest

Lonnie Price
- LinkedIn:https://www.linkedin.com/in/lonniejprice/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 23 Mar 2021 00:00:00 -0400

DtSR Episode 440 - TPA Fighting Back Against ATO

Prologue

Account Take-Over (ATO). You've probably not given this too much thought, unless you've had your account jacked. Whether it was someone stealing your Twitter account, or your bank account, or God-forbid your Facebook - you know the ramifications are serious. But how do you identify it, prevent it, detect and respond to it, and maybe even recover from it... at scale?

Rafal's guest, Ari Jacoby of Deduce has some ideas.

Ari talks about the broader ATO problem, and suggests some of the reasons it's gotten this bad (...how bad is it?...) and what companies that arenot in the Fortune 250 can do to protect themselves -and you.

Guest

Ari Jacoby
- Deduce: https://www.deduce.com/
- LinkedIn: https://www.linkedin.com/in/arijacoby/
- Twitter: https://twitter.com/arijacoby

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 16 Mar 2021 00:00:00 -0400

DtSR Episode 439 - TPA Open Source Endpoint Defense

Prologue

OK, say it with me, defender tools suck. They all have their own dashboards, data formats, ways to look at what's going on...and that wouldn't be bad if they even remotelyworked together.

OSQuery isn't the end-all for endpoint tools, but it surely can tell you a whole lot about what's going on out there - and then you can actuallyintelligently do something. But it needs a front-end...so enter Fleet. This episode is all about defending the endpoint using open source, and Fleet/OSQuery specifically.

Guest

Zach Wasserman
- LinkedIn: https://www.linkedin.com/in/zacharywasserman/
- Twitter: https://twitter.com/thezachw
- Fleet Open Source Device Management: https://fleetdm.com/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 09 Mar 2021 00:00:00 -0500

DtSR Episode 438 - TPA Implementing Zero Trust Principles

Prologue

This week on a very cool conversation, Rafal snags a chance to do a virtual sit-down with Yuri all the way from the Netherlands. Yuri is one of the quintessential experts on Zero Trust (not the commercial tools stuff, but principles and foundations) and you need to hear his take on how we get it implemented, where, and why.

Guest

Yuri Bobbert
- LinkedIn: https://www.linkedin.com/in/yuribobbert/
- His book "Leading Digital Security": https://www.linkedin.com/pulse/new-book-leading-digital-security-yuri-bobbert-1f/?trackingId=%2Fwm4S897TnSMTgkDszCDJQ%3D%3D

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 02 Mar 2021 00:00:00 -0500

DtSR Episode 437 - TPA Healthcare IT Under Siege

Prologue

This week, DJ McArthur joins James and Rafal to talk shop about his career in defending healthcare IT. The Cliff's Notes version is that it's more complex, more under siege, and more critical than ever. No problem, right?

This episode has been a long-time coming, and DJ is an honest-to-goodness expert in the field. He teaches classes on this topic which you may just want to go and look up if this is your thing.

Guest

DJ McArthur
- LinkedIn: https://www.linkedin.com/in/dj-mcarthur-74364b24/
- Twitter: https://twitter.com/djmca5280

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 23 Feb 2021 00:00:00 -0500

DtSR Episode 436 - TPA A Dev Perspective on AppSec

Prologue

Continuing what accidentally became a series of AppSec or Software Security focused episodes, #436 takes it from yet another direction. Rey joins us to talk about AppSec from his perspective - that of a life-long developer that's moved into software security. It's been an interesting journey, and while some of the things we discuss aren't necessarily revelations - listen for the subtle clues about what software security teams are doing wrong in the corporate enterprise... you'll hear it.

Guest

Rey Bango
- LinkedIn: https://www.linkedin.com/in/reybango/
- Twitter: @ReyBango

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 16 Feb 2021 00:00:00 -0500

DtSR Episode 435 - TPA WPScan and Wordpress

Prologue

Episode 435 is packed with OpenSource goodness, talking about WordPress and WPScan with Ryan Dewhurst. Ryan started WPScan (a tool you probably use as a security practitioner) and has now made a business out of it. He spends a half-hour discussing the product, his road, and Wordpress/security in general and includes some plans for the future.

Guest

Ryan Dewhurst
- LinkedIn: https://www.linkedin.com/in/ryandewhurst/
- Twitter: https://twitter.com/ethicalhack3r
- Website: https://wpvulndb.com/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 09 Feb 2021 00:00:00 -0500

DtSR Episode 434 - TPA Open Source Software Security

Prologue

This week, Jennifer Fernick of NCC Group joins me to talk about her work with open source software and security. With a storied career, Jennifer is well-qualified to talk about some really interesting topics, but finding bugs in open source software, at the scale we need it to be done, is a monumental task.

If you're a developer and keen on innovation and open-source, and know security or are interested in learning more - I encourage you to go check out the Open Source Security Foundation here: https://openssf.org/

Guest

Jennifer Fernick
- LinkedIn: https://www.linkedin.com/in/jenniferfernick/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 02 Feb 2021 00:00:00 -0500

DtSR Episode 433 - TPA Leading the Alliance

Prologue:

This week, Gary Latham joins the podcast to talk about taking the reigns of the Security Advisor Alliance, at a pivotal time for the organization. If you don't know about the SAA,I highly encourage you to check it out here:https://www.securityadvisoralliance.org/

Guest

Gary Latham
- LinkedIn: https://www.linkedin.com/in/gary-latham-8bb62925/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 26 Jan 2021 00:00:00 -0500

DtSR Episode 432 - TPA Identity and Trust

Prologue

On this week's episode of the podcast, boomerang guest Robb Rock joins Rafal to talk identity, trust, and what's happened since the last time Robb was on the show (which was in 2016!). Of course they talk about the "big hack", and retreat into identity, Zero Trust, and the challenges of mid-market companies trying to do their own security.

The lesson here? "The more we learn, the more we recognize we know very little."

Guest

Robb Reck
- LinkedIn: https://www.linkedin.com/in/robbreck/
- Twitter: @RobbReck

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 19 Jan 2021 00:00:00 -0500

DtSR Episode 431 - TPA Medical IOT

Prologue

This week on DtSR, an old friend Jamison Utter joins Rafal to talk aboutmedical IoT devices, and what makes them different -- and of course, how we can better protect them. Jamison's company, Medigate, is a healthcare securityand medical analytics company - and it's an interesting discussion on how this type of IoT differs from others with security implications. You'll want to listen in, since the "Internet of Things" discussion is getting very varied, and you need to keep up.

Guest

Jamison Utter
- LinkedIn: https://www.linkedin.com/in/jamisonutter/
- Twitter: https://twitter.com/jamison_utter
- Company website: https://medigate.io

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 12 Jan 2021 00:00:00 -0500

DtSR Episode 430 - TPA What We Learned in 9 Years

Prologue

David was a guest on the podcast many years ago, back in episode 7. We had a great conversation and it's interesting to see how so many of the topics have evolved in the last nearly a decade. Or not.

Guest

David Elfering
- LinkedIn: https://www.linkedin.com/in/aroundomaha/
- Twitter: https://twitter.com/icxc

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Thu, 07 Jan 2021 22:18:59 -0500

DtSR Episode 429 - YGHT Crowdsourcing Security Intel

You Gotta Hear This! [YGHT]

This special edition of the Down the Security Rabbithole Podcast is the first of it's kind. For 2021 I've decided to throw in a bonus episode here and there that doesn't necessarily fit the typical format when I find something interesting, or a topic or person worth your time.

Right now, with CrowdSec is that time. Philippe Humeau is a wealth of information and the CEO of CrowdSec - a company that's picking up where someone else left off and making crowd-sourced security intelligence, free if you're a contributor to the system. Brilliant stuff... jump in and listen.

Guest

Philippe Humeau
- LinkedIn: https://www.linkedin.com/in/philippehumeau/
- Twitter: https://twitter.com/philippe_humeau
Check out CrowdSec

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 05 Jan 2021 00:00:00 -0500

DtSR Episode 428 - TPA TIM-enabled NextGen SOC Platforms

Prologue

Let's start 2021 off right with a returning guest whose name you will want to remember. Joep (pronounced like "soup" but with a "you") Gommers the founder and CEO of EclecticIQ joins Rafal to talk about threat intelligence - from platforms to TIPs, use-cases, implementations, limitations, and the move to TIM. It's a fun conversation that looks at where "threat intelligence" started, and where it's gone over the last 5 years or so. If you're a threat intel analyst, another consumer, or even a vendor, you'll want to listen up carefully and maybe take notes.

By the way we need a "TIM-enabled NextGen SOC Platform" sticker to be made up, with "Tim the Enchanter" as the key figure ... this should happen. Someone has to have the talent!

Guest

Joep Gommers
- LinkedIn: https://www.linkedin.com/in/joepgommers/
- Twitter: https://twitter.com/joepgommers

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 29 Dec 2020 00:00:00 -0500

DtSR Episode 427 - TPA Security Beyond the RegExp

Prologue

This week, on the last episode of 2020, Michael Coates joins Rafal to talk about wire-speed-data-protection. Sort of like CASB but more universal. Interestingly, Rafal and Michael talk through how DLP has evolved and into what, and some interesting developments along the way - then the promise of something better.

Guest

Michael Coates
- LinkedIn: https://www.linkedin.com/in/mcoates/
- Twitter: https://twitter.com/_mwc

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 21 Dec 2020 23:01:22 -0500

DtSR Episode 426 - TPA Winning Intelligence Collecting Zombies

Prologue

First and foremost, thank you toPrevailion for giving us some of Karim's time, and content for this episode. Adversary intelligence is critical to protection and defense, so the methods and means in which it's gathered, refined, and provided back into the industry is always a great topic of discussion.

I can't stress enough how much I recommend going and doing this - https://www.prevailion.com/claim-your-apex-platform-account/ which isfree and can give you an idea of whether you have some of those pesky "bad actors" running around your infrastructure stealing your critical assets.

Guest

Karim Hijazi
- LinkedIn: https://www.linkedin.com/in/karimhijazi/
- Is YOUR org compromised?: https://www.prevailion.com/claim-your-apex-platform-account/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 15 Dec 2020 00:00:00 -0500

DtSR Episode 425 - TPA Being Media Trained

Prologue

This week, one of my old allies in the advocacy for sane media appearance joins James and me on the podcast. We talk about being a media liaison, managing speakers and security types with lots to say and few f***s to give for the media. It's an interesting conversation if you want to hear about what your media and PR person has to go through.

Guest

Diana Wong
- LinkedIn: https://www.linkedin.com/in/dianawong1/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 08 Dec 2020 16:19:59 -0500

DtSR Episode 424 - SOC Fight 2020

Prologue

Fill up your coffee cup, find a comfortable seat, and get ready to dive into this show! Richard & Anton join James and Rafal to discuss the SOC and it's evolution (or not) in today's enterprise.

What are the major issues with SOCs today?
What will the SOC of tomorrow be like?
Does anyone know why Anton's hair is so nutty?

These and other questions will be answered, maybe, on this show... so listen in and please give us some love on the socials.

Guests

Richard Steinnon
- LinkedIn: https://www.linkedin.com/in/stiennon/
- Twitter: https://twitter.com/stiennon
Anton Chuvakin
- LinkedIn: https://www.linkedin.com/in/chuvakin/
- Twitter: https://twitter.com/anton_chuvakin

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 30 Nov 2020 13:30:53 -0500

DtSR Episode 423 - TPA Malware and Other Bad Things

Prologue

This week,virtually live fromEnfuse 2020 we've invited Grayson Milbourne, who is the Director of Security Intelligence at OpenText (formerly Carbonite/Webroot), to the show to talk about his work, malware, and the ever-evolving battle between good and evil'ish.

This is a unique look at the intelligence, research, and innovation that goes into anti-malware tools and the arms race between attacker and defender in the real world.

Guest

Grayson Milbourne
- LinkedIn: https://www.linkedin.com/in/themilbourne/
- Twitter: https://twitter.com/gmilbourne

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 23 Nov 2020 00:00:00 -0500

DtSR Episode 422 - TPA Blurry Ethical Lines

Prologue:

This week is a TREAT for you Down the Security Rabbithole Podcast listeners. Before she does her keynote on the topic, you'll get to hear Tarah Wheeler's take on the graying lines of privacy, security, and ethics. Just because we can ... does that mean we should?

Lots of interesting discussions, and some totally nerdy andpedantic references you'll want to listen to a few times.

Week 3 of OpenText's Enfuse Conference 2020 is kicking off with Tarah's keynote, and if you haven't checked in, or signed on, maybe this will convince you! Give her keynote a listen...

Guest

Tarah Wheeler
- LinkedIn: https://www.linkedin.com/in/tarah/
- Twitter: https://twitter.com/tarah

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 16 Nov 2020 18:40:25 -0500

DtSR Episode 421 - TPA Holding the Public Ransom

Prologue

Welcome to week 2 of our coverage of the OpenText Enfuse conference! This week I'm super excited about two very cool guests - Brian Chidester and Tyler Moffitt. Y'all know Brian who is now officially a multi-time returning guest, and Tyler's background is pretty cool (literally, you'll know what I mean when I post the video hopefully soon).

Huge thanks to OpenText for giving us access to these great guests. Go check out #EnfuseOnAir (on Twitter's hashtag) with the links below:

Links:

Conference link - https://www.opentext.com/enfuse
General Registration link -https://web.cvent.com/event/d634f034-3b46-432a-ae21-4be1ca3fb1cf/regProcessStep1?RefId=enfuse2020-ppctx&rp=00000000-0000-0000-0000-000000000000
OpenText security handle -- https://twitter.com/OpenTextSecure

Guests:

Brian Chidester
- LinkedIn: https://www.linkedin.com/in/abchidester/
- Twitter: https://twitter.com/ChidesterAB
Tyler Moffitt
- LinkedIn: https://www.linkedin.com/in/tyler-moffitt-29752050/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 09 Nov 2020 17:27:28 -0500

DtSR Episode 420 - TPA Virtually Live from Enfuse 20 Overview

Prologue

This week on DtSR Anthony Di Bello from OpenText drops by the show to talk about Enfuse, and the future of forensics, eDiscovery, and cyber security - and happens to let out a few details of the Enfuse 2020 conference kicking off this week. Anthony's always a great interview and of course we talk about my favorite topic lately - "convergence" of security disciplines.

Join us - and if you're so inclined,virtually attend Enfuse 2020 by clicking over here: REGISTER FOR ENFUSE 2020.

Guest

Anthony Di Bello
- LinkedIn: https://www.linkedin.com/in/anthony-di-bello-29b419b/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 03 Nov 2020 00:00:00 -0500

DtSR Episode 419 - TPA CISOs in Covid Times

Prologue

This week James and Rafal have the pleasure of being joined by Allan Alford, from his work-cave somewhere near Dallas, TX to talk about what we're hearing and seeing as we advise CISOs during the times that Covid brings. We discuss budgets, priorities, and "good enough" security strategy in a weird time in our industry and world.

Guest

Allan Alford
- LinkedIn: https://www.linkedin.com/in/allanalford/
- Twitter: https://twitter.com/AllanAlfordinTX/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 27 Oct 2020 14:07:28 -0400

DtSR Episode 418 - TPA Another Security Inflection Point

Prologue

This week on DtSR, John Steven joins Rafal & James to talk about an inflection point in security that's happeningright now.As you may notice, everything about security is changing, especially in the AppSec space... listen in and you'll hear John's thoughts on a very interesting time to be in the industry.

Evolve, or die...

Guest

John Steven
- LinkedIn: https://www.linkedin.com/in/m1splacedsoul/
- Twitter: https://twitter.com/m1splacedsoul

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 20 Oct 2020 00:00:00 -0400

DtSR Episode 417 - TPA Budgets and Breaches

Prologue

This week on DtSR my long-time friend and pragmatic alter-ego, Chris Abramson, joins me to give a sneak peek at what you can expect on thenew podcast we're launching together in a few weeks... and also to discuss the "budget before breach/budget after breach" meme going around LinkedIn.

We discuss security, budget, process, threat modeling and a half-dozen other things you'll just have to listen to the show to hear.

Guest

Chris Abramson
- LinkedIn: https://www.linkedin.com/in/chris-abramson-29a9b2b/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 13 Oct 2020 00:00:00 -0400

DtSR Episode 416 - TPA A Newer New Hope

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 06 Oct 2020 10:11:23 -0400

DtSR Episode 415 - TPA Man Algorithm Machine

\\Prologue

As I was scrolling through LinkedIn looking for interesting things to read, who should scroll by but one Sven Krasser, whom you may remember from a few episodes ago ( http://ftwr.libsyn.com/dtsr-episode-261-deeper-down-the-ml-rabbit-hole ) - OK it was a long time ago now. We talk briefly about machine learning, algorithms and other relevant things and have a little fun in the process.

I hope you enjoy the episode!

Guest

Sven Krasser
- Twitter: https://twitter.com/SvenKrasser
- LinkedIn: https://www.linkedin.com/in/svenkrasser/
- His blog: http://www.skrasser.com/blog/archives/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 29 Sep 2020 00:00:00 -0400

DtSR Episode 414 - TPA Rick Howard's Almost Retirement

Prologue:

This week on episode 414 of the podcast, I'm joined by Rick Howard who just retired ... no, wait ... scratch that, almost retired from Palo Alto Networks after a fantastic run. Rick tells the story of how he almost retired, why he's not on the beach somewhere yet, the Cyber Security Canon, and so much more.

Join me, this week on the podcast, because you never know just how many more of these he'll agree to before he actually and truly does retire some day!

Guest

Rick Howard
- Twitter: https://twitter.com/raceBannon99
- LinkedIn:https://www.linkedin.com/in/rickhoward/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 23 Sep 2020 12:15:14 -0400

DtSR Episode 413 - TPA SOCs and Stuff

Prologue

This week we welcome Greg Foss to the show - Greg has some experience in security operations and managing SOCs and such. He dishes, we laugh, we learn, and hopefully you'll enjoy. Lots of topics covered including my personal favorite: "tools in the SOC" - in which we discuss how tools are actually hurting SOC efficiency and such.

Guest

Greg Foss
- LinkedIn: https://www.linkedin.com/in/gregfoss/
- LinkedIn: https://twitter.com/Heinzarelli

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 15 Sep 2020 00:00:00 -0400

DtSR Episode 412 - TPA Consolidation Integration and Good Enough

Prologue:

This week David Soto joins Rafal and James to talk about how throughout his career the cybersecurity landscape has evolved and the tools have consolidated, integrated, and how we're perhaps still misunderstanding "good enough". David of course has a very long and storied career where he's carried multiple roles from CISO to a consultant, so he has a depth of experience most of us don't get. He's great to listen to, as he shares his knowledge - tune in!

Guest:

David Soto
- LinkedIn: https://www.linkedin.com/in/dsoto/
- Twitter: @David__Soto

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 08 Sep 2020 22:44:30 -0400

DtSR Episode 411 - TPA RSnake at Large

Prologue:

This week, the one and only @RSnake joins us to just ... talk. We notice he has a few cameras too many, or maybe he's just being monitored? We talk about the big problems in the industry, what he's doing to solve them, and some other random things you'll have to listen to get.

Guest

Robert Hansen
- Twitter: @RSnake
- LinkedIn: https://www.linkedin.com/in/roberthansen3/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 01 Sep 2020 00:04:17 -0400

DtSR Episode 410 - TPA CISO Accountability Problems

Prologue:

Because we can't get enough of Brandon Dunlap and Shawn Tuma over here on the podcast, here we go again. Last episode Brandon talked about responsibility and accountability - so when we saw the story about a CISO being indicted for being less-than-truthful to the FTC, we couldn't resist. This episode is powerful, and doesn't tiptoe around difficult topics.

Guests:

Brandon Dunlap
- Twitter: @bsdunlap
- LinkedIn: https://www.linkedin.com/in/bsdunlap/
Shawn Tuma
- Twitter: @shawnetuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 25 Aug 2020 20:08:08 -0400

DtSR Episode 409 - Dunlap Time 2020 Edition

Prologue:

Hey friends, it's Tuesday so time for another dazzling edition of the podcast. This week we welcome Brandon Dunlap - hair model, professional snarkist - back to the show. This is Brandon's fourth trip around the merry-go-round, so I think he holds the record now. Someone may want to fact-check that... Brandon talks about transitioning between roles, managing big orgs, very remotely, and of course "Would you ever go back to a CISO role?"

Join us, and you may be able to help solve a mystery.

Guest

Brandon Dunlap
- LinkedIn: https://www.linkedin.com/in/bsdunlap/
- Twitter: @bsdunlap (Hey, someone remind him that picture is like ... 10 years old!)

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 18 Aug 2020 10:41:40 -0400

DtSR Episode 408 - Shawn Tuma Cyber Superhero

Prologue:

This week, on episode 408 Shawn Tuma joins us again to talk about the legal side of cyber security. Shawn's one of the premier legal forces on breach law and litigation - you can fact check that - and it's great to have him on the show again. We talk through what's going on in laws, litigation, and whatever else is on his mind.

Guest
Shawn Tuma:
- Twitter: @ShawnETuma
- LinkedIn: https://www.linkedin.com/in/shawnetuma/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 12 Aug 2020 10:00:46 -0400

DtSR Episode 407 - Marcs Wild InfoSec World

Prologue:

This week, a legend of the InfoSec (or Cyber Security, for some of you) space joins me on the show. Marc Rogers has been the guy heading up Defcon security, and at the helm of the security function for some ... "highly visible" companies doing great amounts of good. Now, he's doing tremendous amounts of good during the global Covid-19 pandemic by providing cyber security services to besieged healthcare firms via the CTI League (check out their open letter here, as it may apply toyou.)

Guest

Marc Rogers
- Twitter: @MarcWRogers
- LinkedIn: https://www.linkedin.com/in/marcrogers/
- CTI League: https://cti-league.com/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 04 Aug 2020 23:53:32 -0400

DtSR Episode 406 - Cybersecurity and the SMB

Prologue
Cybersecurity is one of those industries where the one of the market segments that is the most desperate for support is also one of the segments that is the least supported. The Small and Medium Business (SMB) segment is largely ignored by most security vendors and service providers alike - and yet they need the most help.

Kiersten has put in the work to build tools and resources (all free, by the way) for this dramatically underserved market segment. In our episode, we talk about challenges, resources, and opportunities before us. Join us!

Guest

Kiersten Todt
- LinkedIn: https://www.linkedin.com/in/kiersten-e-todt-73b81359/
- Cyber Readiness Institute: https://www.cyberreadinessinstitute.org/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 28 Jul 2020 10:32:59 -0400

DtSR Episode 405 - Hallmarks of Good Leaders

Prologue:

This week, Rafal welcomes Wayne Reynolds, a veteran of not only our industry, but of the US Marine Corps - where he's been a leader in multiple scenarios. We talk about what makes good leaders, good and bad styles, and the things you need to know if you either WANT to be a leader, or you are looking to find someone who you want to work for. Huge thanks to Wayne for taking time out of his crazy schedule early in the morning to talk with us.

Guest

Wayne Reynolds
- LinkedIn: https://www.linkedin.com/in/wayne-reynolds-80593318/
- Raf's note: It's been an honor and privilege to work alongside Wayne in a past life - he's a solid human, and a fantastic leader.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 21 Jul 2020 00:00:00 -0400

DtSR Episode 404 - The Wacky Wild World of OT

Prologue:

This week, on the "Episode Not Found", Rafal and James host Robert Lee from Dragos. It's a conversation about Operational Technologies that includes a deep dive into the business and management side of Industrial Controls and the Energy Sector. Robert gives us a frank, no-spin walkthrough in the good and bad of the space and talks about some of the misunderstandings many of us have. A great episode if you're interested in the non-traditional cybersecurity sector.

Guest

Robert Lee
- Twitter: https://twitter.com/RobertMLee
- LinkedIn: https://www.linkedin.com/in/robmichaellee/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 15 Jul 2020 00:55:59 -0400

DtSR Episode 403 - ReInventing the MSSP

Prologue:

This week on the podcast, episode 403 features two good friends of mine Joey Peloquin and John "JP" Pirc. John and I talked about the awful state of the MSSP back in episode 395 (LINK) and I was challenged to do more than just talk about the sorry state of security delivered as a service. So, I called up some friends, and we talked it though.

I'm curious - do you agree with us? Let us know on LinkedIn by going to our LinkedIn page, or on twitter using the hashtag #DtSR.

Guests

Joey Peloquin
- LinkedIn: https://www.linkedin.com/in/joeypeloquin/
- Twitter: https://twitter.com/jdpeloquin
John "JP" Pirc
- LinkedIn: https://www.linkedin.com/in/johnpirc/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 07 Jul 2020 00:00:00 -0400

DtSR Episode 402 - Life Security Adulthood

Prologue:

First, I need to apologize for the quality of my (Rafal) audio. For a reason I don't understand, the Skype central record feature absolutely butchered it - could have been something on my end, I simply don't know. It should be listenable, albeit annoying.

Second, huge thanks to Carlos for taking the time out of his busy morning from being a dad and his day job to talk to us. He's got a lot of really interesting and important things to share about his adventures in our industry and community - you should probably listen closely.

Lastly - I have t-shirts to give away. If you want one, follow & re-tweet the @DtSR_Podcast handle and we'll pick a few of you (probably at random) to send shirts to.

Guest

Carlos Perez
- LikedIn: https://www.linkedin.com/in/carlos-perez-a146b917/
- Twitter: https://twitter.com/carlos_perez/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 30 Jun 2020 10:15:44 -0400

DtSR Episode 401 - Vyrus Lessons in Red to Blue

Episode 401

Epilogue: This week, I got to sit down virtually with a long-time friend, and one of the most intelligent and quiet people you'll ever meet in InfoSec. My pal Carl Vincent (some of you may know him by other names) and I chat the transition from Red Team to Blue Team, tools, the state of the industry over the last few years, and just general conversation.

The world around us has changed, and it's important to have real conversations with people who shaped the industry in ways you probably didn't know or realize.

Guest:

Carl Vincent
- LinkedIn: https://www.linkedin.com/in/mcarlvincent/
- Twitter: https://twitter.com/vyrus001

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 24 Jun 2020 09:54:59 -0400

DtSR Episode 400 - Tom Nichols on Expertise

Friends and Colleagues!

We've made it. Milestone episode 400 of the podcast is here. And for the 400th episode I have none other than Mr. Tom Nichols. He's truly a qualified expert on a topic that needs some serious attention in today's world - expertise. In fact, he's written a book about it.

Please enjoy this episode, share it, and I want to thank Tom for taking the time out of his crazy schedule to laugh, educate, and drop a little bit of snark into our day.

Guest:

Tom Nichols
- LinkedIn: https://www.linkedin.com/in/tom-nichols-94a7a23/
- Twitter: @RadioFreeTom
- Go get and read his book: https://smile.amazon.com/Death-Expertise-Campaign-Established-Knowledge/dp/0190865970/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 16 Jun 2020 11:43:44 -0400

DtSR Episode 399 - Post-Pandemic Issues

Episode 399 ... what a crazy ride it's been.

This week we have Brian Chidester - you may recall we had a chat with him on episode 379 which was recorded live at EnFuse Conference 2019 - back to talk about some of the things he's been hearing state and local security leadership talk about.

Great conversation, lots of topics covered... you'll enjoy it.

Also, next up - EPISODE 400!

Guest

Brian Chidester
- LinkedIn: https://www.linkedin.com/in/abchidester/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 09 Jun 2020 23:53:04 -0400

DtSR Episode 398 - Leadership Series: Allan Alford

This week, episode 398 features our Leadership Series and the one and only Allan Alford. Allan has spent a long career building various security practices, advising boards, and generally doing great things.

While we're at it, you should go check out and sign up for the RSS feed of "Defense In Depth" podcast that Allan is a co-host on. They have a great tagline: "Couples therapy for security vendors and practitioners". Check them out here: https://www.linkedin.com/company/ciso-security-vendor-relationship-series/

Guest:

Allan Alford
- LinkedIn: https://www.linkedin.com/in/allanalford/
- Defense In Depth Podcast: https://cisoseries.com/category/defense-in-depth

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 02 Jun 2020 00:39:00 -0400

DtSR Episode 397 - Modern-ish Vulnerability Management

Welcome Down the Security Rabbithole to yet another edition of the DtSR Podcast. We we roll on towards milestone episode 400 James and Rafal discuss a topic that doesn't get nearly enough airplay - vulnerability management.

This isn't just your dad's vulnerability scanning though, or is it? Have we doneanything exciting in this space in the last 15 years? Maybe... kind of...but the problem is much harder.

Guest

Ed Bellis
- Twitter: @ebellis
- LinkedIn: https://www.linkedin.com/in/bellis/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 27 May 2020 10:04:38 -0400

DtSR Episode 396 - Verizon DBIR 2020 Analysis

It's Verizon Data Breach Investigations Report time again. This episode is a yearly walk-through of the DBIR, where Rafal and James once again welcome Gabe Bassett back to the show to talk data, graphics, and lessons we need to learn.

Link to the report:

https://enterprise.verizon.com/resources/reports/dbir/

Guest:

Gabriel Bassett
- LinkedIn: https://www.linkedin.com/in/gabriel-bassett/
- Twitter: https://twitter.com/gdbassett/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 19 May 2020 00:00:19 -0400

DtSR Episode 395 - Can We Fix the MSSP

Special thanks to our friends at AlertLogic - for providing some great discussion points and John for the episode!

This week, as DtSR hits episode 395 on our way to Episode 400, James and Rafal take some time out to ask:

"Hey John, how's the hair?"

It's great to be able to spend time with old friends and just talk about solving some long-standing problems our industry faces. One of the perennial favorites is why MSSPs are all terrible. Well - we have some ideas! Listen in if you've ever been frustrated with your MSSP... and are maybe interested in how the industry can collectively do better.

Guest

John Pirc
- LinkedIn: https://www.linkedin.com/in/johnpirc/
- Rafal's personal note: John's a badass who has more experience in solving broad-scale problems and helping customers and companies through some difficult challenges. His advice is sage... you should probably listen in

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 12 May 2020 00:00:00 -0400

DtSR Episode 394 - High Profile Healthcare Security Leadership

Episode 394

Rafal & James host Keith Duemling from the Cleveland Clinic (talk about high-profile jobs!) to talk about security in the healthcare space, challenges, the future, and other random topics. Keith has spent a large part of his career leading healthcare organizations, so he has a lot to share. Listen in!

Guest

Keith Duemling - Director of Cybersecurity Technology Protection at the Cleveland Clinic
- LinkedIn: https://www.linkedin.com/in/keithduemling/
- Twitter: @KeithDuemling

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 05 May 2020 12:14:58 -0400

DtSR Episode 393 - Smartish Cities

Guess who's back, back again ... James is back, so listen in!

So James is officially back after a bit of a hiatus from the podcast, and on this episode him and Rafal sit down over a fun interview with Matt Lewis Research Director for the UK with NCC Group. Matt is the primary author on a report on "Smart Cities", and it's definitely somethingyou should read.

We talk about the report, discuss the true nature of asmart city and what it means to live in one. Pay particular attention to how difficult it was not to jump right into Die Hard 4 references... although we eventually broke down and did it anyway.

Links

Check out the NCC Group report on smart cities, right here: http://www.mynewsdesk.com/nccgroup/documents/ncc-group-a-blueprint-for-secure-smart-cities-whitepaper-95577

Guest Bio

Matt Lewis is Research Director for the UK with NCC Group (https://www.nccgroup.trust/us/) a security consultancy that has over 35 global offices, 2,000 employees and 15,000 clients. Hes worked in Cyber Security for over 18 years since his Computer Science academic studies, which focused on formal methods for system specification and design. Since then Matt has worked in various roles across Defence, Intelligence, Commercial and Big 4. He specializes in security consultancy, scenario-based penetration testing, vulnerability research and development of security testing tools and methodologies. His consultancy, testing and research experience spans multiple technologies across all sectors and many FTSE 100 and Forbes 2000 companies. He has vast experience in facilitating security assurance within the Government sector. Matt is a public speaker with global recognition of his knowledge and expertise in biometric security. He regularly presents at international conferences and seminars on all manner of cybersecurity-related topics.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 28 Apr 2020 18:31:32 -0400

DtSR Episode 392 - Chris Nickerson is an Original

Ladies and Gentlemen, friends, countrymen, lend me your ears!

This episode of DtSR features one of my favorite guests and one of the better storytelling from the "old days" opportunities I can recall. It also, not accidentally, features one of my favorite totally genuine people from our industry - Chris Nickerson.

I think the best way to describe Chris is like a charismatic honey badger. And if you haven't had the pleasure, you can listen to this episode and get just a small taste of what he's been up to the last few years. Buckle in, it's story time.

Guest

Chris Nickerson ( @Indi303 ) - https://www.linkedin.com/in/nickersonlares/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 21 Apr 2020 01:04:16 -0400

DtSR Episode 391 - Unprecedented Cyber Badness

This week, I'd like to thank JD Work for taking the time to be on the show and sharing his professional experience and expertise with us. The space of cyber policy, at the national and international level, is growing by leaps and bounds; and difficult decisions are often debated even as rapid reactions have to be made. These are difficult times for policymakers in the theater of cybersecurity. JD is an expert in this space and provides some real inside into what's going on, what our policymakers are thinking.

Guest

JD Work
- LinkedIn: https://www.linkedin.com/in/jd-work-22096010/
- Bio: JD Work serves as the Bren Chair for Cyber Conflict and Security at Marine Corps University. He holds additional affiliations with the School of International and Public Affairs at Columbia University, the Elliot School of International Affairs at George Washington University, and as a senior advisor to the Cyberspace Solarium Commission. He can be found on Twitter @HostileSpectrum. The views and opinions expressed here are those of the author(s) and do not necessarily reflect the official policy or position of any agency of the US government or other organizations.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 14 Apr 2020 09:55:48 -0400

DtSR Episode 390 - DFIR 20-20

This week, Brian Carrier joins DtSR to talk about digital forensics and incident response in 20/20. Forensics and incident response has had to evolve and change as devices become more mobile, smaller, and purpose-built. Brian talks through what this change has meant, and how tools and techniques have had to evolve to deal not only with the explosion of device types, but also sizes and various log capabilities (or none at all).

Guest

Brian Carrier
- Twitter: @Carrier4n6
- LinkedIn: https://www.linkedin.com/in/carrier4n6/

Related episodes:

DtSR Episode 365 - "Mountains of Data"
DtSR Episode 320 - "Specializing in Forensics"
DtSR Episode 264 - "Windows Forensics Then and Now"
DtSR Episode 252 - "DFIR with Lesley Carhart"
DtSR Episode 247 - "Internet of Things Forensics"
DtSR Episode 146 - "State of Enterprise Incident Response"

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 07 Apr 2020 00:00:00 -0400

DtSR Episode 389 - Leading Cyber Security in Academia

This week, DtSR dives into security leadership with an academic twist. We have the pleasure of hosting Robert Turner, the CISO of the University of Wisconsin, Madison.

This episode was recorded March 13th, 2020 right as the University and other institutions across the country and the world started their efforts to social distance and work from home due to the Corona Virus (Covid-19) pandemic.

Special thanks to Bob for taking the time out of his busy day, and crazy schedule given the times, to give us insights on his strategy, challenges, and successes!

Guest

Robert Turner - https://www.linkedin.com/in/bob-turner-9936993/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 31 Mar 2020 00:00:00 -0400

DtSR Episode 388 - The SIEM is Dead Long May It Live

Welcome to episode 388, an episode at least 5 years in the making...mainly because it's taken this long to figure out a good way to get Anton on the podcast! Now that he's not an analyst anymore, I snagged him for an honest and open conversation about the one topic he has more expertise in than most anyone I know - the SIEM.

We wax philosophically, I manage to show my ignorance of the state of the art and history of SIEM, and we talk about where SIEM is going. Join us on a great conversation I am thrilled to have been a part of.

Guest

Anton Chuvakin - Let's face it, it's really "The" Anton Chuvakin, right?
- Linkedin: https://www.linkedin.com/in/chuvakin/
- Twitter: @anton_chuvakin
- Blog: https://medium.com/anton-on-security

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 24 Mar 2020 17:04:04 -0400

DtSR Episode 387 - Remote Workforce Leadership

This week, as we all continue quarantines and work-from-home DtSR hosts Valentina Thrner,who is an expert on remote workforce leadership. Valentinaliterally wrote the book (From a Distance) and now she's on the show discussing how to be a leader when your workforce is remote.

Additional Links and Resources

1:1s
- https://remote.co/creative-ways-get-to-know-your-team-when-work-from-home/
- https://knowyourteam.com/blog/2020/02/19/how-to-coach-employees-ask-these-1-on-1-meeting-questions/
- https://getlighthouse.com/blog/one-on-one-meeting-questions-great-managers-ask/
- https://getlighthouse.com/blog/transition-to-remote-work-help-your-team/ - the blog has amazing resources apart from this article
- A great article on how to scale remote work: https://beau.blog/2020/03/remote-work-at-scale/
- Recommended webinar: https://wordpress.com/blog/2020/03/06/a-crash-course-in-remote-management/
- Quick guide on how to set up your remote working strategy: https://intenseminimalism.com/2020/quick-work-remote/

Guest 411

Valentina Thrner
- LinkedIn - https://www.linkedin.com/in/valedeoro/
- Twitter - https://twitter.com/valedeoro

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 17 Mar 2020 17:46:55 -0400

DtSR Episode 386 - Securing a Suddenly Remote Workforce

Covid-19 ... that's the headlines. Everywhere.

The suddenly remote workforce is a problem for many enterprises, and as workers are forced to work from home - security is a problem.

To that end, I snagged Brian Foster who has a long and storied history in our industry, to talk about what he thinks we should be thinking about.

Listen in, share, and let's hear what you think folks! Stay safe and well and most of alldo not panic.

Guest

Brian Foster - https://www.linkedin.com/in/brianfoster1/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 09 Mar 2020 23:58:11 -0400

DtSR Episode 385 - Malware on the Lifeline

Greetings! On this episode of the podcast we present to you an episode we recorded back in January (but then due to a storage error we lost temporarily) with Nathan Collier from Malwarebytes. Nathan reported some findings from his research that basically there was some pre-installed malware running around, impossible to uninstall, on low-cost mobile phones. That kind of villainy is unforgivable (praying on the weak!) so we wanted to hear the whole story...and then some.

Here's one link to the full story, in case you're interested in reading it on your own... https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/

Guest:

Nathan Collier - Malwarebytes

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 03 Mar 2020 16:14:14 -0500

DtSR Episode 384 - Zero Trust Redux 2020

This week Rafal hosts Dr. Chase Cunningham, Forrester analyst and all-around security badass to redux Zero Trust. The last time we tackled the topic was Episode 222 with John Kindervag back in 2016 - so it's time to see what's new.

Zero trust is more than just firewall rules, and it encompasses a lot of security technologies we don't even think about - so this update is a great primer for 2020.

Guest:

Dr. Chase Cunningham - https://www.linkedin.com/in/dr-chase-cunningham-54b26243/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 26 Feb 2020 21:51:15 -0500

DtSR Episode 383 - The Jennifer Ayers Interview

Join Rafal & James this week, as they welcome Jennifer Ayers. Jennifer is the Vice President of Overwatch and Security Response at Crowdstrike.

Rafal and Jennifer worked together "back in the day" so the conversation starts with a little storytelling from the old days, and then works its way into Jennifer's fantastic career and lessons learned over the years in her various leadership positions.

Guest

Jennifer Ayers - https://www.linkedin.com/in/jnayers/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 11 Feb 2020 00:22:32 -0500

DtSR Episode 382 - Jeremiah Grossman Doing the Basics

This week on DtSR Podcast, a long-awaited guest joins us. That's right, the one and only Jeremiah Grossman joins us live from a tropical paradise, and you need to hear his message.

On this show we cover history, "the basics", and the necessity to know what your security attack surface looks like. It's perhaps one of the least sexy topics ever - but if you ignore it, you're pretty much screwed.

Guest:

Jeremiah Grossman - @Jeremiahg - https://www.linkedin.com/in/grossmanjeremiah/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 04 Feb 2020 08:35:25 -0500

DtSR Episode 381 - 5G Security Implications

Welcome friends and fans!

This week we go down the rabbithole with Russell Mohr of MobileIron as we talk about the security implications for 5G. The new standard unleashed upon the American consumer (but more importantly on the commercial market) is changing mobile communication and connectedness.

About the guest...

Russell Mohr is an expert in 5G and mobile technology, with a wide breadth of expertise in other areas as well. Apparently during the early part of the interview, he was attacked by a dog that tried to eat him (I may be guessing, but that's what it sounded like).

LinkedIn: https://www.linkedin.com/in/russmohr/

Big thanks to Becca Chambers for setting this up, and lining up another future guest too!

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 28 Jan 2020 00:00:00 -0500

DtSR Episode 380 - Gadi Tells It Like It Is

Welcome to episode 380 of the DtSR Podcast.

We have a special treat for you this episode, with long-time friend Gadi Evron, and he holds nothing back in his start discussion of our industry. We virtually guarantee this will quickly be your favorite episode...or at least your top 5.

Highlights from this week's episode include...

Gadi unloads on the 'attackers in the spotlight' nature of security conferences
Gadi & Raf chat about 25 years of incidents and what it's leading up to
Gadi is clearly not a fan of "Just do the basics"
Raf & Gadi decide we're clearly going to have to do this again...

Guest

Gadi Evron ( @gadievron ) - https://www.linkedin.com/in/gadievron/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 21 Jan 2020 00:55:48 -0500

DtSR Episode 379 - IoT Transforming LE

This week, in our final (for real this time) episode recorded LIVE from Enfuse Conference 2019, courtesy of OpenText, we chat with Brian Chidester. It's a fascinating conversation about what the IoT world can (and is) do for law enforcement and government ... think smart cities + Cops.

Highlights from this week's episode include...

Brian shatters any last shred of privacy I could believe in through the millions of IoT devices out there 'for our protection'
Brian reminds us hackers set of Tornado alarms around Dallas ...
Brian and Rafal muse about FOIA in the digital age
Brian talks about advances like 'connected firearms'

Guest

Brian Chidester - https://www.linkedin.com/in/abchidester/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 14 Jan 2020 00:00:00 -0500

DtSR Episode 378 - Trending on CISOs

In our final "Live from Enfuse 2019" episode, I had the pleasure of sitting down with Paul Shomo to talk about some of the things he's talked to CISOs about as he travels and advises on behalf of OpenText. It's a pretty interesting conversation...

Once again, thanks to OpenText for having the DtSR Podcast in Vegas!

Highlights from this week's episode include...

Paul and Rafal disagree on whether the cloud transformation is "almost over" or "just begun"
Paul brings up the challenge of API security
Rafal and Paul tackle security budgets - how much you spend vs how you spend it
Rafal asks Paul what's going on with security, and the challenge of identity
A link to Paul's article he mentions: https://www.darkreading.com/cloud/5-cybersecurity-ciso-priorities-for-the-future--/a/d-id/1336325

Guest

Paul Shomo - https://www.linkedin.com/in/paulshomo/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 07 Jan 2020 00:02:45 -0500

DtSR Episode 377 - The Global War for Soft Power

Welcome to 2020, as Down the Security Rabbithole rolls on!

This week we're back with a timely episode on the global war for soft power, with Andrea Limbago, Chief Social Scientist from Virtru. This is an interesting episode, touching on some topics such as privacy and censorship, and very timely.

Highlights from this week's episode include...

Andrea gives us a run-down on "soft power" and why it's important
Raf starts down a rabbithole and gets "dropped"
Andrea discusses how privacy regulation is impacting this space

Guest

Andrea Limbago ( @limbagoa ) - Chief Social Scientist at Virtru - https://www.linkedin.com/in/andrea-little-limbago/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 24 Dec 2019 00:00:00 -0500

DtSR Episode 376 - Protecting Our Kids Online

Merry Christmas, and a Happy New Year listeners of the Down the Security Rabbithole Podcast!

This week the show focuses on one of the most important things any of us really have - our children. Protecting kids in an increasingly digital world is tough, but not impossible. We decided to bring Theresa Desuyo from Qustodio on the show this week to discuss what her company is doing, and the broader theme of protecting children online.

Apologies in advance for Theresa's audio quality. Couldn't fix that in post.

Highlights from this week's episode include...

Rafal takes a shot at a sinister human being
Theresa talks through some of the more ominous things kids can face online
James is curious
Theresa gives us a look into the crystal ball...

Guest

Theresa Desuyo of Qustodio -
Theresa is Qustodios Digital Family expert, leading Qustodios insights into how to best generate talking points around technology use adapted to each familys reality. In addition, she leads growth, partnerships and operations in the US. Before joining Qustodio, Theresa worked in gamification for enterprises and a social enterprise, leveraging technologies to engage employees and for cause marketing initiatives respectively.

She holds a B.A. from UCLA and an MBA from ESADE, is fluent in Spanish, Cataln and native English speaker from California.

As a mother of 3 school-aged children (13, 11, and 5), decisions around technology use is an everyday topic and different for every child. She believes in educating kids and openly discussing the good and the risks associated to digital devices and the internet for them to build the resilience needed today.

Read her professional bio here: https://www.linkedin.com/in/theresadesuyo/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 17 Dec 2019 23:58:42 -0500

DtSR Episode 375 - Malcolm in the Middle (of a Career)

This week, DtSR is joined by Malcolm Harkins - former CISO of Intel and industry insider extraordinaire. Malcolm shares insights from his long and distinguished career so pull up a virtual chair, grab your notebook, and pull over because this is one that's a great listen.

Highlights from this week's episode include...

Rafal asks Malcolm why he doesn't job-hop like most CISOs
Malcolm and Raf discuss the "feature economy"
Raf asks Malcolm to predict the future

Guest

Malcolm Harkins ( @ProtectToEnable ) - Chief Security and Trust Officer at Cymatic https://www.linkedin.com/in/malcolmharkins/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 10 Dec 2019 21:09:28 -0500

DtSR Episode 374 - Mike Daugherty Looks In the Rearview Mirror

This week, on a very special show recorded from his home studio in Atlanta, Rafal welcomes Mike Daugherty back onto the show to tell the story of his crazy journey and battle with the FTC.

Highlights from this week's episode include...

Mike gives a recap of the road to where he got
Rafal and Mike discuss the last few years since episode 171: "When the FTC Attacks"
Rafal & Mike discuss the New Yorker article: https://www.newyorker.com/magazine/2019/11/04/a-cybersecurity-firms-sharp-rise-and-stunning-collapse

Guest

Mike Daugherty - ( @daughertymj ) - https://www.linkedin.com/in/michael-j-daugherty-7a500819/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 03 Dec 2019 16:28:11 -0500

DtSR Episode 373 - Internet of Increasingly Smart Things

Welcome back for another great episode. This week we have a boomerang guest, Amber Schroader, recorded live in Las Vegas at Enfuse 2019.

Highlights from this week's episode include...

Amber wants a rockstar moment, but no confetti canons
Amber dissects Apple, Android, and "other" mobile OSes
We discuss machine-to-machine interactions
...so much more to discuss here!

Guest:

Amber Schroader ( @GingerWonderMom ) - https://www.linkedin.com/in/amberschroader/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 26 Nov 2019 00:03:53 -0500

DtSR Episode 372 - Not the Rise of the Machines

This week on #DtSR (live from Las Vegas, Enfuse 2019 Conference) Rafal chats with Nick Patience of 451 Group. Nick has some expertise in ML and provides context and content that is badly needed to dispel the crazy marketing hype out there.

Highlights from this week's episode include...

Nick answers the "What is ML/AI, and what is it not?"
We think Nick insulted machines by calling their learning potentially "shallow" (haha)
Nick gives us the retail applications of machine learning - grocery stores and similar things
Nick talks about "automating the mundane vs automating the complex" as problem spaces where ML is applicable
Nick explains ML is just software - but it's different from other software

Guest

Nick Patience ( @NickPatience ) - https://www.linkedin.com/in/nickpatience/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 19 Nov 2019 00:00:00 -0500

DtSR Episode 371 - Advancing SOC-as-a-Service

First, and foremost, thank you to OpenText for having the #DtSR Podcast live and in-person in Las Vegas. Enfuse is a fantastic conference bringing together security operations professionals (forensics, threat hunters, SOC analysts), privacy, and legal professionals under one banner. It's a fantastic opportunity to hear some very involved talks, hear about the state-of-the-art, and join the conversation.

Also ... the people you will meet there are amazing - guests and staff.

Highlights from this week's episode include...

Kevin gives us an educated, experience-based opinion on threat intelligence, threat hunting, and other various key terms
Rafal make some snarky comments about "your mess for less" MSSPs
Rafal and Kevin attempt to discuss the analyst shortage - do we solve it with tech or people?

Guest

Kevin Golas, Director of Worldwide Security Services at OpenText - https://www.linkedin.com/in/kevin-golas-cism-cisa-cissp-1126b01/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 13 Nov 2019 14:15:01 -0500

DtSR - This Just In - OpenText and Reveille Announcement Nov 2019

Dropping in for a quick announcement - youheard it here first!

This week a few different announcements went out from OpenText, but this one caught my attention because it could honestly and truly be agame-changer for security and legal teams when it comes to breaches.

Going beyond the typical EDR solution, this announcement may be able to shine light into the questions security and legal professionals need answered in the case of a breach. Check it out.

Official Name: OpenText Content Security for EnCase by Reveille.

Press release: https://www.opentext.com/about/press-releases?id=6A68BD4D22384A45A910DEFBD22BECBD

Guests:

Paul Shomo, Senior Security Architect, OpenText
Brian Dewyer, CTO, Reveille Software

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 12 Nov 2019 01:03:35 -0500

DtSR Episode 370 - Gamifying InfoSec

Down the Security Rabbithole is back for Episode 370, and this week's podcast focuses on gamification, and it's applications to InfoSec. Big thanks to Chlo for joining us and sharing her knowledge. She's a legitimate expert in the field, so give this a listen.

Highlights from this week's episode include...

Chlo explains gamification
Rafal and James ask some tough questions
Chlo explains how games help us learn
Much more, tune in!

Guest

Chlo Messdaghi ( @ChloeMessdaghi ) -VP of Strategy at Point3 Security. She is a security researcher advocate who supports safe harbor and strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to change the statistics of women in InfoSec. She co-founded Women of Security (WoSEC) and heads the SF Bay Area chapter. As well, she created WomenHackerz, a global online community that provides support and resources for hundreds of women hackers at all levelshttps://www.linkedin.com/in/messdaghi/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 05 Nov 2019 00:00:00 -0500

DtSR Episode 369 - Ransomware's End

Welcome to episode 369!

This week Rafal talks ransomware andwelcomesOussama El-Hilali, Chief Technology Officer at Arcserve, andChester Wisniewski, Principal Research Scientist at Sophos to the podcast.

Highlights from this week's episode include...

Chester hits us with some staggering facts and figures about ransomware
Rafal asks if companies should pay the ransom and ducks
Oussama explains why backup companies and anti-malware companies should be besties

Guests

Oussama El-Hilali -https://www.linkedin.com/in/oussama-el-hilali/
Chester Wisniewski -https://www.linkedin.com/in/chester-wisniewski-b428241/

Links

Arcserve landing page for more information -https://www.arcserve.com/partners/alliances/sophos/
Sophos press release on the alliance -https://www.sophos.com/en-us/press-office/press-releases/2019/09/sophos-and-arcserve-to-offer-all-in-one-data-security-and-protection-from-cyberattacks.aspx

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 30 Oct 2019 10:21:10 -0400

DtSR Episode 368 - Contain(er) Your Security

Welcome to another edition of the DtSR Podcast! This week Liz Rice joins us all the way from the(still) UK, and James is back too! What a treat... join us and read the show notes!

Highlights from this week's episode include...

Liz explains containers, security, and gives us a foundation
Liz explains the fundamental stages of securing containers
Liz explains the model of different types of containers and the things you need to worry about
Rafal asks "where do you install the agent?"

Guest

Liz Rice - ( @LizRice ) - Liz Rice leads Aquas technology evangelism activities in the cloud-native ecosystem. She is an active member of the open source community, and an award-winning speaker known for her live-coding demos. She is currently co-chair of KubeCon & CloudNativeCon. Prior to getting immersed in containers she built up a wealth of software development, team, and product management experience working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP with companies including Skype, Last.fm and Metaswitch Networks. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, and competing in virtual races on Zwift. Find her on LinkedIn:https://www.linkedin.com/in/lizrice/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 22 Oct 2019 15:34:22 -0400

DtSR Episode 367 - Cloud Babies

This week, #DtSR Podcast is recordedlive from Dallas at the Armor SecureCon inaugural user conference. Rafal had the occasion (and good fortune) to get a few minutes to sit down with Jeff Collins (CSO, Lightstream) and Kristopher Russo (Security Architect, Herman Miller) and chat cloud.

P.S. - Welove in-person conversations!

Highlights from this week's episode include...

Jeff talks about Lightstream's cloud foundational framework and why it's a must-do if you're thinking cloud
Kristopher some inner wisdom on architecture and business alignment
Rafal makes a snarky comment about frameworks

Guests

Jeff Collins, CSO Lighstream -https://www.linkedin.com/in/jmcollins/
Kristopher Russo, Architect, Herman Miller -https://www.linkedin.com/in/krisrusso/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 15 Oct 2019 12:04:27 -0400

DtSR Episode 366 - D I Why and How

Welcome Down the Security Rabbithole, to the DtSR Podcast.

This week, Zac Rosenbauer joins us to talk about what it's like to be "the IT guy" who also has to be vigilant of security in a fast-paced startup...based on Google's cloud platform. It's a riveting episode that will give you some good guideposts if you're about to DIY.

Highlights from this week's episode include...

Zac introduces what it's like to work in a rapidly evolving startup
We discuss some of the DIY that Zac has had to work with
Wait ... compliance...

Guest

Zac Rosenbauer - VP of Technology at Precognative -https://www.linkedin.com/in/zacrosenbauer/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 08 Oct 2019 00:00:00 -0400

DtSR Episode 365 - Mountains of Data

Welcome back to another episode ... this one sets up DtSRs appearance at the Enfuse Conference 2019 in Las Vegas in November. Give this topic a listen, as it doesn't matter whether you're in legal, compliance, or security - you need to understand this topic well.

We want to thank Opentext for sponsoring DtSR's trip out to Las Vegas for the conference, and of course we encourage you tojoin us out in the desert for another really well-done conference on the intersection of law, compliance, privacy, and security.

Highlights from this week's show include...

Anthony uses the phrase "data exhaust"
We get a peek into the intersection of big data, and big forensics
Anthony, James, and Rafal discuss 'real time identification' that's way beyond what your IPS can do
Anthony gives an insider peek into Enfuse 2019 including a keynote by James Clapper

Guest

Anthony Di Bello - Vice President, Strategic Development at Opentext:https://www.linkedin.com/in/anthony-di-bello-29b419b/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 01 Oct 2019 00:00:00 -0400

DtSR Episode 364 - Interviewing Jerry Archer

Welcome!

This episode of Down the Security Rabbithole Podcast was recorded live from Dallas, TX where the Security Advisor Alliance Summit 2019 was happening. One of the hardest working men in the business, Mr. Jerry Archer, stopped by and took a few minutes off his schedule to let Rafal interview him and get some of those amazing nuggets of wisdom and experience into your ears.

Feedback, as always, is welcome!

Highlights from this week's show include...

Jerry sets the background for his knowledge by dropping his 40+ years experience
Jerry talks about risk management and reporting to the board
Jerry goes a little crazy talking about his budget
...so much more!

Big thanks to Sidney, AJ, Jerry and the rest of the SAA crew for having me aboard and letting me add some value to this very worthy cause. Folks, if you aren't a part of this thing, go tohttps://www.securityadvisoralliance.org/and find your cause.

Guest

Jerry Archer - SVP/Chief Security Officer at Sallie Mae; you can read more about Jerry's career here:https://www.linkedin.com/in/jearcher/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 25 Sep 2019 00:40:28 -0400

DtSR Episode 363 - That Oh Shit Moment

This episode was recordedlive from the Security Advisor Alliance Summit, 2019 in blistering hot Dallas, TX. If you don't know what the Alliance is, or are asking yourself why you should bother, click here and find out why this is one of those organizations that youmust be part of if you're serious about cybersecurity.

Highlights from this week's episode include...

Graeme introduces himself
Rafal & Graeme talk about security atscale
Graeme discusses some of the insights of the Equifax breach
Graeme dispenses knowledge and experience by the truckload

Guest

Graeme Payne ( @Cybersecurity4E ) - Shelve whatever you think you know about him. Graeme was the CIO of the business unit that had that catastrophic breach over at Equifax a few years ago. He's on LinkedIn here:https://www.linkedin.com/in/payneg/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 17 Sep 2019 16:52:07 -0400

DtSR Episode 362 - Real Security is Hard

Friends & Colleagues, this week I have the pleasure of being joined by one of my good friends and industry veteran - the one and only Jim Tiller. We revisit the things we talked about in Episode 102 and get an update on the state of security from a guy who would know.

Pre-requisite listening: Episode 102 -http://ftwr.libsyn.com/dtr-episode-102-security-leaders-series-jim-tiller

Highlights from this week's show include...

Jim & Rafal talk about the "feature economy" that is the security vendor marketplace today
Jim explains the statement "Complexity is the camouflage for bad guys"
Jim explains what he believes security organizations have accomplished in the last 5 years
Rafal & Jim lament the 'fundamentals'

Guest

Jim Tiller ( @Real_Security ) -https://www.linkedin.com/in/jitiller/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 11 Sep 2019 00:31:21 -0400

DtSR Episode 361 - Your Adversary Problem in 2019

This week Adam Meyers joins James & Rafal to talk about the Crowdstrike Mobile Threat Landscape Report 2019 -https://www.crowdstrike.com/resources/reports/mobile-threat-report-2019/and the learnings and lessons therein.

Highlights from this week's episode include...

Adam gives us the lowdown on adversaries, in 2019
Adam bakes some bread
Rafal asks who the biggest and baddest attackers are
So much more... check out the link above, read the report!

Guest:

Adam Meyers -https://www.linkedin.com/in/adam-meyers-7a58481/- VP, Intelligence at Crowdstrike. We'll let him explain the rest...

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 27 Aug 2019 00:00:00 -0400

DtSR Episode 360 - Thwarting Bots and Frauds

This week, Rafal sits down in person with Sam Bouso of Precognitive, in Chicago headquarters to talk about some very cool tech that's probably only on the periphery of security. Give it a listen!

Highlights from this week's show include...

Sam discusses the problem that bots and fraud pose to not only digital commerce but overall digital interaction
Sam and Rafal talk through the various buzzwords (machine learning, AI, etc) and their real applications here
Sam talks through how algorithms and massive data sets can identify human from non-human
So much more

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 20 Aug 2019 01:16:22 -0400

DtSR Episode 359 - Mind the Diversity Gap

This week, in the 2nd of two installments recorded live at Black Hat 2019, Alyssa Miller joins Rafal live to talk about some of the talks she's giving, and takes us back in time.

Highlights from this week's show include...

Rafal and Alyssa discuss the very real problems the lack of diversity in technology creates
A jab is taken at the TSA ...because it's just too easy
Alyssa revisits the 'castle analogy' for InfoSec and why it's so tough to get right
Much more fun... you'll have to listen in!

Guest

Alyssa Miller ( @AlyssaM_Infosec ) - Alyssa's bio and website is here:https://alyssasec.com/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Thu, 15 Aug 2019 00:14:08 -0400

DtSR Episode 358 - No More Crappy Job Hunts

This week on another jammed-packed episode, Rafal takes to Black Hat 2019 to interview some interesting guests that have something unique to tell you. We start with Deidre Diamond, the lady behind CyberSN - and why she's reinventing the way you get your next InfoSec job.

Highlights from this week's show include...

Deidre tells us a little bit about what's new at CyberSN
Rafal & Deidre discuss the insane InfoSec job market
Deidre explains why how she's planning on eliminating hiring bias in the InfoSec workforce
The last time Deidre joined us was episode 337 -http://ftwr.libsyn.com/dtsr-episode-337-insights-on-cyber-talent
For more, go to www.cyberSN.com/and click the "Know More" icon in the top-right corner and get started!

Guest

Deidre Diamond( @Cyber_SN ) -With over 20 years spent leading technology and cybersecurity organizations, Deidre Diamond offers a great perspective on the issues that matter most in our industry. Her vision, to transform employment searching has remained constant since she founded CyberSN in 2014. Find her on LinkedIn:https://www.linkedin.com/in/deidrediamond/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 05 Aug 2019 17:43:32 -0400

DtSR Episode 357 - Hacker Summer Camp 2019

This week, James and I sit down to think (and talk) through Black Hat (and Defcon) 2019. "Hacker Summer Camp" as it's affectionately known in the industry, is a rite of every summer...but is it delivering value to attendees, do we have the right audience, and is the content worthwhile? This and more...

Highlights from this week's show include...

Raf and James reminisce about summer camp days gone by
Rafal addresses Dino's excellent-sounding keynote (abstract)
Raf & James discuss the hype (or more precisely, the lack thereof) of this year's conference and why it's nice for a change
All this and more...so tune in!

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 30 Jul 2019 10:20:12 -0400

DtSR Episode 356 - Its Been a While Andy

Welcome down the security rabbithole friends! This week, Andy Kalat takes a few minutes off from recovering to chat and comment on the state of security, and what's different since we first met back in... 2003? Fun episode... It's been a while, Andy!

Highlights from this week's show include...

Andy and Rafal try and figure out when they first met...in real life
Andy points out the problem vendors suffer from "problem-scope-limiting" (this is an interesting one...)
Are things getting better? The guys discuss...snark ensues
Rafal asks Andy to predict what will change in the next ~5yrs

Guest

Andrew Kalat ( @LERG ) - Andy is an IT Security Executive, Co-Host of the Defensive Security Podcast, Speaker, Writer...according to his LinkedIn profile, here.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 23 Jul 2019 00:00:00 -0400

DtSR Episode 355 - Threat Modeling Rides Again

My dear listeners - we have John Steven back on this episode! If you don't remember his first appearance, it's OK, it was a little while ago back on episode42 ...http://podcast.wh1t3rabbit.net/dt-r-episode-42-threat-modelingso it's been a while!

Highlights from this week's show include...

John gives us a run-down on the new things since the last episode
James & John talk OWASP Top 10
The guys try to understand what happened to Threat Modeling, and security overall, over the last decade
So much more, you'll have to listen

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Thu, 18 Jul 2019 00:42:01 -0400

DtSR Episode 354 - Pragmatic Azure Security

Fans & Listeners!

This week we have a treat for you... as this episode is recorded LIVE from Microsoft's Inspire 2019 in Las Vegas (where it was 117F) but the conversation here is way hotter.

Highlights from this week's show include...

What is Microsoft releasing to help guide secure Azure deployment?
Mark and Jeff debate "What exactly is the value of "best practices"?"
So much more packed into this extended episode!

Links to things you need:

Azure security guidance & best practices:https://aka.ms/AzureSecurityArchitecture
Microsoft cybersecurity reference strategies:https://aka.ms/CISOWorkshop
Things Mark thinks you should have handy:https://aka.ms/MarksList

Guests:

Mark Simos ( @MarkSimos ) - Lead Architect, Cybersecurity Solutions Group, Microsoft
Jeff Collins - Chief Strategy Officer, Lightstream

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 09 Jul 2019 00:00:00 -0400

DtSR Episode 353 - Ira Winkler on Point

Yes, DtSR took a week off ... we were due.

This week, Ira Winkler joins Rafal to go down the rabbithole and talk about his career, opinions on our profession, and other important stuff. Sit back, take notes, and enjoy.

Highlights from this week's show include...

Ira gives a run-through on his career and what's gotten him "here"
Ira and Rafal discuss "breaking into security" and how it's being sold now, versus what realityshould be
Ira gives us his take on training, certifications, career paths and the like
Yeah, so much more...

Guest

Ira Winkler ( @IraWinkler ) - This guy: https://www.linkedin.com/in/irawinkler/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Mon, 24 Jun 2019 00:22:18 -0400

DtSR Episode 352 - AWS REInforce Warm Up Episode

This week, ahead of AWS RE:INFORCE 2019 (the first one) Rafal gets a conversation with buddy Mark for a candid talk about the top 3 public cloud providers, and a little insight into the evolution of the industry ... or not...

Highlights from this week's show include...

What are we expecting from AWS RE:INFORCE this inaugural year?
Mark gives us his take on the security in the three major public cloud providers
Rafal and Mark reminisce about how things were...and where they are in terms of cloud, and security
Mark and Rafal laugh about the opportunity security teams have right now...or may be missing

Guest:

Mark Nunnikhoven ( @marknca ) - Mark's awesome. He's also the Vice President of Cloud Research at Trend Micro. Other stuff he does here:https://www.linkedin.com/in/marknca/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 19 Jun 2019 00:32:06 -0400

DtSR Episode 351 - Deeper Into the Microsoft Security Ecosystem

Thank you to Microsoft for sponsoring this show, and our podcast over the years...

Highlights from this week's show include...

Rob discusses what "Microsoft Threat Protection" is, isn't, and why it's relevant today
Rob gives us some context to "trillions of signals" - what does that mean?
Rob provides perspective on the pillars of operational excellence required to make Microsoft's vision a reality in damn-near-real-time
Rafal and Rob discuss what the ecosystem looks like, and how it's being released into production
Rob answers whether Microsoft consumes its own tools the answer may surprise you

Guest:

Rob Lefferts - @rob_lefferts -
Microsoft Responsibilities/Contributions As corporate vice president for M365 Security within Experiences and Devices, Rob Lefferts is responsible for ensuring that Microsoft 365 provides a comprehensive and cohesive security experience for our all of our customers. Prior to this role, he led the Windows Enterprise & Security team, where he was responsible for hardening the Windows platform, building intelligent security agents, and driving commercial adoption of Windows 10.Since joining Microsoft in 1997,Lefferts has been instrumental in shaping key products and technologies, from helping develop the original SharePoint Portal Server to leading extensibility efforts for the Office platform to championing the vision for Microsoft 365.

Pre-Microsoft Work Experience Rob began his career at Claritech, a startup that was born from a Carnegie Mellon research project. He then consulted with the Government of Namibia, Africa.

Education Heearned a bachelors degree in logic and computation, as well as a masters degree in computation linguistics, from Carnegie Mellon University.

Family/Other Interests Rob and his wife have two children and live in the Seattle area.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 11 Jun 2019 02:27:42 -0400

DtSR Episode 350 - Deep Learning on Deep Packets

Show Note:As most of you know, this show has long refused to use advertisements, or ad revenue to keep itself going. That said, I openly welcome organizations who have something interesting to say and some extra marketing dollars to give, to sponsor an episode while still going through the same vetting process as everyone else. This is one of those shows.

This week James and Rafal are joined by Saumitra Das, the Chief Technology Officer for an interesting little start-up called Blue Hexagon. If you find yourself nodding along and interested in hearing more, we encourage you to go check out their website and let them know you hear of them on this show.

Highlights from this week's show include...

Saumitra shares his insights on AI, machine learning, and the limitations and mis-uses of them
We discuss the challenges of finding 'malice' at extremely high volumes, at extremely high rates of speed, and in extremely diverse environments
Saumitra previews the methods Blue Hexagon use to approach this problem and potentially start to draw a viable approach

Guest

Saumitra Das - CTO at Blue Hexagon -https://www.linkedin.com/in/saumitramdas/
- Fun fact, Saumitra has over 330 granted patents...how many you got?

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 04 Jun 2019 14:22:46 -0400

DtSR Episode 349 - Verizon 2019 DBIR Double-Live Part 2

Friends & listeners - welcome to the 2nd half of the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report.

Highlights from this week's show include...

We all talk patching... why it's hard, what we can do about it, and realities of patching
Gabe does more live data analysis
We get an insight into how long and how hard this report is to produce

Guest

Gabriel Bassett ( @gdbassett ) - Gabe is one of the writers and data scientists behind the Verizon DBIR. His LinkedIn is here:https://www.linkedin.com/in/gabriel-bassett/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 28 May 2019 23:32:08 -0400

DtSR Episode 348 - Verizon 2019 DBIR Double-Live Part 1

Friends & listeners - welcome to the 2019 Verizon DBIR 2-part extravaganza. Gabe Bassett, one of the authors of the DBIR, joins Rafal & James to talk stats and lessons we can take away from the report.

Highlights from this week's show include...

Gabe distinguishes between an incident and a breach - for those of you who need the refresher
Gabe dives into the stats to talk about small businesses, and the impact of breaches on them
Gabs does some live data science for us, pulling in stats on-the-fly
We avoid the 'patching' discussion (that's for the 2nd half)

Guest

Gabriel Bassett ( @gdbassett ) - Gabe is one of the writers and data scientists behind the Verizon DBIR. His LinkedIn is here:https://www.linkedin.com/in/gabriel-bassett/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 21 May 2019 00:00:00 -0400

DtSR Episode 347 - Inside the RH-ISAC

This week, Tommy McDowell who is theVice President at the Retail and Hospitality Information Sharing and Analysis Center, joins Rafalin person, in Dallas.

Highlights from this week's show include...

Tommy gives us a background on himself, and the RH-ISAC (and it's mission statement, and such)
Tommy & Rafal discuss the difficulty in setting up an information sharing center
Tommy gives us insights into why retail and hospitality need their own unique threat sharing network

Guest:

Tommy McDowell -https://www.linkedin.com/in/tommy-mcdowell-97184116/- It's easier to just let you go look at Tommy's page on LinkedIn. He's got a storied, and very interesting, career that we could not possibly do justice to here.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 14 May 2019 01:46:30 -0400

DtSR Episode 346 - Green Waxes Mostly Academically

This week, Rafal gets the rare occasion of sitting down face-to-face with someone and do an interview in person. Andy Green is a great if not sharky fellow, who helped me get over my PG rating for this podcast. So ... it's probably PG-13.

Highlights from this week's show include...

Andy talks about BSides Atlanta and the labor of love that is getting a conference stood up
We talk about conference drama - because we all need more of that in our lives
Andy discusses academic programs, shaping young minds, and being a universally beloved professor (not)

Guest:

Mr. Andy Green ( @SecProfGreen ) - Andy is a lecturer of Information Security at Georgia's Kennesaw State University. When he's not running Atlanta's BSides ATL heteaches classes in the Information Security and Assurance degree program, in the InformationSystems department of the Michael J. Coles College of Business at Kennesaw State University.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 07 May 2019 01:15:53 -0400

DtSR Episode 345 - RaffCon the Podcast

This week on the podcast, Rafal gets some one on one time with Raffael Marty ... and it's #RaffCon.

Highlights from this week's show include...

Raf & Raffy discuss the origins of #RaffCon
Raffy talks through Artificial Intelligence...in security
Raf and Raffy dive into "risk management"

Guest:

Raffael Marty - ( @raffaelmarty ) -Data analytics and visualization enthusiast. Interested in large-scale big data and cloud infrastructures tosupport cyber security use-cases. "How can we assist users to gain deep insight into large amounts of data?" I have spent a lot of time building and defining the security visualization space through open.Ioversee Forcepoint's X-Labs, a specialized department within Forcepoint that is responsiblefor behavior-based security research and the development of predictive intelligence. In additionto traditional threat and security intelligence, we are the home of data science,machine learning, and artificial intelligence within Forcepoint.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 01 May 2019 17:44:13 -0400

DtSR Episode 344 - You've Probably Been Pwned

This week, Rafal is joined by the man, the myth, the Aussie legend - Troy Hunt. We basically talk about whatever is on his mind - which, as it turns out is a lot. Take a listen, we may publish an English translation later (joking, Troy!).

Highlights from this week's show include...

Troy gives a run-down on HaveIBeenPwned
We talk through some of the interesting use-cases for HaveIBeenPwned data
Troy gives perspective on usernames, passwords, and other important things technology/security related

Guest

Troy Hunt ( @TroyHunt ) - Troy is aMicrosoft Regional DirectorandMost Valuable Professionalawardee for Developer Security, blogger attroyhunt.com, international speaker on web security andthe author of many top-rating security courses for web developers on Pluralsight.
I created HIBP as a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach. I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community.

Short of the odddonation, all costs for building, running and keeping the service currently come directly out of my own pocket. Fortunately, today's modern cloud services like Microsoft Azure make it possible to do this without breaking the bank!

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 23 Apr 2019 01:42:59 -0400

DtSR Episode 343 - The 31st Human Right

This week, on a riveting edition of Down the Security Rabbithole Podcast Raf sits down with Richie Etwaru, a human data ethicist and Founder and CEO of Hu-manity.co.

What's a human data ethicist, you ask? Listen to the podcast, and find out.

Highlights from this week's show include...

Richie walks us through data ownership as a fundamental human right, including whynow is the right time in history
Raf and Richie discuss the principles of data ownership and how they're different from privacy or security
Richie discusses data ownership as a great leveling factor for society
SO much more...

Guest

Richie Etwaru -Richie Etwaru is a human data ethicist and the Founder & CEO at Hu-manity.co where he is responsible for vision, strategy and execution focus for the company. He is driven to reshape the world by creating a new data economy, where inherent human data is legally human property.

He has held c-level roles at Fortune 500 companies for two decades, and serves as advisor to venture capitalists, startups, governments, academia, and large organizations on transitioning to Trust Companies.

Richies book Blockchain Trust Companies, Every Company is at Risk of Being Disrupted by a Trusted Version of Itself (2017) is used by universities, consulting organizations, and governments, and his TEDx talk Blockchain Massively Simplified has been viewed almost 1 million times.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 16 Apr 2019 14:19:57 -0400

DtSR Episode 342 - Michael Coates Has Things to Say

This week on episode 342, Michael Coates joins Rafal & James for the 2nd time. Michael's first episode was way, way back in 2015 on episode 134 titled "Fundamental Security". Looks like things haven't changed much.

We highly recommend you check out episode 134 first, then listen to this one. Trust us, you want the context.

Highlights from this week's show include...

Michael gives us an opinion on "what's changed" in the last decade or so
Michael discusses "risk", "technical risk", and the Enigo Montoya problem in security
Michael gives an overview of what he thinks the profile of the CISO should be
Michael gives his take on why he thinks low false-positive rates are important and automation is the future

Guest

Michael Coates: ( @_mwc ) All you need to know is here, on his LinkedIn page:https://www.linkedin.com/in/mcoates/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 09 Apr 2019 02:26:15 -0400

DtSR Episode 341 - Discussing Security Reference Architecture

This week, in the final installment of "Live from RSA Conference 2019" Rafal interviews Mark Simos, who is the definitive source for reference architectures at Microsoft. He's the Lead Architect in the Enterprise Security Group and he's doing some amazing things for the community with regards to the Azure cloud and other Microsoft-related security things. Give this episode a listen and share it ...maybe listen again and take good notes!

Highlights from this week's show include...

Mark discusses security reference architectures (in general)
Mark and Raf rap on the shared responsibility model for the cloud...again
Mark answers "What's different about security in the cloud?"
Mark raises the concept of "raising the cost to the adversary" for defenders...

Guest

Mark Simos - ( @MarkSimos ) -Mark is Lead Architect in Microsofts Enterprise Cybersecurity Group where he is part of a group of cybersecurity experts who create and deliver unique cybersecurity services and solutions to Microsofts customers.

Mark has contributed to a significant amount of Microsoft cybersecurity guidance - most of which can be found on Mark's List (http://aka.ms/markslist)

Mark focuses on cybersecurity guidance to help customers manage cybersecurity threats with Microsoft technology and our partner solutions. Mark's current focus is on security assessments and roadmaps that span the spectrum of security topics including privileged access, high value asset protection, security strategies and operations, datacenter security, and information worker protection.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 02 Apr 2019 00:00:00 -0400

DtSR Episode 340 - Diana Kelley from RSA 2019

This week, Down the Security RabbitholePodcast is publishing episode 3 of 4 which were recorded LIVE at RSA Conference 2019. This episode features Diana Kelley, of Microsoft, talking about the latest security report and other goodies.

Highlights from this week's show include...

Diana discusses the highlights from the latest Microsoft Security Intelligence Report
Raf provides an opinion on how Microsoft could totally own the endpoint space
Rafal & Diana dive back into passwords...apparently, we just can't get away from them
Diana tells a really interesting story about Microsoft Windows Hello and twins

Guest

Diana Kelley - @DianaKelley14 -Microsoft Enterprise Cybersecurity Group Leadership team member. Represent Microsoft atglobal security conferences, author-industry analysis, white papers, and blogs on Microsoft security strategy and response to cyber threats. Contribute to the all up security messaging and provide insight into the strategic vision and direction for the company in close partnership with marketing, business groups, and engineering, as well as working closing with the security PR and AR teams.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 27 Mar 2019 22:12:32 -0400

DtSR Episode 339 - Insuring Against Acts of Cyber War

This week, driven by the news cycle, and an interesting story... Rafal & James invite George and Shawn, as actual experts, onto the show.

Highlights from this week's show include...

This news story -https://www.infosecurity-magazine.com/news/zurich-refuses-to-pay-out-for/
George & Shawn discuss the language of cyber policies
We discuss language, inclusions, exclusions, and such
George brings up Information vs Cyber, security

DtSR Episode 338 - Failure of Risk Management

This week, part 2 of a four-episode set recorded live from RSA Conference 2019. This time, it's Phil Beyer's turn to have a turn at the microphone...

Highlights from this week's show include...

Phil talks up "The failure of risk management"
We discuss the realities of risk management
Raf asks "How do we make more informed risk decisions?"
Raf and Phil talk through thread models and why they're relevant
...and so much more

Guest

Phil Beyer -https://www.linkedin.com/in/pjbeyer/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 12 Mar 2019 00:37:35 -0400

DtSR Episode 337 - Insights on Cyber Talent

This week, in the first of a four-part "Live from RSA Conference 2019" series, Rafal interviews Deidre Diamond. Deidre knows a little something about cybersecurity talent having worked in the field most of her professional career. We discuss all kinds of interesting and relevant topics...

Highlights from this week's show include...

Deidre presents her new "human model" for hiring, staffing, and retaining excellent talent
We discuss the difference between a good leader, and just a good manager and why those aren't the same
We discuss the pay gap, why it's still a thing, and what's to be done about it
Deidre discusses the challenges women face in cybersecurity, and what's changing

Guest:

Deidre Diamond: (@DeidreDiamond) -https://www.linkedin.com/in/deidrediamond/in her own words:
- Combining my 21 years of experience working in technology and staffing, my love for the cybersecurity community, and a genuine enthusiasm for people; I created Cyber Security Network (http://www.cybersn.com), a company transforming the way Cyber Security Professionals approach job searches. CyberSN.com will remove the frustration from job-hunting, and aid in interpersonal connections and education.
  
  Throughout my career, I have built large-scale sales and operations teams that achieved high performances. Creating cultures based on an anything is possible attitude allows people to achieve above and beyond the usual. By establishing an open communication framework throughout an organization; I have created cultures of positive energy, career advancement, and kindness, that enables teams to reach beyond peak performance and have fun at work.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 26 Feb 2019 02:09:43 -0500

DtSR Episode 336 - Energy Sector Security Update Q1-2019

This week, Patrick Miller joins Rafal to provide an update on the energy sector, and what's different (or not). Another episode with a returning guest who continues to provide timely and important updates on key "big picture" security issues.

Highlights from this week's show include...

Patrick gives us a "state of the union" update on what's going on in the power industry with security
Raf asks "are we getting better... or worse?"
Patrick discusses IoT, IIoT, and "everything has an IP address"
Patrick tells a story about his recent encounter with a 386 & DOS 2.2 (if you know what this is, you're old)

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 19 Feb 2019 10:32:18 -0500

DtSR Episode 335 - Ranking the Adversaries

This week, in a special episode, Dmitri Alperovitch of Crowdstrike joins Rafal to talk about a brand new report thatCrowdstrike is releasing. The Crowdstrike2019 Global Threat Report is a must-read with some very interesting topics covered. Dmitri joins Rafal to talk specifically about the ranking of threat actors, and what it means toyou.

Highlights from this week's show include...

Dmitri explains "breakout time" and why it's important
Dmitri gives a walk-through of the methodology used to rank your global adversaries
Dmitri & Rafal talk through who's on first, and what's up with China
Rafal & Dmitri talk about what this report means toyou sitting at your desk playing defender

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 12 Feb 2019 01:28:35 -0500

DtSR Episode 334 - Compliance and Operational Process

This week, on the DtSR Podcast,Rafal is joined by Matt Herring, long time listener, and first-time caller. We talk through Matt's career path, and how he got to head up a global security operations team. It's a pretty interesting story - you should listen.

Highlights from this week's show include...

Matt talks us through how he got into being an auditor
Matt and Raf compare and contrast compliance and security (yes, really)
An uncomfortable discussion on market consolidation ensues
Matt gets put on the spot for leading and trailing indicators, provides some insights

Guest:

Matthew Herring - @MatthewDHerring - Found on LinkedIn here:https://www.linkedin.com/in/matthew-herring-cissp-63277038/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 05 Feb 2019 01:32:50 -0500

DtSR Episode 333 - Security Evolution and Trends

This week James and Rafal talk to Sean Martin, one of the people who have been quietly making a difference in the security industry for almost three decades. Sean is credited with many innovations, ideas, and trends...and he spends some time discussing that with us.

Highlights from this week's show include...

We collectively quickly make fun of the SIEM (yesterday, today, and next decade)
Sean talks through the "feature companies" that are hitting the market in a recent couple of years
Raf brings up the idea that we really don't understand the impact of the technology we create for 10+ years - what does that mean for security?

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 29 Jan 2019 23:40:55 -0500

DtSR Episode 332 - Security in Transformation

This week, long-time friend and colleague Jenn Black (doer of interesting things) joins James and Rafal on the podcast to talk about the role of security leaders in the digital transformation efforts of enterprise shops. Interesting conversation ensues.

Highlights from this week's show include...

Jenn, James, and Rafal discuss the role of the security lead in enterprise digital transformation
Jenn shares some of her experience in aiding CISOs with building security programs to support 'the business'
We make light of the fact that it's a million degrees below zero up north

Guest

Jenn R. Black ( @JennRBlack ) -With over 18 years of experience within IT and cybersecurity managed services, Jenn helps companies manage their cybersecurity threats, vulnerabilities, and risks to meet regulatory and business needs, while driving process efficiency. As a consultant in a cybersecurity practice, she works closely with clients to define their cyber strategy, create roadmaps and solutions to meet the companys security objectives.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 23 Jan 2019 01:09:28 -0500

DtSR Episode 331 - Incident Response and Counterfactuals

This week second-timer Jon Hawes is back for another trip to the microphone to talk about his interesting take on risk, response, and the security world we live and breathe. With interesting anecdotes and a firm grasp on real-world risk discussions, Jon and Raf have a pretty enlightening chat you will benefit from.

Highlights from this week's show include...

Jon discusses the concept of a "counterfactual"
Jon discusses feedback loops in how incidents are handled
Jon and Raf talk through how security professionals discuss 'risk' and what we can do to better the conversation

Guest:

Jon Hawes -https://www.linkedin.com/in/jonhawes/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 15 Jan 2019 00:00:00 -0500

DtSR Episode 330 - Biometrics for Authentication

This week, James and I sit down to discuss biometric authentication and some of the FUD around ways it can be broken. This ends pretty much the way you think it does.

Highlights from this week's show include...

James & Raf talk about how hackers used a "wax hand" to fool a vein auth system
- Link:https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbug
Fingerprint authentication to start your car?! We take this discussion to task
- Link:https://www.forbes.com/sites/jeanbaptiste/2018/12/27/hyundai-motor-lets-drivers-use-fingerprints-to-unlock-and-start-new-car/
James & Raf deconstruct the argument for and against biometric security
We ask "Does it matter that biometric auth is hackable?"

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 09 Jan 2019 00:16:30 -0500

DtSR Episode 329 - Volunteering Your Career

This week, on the DtSRPodcast recorded way too early on a Monday morning, we talk volunteering in InfoSec with Kathleen Smith. Kathleen is the CMO of ClearedJobs.net and CyberJobs.com - and she recently ran a volunteerism survey (link:https://cybersecjobs.com/cyber-security-community-volunteering-report) you should probably check out too.

Highlights of this week's show include...

Kathleen discusses some of the highlights of the survey
We discuss some of the things volunteers learn, and why this is critical to our community
Several jokes are made
We discuss the value of volunteering and its impact on your career
and much, much more

Guest

Kathleen Smith - @YesItsKathleen - CMO, ClearedJobs.Net/CyberSecJobs.Com, both veteran-owned companies, she spearheads the community-building, and communications outreach initiatives catering to the both organizations many audiences including security cleared job seekers, cybersecurity candidates, and military personnel. Kathleen has presented at several security conferences on recruiting and job search within the cybersecurity world to include BSidesLV, BSidesTampa, BSidesDE, FedCyber. Kathleen volunteers in the cybersecurity community; she is the Director, HireGround, BSidesLVs 2-day career track. Kathleen is well respected within the recruiting community, is the co-founder and current President of recruitDC, the largest community of recruiters in the Washington DC area

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 01 Jan 2019 20:30:25 -0500

DtSR Episode 328 - Who Who Who Are You

This week, James and Rafal welcome in 2019 with a look at the fundamentally fatalistic argument that "everyone gets hacked" - with Richard Bird. They discuss whether that's even a valid statement, and if so, what can we do about it?

Highlights from this week's show include...

Richard addresses the question of whether we've addressed a fundamentally fatalistic attitude towards security
The guys discuss whether the real perimeter, as we go into 2019
Richard schools the guys on identity - and what it's not the perimeter, but something else

Guest

Richard Bird -Chief Customer Information Officer at Ping Identity - Link:https://www.linkedin.com/in/rbird/
(Yes, Richard is the guy with the smashingly handsome bowties!)

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 19 Dec 2018 01:28:24 -0500

DtSR Episode 327 - Experienced Security Leadership

This week James is back on the microphone with Rafal as they interview 2 industry veterans to talk about the right approach to security leadership, and developing that talent pool. We talk to Yaron and Setu to get a sense of what their thoughts are on where good security leaders come from, and the hallmarks of that experience.

Highlights from this week's show include...

the curious case of the cyber head who doesn't computer
Yaron and Setu give us their thoughts on developing security leaders
Yaron shares some of his experience building a security program, across industries
Yaron and Setu give us a few pieces of insight for current and future security leaders

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 11 Dec 2018 00:00:00 -0500

DtSR Episode 326 - MidMarket Security

This week, go down the security rabbit hole with someone who has been working on security in the mid-market (likely the kind of company you work at, statistically) for a long time. Bob has some great lessons learned and is willing to share. Listen in

Highlights from this week's show include...

Bob gives a quick history of how he "hacked into hacking"
A discussion of breaking into security
Bob & Raf discuss security in the mid-market, and how it's fundamentally different than other market segments
Bob discusses hiring, talent acquisition and "working from home" in today's job market

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 04 Dec 2018 20:06:38 -0500

DtSR Episode 325 - A CISO at AWS reInvent 2018

In another episode LIVE'ish from AWS re:Invent2018 I catch perennial favorite and long-time friend Dustin Wilcox as he wandered the vendor show floor.

Highlights from this week's show include...

Raf asks Dustin the obvious question - what's a CISO doing at a cloud expo?
Dustin discusses some of the cloud transformation challenges for security teams
Dustin unveils the three things he is currently concerned most about for security, in the cloud
Dustin imparts a final piece of wisdom you won't want to miss...

Rafal's Guest:

Dustin Wilcox -Vice President and Chief Information Security Officer at Anthem, Inc. -https://www.linkedin.com/in/dustin-wilcox-4896614/

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 28 Nov 2018 16:02:46 -0500

DtSR Episode 324-1 - AWS reInvent 2018 Delivering Security

At day 2 of re:Invent 2018 I tracked down Arash Marzban, Armor's head of product to talk about his stage session and where the market is going for security - at a developer/builder focused cloud conference. This short conversation is quite interesting...

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 27 Nov 2018 13:27:51 -0500

DtSR Episode 324 - AWS reInvent 2018 Preamble

This episode of the Down the Security Rabbithole Podcast is sponsored in part by Armor Cloud Security. Go check us out at www.armor.com!

This week's show is a multi-part release from AWS re:Invent 2018. We sit down with two of Armor's solutions consultants to discuss trends, insights from day 0, and discuss anticipated moves and market shifts.

Expect this to be an insightful episode where we dive intocloud security from a development and security perspective.

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 20 Nov 2018 00:59:24 -0500

DtSR Episode 323 - Security of a Global Enterprise

On episode 323, Richard Rushing (aka the "Security Ninua") joins us to talk about being the CISO of a global organization, and multi-national enterprise.

Highlights from this week's show include...

Richard talks to us about his background
We discuss the unique challenges of a multinational enterprise
Richard gives us some wisdom on how to approach "the business"
Richard provides some advice for keeping prioritization and sanity

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Thu, 15 Nov 2018 17:08:08 -0500

DtSR Episode 322 - The Ethics of Cyber Security Panel

This week #DtSR tackles the topic no one else wants to - ethics in cybersecurity. There are a lot of things to be said, so rather than writing them down here, go listen to the episode. Repeatedly.

Highlights from this week's show include...

A base platform for the discussion on ethics
Moral relativism, applied to cyber
Law vs ethics
Cultural ethics and relativism
"Hacking back" - yes we went there

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 06 Nov 2018 00:56:53 -0500

DtSR Episode 321 - Putting Threats In Perspective

** Go Vote **

Do your civic duty, and go vote. Heck, while you're standing in that long line to vote, listen to the podcast, we're not picky.

This week, Rob Graham joins Rafal and James (who's back!) to talk about various topics related to threats. We start with the hacking voting machines, and it go from there.

Highlights from this week's show include...

We ask Rob to tell us what he knows about the Georgia 'hacking the election' case going on right now
We discuss what the real threat to our elections is
We ask Rob to tell us what he thinks the biggest threats are, and how we should approach them

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Thu, 01 Nov 2018 23:00:45 -0400

DtSR Episode 320 - Specializing in Forensics

This week, James Habben joins me in studio for what turns out to be an introspective walk through the evolving world of forensics.

Highlights from this week's show include...

James gives us some background on how he got where he is
We talk through some nostalgia
James answers the "Is APT trying to get me" question, sort of
We talk about things companies should be doing to prepare...

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Tue, 23 Oct 2018 00:00:00 -0400

DtSR Episode 319 - Striking Out On Your Own

This week, my good friend and entrepreneur Rock Lambros (of the newly formed Rock Cyber) joins me to talk about getting the itch to go out on your own and actually doing it. Many of us have thought about it, daydreamed, but very fewdo it. So hear an episode from someone who did...

Highlights of this week's show include...

What motivates and drives someone to jump the safety net of corporate life and go off on their own?
Rock gives us the secret to "How you know it's time"
We discuss how you can avoid the failings of the typical "consultant"
We talk through some very interesting strategy and advisory questions... (lots of gems in here!)
Rock drops his list of things to think about/remember
We discuss how to make security more than just a cost center

Links:

Rock's new company - Rock Cyber "Navigating Security in a Brave New World" (www.rockcyber.com)

Connect with DtSR on LinkedIn: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
Follow along on Twitter: https://twitter.com/dtsr_podcast

Wed, 17 Oct 2018 20:45:20 -0400

DtSR Episode 318 - War, Cyber and Policy

This week the DtSR podcast tackles one of the thornier issues going around in the news. As the accusations of Russsian hacking continue to mount, international leaders are speaking out and mak

PodGrabber.comCybersecurity Podcast Archives (The Vault)

Application Security PodCast

Harshil Parikh -- Deep Environmental and Organizational Context in Application Security

Jeff Williams -- The Tech of Runtime Security

Mark Curphey and John Viega -- Chalk

Maril Vernon -- You Get What You Inspect, Not What You Expect

Dan Kykendall -- Why All Application Security Products Suck

Kevin Johnson -- Samurai Swords and Zap's Departure

Tony Quadros -- The Life of an AppSec Vendor

Steve Giguere -- Cloud AppSec

Paul McCarty -- The Burrito Analogy of the Software Supply Chain

Farshad Abasi -- Three Models for Deploying AppSec Resources

Kim Wuyts -- The Future of Privacy Threat Modeling

Francois Proulx -- Actionable Software Supply Chain Security

Steve Wilson -- OWASP Top Ten for LLMs

JB Aviat -- The State of Application Security

Joshua Wells -- Application Security in the Age of Zero Trust

Jeevan Singh -- The Future of Application Security Engineers

Tony Turner -- Threat Modeling and SBOM

Christian Frichot -- Threat Modeling with hcltm

Zohar Shachar -- Bug Bounty from Both Sides

Sarah-jane Madden -- Threat Modeling to established teams

Jet Anderson -- The AppSec Code Doctor

James Mckee -- Developer Security

Derek Fisher -- The Application Security Handbook

Rob van der Veer -- OWASP AI Security & Privacy Guide

Robyn Lundin -- Planning & organizing a penetration test as an AppSec team

Michael Bargury -- Low Code / No Code Security and an OWASP Top Ten

Alex Olsen -- Security champions, empowering developers, and AppSec training

Mark Curphey -- The future of OWASP

Tiago Mendo -- How to scan at scale with OWASP ZAP

Wolfgang Goerlich -- Security beyond vulnerabilities

Sam Stepanyan -- OWASP Nettacker Project

Nick Aleks and Dolev Farhi -- GraphQL Security

Guy Barhart-Magen -- Log4j and Incident Response

Brett Smith -- Security is a Necessary Evil

Chen Gour-Arie -- The AppSec Map

Dominique Righetto -- OWASP Secure Headers

Hillel Solow -- How to do AppSec without a security team

Chris Romeo -- The Security Journey Story

Kristen Tan and Vaibhav Garg -- Machine Assisted Threat Modeling

Patrick Dwyer -- CycloneDX and SBOMs

Omer Gil and Daniel Krivelevich -- Top 10 CI/CD Security Risks

Josh Grossman -- Building a High-Value AppSec Scanning Program

Alex Mor -- Application Risk Profiling at Scale

Brenna Leath -- Product Security Leads: A different way of approaching Security Champions

Will Ratner -- Centralized container scanning

Neil Matatall -- AppSec at Scale

Joern Freydank -- Security Design Anti Patterns Limit Security Debt

Ken Toler -- Blockchain, Cloud, and #AppSec

Jeroen Willemsen and Ben de Haan -- Dirty little secrets

Adam Shostack -- Fast, cheap and good threat models

Loren Kohnfelder -- Designing Secure Software

Ochaun Marshall -- IaC and SAST

Simon Bennetts -- Using OWASP Zap across an Enterprise

Timo Pagel -- DevSecOps Maturity Model

Mazin Ahmed -- Terraform Security

James Ransome and Brook Schoenfield -- trust and verify: Building in Security at Agile Speed

OWASP Top 10 2021 Peer Review

Anastasiia Voitova -- Encryption is easy, key management is hard

Eran Kinsbruner -- DevSecOps Continuous Testing

Mark Loveless -- Threat modeling in a DevSecOps environment.

Jeroen Willemsen -- Security automation with ci/cd

Thinking back, Looking forward - A Balanced Approach to Securing our Software Future

Jeevan Singh -- Threat modeling based in democracy

Dima Kotik -- Application Security and the Zen of Python

Dustin Lehr -- Advocating and being on the side of developers

Aaron Rinehart -- Security Chaos Engineering

Izar Tarandach and Matt Coles-- Threat Modeling: A Practical Guide for Development Teams

Charles Shirer -- The most positive person in security

Leif Dreizler -- Tactical tips to shift engineering right

Vandana Verma -- OWASP Spotlight Series

Dr. Anita DAmico -- Do certain types of developers or teams write more secure code?

Alyssa Miller -- Bringing security to DevOps and the CI/CD pipeline

Liran Tal Cloud native application security, whats a developer to do?

Chris Romeo DevSecOps Fails

Jim Routh Secure software pipelines

Andrew van der Stock Taking Application Security to the Masses

JC Herz and Steve Springett SBOMs and software supply chain assurance

Brian Reed Mobile Appsec: The Good, the Bad and the Ugly as We Head into 2021

PodGrabber.com
Cybersecurity Podcast Archives (The Vault)