Packet Protector

In the cybercrime industry, initial access brokers specialize in break-ins. They pick digital locks and slide open electronic windows, and then sell that access to other threat actors who specialize in ransomware, exfiltration, and other crimes. SocGholish is a widely used tool in the access broker toolkit. Typically disguised as a legitimate software update, SocGholish... Read more »

Firewall policies are the heart of network security, but over time they can become a tangled mess. Rules might be outdated, or conflicting, or fail to address new applications, services, and risks. Add in remote locations and public cloud deployments, and you’ve got a serious headache for security and network teams. On today’s sponsored show... Read more »

Spending on SASE, which combines SD-WAN and cloud-delivered security, is forecast to nearly triple over the next few years, according to Dell’Oro Group. Today on Packet Protector we talk with that forecast’s author about what’s driving that spending. We also explore how SASE vendors are differentiating, architectural considerations for SASE deployments, pros and cons of... Read more »

On today’s news roundup we assess the White House’s new US cyber strategy (bellicose, bombastic, and boiler-plate), discuss a cyberattack attributed to Iran that used Windows to wipe thousands of devices, and dig into a Microsoft update on Entra passkeys. JJ isn’t impressed with new research that bypasses Wi-Fi client isolation, corporate spyware gets a... Read more »

Kyler Middleton, a software developer in the healthcare sector, builds and supports AI bots and AI agents that are now widely used inside the company where she works. Today on Packet Protector, Kyler stops by to talk about how and why she built these tools, how she (and her organization) address the risks these tools... Read more »

Today we’re going to learn about the care and feeding of a three-headed dog named Kerberos. Developed at MIT and released in 1989, Kerberos is a free, open source authentication protocol that uses cryptographic keys to protect identity data as it crosses a network. Today, Kerberos is the backbone of Windows authentication. We’ll dive into... Read more »

On today’s show, we pop the lid off of a firewall (figuratively speaking) to understand what’s inside. We talk about how a packet moves through various packet-processing elements inside a firewall, how header analysis and de-encapsulation work, which hardware component has the biggest impact on performance, why stateful inspection still matters in an age of... Read more »

With the rise of cloud services and SaaS, the browser has become a primary productivity tool. It’s also a primary vector for malware, phishing, identity theft, data leaks, and other risks. On today’s sponsored episode with Palo Alto Networks, we dive into browser security. We discuss risks to the browser and how they differ from... Read more »

Everything old is new again in today’s Packet Protector news roundup, as a decade-old Telnet exploit resurfaces, and Microsoft unfolds its roadmap to phase out the ancient NTLM protocol. In other news, Google takes down a sprawling residential proxy network, the popular Notepad++ app takes steps to recover from a serious compromise, and a Polish... Read more »

Operation Technology (OT) and Industrial Control Systems (ICS) are where the digital world meets the physical world. These systems, which are critical to the operation of nuclear power plants, manufacturing sites, municipal power and water plants, and more, are under increasing attack. On today’s Packet Protector we return to the OT/ICS realm to talk about... Read more »

OAuth is a widely used authorization (not authentication) protocol that lets a resource owner grant access to a resource using access tokens. These tokens define access attributes, including scope and length of time. OAuth can be used to grant access to human and non-human entities (for example, AI agents). OAuth is increasingly being abused by... Read more »

The start of a new year is a good time to assess what’s important. We’ve gathered some Packet Protector listeners to talk about their security priorities for 2026 in a roundtable discussion with hosts JJ and Drew. We talk about key risks for 2026, whether those risks have changed since last year, use cases for... Read more »

Everything old is new again in this Packet Protector news roundup, from end-of-life D-Link routers facing active exploits (and no patch coming) to a five-year-old Fortinet vulnerability being freshly targeted by threat actors (despite a patch having been available for five years). We also dig into a clever, multi-stage attack against hotel operators that could... Read more »

Our final news roundup for 2025 is a holiday sampler of tasty, chewy (and a few yucky) confections. We look at a years-long exploit campaign that used browser extensions to steal credentials, inject malicious content, and track behavior; tracks ongoing exploits using the React2Shell vulnerability; and debates whether a surveillance camera maker’s pledge to follow... Read more »

Cloud-based workspaces such as Google Workspace are often the backbone of an organization. But they also face threats from spam and phishing, account takeovers, and illicit access to sensitive documents and files. On today’s Packet Protector we talk with sponsor Material Security about how it brings additional layers of protection to Google Workspace, including email... Read more »