The Cybersecurity Defenders Podcast

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel: CVE-2023-23397: A zero-touch exploit that affects all versions of Windows Outlook. (Sigma rule) CVE-2023-24880: An unpatched security bypass in Microsoft’s SmartScreen security feature.Mandiant observes China-nexus threat actors targeting technologies that do not normally support endpoint detection and response solutions.Kaspersky recently conducted an analysis of 155 dark web forums from January 2020 to June 2022. Threat groups are offering $240k salaries to tech jobseekers.And an interview with Heidi and Bruce Potter, ShmooCon organizers. ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software, and hardware solutions, and open discussions of critical infosec issues.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:A new Microsoft Word Vulnerability: CVE-2023-21716. The Emotet botnet is back spamming again.A previously undisclosed toolset used by Sharp Panda, a long-running Chinese cyber-espionage operation targeting Southeast Asian government entities.A SpaceX vendor has been compromised by a LockBit affiliate.Ring LLC, the home security and smart home company owned by Amazon, has been ransomed by ALPHV ransomware group.And an interview with Joe Schreiber, Co-founder and CEO of appNovi.Joe has been doing IT security since dial-up. He utilizes his knowledge and experience as a practitioner, software developer, and business developer to build highly functional, scalable, usable and quality software.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:Menlo Labs has uncovered an unknown threat actor that’s running an evasive threat campaign which is being distributed via Discord and is targeting government entities.TA569 is a prolific threat actor who has been deploying website injections that run a Javascript payload known as SocGholish.The risk to business from burned-out analysts.The emerging post-explotation framework, EXFILTRATOR-22 or EX-22.And an interview with Rich Heimann, Chief AI Officer at SilverSky, where we talk about Machine Learning and Artificial Intelligence as they relate to cybersecurity.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel. After that, an interview with Nick Gipson, Director of Cyber Operations at Pareto Cyber.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history, and with the help of Marcus Hutchins, tell the story of the WannaCry ransomware attack.The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. Researcher Marcus Hutchins discovered the kill switch domain hardcoded in the malware. Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer's files if it was unable to connect to that domain, which all computers infected with WannaCry before the website's registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

This week on the Simply Cyber Report:Scores of Redis servers infested by sophisticated custom-built malware.Oktapus hackers are back and targeting tech and gaming companies.Russian hackers using new Graphiron information stealer in Ukraine.New QakNote attacks push QBot malware via Microsoft OneNote files.Fresh, buggy Clop ransomware variant targets Linux systems.We also sit down with Ira Winkler, Field CISO and Vice President of CYE. Ira shares a wide range of thoughts and experiences garnered from an exceptional career. You can find the various books that Ira has written, which are mentioned in the podcast, at the  following links:You CAN Stop StupidAdvanced Persistent SecuritySecurity Awareness for DummiesCybersecurity All-in-one For DummiesThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox to tell us all about BITS jobs.We also sit down with Tyler Shields: a cybersecurity veteran, entrepreneur, and angel investor. In our conversation, we talk about the economic conditions driving the tech sector layoffs we are seeing, what zombie companies are, and speculate on the future of AI.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Microsoft has started blocking the execution of XLL add-ins downloaded from the Internet. The hacking group DragonSpark is leveraging Golang source code interpretation to evade detection. Threat actors are turning to Sliver to replace more popular frameworks Cobalt Strike and Metasploit. Over 4,500 WordPress sites have been hacked and Emote malware makes a comeback. Emotet is back with new evasion techniques in MS Excel.We also sit down with Michael Argast, Co-founder and CEO of Kobalt.io. We learn about Kobalt's approach to scaling cybersecurity services for small and medium-sized businesses, and also some great advice on what it takes to build services for this part of the market. A great conversation that is full of tidbits of wisdom for anybody looking to start a security services company.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Amit Serper, a hacker and reverse engineer, who was instrumental in stopping the most devastating cyber attack in history: NotPetya.On 27 June 2017, a major global cyberattack began (Ukrainian companies were among the first to state they were being attacked), utilizing a new variant of Petya. On that day, Kaspersky Lab reported infections in France, Germany, Italy, Poland, the United Kingdom, and the United States, but that the majority of infections targeted Russia and Ukraine, where more than 80 companies were initially attacked, including the National Bank of Ukraine. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%.Russian president Vladimir Putin's press secretary, Dmitry Peskov, stated that the attack had caused no serious damage in Russia. Experts believed this was a politically-motivated attack against Ukraine, since it occurred on the eve of the Ukrainian holiday Constitution Day.Kaspersky dubbed this variant "NotPetya", as it has major differences in its operations in comparison to earlier variants. McAfee engineer Christiaan Beek stated that this variant was designed to spread quickly, and that it had been targeting "complete energy companies, the power grid, bus stations, gas stations, the airport, and banks".This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox to tell us all about RDP.We also sit down with Michael Laudenslager, VP of Cybersecurity at Churchill Mortgage and talk about security in the cloud.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Unknown threat actors have been observed hiding malware execution behind a legitimate Windows support binary. S3 buckets are now encrypted by default. A powerful Android malware has been tuned to target banking applications. And it is the end of life for Windows Server 2008.We also sit down with Walter Haydock, Founder and CEO of StackAware. We learn about StackAware and their approach to vulnerability management, and also how Walter got his company off of the ground using low-code tooling. A fascinating conversation for anyone looking to start their own cybersecurity company.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Shawn Carpenter; a rogue cybersecurity defender who singlehandedly identified a Chinese APT. It is a phenomenal story that exemplifies the grit and moral fortitude that the best defenders among us have. Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. The attacks originated in Guangdong, China. The activity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation Titan Rain by the federal government of the United States.Titan Rain hackers gained access to many United States defense contractor computer networks, which were targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA.This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

New vulnerability found in WooCommerece Gift Cards Premium Wordpress plugin with CVSS score of 9.8.Fin7 has developed an AI-powered automated attacking tool called Checkmarks. Checkmarks is designed to auto-attack ms exchange systems, perform post exploitation actions, and grab enough data to allow FIN7 to understand their victim.Raspberry Robin has a new feature. This version of Raspberry Robin has two payloads, one designed to be discovered if the malware believes it's being analyzed in a sandbox. This fake payload look legit including looking at the registry on start up to check for infection, pulling down an adware named 'browserassist'. This payload has shellcode and a PE file with the MZ magic bytes removed to hide its not a PE file.Plus an interview with Jason Chan, former VP of Information Security at Netflix  about how he helped build their security program from the ground up.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox to tell us all about WinRM + PowerShell Remoting.We also sit down with Zack Allen, Director of Security Detection & Research at Datadog, about managing uncertainty, some of his favorite tools, and building quality detections.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

The Simply Cyber Report for December 14, 2022.Go-based malware named Zerobot in the wild. Android malware dubbed "Zombinder" a Just-in-time Trojan style malware. Iranian based APT, has been pushing hard with remote administration tooling.A roundtable conversation with several Open Source cybersecurity founders. During the conversation we discuss the complexities of open-source as it relates to cybersecurity, the effects it has on the industry, funding models, what inspired these projects, how they came to be, how they are trying to grow, and any lessons - good or bad - they have learned along the way.The panelist include:Zach Wasserman from osqueryLennart Koopmann from Graylog, Inc.Peter Manev from SuricataAnd we acknowledge some heavy audio compression during the roundtable conversation. We will be employing some new recording technology for future group conversations.As always, we would love to hear from you. Questions, feedback and ideas can be directed to [email protected] Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

As we get ready to say goodbye to 2022 the team at the Cybersecurity Defenders podcast thought it would be nice to review all the predictions for the future made by guests on this show so far.It is a fun episode and will be interesting to circle back on next year at the same time.In the show, we talk about Dr. Joseph Burt-Miller Jr's study hall group on Discord - here is the link for anybody interested in checking it out: https://discord.gg/Z8gaAvnS4mAs always, your feedback is always welcome. If you have any criticisms or ideas for the show, please don't hesitate to reach out to us at [email protected] Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Dr. Gerald Auger takes us through the last couple of weeks in cybersecurity news via the Simply Cyber Report.We also sit down with Daniel Velasquez, founder of Ground Truth Connections.Daniel has had a very interesting career. He has been a drone pilot inside of a war zone, worked in signals intelligence, been a CIA Targeter and risen through the ranks at Mandiant. Daniel is now the CEO and Founder of Ground Truth Connections who are operating on the ground in Ukraine with a humanitarian mission.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions.This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.Any questions or feedback can be directed to [email protected] Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Dr. Gerald Auger takes us through the last couple of weeks in cybersecurity news via the Simply Cyber Report.We also sit down with David Burkett, co-author of Detectors as Code.David is an experienced Information Security Architect with a demonstrated history of working in the security industry in both Government and the Telecommunications / Service Provider Industries. He is skilled in Security Information and Event Management, Security Monitoring, Python, and Digital Forensics among other things.IN our talk with David about UAPs he references this video: Navy pilot describes encounter with UFOsThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley opens up the Adversary Toolbox and tells us all about PaExec.We also sit down to chat with Eric Capuano, Founder and CEO of Recon Infosec.During the conversation with Eric, we talk about many different things including the OpenSoc Network Defense Range and their new Thursday Defensive webcast.If you have any suggestions or feedback please don't hesitate to reach out to us: [email protected] Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Dr. Gerald Auger takes us through the last couple of weeks in cybersecurity news via the Simply Cyber ReportWe also sit down with Paul Caiazzo: cybersecurity expert, entrepreneur and strategist, CISO and CPO.Paul has dedicated his career to advancing the field of global cyber security. In his current role as Chief Growth Officer at SnapAttack, Paul focuses on product/market fit, strategic partnerships, and business development.Paul continues to support Avertium as an Advisory Board Member, focused on brand ambassadorship, adversary intelligence, and security industry trends. Prior to Avertium, Paul was the Co-Founder and CEO of TruShield Security Solutions, which was acquired by Sunstone Partners as one of the founding companies of Avertium His foundation in the finance industry gave him first-hand experience in how crippling cybersecurity issues can be for individuals, businesses, and even the Federal Government. This sparked his interest in building a company where he could help clients not just understand the risks they face, but to combat them with effective mitigation strategies. Under Paul’s leadership, TruShield earned a distinguished reputation as one of the fastest growing companies in the cybersecurity industry. Paul also serves as the Cybersecurity Advisor to the Science and Technology Policy Center for Development, where he utilizes his expertise to help the nonprofit achieve their goal of advancing ICT in developing countries. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode of the Cybersecurity Defenders Podcast, Matt Bromiley introduces the Adversary Toolbox and discusses Microsoft Windows remote execution tool, PsExec.We also sit down to chat with several cybersecurity startup founders about the lessons that they learned along the way and the things they wished they had known starting out.The panelists for this informative discussion are:Roselle Safran, Founder and CEO of KeyCaliberCorey White, Founder and CEO of CyvatarMaxime Lamothe-Brassard, Founder and CEO of LimaCharlieIf you have any suggestions or feedback please don't hesitate to reach out to us: [email protected] Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In this episode, we are going to be recounting the Story of Clifford Stoll, who made a pretty big discovery in 1986 while working as a sys admin for the Lawrence Berkeley National Laboratory. It is a story that involves a suspected murder, international espionage, and the type of relentless curiosity that makes a great defender.This episode was written by Nathaniel Nelson, narrated and produced by Christopher Luft.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

The first episode of The Cybersecurity Defenders Podcast. A show about cybersecurity and the people that defend the internet. This weekly show is put together as a series of segments. This episode includes the following:A cybersecurity news update by Dr. Gerald Auger of Simply Cyber.An interview with the CISO of Synoptek, Chris Gebhardt.A product update from LimaCharlie founder Maxime Lamothe-Brassard.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.