The Cybersecurity Defenders Podcast

LimaCharlie

An accessible but technical podcast about cybersecurity and the people who keep the internet safe. The podcast is built as a series of segments: we will be looking back at the last couple of weeks in cybersecurity news, talking to different people in the industry about areas of their expertise, we're going to break apart some of the TTPs being used by adversaries, and we will even cover a little bit of hacker history.

  1. 21 uur geleden

    Intel Chat: Cisco CUCM exploited, ransomware profiles, Gamaredon & AI agent phishing [335]

    Intel Chat with Matt Bromiley and Chris Luft. Matt and Chris break down four stories from the week in threat intel: • Cisco CUCM (CVE-2026-20230) — a web-dialer SSRF that chains to root-level RCE, exploited in the wild less than 24 hours after the PoC and full exploit chain were published. • The latest Ransomware Tool Matrix (RTM) / Ransomware Vulnerability Matrix (RVM) update, profiling three active groups — The Gentlemen, DragonForce and Warlock — and the BYOVD and legit-admin-tool tradecraft they increasingly share. • Gamaredon's upgraded toolkit against Ukraine (per ESET): new PowerShell downloaders like PteroPaste, Cloudflare tunneling and Workers for C2, and exfiltration to trusted cloud storage such as Amazon S3 and Dropbox. • Varonis Threat Labs phishing an AI email agent ("Pinchy") — why agents spot technical phishing better than humans yet hand over credentials to a convincing social request, and why you should treat them as privileged junior employees. Chapters: 0:00 Intro & catching up 2:25 Cisco CUCM exploited within 24h of the PoC 9:57 Ransomware Tool Matrix: The Gentlemen, DragonForce & Warlock 15:44 Gamaredon's upgraded TTPs against Ukraine 22:18 Can AI email agents be phished? 28:08 Wrap-up: Black Hat plans & the LimaCharlie suite The Cybersecurity Defenders Podcast — a podcast about cybersecurity and the people that keep the internet safe. New episodes drop weekly. Subscribe wherever you listen: • Spotify: https://open.spotify.com/show/6ep00zeY3S8ffZ4o0UeSps • Apple Podcasts: https://podcasts.apple.com/us/podcast/the-cybersecurity-defenders-podcast/id1649981740 • YouTube: https://www.youtube.com/@limacharlieio Learn more about LimaCharlie: https://limacharlie.io #cybersecurity #infosec #threatintel #ransomware #DFIR

    30 min.
  2. Last call for Defenders - How we're actually using AI in the SOC with Eric Capuano / Defender Fridays [#332]

    20 jun

    Last call for Defenders - How we're actually using AI in the SOC with Eric Capuano / Defender Fridays [#332]

    Join us for the final episode of Defender Fridays as Eric Capuano, creator of Defender Fridays and co-founder of Digital Defense Institute, closes out the series with a candid conversation on how he's actually building and running agentic workflows in the SOC today. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands. What We'll Discuss In this episode, Eric Capuano draws on years of SOC operations, detection engineering, and hands-on agentic workflow development to share what's actually working, what isn't, and where the industry needs to be more honest with itself. Key Topics: Why agentic workflows are the next evolution of SOAR, and what it takes to build them reliablyHow deterministic checkpoints at every stage are essential to making LLM-driven workflows trustworthyHow one team increased their detection engineering output by 900x using agentic workflows running day and nightWhy false positive tuning and detection engineering are the right place to start before tackling complex investigative workflowsHow to think about model selection in agentic pipelines: cost, task complexity, and stakesWhy organizations with poor data hygiene will struggle to get value from AI regardless of how sophisticated the tooling isThe risks of prompt injection when feeding untrusted inputs into LLMs, and why trusted inputs should always come firstWhy the goal is to use LLMs for as little as possible, and push everything else into deterministic stepsAbout Our Guest Eric Capuano is the creator of Defender Fridays and co-founder of Digital Defense Institute. He has spent years doing SOC operations, detection engineering, threat hunting, and DFIR, and currently consults on building and deploying agentic SecOps workflows for security teams. He is also the author of the "So You Want to Be a SOC Analyst" training, which has put over 500 students through hands-on SOC workflows using LimaCharlie's free tier. Watch Us Live Defender Fridays ran every Friday at 10:30am PT for over 100 sessions. Subscribe to our YouTube channel to catch up on past episodes. Sponsored by LimaCharlie This episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable. Why LimaCharlie? Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.io Learn more: https://docs.limacharlie.io Follow LimaCharlie Sign up for free: https://limacharlie.io LinkedIn: / limacharlieio X: https://x.com/limacharlieio Community Discourse: https://community.limacharlie.com/ Host: Maxime Lamothe-Brassard - Founder at LimaCharlie Guest: Eric Capuano - Co-founder of Digital Defense Institute

    37 min.
  3. AI-assisted SOC training with Carlo Anez / Defender Fridays [#330]

    12 jun

    AI-assisted SOC training with Carlo Anez / Defender Fridays [#330]

    Join us for this week's Defender Fridays as Carlo Anez, Founder and Lead Instructor at IgniteCyber Academy and DEFCON Training Instructor, breaks down how to build practical blue team skills using open-source labs, MITRE ATTACK, and real-world defender workflows, and where AI fits into the picture without replacing the analyst. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands. What We'll Discuss In this episode, Carlo Anez draws on years of SOC operations, detection engineering, and cybersecurity instruction to make the case for hands-on, open-source training as the foundation for developing confident, capable defenders. Key Topics: Why cybersecurity training must move beyond passive learning and into real defender workflowsHow the OpenSOC initiative uses open-source tools like Wazuh, MISP, The Hive, and TimeSketch to simulate a small-scale fusion center environmentHow open-source stacks build transferable skills that translate to enterprise platforms like Splunk and LimaCharlieWhere AI fits in the SOC: summarizing noisy alerts, mapping activity to MITRE ATT&CK, drafting investigation questions, and improving report clarityWhy AI literacy means knowing how to validate AI output against evidence, not just knowing how to write promptsWhy the analyst owns the evidence, the decision, and the communicationHow the DEF CON boot camp and online pilot program structure five days of scenario-based training around a final analyst report and CTF capstoneAbout Our Guest Carlo Anez is the Founder and Lead Instructor at IgniteCyber Academy and a DEFCON Training Instructor. He spent five years at Rapid7 doing detection engineering, threat hunting, and DFIR workflows, and has supported SOC operations, government contractors, and projects with DARPA, the US Army, and the US Navy. He currently creates SOC-focused content with TCM Security and leads Blue Team Village at DEF CON, where he also presents and trains annually. Register for Live Sessions Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience. Register here: https://limacharlie.io/defender-fridays Subscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website! Sponsored by LimaCharlie This episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable. Why LimaCharlie? Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.io Learn more: https://docs.limacharlie.io Follow LimaCharlie Sign up for free: https://limacharlie.io LinkedIn: / limacharlieio X: https://x.com/limacharlieio Community Discourse: https://community.limacharlie.com/ Host: Maxime Lamothe-Brassard - Founder at LimaCharlie Guest: Carlo Anez - Founder & Lead Instructor at IgniteCyber Academy

    32 min.
  4. Building practical blue team skills using AI-assisted SOC training with Bobby Ford/ Defender Fridays [#329]

    5 jun

    Building practical blue team skills using AI-assisted SOC training with Bobby Ford/ Defender Fridays [#329]

    Join us for this week's Defender Fridays as Bobby Ford, Chief Strategy and Experience Officer at Doppel, talks about open-source labs, MITRE ATT&CK, and real-world defender workflows. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands. About Our Guest Bobby is a globally recognized cybersecurity “geek” with almost three decades of experience, including the last 14 years as a CISO, protecting some of the world’s most complex and operationally intensive enterprises. His career began in the military as a founding member of the Pentagon Computer Incident Response Team. Bobby built and led cybersecurity programs in the Aerospace and Defense industry. He was the first CISO at Exelis Inc. and was the architect of ITT’s global cybersecurity audit function under DOJ oversight. Transitioning from public to private sector, Bobby served as the first CISO at Abbott Labs, was CISO for Unilever, and most recently was SVP and Chief Security Officer at Hewlett Packard Enterprise (HPE). Known for his collaborative style and empathetic leadership, Bobby fosters an inclusive culture that empowers entire security organizations to excel. Register for Live Sessions Join us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you, our audience. Register here: https://limacharlie.io/defender-fridays Subscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes on our website! Sponsored by LimaCharlie This episode is brought to you by LimaCharlie, the Agentic SecOps Workspace (ASW), where AI agents operate security infrastructure using the same controls and authority as human analysts, with every action visible, governed, and auditable. Why LimaCharlie? Eliminate vendor sprawl and tool complexityDeploy and scale effortlessly on native multi-tenant architectureReduce costs with intelligent data routing and free 1-year retentionBuild custom solutions with 100+ security capabilities on-demandAccelerate response with agentic AI that acts directly within predefined workflowsTry the Agentic SecOps Workspace free: https://limacharlie.io Learn more: https://docs.limacharlie.io Follow LimaCharlie Sign up for free: https://limacharlie.io LinkedIn: / limacharlieio X: https://x.com/limacharlieio Community Discourse: https://community.limacharlie.com/ Host: Maxime Lamothe-Brassard - Founder at LimaCharlie Guest: Charles Grandjean - CTO and Co-founder at Hexiagon AI

    31 min.
  5. "Megalodon" Malware in GitHub, Malware-Slop steals from Claude AI, 7-Eleven breach & CISA cPanel vulnerability / Intel Chat [#328]

    1 jun

    "Megalodon" Malware in GitHub, Malware-Slop steals from Claude AI, 7-Eleven breach & CISA cPanel vulnerability / Intel Chat [#328]

    Originally recorded: Friday May 29, 2026 In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. A large-scale software supply chain attack dubbed “Megalodon” infected thousands of GitHub repositories with credential-stealing malware in a highly automated campaign that unfolded over a six-hour period on May 18, 2026.Researchers from OX Security have identified a malicious npm package named “mouse5212-super-formatter” that was designed to steal files from Anthropic Claude AI environments by targeting the “/mnt/user-data” directory.Convenience store giant 7-Eleven disclosed a data breach tied to an attack that occurred on April 8, 2026, involving systems that contained franchise-related documents. SecurityWeek article Matt references.CISA has issued an urgent warning about a critical vulnerability in the LiteSpeed cPanel Plugin, tracked as CVE-2026-48172, which is already being actively exploited in the wild.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

    29 min.

Info

An accessible but technical podcast about cybersecurity and the people who keep the internet safe. The podcast is built as a series of segments: we will be looking back at the last couple of weeks in cybersecurity news, talking to different people in the industry about areas of their expertise, we're going to break apart some of the TTPs being used by adversaries, and we will even cover a little bit of hacker history.

Suggesties voor jou