IntrusionsInDepth Podcast

Josh Stepp

A podcast that analyzes cyber attacks and the threat actors that conduct them. Hosted by Josh Stepp www.intrusionsindepth.com

  1. 012.1: WANNACRY

    Mar 25

    012.1: WANNACRY

    On May 12, 2017, a piece of code quietly executed somewhere in Asia and within hours had locked computers across 150 countries. WannaCry wasn't just a ransomware attack — it was the collision of an NSA cyber weapon, a mysterious group of leakers, a sanctioned rogue nation, and a 22-year-old malware analyst working from his bedroom. In this episode, explore the full WannaCry story — the technical execution, the geopolitical chain of custody, the chaos it caused, and the harder questions nobody fully answered: Should the NSA have disclosed the vulnerability? Was this North Korea's best effort or a mistake that escaped? And what does it mean when the most dangerous cyber weapon in history gets stopped by a $10 domain registration? Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * https://techspective.net/2017/09/26/wannacry-ransomware-detailed-analysis-attack/ * https://www.nksc.lt/doc/ENISA-WannaCry-v1.0.pdf * https://www.elastic.co/blog/wcrywanacry-ransomware-technical-analysis * https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3681065/national-security-agency-announces-retirement-of-cybersecurity-director/ * https://en.wikipedia.org/wiki/WannaCry_ransomware_attack * https://en.wikipedia.org/wiki/Tailored_Access_Operations * https://en.wikipedia.org/wiki/Michael_Hayden_(general) * https://upload.wikimedia.org/wikipedia/commons/7/7d/ARN30043-ATP_7-100.2-000-WEB-2_-_North_Korean_Tactics_%28July_2020%29.pdf * https://commons.wikimedia.org/wiki/File:ARN30043-ATP_7-100.2-000-WEB-2_-_North_Korean_Tactics_(July_2020).pdf * https://www.securityweek.com/us-army-report-describes-north-koreas-cyber-warfare-capabilities/ * https://www.cs2ai.org/post/u-s-army-report-describes-north-korea-s-cyber-warfare-capabilities * https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government * https://www.cloudflare.com/learning/security/ransomware/wannacry-ransomware/ * https://www.darkreading.com/cyberattacks-data-breaches/three-years-after-wannacry-ransomware-accelerating-while-patching-still-problematic * https://www.bankinfosecurity.com/blogs/wannacrys-ransom-note-great-in-chinese-poor-in-korean-p-2481 * https://trumpwhitehouse.archives.gov/briefings-statements/press-briefing-on-the-attribution-of-the-wannacry-malware-attack-to-north-korea-121917/ * https://securelist.com/wannacry-and-lazarus-group-the-missing-link/78431/ * https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/ * https://en.wikipedia.org/wiki/WannaCry_ransomware_attack * https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government * https://cloud.google.com/blog/topics/threat-intelligence/north-korea-cyber-structure-alignment-2023/ * https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/ * https://darknetdiaries.com/transcript/158/ * https://www.britannica.com/biography/Kim-Yo-Jong * https://thediplomat.com/2026/02/why-kim-ju-aes-path-to-power-is-structurally-blocked/ * https://www.tripwire.com/state-of-security/malwaretech-wannacry-kronos-understanding-connections Books: * The Psychology of Totalitarianism by Mattias Desmet * The Lazarus Heist by Geoff White * Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    1h 29m
  2. 011.2: Cognitive Maps for AI ADOPTION, GEOPOLITICS & BAD SCIENCE

    Feb 9

    011.2: Cognitive Maps for AI ADOPTION, GEOPOLITICS & BAD SCIENCE

    Key Topics: * Early-stage AI hype vs. real economic impact * Cultural backlash in creative communities * Geopolitical and energy constraints on AI scaling * Job disruption, education failure, and potential social unrest * Critique of Anthropic’s safety approach and effective altruism ties Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Books: * Game Theory: A Very Short Introduction by Ken Binmore * Theory of Games and Economic Behavior by John Von Neumann , Oskar Morgenstern Links and Resources: * https://retractionwatch.com/2025/12/03/authors-retract-nature-paper-projecting-high-costs-of-climate-change/ * https://www.nytimes.com/2025/12/03/business/economy/study-climate-damage-retracted.html * https://www.euronews.com/green/2025/12/04/major-study-on-catastrophic-cost-of-climate-change-retracted-but-revised-figures-remain-al * https://www.techbuzz.ai/articles/anthropic-s-daniela-amodei-safe-ai-will-win-the-market-war * https://nypost.com/2025/11/09/business/ai-giant-anthropics-ties-to-cult-like-effective-altruism-democrat-megadonors-on-trump-admins-radar/ * https://www.cnbc.com/2025/10/21/anthropic-ceo-trump-sacks-woke.html * https://en.wikipedia.org/wiki/Effective_altruism * https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html * https://en.wikipedia.org/wiki/Longtermism * https://aeon.co/essays/why-longtermism-is-the-worlds-most-dangerous-secular-credo * https://en.wikipedia.org/wiki/Intelligentsia * https://geopoliticalfutures.com/intellectuals-thugs-russian-revolution/ * https://lexfridman.com/dario-amodei * https://cepr.org/voxeu/columns/ai-and-paperclip-problem * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    58 min
  3. 011.1: Anthropic's AI Attack Report

    Jan 13

    011.1: Anthropic's AI Attack Report

    Key Topics: * State of the frontier AI landscape and competitive dynamics (2026 perspective) * Description and breakdown of the Anthropic-reported AI-orchestrated cyber espionage campaign (GTG-1002) * Technical limitations, hallucinations, and operational skepticism Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * https://www.anthropic.com/news/disrupting-AI-espionage * https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf * https://openai.com/index/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors/ * https://cyberscoop.com/anthropic-ai-orchestrated-attack-required-many-human-hands/ * https://arstechnica.com/security/2025/11/researchers-question-anthropic-claim-that-ai-assisted-attack-was-90-autonomous/ * https://arxiv.org/pdf/2412.19437 * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    31 min
  4. 010.1: LAB DOOKHTEGAN | The Role of Hacktivism in the Modern World

    11/24/2025

    010.1: LAB DOOKHTEGAN | The Role of Hacktivism in the Modern World

    AUDIO NOTE: There are some portions of audio with slight static. I’m blaming solar flares. On a serious note, I’m troubleshooting this, but the episode is still listenable. Key Topics: * Lab Dookhtegan’s emergence as an Iranian hacktivist group targeting the regime through hack-and-leak operations, data leaks, and sabotage since 2019. * Key attacks, including the 2019 leak of APT34 tools, multiple doxings of IRGC officials from 2020 to 2024, and election interference exposures. * Destructive maritime cyber attacks in March and August of 2025 disrupted 116 and 64 Iranian sanction-evading ships via supply chain compromise. * Speculations on Lab Dookhtegan’s potential ties to nation-states like the US or Israel for plausible deniability in proxy operations. * Comparisons to other hacktivist groups like KillNet (Russian-backed) and Blackjack (Ukrainian-aligned), highlighting overlaps between hacktivism and state-sponsored cyber activities. Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Books: * Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg Links and Resources: * https://cybershafarat.com/2023/10/09/lab-dookhtegan-supports-us-against-hamas-hezbollah/ https://www.rferl.org/a/farda-briefing-iran-water-crisis-israel-help/33503264.html https://www.wired.com/story/iran-hackers-oilrig-read-my-lips/ https://securityaffairs.com/117506/apt/iran-state-sponsored-ransomware.html https://flashpoint.io/blog/second-iranian-ransomware-operation-project-signal-emerges/ https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdf https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdf https://blog.sekoia.io/iran-cyber-threat-overview/ https://x.com/LabDookhtegan2/status/1754860930599403851 https://x.com/LabDookhtegan2/status/1737531151424565421 https://x.com/LabDookhtegan2/status/1734144401687842971 https://x.com/LabDookhtegan2/status/1757333667242770769 https://home.treasury.gov/news/press-releases/jy2072 https://x.com/LabDookhtegan2/status/1767939764966047877 https://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/ https://x.com/LabDookhtegan2/status/1824131756884365386 https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/5bc57431-a7a9-49ad-944d-b93b7d35d0fc.pdf https://cybershafarat.com/2021/11/26/lab-dookhtegan-the-regime-and-me-we-aint-mates-huge-data-reveal/ https://cydome.io/lab-dookhtegan-cyberattack-second-wave-findings-aug-2025/ https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm https://cloud.google.com/blog/topics/threat-intelligence/gru-rise-telegram-minions https://en.wikipedia.org/wiki/Killnet https://therecord.media/russian-hacker-group-killnet-returns-with-new-identity https://cydome.io/lab-dookhtegan-cyber-attack-on-iranian-oil-tankers-disrupts-operations/ https://blog.narimangharib.com/posts/2025%2F08%2F1755854831605?lang=en https://en.wikipedia.org/wiki/LulzSechttps://citizenlab.ca/2023/01/uncovering-irans-mobile-legal-intercept-system/https://go.recordedfuture.com/hubfs/reports/cta-2024-0125.pdfhttps://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdfhttps://home.treasury.gov/news/press-releases/jy2072https://en.wikipedia.org/wiki/March%E2%80%93May_2025_United_States_attacks_in_Yemenhttps://cybershafarat.com/2024/11/01/the-attempt-of-shahid-shushtri-also-known-as-emennet-pasargad-a-cyber-group-affiliated-with-the-islamic-revolutionary-guard-corps-to-interfere-in-the-upcoming-american-elections-iran-internatio/ * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    1h 22m
  5. 009.1: CRASH COURSE: IRAN | Geopolitics, Cyber Threat Groups and Operations

    10/05/2025

    009.1: CRASH COURSE: IRAN | Geopolitics, Cyber Threat Groups and Operations

    Key Topics: * US-Iran Historical Tensions * Iran’s Demographics & Strategy * Nuclear Program & 2025 Strikes * Proxy Networks (Axis of Resistance) * Iranian Cyber Threat Actors Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Books: * Stuxnet and the Launch of the World’s First Digital Weapon Countdown to Zero Day - Kim Zetter * Iran’s Perilous Pursuit of Nuclear Weapons — David Albright & Sarah Burkhard * From Intel to Iran: The Defection of Monica Witt — Borna Ahadi Links and Resources: * https://en.wikipedia.org/wiki/Judicial_system_of_the_Islamic_Republic_of_Iran * https://attack.mitre.org/groups/G0069/ * https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming * https://cloud.google.com/security/resources/insights/apt-groups#global-threats-iran * https://en.wikipedia.org/wiki/Shamoon * https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-055a * https://cyberscoop.com/hack-and-leak-group-black-shadow-keeps-targeting-israeli-victims/ * https://iapp.org/news/b/black-shadow-hackers-re-emerge-with-second-israeli-breach * https://www.securiwiser.com/news/black-shadow-hits-cyberserve-and-lgbtq-dating-app-client/ * https://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations * https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation * https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks * https://www.mei.edu/publications/iranian-apts-overview * https://cloud.google.com/blog/topics/threat-intelligence/apt42-charms-cons-compromises * https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents * https://darknetdiaries.com/transcript/30/ * https://risky.biz/why-iran-is-a-scaredy-cat-cyber-chicken/ * https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-releases-cybersecurity-advisory-on-previously-undisclosed-iranian-malware-used-to-monitor-dissidents-and-travel-and-telecommunications-companies * https://home.treasury.gov/news/press-releases/sm1127 * https://mjolnirsecurity.com/the-asymmetric-battlefield-an-anthropological-and-geopolitical-analysis-of-iranian-cyber-threats-to-north-american-critical-infrastructure/ * https://cloud.google.com/blog/topics/threat-intelligence/apt33-insights-into-iranian-cyber-espionage * https://www.picussecurity.com/resource/blog/understanding-active-iranian-apt-groups * https://therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025 * https://www.mei.edu/publications/iranian-apts-overview * https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks * https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation * https://www.darkreading.com/vulnerabilities-threats/anatomy-of-the-new-iranian-apt * https://www.infopoint-security.de/medien/fireeye-operation-saffron-rose.pdf * https://narimangharib.com/ * https://darknetdiaries.com/transcript/30/ * https://www.youtube.com/playlist?list=PLjiTz6DAEpuINUjE8zp5bAFAKtyGJvnew * https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/ * https://cloud.google.com/blog/topics/threat-intelligence/definitive-dossier-of-devilish-debug-details-part-one-pdb-paths-malware * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    2h 20m
  6. AMA002 : COINBASE | IRAN | CAREER

    08/12/2025

    AMA002 : COINBASE | IRAN | CAREER

    In this AMA episode of "Intrusions in Depth," host Josh Stepp chats with friend and cybersecurity mentor David "Ponch" Sanchez about pressing topics from the audience. They break down the Coinbase breach, discussing how a bribed contractor exposed user data and balances, which could potentially create targets for phishing and physical attacks. Next, they analyze the risk of Iranian cyber retaliation against U.S. infrastructure during the ongoing Israel-Iran skirmishes, weighing destructive potential against political divisions. Lastly, for those entering cybersecurity, especially threat intelligence, they advise building home labs, reading industry articles, and seeking hands-on experiences at events like DEF CON to stand out in a competitive job market. Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * https://github.com/demining/Physical-Bitcoin-Attacks * https://www.raicescyber.org/ * https://www.wsj.com/us-news/second-suspect-surrenders-in-alleged-new-york-crypto-kidnapping-case-103e06c6 * https://www.wsj.com/video/botched-kidnapping-attempt-in-paris-as-criminals-target-crypto-wealth/9E10C74A-5158-49AF-B625-4ABA5EDC5B6E * https://www.abc.net.au/news/2024-01-23/australian-government-sanctions-russian-over-medibank-data-leak/103377976 * https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a * https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36 * https://academy.intel-ops.io/courses/hunting-adversary-infra * https://web.archive.org/web/20201206081245/https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/psychology-of-intelligence-analysis/PsychofIntelNew.pdf * https://irp.fas.org/doddir/army/ * https://irp.fas.org/doddir/army/gta33_01_006.pdf * Host: Josh Stepp * Produced by: Josh Stepp * Guest: David Sanchez Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    55 min
  7. Using LLMs to Abuse Sharepoint and Threaten Nuclear Actions

    07/17/2025

    Using LLMs to Abuse Sharepoint and Threaten Nuclear Actions

    Description In this informal mini-episode, Josh Stepp delves into two AI-related topics. First, he explores the "Vending Bench" research paper, which tests the long-term coherence of LLM-based agents running a vending machine business, revealing high variance in performance, with top models like Claude 3.5 Sonnet and OpenAI's O3 Mini outperforming humans but occasionally spiraling into chaotic behaviors like spamming the FBI over minor issues. Then, Josh reacts to a Pentest Partners blog post about exploiting SharePoint via Microsoft's CoPilot, highlighting how attackers can bypass access controls and forensic tracking to mine sensitive data Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * https://arxiv.org/pdf/2502.15840 * https://andonlabs.com/ * https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/ * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    30 min
  8. 008.1: POLYFILL

    05/27/2025

    008.1: POLYFILL

    In this episode of the Intrusions InDepth Podcast, host Josh Stepp dives into the 2024 Polyfill.io incident, a wake-up call for the web development community that exposed the vulnerabilities of the internet’s sprawling infrastructure. What began as a trusted open-source service, used by over 100,000 websites to ensure cross-browser compatibility, turned into a vehicle for widespread malware distribution after its domain and GitHub repository were sold to a Chinese company, Funnull. Josh explores the timeline of the attack, the mechanics of the malicious JavaScript payloads, and the broader implications for open-source software and internet trust. With a mix of technical analysis, commentary on open-source economics, and a touch of conspiracy-adjacent speculation, this episode unpacks how a seemingly innocuous service became a vector for a global cyberattack and what it means for the future of the web. Main Topics Discussed * Polyfill.io Attack Overview * Timeline of Events * Malware Mechanics * Open-Source Vulnerabilities * Implications and Solutions Call to Action: * Subscribe to the podcast for more episodes on high-profile cyber intrusions. * Visit our website at intrusionsindepth.com for additional stories and insights. * Share your thoughts on social media using #IntrusionsInDepth. Links and Resources: * https://blog.qualys.com/vulnerabilities-threat-research/2024/06/28/polyfill-io-supply-chain-attack * https://cside.dev/blog/the-polyfill-attack-explained * https://therecord.media/polyfill-cloudflare-trade-barbs-supply-chain-attack * https://news.ycombinator.com/item?id=40792136 * https://news.ycombinator.com/item?id=40804254 * https://risky.biz/RB755/ * https://web.archive.org/web/20230505112634/https://polyfill.io/v3/ownership-transfer * https://web.archive.org/web/20230601214142/https://jakechampion.name/ * https://web.archive.org/web/20231011015804/https://polyfill.io/ * https://web.archive.org/web/20231101040617/https://polyfill.io/ * https://github.com/polyfillpolyfill/polyfill-service/commit/5f4fc040e09436371f70ffcebe47ca0e3cdccac0 * https://github.com/polyfillpolyfill/polyfill-service/commit/aa261a834b36131e8dbd20d725c6b5d773f736d9 * https://github.com/polyfillpolyfill/polyfill-service/issues/2892 * https://sansec.io/research/polyfill-supply-chain-attack * https://www.theregister.com/2025/05/06/from_russia_with_doubt_go/ * https://huntedlabs.com/the-russian-open-source-project-that-we-cant-live-without/ * https://x.com/weirddalle/status/1922396432977346973 * https://www.berkshirehathaway.com/ * https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk/ * https://blog.cloudflare.com/automatically-replacing-polyfill-io-links-with-cloudflares-mirror-for-a-safer-internet/ * Host: Josh Stepp * Produced by: Josh Stepp Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode! Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe

    38 min
See All (26)

Ratings & Reviews

About

A podcast that analyzes cyber attacks and the threat actors that conduct them. Hosted by Josh Stepp www.intrusionsindepth.com

Information