THOR Collective Radio

For thrunters, by thrunters.

The voice of the thrunters. This is where threat hunters, defenders, and curious minds plug in for raw takes, field notes, and conversations that don’t always follow the playbook. Expect practical insights, weird hunts, and unfiltered energy from the front lines of cyber defense. Powered by the same chaos and community that fuels THOR Collective Dispatch—just louder. The views expressed on THOR Collective Radio are our own and don’t represent those of our employers—past, present, or future. This is an independent show, built by practitioners, fueled by chaos, and made for the community. dispatch.thorcollective.com

Episodes

  1. Ask-a-Thrunt3r: January 2026 - Season 2 Premiere 🐏

    3D AGO

    Ask-a-Thrunt3r: January 2026 - Season 2 Premiere 🐏

    Ask-a-Thrunt3r: January 2026 - Season 2 Premiere 🐏 📝 Episode Summary New year, same crew — and we’re building. The THOR Collective kicks off 2026 (Season 2!) with a deep dive into why this is the year security practitioners stop waiting on vendors and start building their own solutions. Lauren, Sydney, and John walk through the trio of Dispatch posts that kicked off the year — a manifesto series on building in security — and why the “I’m not technical enough” excuse doesn’t hold up anymore in the age of AI-assisted development. From there, the hosts get into the real talk: what’s actually trending in security right now (spoiler: social engineering isn’t going anywhere, and the agentic attack surface is the new frontier), what’s overhyped (looking at you, “AI SOC that replaces all your analysts”), and what each of them is personally investing in this year. Sydney’s going deep on LLM evaluations and automated baselining. Lauren’s leveling up her rapid development and project scaffolding skills. John’s bouncing adversarial emulation ideas off AI — when it’ll let him. The episode wraps with a lightning round covering certs vs. hands-on work, writing detections vs. hunting, specializing vs. staying broad, and prompt engineering vs. YOLOing it. Plus: conference announcements (CactusCon, WiCYS, BSides SF, RSA, DEF CON), puzzle swaps, PAI voice scaring partners, and Lauren’s Odyssey-inspired take on AI as Athena; a helper on your journey, not a replacement for the hero. ⏱️ Episode Breakdown * 00:01 – Intro and welcome to Season 2 * 03:20 – January Dispatch Highlights: “2026, The Year Builders Show Up” by Lauren & Sydney * 09:22 – “Why You Should Build” by Lauren – breaking the psychological barrier * 13:00 – “Why You Don’t Need a Desk to Build” by Sydney – shipping code from anywhere * 16:32 – What are we trying to solve? The mission behind the builder series * 18:40 – Staying current on AI: AI Daily Brief, Prompt GTFO, and community resources * 20:45 – What’s trending: social engineering, browser extensions, OpenClaw/MoltBot, agentic attack surfaces * 24:57 – AI finding vulnerabilities: OpenSSL discoveries and the CVE explosion * 27:45 – What’s overhyped: the “AI SOC” replacing analysts narrative * 30:00 – Risk tolerance and the human-in-the-loop debate * 34:25 – What we’re investing in: LLM evaluations, automated baselining, rapid development, adversarial emulation * 39:20 – What we’re ignoring: personal balance, saying no, giving up on red teaming * 41:27 – Hot take: ignoring prompt engineering (and the Wispr Flow revolution) * 43:00 – PAI voice scares * 46:04 – Lightning Round: Certs vs. hands-on, detections vs. hunting, specialize vs. stay broad, prompt engineering vs. YOLO * 53:00 – Conference circuit and closing: CactusCon, WiCYS, BSides SF, RSA, DEF CON, SecKC 🎤 Hosts Lauren Proehl (Host) – Manager of the group, chronic overcommitter, manifesto writer, and self-described “cautious optimist.” Sydney Marrone (Host) – Threat hunter turned builder. Shipping code from her phone, couch, bed, and probably CactusCon’s after party. Investing in LLM evaluations and automated baselining this year. John Grageda (Host) – Red teamer who uses AI for adversarial emulation and engagement planning, but notes the models still refuse to build offensive tooling (”nice try, buddy”). 🔗 Resources & Mentions January 2026 Dispatch Posts * 2026: The Year Builders Show Up by Lauren Proehl & Sydney Marrone * Why You Should Build by Lauren Proehl * You Don’t Need a Desk to Build by Sydney Marrone Tools & Resources Mentioned * Claude Code – AI coding assistant used by the hosts for building security tools and personal projects * PAI (Personal AI) by Daniel Miessler – personal AI assistant with voice capabilities * Wispr Flow – voice-to-text tool for talking at your AI instead of prompt engineering * Detect FYI – article by Alex Teixeira on automated baseline detections (30-day baseline + hourly deviation checks) * AI Daily Brief – recommended podcast for staying current on AI news * Prompt GTFO – community resource on cybersecurity and AI * OpenClaw / ClawBot / MoltBot – AI agents and social networks that had the hosts questioning reality Vulnerability Research & Bug Bounty * AISLE Discovers 12 OpenSSL Vulnerabilities (Jan 2026) – AI-powered autonomous analyzer found all 12 CVEs in the January 2026 coordinated release, some dating back to 1998 * The End of the curl Bug-Bounty (Daniel Stenberg) – curl ended its HackerOne bug bounty program January 31, 2026 due to flood of AI-generated slop reports * Google: Building AI Agents for Cybersecurity and Defense – Google’s approach to agentic defense and building security agents * Slack Engineering: Streamlining Security Investigations with Agents – Slack’s approach to agentic SOC defense using AI agent personas (Director, domain experts, Critic) that break investigations into phases Key Concepts Discussed * AI as Augmentation, Not Replacement – Lauren’s Athena analogy from The Odyssey: AI is a helper on your odyssey, not a replacement for the hero * The Builder Mindset – scripts, queries, playbooks all count as building; you don’t need permission from the developer gods * Return of Generalism – AI raising the floor for lower-level analysts, enabling dynamic workforce reallocation * Agent Manager Future – the theory that everyone becomes a manager of teams of AI agents * Trust but Verify – applies to both AI and humans; both make mistakes * The Boot Camp Loop – AI helps break the cycle of training without applying * Automated Baselining – 30-day baseline detection + hourly checks against deviations (Detect FYI approach) * Agentic Attack Surface – the unknown frontier of securing AI agents and agentic workflows Trends Discussed * Social engineering and phishing – still trending, now AI-enhanced * Browser extensions – emerging attack vector * OpenClaw/MoltBot ecosystem – AI agents with their own social networks * AI vulnerability discovery – 12 OpenSSL vulnerabilities found by AI, some allegedly decades old * CVE reports up ~39-40% last year * Google’s agentic defense approach – breaking prompts into investigation phases * Prompt injection – social engineering AI agents and models * Curl leaving HackerOne due to AI-generated bug bounty report influx 📢 Call to Action * Read the January builder series on Dispatch – and start your own building journey; even a script that saves you a few minutes counts * Try building something you’ll actually use – throw it on GitHub, start small, keep building * Check out the AI Daily Brief podcast and Prompt GTFO – for staying current on AI and security * Get Wispr Flow – if you struggle with prompt engineering, just talk at your AI * Explore automated baselining – use the Detect FYI approach (30-day baseline + hourly deviation checks) * Come find us at CactusCon – February 2026, THOR Collective is sponsoring the after party; swag will be available * Write for THOR Collective – always looking for new voices, up-and-coming voices, and first-time publishers; reach out on socials 📬 Connect with THOR Collective 🗣️ Social Media: * Twitter/X: @THOR_Collective * LinkedIn: THOR Collective * BlueSky: @thorcollective 📧 Contact: Reach out through any social channel for guest post opportunities, collaborations, or to share what you’re building in 2026 Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

    57 min
  2. Ask-a-Thrunt3r: December 2025 - DEcember 🐏

    12/30/2025

    Ask-a-Thrunt3r: December 2025 - DEcember 🐏

    Ask-a-Thrunt3r: December 2025 - DEcember 🐏 📝 Episode Summary Welcome back from the holiday break! The THOR Collective returns with a cozy end-of-year reflection meets practitioner reality check, featuring special guest Alex Hurtado, content creator extraordinaire and voice behind Detection Engineering Dispatch. This December edition tackles the often-overlooked but crucial relationship between threat hunting and detection engineering – what Alex calls “the real people that actually just keep shit working.” Alex brings unique insights from her journey from SIEM analyst at ABC during the Rachel Bachelorette era (yes, monitoring for commercial interruptions during primetime TV) to becoming one of the voices in detection engineering content. The conversation dives deep into why detection engineering finally emerged as a distinct discipline, how vendor black-boxing forces teams to rebuild EDR rules in their SIEM, and why treating detections like production code with proper CICD pipelines is non-negotiable. From debating whether to ship detections in “warn mode” to discussing the nuclear option of deleting 50% of your detections tomorrow, this episode delivers unfiltered insights on building sustainable detection programs. Plus, Alex shares her Chicago neighborhood-to-SIEM comparison framework, the team debates worst detections as holiday decorations, and everyone agrees: quarterly detection reviews are a must, but alert volume as a KPI needs to go. ⏱️ Episode Breakdown * 01:32 – Introductions * 03:00 – Alex’s journey: From ABC SIEM analyst to Detection Engineering thought leader * 06:02 – The gatekeeping problem in detection engineering * 10:26 – Icebreaker: Worst detection as a holiday decoration * 13:36 – Deep dive: What is detection engineering really? * 16:15 – Detection engineers beyond the SIEM * 18:01 – The problem with black-box EDR vendors * 20:35 – Hunting to Detection Engineering handoffs * 24:30 – Chaining behaviors vs. static indicators * 36:44 – Detection Engineering as Development (CICD, versioning, documentation) * 42:40 – Metrics that matter: Confusion matrices vs. alert volume * 47:30 – The nuclear option: Cutting 50% of detections * 49:30 – AI’s impact on detection engineering * 52:15 – Ship it or Scrap it rapid-fire * 55:06 – Must-reads and resources * 57:21 – 2025 wrap-up and 2026 preview 🎤 Hosts & Guest Lauren Proehl (Host) – Manager of the group whose worst detection is a creepy 85-year-old nutcracker from grandma that should’ve been recycled (like Log4J scanning alerts still firing). Sydney Marrone (Host) – Head of thrunting and threat hunting whose worst detection is a snow globe - stable until you make one edit and everything goes crazy with alerts. John Grageda (Host) – Red teamer who compares his worst detection to a Christmas tree with all lights constantly rotating in chaos, reminiscent of untuned Sourcefire IDS. Alex Hurtado (Special Guest) – Content creator, host of Detection Engineering Dispatch, and voice behind the State of Detection Engineering report. Former ABC SIEM analyst who monitored primetime TV for commercial interruptions. THOR Collective Dispatch is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber. 🔗 Resources & Mentions Key Concepts Discussed * Detection Engineering Definition – “The real people that actually just keep shit working” * Detection as Code – Treating detections like production code with CICD pipelines * Versioning & Documentation – The critical importance of change logs and detection diaries * Chaining Behaviors – Moving beyond static indicators to correlated attack chains * Black-box Vendor Problem – Why teams rebuild EDR rules in SIEMs with FDR data * Critical Asset Prioritization – Starting with crown jewels when cutting detection noise * Confusion Matrices – True positive/false positive rates as quality metrics Resources * 2026 SANS Focus on Detection Engineering Survey * Alex Teixeira / Detect.FYI * Detection Engineering Weekly * Detections.ai * MITRE TTP Detections * Detection Engineering Dispatch 📢 Call to Action * Follow Alex Hurtado on LinkedIn – For infographics and detection engineering insights * Subscribe to Detection Engineering Dispatch – Available on Apple Podcasts and Spotify * Participate in the State of DE Survey – Data collection phase is ongoing * Implement quarterly detection reviews – If you’re not doing this, start now * Document your detections – Leave them better than you found them * Write for THOR Collective – Always looking for new voices in thrunting, DE, SOC, and IR 📬 Connect with THOR Collective 🗣️ Social Media: * Twitter/X: @THOR_Collective * LinkedIn: THOR Collective * BlueSky: @thorcollective 📧 Contact: Reach out through any social channel to contribute content, be a guest on the podcast, or share your detection engineering war stories Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

    59 min
  3. Ask-a-Thrunt3r: October 2025 Logtoberfest Edition 🍺🐏

    11/04/2025

    Ask-a-Thrunt3r: October 2025 Logtoberfest Edition 🍺🐏

    Ask-a-Thrunt3r: October 2025 - Logtoberfest Edition 🍺 📝 Episode Summary Welcome to Logtoberfest! The THOR Collective raises their glasses (and their log levels) for the most anticipated episode of the year, featuring special guest Damien Lewke, founder and CEO of Nebulock. This October edition tackles the burning question on every hunter’s mind: what does the future of threat hunting actually look like beyond the marketing hype and slick promo videos? Damien drops the mic with Nebulock’s mission to “democratize threat hunting”, making proactive security a right, not a privilege reserved for the few. The conversation dives deep into how agentic AI has already transformed the adversary landscape, blurring lines between nation-state actors and script kiddies while automating tailored access at scale. The crew explores the reality that while bad actors have gone fully agentic (as Anthropic’s August threat report confirmed), defenders are still stuck with yesterday’s tools. From debating whether AI agents are the future or just expensive autopilots, to discussing quantum computing’s threat timeline and the practicality of SOCs in virtual reality, this episode separates genuine innovation from vendor vaporware. Plus, Sydney drops knowledge on collaborative hunting platforms while John shares red team perspectives on AI-powered attack path mapping. Whether you’re a seasoned hunter or a SOC analyst looking to level up, this episode delivers the unfiltered truth about what’s coming in the next 12-24 months. THOR Collective Dispatch is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber. ⏱️ Episode Breakdown * 01:10 – Welcome to Logtoberfest * 01:24 – Special guest introduction: Damien Lewke from Nebulock * 06:17 – Icebreaker: If your favorite log source were a beer, what style would it be? * 09:05 – Thrunt3r Spotlight * 10:58 – October Dispatch Highlights & community milestones * 28:00 - The future of threat hunting * 52:19 – Hype or Bust rapid-fire round * 57:46 – Giveaway announcement * 58:35 – Closing cheers to verbose logs and loud communities 🎤 Hosts & Guest Lauren Proehl (Host) – Manager of the group and self-proclaimed cautious AI optimist who’s evolved from “AI hater” to seeing genuine opportunity with mindful implementation. Sydney Marrone (Host) – Chief thrunter, recently joining Nebulock. Champion of removing gatekeeping from threat hunting and making it accessible to all skill levels. John Grageda (Host) – Red teamer bringing the adversarial perspective. Expert at hiding from endpoint detection (allegedly) and advocate for AI-powered attack path mapping. Damien Lewke (Special Guest) – Founder & CEO of Nebulock, middle child, and longtime listener turned guest. Building the agentic threat hunting platform to bridge the gap between elite hunters and aspiring analysts. 🔗 Resources & Mentions October Dispatch Posts * Agentic Threat Hunting, Part 2: Starting a Hunt Repo by Sydney Marrone * Hunting Beyond Indicators by Sam Hanson * Aligning Risk Management and Threat-Informed Defense Practices (Part 1) by Micah VanFossen Tools & Platforms Mentioned * Nebulock – Agentic threat hunting platform * Maltego * GPT-4 and Claude for detection engineering * Traditional SIEM platforms vs. next-gen alternatives Community Resources * Detection Engineering Weekly * Anthropic’s August 2025 threat report 📢 Call to Action * Message THOR Collective on Discord – First responder after the episode wins Logtoberfest swag! * Share your log-to-beer pairing – Include your favorite log type and beer style for bonus points * Test drive AI hunting tools – Explore how agents can augment your current workflows * Document your baselines – Stable baselines are essential before implementing AI detection * Share your 2026 predictions – What do you think threat hunting will look like next year? * Join the AI debate – Are you team “cautious optimist” or team “show me the code”? * Upskill your SOC analysts – Consider platforms that lower the barrier to threat hunting 📬 Connect with THOR Collective 🗣️ Social Media: * Twitter/X: @THOR_Collective * LinkedIn: THOR Collective * BlueSky: @thorcollective 📧 Contact: Reach out through any social channel for guest opportunities, hunt collaborations, or to share your thoughts on the future of threat hunting Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

    1 hr

  4. 10/01/2025

    Ask-a-Thrunt3r: September 2025 Recap 🐏

    📝 Episode Summary Back to school, Thrunter style! The THOR Collective celebrates a massive milestone with 2,000 Dispatch subscribers while diving deep into the art and science of baselining. This September edition of Ask a Thrunt3r is all about getting back to basics – because you can’t find weird if you don’t know normal, as Sydney reminds us in her must-read post that kicked off the month’s baseline bonanza. The crew unpacks Sydney’s foundational work on baselining and Lauren’s epic 21-minute marathon post featuring 10 baseline hunts that’ll have you questioning everything you thought was “normal” in your environment. From mind-bending 3D visualization techniques for finding compromised workstations with math (yes, math!) to a browser extension exposé, this month’s content proves that sometimes the biggest threats hide in plain sight – or in that innocent-looking Chrome extension your users just installed. Looking ahead, the team tackles the future of hunt collaboration, debating the merits of Git repos, Jupyter notebooks, and AI assistants for threat hunting. Whether you’re team “data” or team “data” (spoiler: it sparked quite the debate), this episode delivers practical insights for hunters at every level. Plus, John is hiring a senior pen tester if you’re looking to cross over to the dark side! ⏱️ Episode Breakdown 01:10 – Welcome back to school02:09 – Job opportunity: Senior pen tester at Lumen (full remote, US-based)03:08 – Milestone celebration: 2,000 Dispatch subscribers! 🎉04:36 – Icebreaker07:09 – Thrunt3r Spotlights09:02 – September Dispatch Highlights28:10 – Future of Hunt Collaboration Discussion42:01 – Lightning Round: Would You Rather edition44:03 – Wheel of Spins45:56 – October preview: Logtoberfest & Future of Threat Hunting47:44 – Closing & happy thrunting 🎤 Hosts Lauren Proehl (Host) – A director type who admits to wildcarding but is improving. Self-proclaimed energy drink enthusiast who turns inspiration into dissertations. Sydney Marrone (Host) – Principal threat hunter and the “thrunter of the group.” Baseline evangelist who kicked off September’s theme. Firm believer in the power of Git skills over Jira tickets. John Grageda (Host) – Red teamer celebrating 10 years at Lumen. Currently hiring a senior pen tester. Plans to retire wrapped in fiber cables and carried to the great cloud in the sky. 🔗 Resources & Mentions September Dispatch Posts 📚 You Can’t Find Weird If You Don’t Know Normal by Sydney Marrone📊 Baseline Bonanza: 10 Baseline Hunts by Lauren Proehl🎯 Can’t Hide in 3D by Certis Foster🔒 Even if many plugins are fine, the bad ones are bad by John Tuckner💼 Beyond Hackers and Hoodies: A Project Manager’s Move into Cybersecurity by Courtney Shar♀️ Why We Need Women in Cybersecurity by Sydney Marrone & Cassandra Murphy Tools & Technologies Mentioned * Jupyter Notebooks * GitHub/Git for collaboration and version control * GitKraken for local Git management * Threat Hunter Playbook (s/o @Cyb3rWard0g and @Cyb3rPandaH) * RBA (Risk-Based Alerting) techniques * BOTs dataset for testing Community Resources 🔥 HEARTH Repository📬 The Dispatch Newsletter💬 THOR Collective Discord (paid subscribers) 📢 Call to Action 🎯 Submit your baseline hunt ideas to HEARTH📝 Share what Dispatch posts resonated with your current challenges🔮 Join us for Logtoberfest & the Future of Threat Hunting discussion💼 Interested in pen testing? Contact John about the Lumen opportunity🪙 Check your DMs if you’ve won a coin – Sydney’s waiting!📊 Try out the 15 baseline examples from Sydney & Lauren’s posts🎓 Add HEARTH contributions to your LinkedIn projects section 📬 Connect with THOR Collective 🗣️ Social Media:Twitter/X: @THOR_CollectiveLinkedIn: THOR CollectiveBlueSky: @thorcollective 📧 Contact: Reach out through any social channel for guest post opportunities or hunt collaboration ideas Next Episode: October’s Logtoberfest - Deep dive into the future of threat hunting, AI integration, and strategic planning for 2026. Essential listening for decision-makers and team leads! Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

    49 min

  5. 09/09/2025

    Ask-a-Thrunt3r: August 2025 Recap 🐏

    📝 Episode Summary Back from the desert and (mostly) intact! The THOR Collective crew returns from Hacker Summer Camp with minimal tattoos and maximum insights in this August edition of Ask a Thrunt3r. We're diving deep into the post-DEF CON content dump, exploring everything from Brett's first-timer perspective to Damien's philosophical take on the evolving threat landscape in "The Quiet War." The team breaks down Q2's wildest attack vectors, from help desk social engineering to AI-powered supply chain attacks that'll make you side-eye every IDE extension. We tackle the big questions in this month’s Hunt Clinic: hypothesis vs. baseline hunts, lessons for newbie threat hunters, and the tools we wish everyone was using (spoiler: it's not always Splunk). Plus, we celebrate our growing community of 150+ new Thrunters and spotlight some incredible contributions to HEARTH and the Dispatch. Whether you're organizing your hunt ideas in 18 different places like Lauren or taking meticulous notes like Sydney, this episode's got the practical wisdom and chaotic energy to fuel your next threat hunting adventure. THOR Collective Dispatch is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber. ⏱ Episode Breakdown * 00:00 – Welcome to Ask a Thrunter (August Edition) * 01:08 – Post-Hacker Summer Camp check-in & survival status * 02:00 – Welcome to 150+ new Thrunters * 02:44 – Team intros: Lauren, John, Sydney * 05:12 – Icebreaker: How do you organize your threat hunt ideas? * 08:04 – Community spotlight: Contributors & IRL meetups * 09:26 – Joshua Hines' epic Hearth submission (#048) * 14:18 – Dispatch Highlights begins * 14:39 – Brett Schoenwald's "From Noob to Woo" DEF CON recap * 17:00 – Damien Lewke’s "The Quiet War" on AI & threat evolution * 20:21 – Lauren's Q2FY25 From the Fire * 24:52 – Hunt Clinic Q&A: One lesson for your newbie threat hunter self * 31:16 – Hunt Clinic Q&A: Favorite hunting tool you wish more people used * 37:05 – Hunt Clinic Q&A: Hypothesis-driven vs. baseline-driven hunts * 39:59 – Wheel of Spins winner announcement * 41:52 – Wrap-up & call for guest contributors 🎤 Hosts * Lauren Proehl (Host) – Global Head of Detection & Response at a Fortune 500 financial firm. Co-founder of THOR Collective. Self-proclaimed wildcard queen who doesn't care about money. * Sydney Marrone (Host) – Principal Threat Hunter at a major software company. Co-founder of THOR Collective. The "thrunter of the group" who hunts for work and fun. * John Grageda (Host) – Red Teamer celebrating 10 years at his current role. Co-founder of THOR Collective. Keeps everyone up at night with attack scenarios. 🔗 Resources & Mentions * 📚 From Noob to Woo: My First DEF CON by Brett Schoenwald * 🎯 The Quiet War by Damien Lewke * 📊 From the Fire: Q2FY25 by Lauren Proehl * 🔥 HEARTH Hunt #048: Cisco AnyConnect on macOS by Joshua Hines * 🛠️ Sliver C2 Documentation * 🎬 DEF CON Media Server * 🧠 HEARTH 📢 Call to Action * 💬 Join the THOR Collective Discord (paid subscribers get live Q&A access) * 📬 Subscribe to the Dispatch * 🎯 Submit your threat hunting content for future Dispatch features * ❓ Send your questions for the next Ask a Thrunt3r Thanks for reading THOR Collective Dispatch! This post is public so feel free to share it. 📬 Connect with THOR Collective * 🌐 thorcollective.com * 🗺️ Twitter/X: THOR_Collective * 💼 LinkedIn: THOR Collective Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

    43 min
  6. Ask-a-Thrunter: July 2025 Recap 🐏

    08/06/2025

    Ask-a-Thrunter: July 2025 Recap 🐏

    📝 Episode Summary We’re cutting it close but making it count! In this July edition of Ask a Thrunter, the crew drops into the studio right before Hacker Summer Camp kicks off to talk DEF CON plans, survival kit must-haves, and the latest Dispatch highlights. We’re joined by special guest Brett Schoenwald — designer, creative force, and the EDM + AI mastermind behind Elipscion — who’s making his DEF CON debut on the official artist lineup. We swap our earliest hacker con gear lists for today’s “we’re older and wiser” essentials (spoiler: electrolytes beat out bash bunnies), break down posts on time charting in Splunk, proving pen test impact, and AI-powered hunting, and preview the Thrunting Hotlist for DEF CON 33. The Hunt Clinic is open with subscriber questions on AI agents running hunts, our most toxic threat hunting traits, and what genre would soundtrack our latest investigations. Plus, Brett takes us behind the scenes of building his Hacker Summer Camp playlist and shares where to catch his Friday night set. If you’re headed to the desert or just want the next best thing, this episode’s your all-access pass. ⏱ Episode Breakdown * 00:00 – Welcome to Ask a Thrunter (July Edition) * 01:10 – DEF CON countdown & Hacker Summer Camp theme * 02:01 – Shoutout to new, paid, and founding subscribers * 03:07 – Team intros: Lauren, John, Sydney, Brett * 05:03 – Icebreaker: Hacker Summer Camp survival kit must-haves * 07:33 – Dispatch Deep Cuts * 08:01 – Highlight: If You Like It, Put a Time Chart on It (Sydney) * 10:49 – Highlight: Make It Hurt (a little) (John) * 14:21 – Highlight: The Agentic Threat Hunter (Sydney) * 17:11 – Highlight: DEF CON 33 Thrunting Hotlist (Lauren) * 20:21 – What we’re excited to see at DEF CON * 23:12 – Brett’s upcoming DEF CON DJ set * 28:23 – Villages, parties, and can’t-miss events * 29:22 – Hunt Clinic Q&A: Would you let an AI run part of your hunt? * 33:28 – Hunt Clinic Q&A: Toxic threat hunting traits * 36:11 – Hunt Clinic Q&A: Soundtrack genres for your last hunt * 37:44 – Special guest chat: Brett Schoenwald (Ellipseon) * 46:32 – Wheel of Spins swag winner * 47:17 – Wrap-up & next episode preview THOR Collective Dispatch is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber. 🎤 Hosts & Guests * Lauren Proehl (Host) – Global Head of Detection & Response at a Fortune 500 financial firm. Co-founder of THOR Collective. * Sydney Marrone (Host) – Principal Threat Hunter at a major software company. Co-founder of THOR Collective. * John Grageda (Host) – Red Teamer and original member of THOR. Brings a purple team/red team lens to threat hunting. Co-founder of THOR Collective. * Brett Schoenwald (Guest) – Founder of ELIPSCION, DEF CON 33 performing artist, and official THOR Collective creative designer. 🔗 Resources & Mentions 🛠️ If You Like It, Put a Time Chart on It by Sydney Marrone💻 Make It Hurt (a little) by John Grageda🤖 The Agentic Threat Hunter by Sydney Marrone📋 DEF CON 33 Thrunting Hotlist by Lauren Proehl🎵 ELIPSCION DEF CON set on SoundCloud🎟️ DEF CON Party Listings – defconparties.org👕 THOR Collective merch – shop.thorcollective.com 📢 Call to Action 💬 Join the THOR Collective Discord (paid subscribers get live Q&A access)📬 Subscribe to the Dispatch🎯 Submit your threat hunting content for future Dispatch features👕 Rep your THOR pride with merch (code: THRUNT20)❓ Send your questions for the next Ask a Thrunter Thanks for reading THOR Collective Dispatch! This post is public so feel free to share it. 📬 Connect with THOR Collective * 🌐 thorcollective.com * 🗺️ Twitter/X: THOR_Collective * 💼 LinkedIn: THOR Collective Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

    49 min

  7. 07/01/2025

    Ask-a-Thrunter: June 2025 Recap 🐏

    🎧 Episode Title: Ask-a-Thrunter: June 2025 Recap 🐏 🗓️ Release Date: June 2025 📝 Episode Summary The thrunters are back in high definition! In this June edition of Ask a Thrunter, the crew settles into a new virtual podcast studio, dishes out Dispatch Deep Cuts, and unveils a massive revamp to HEARTH, our collaborative GitHub project for threat hunting hypotheses. We talk about our favorite (and most frustrating) log sources, how AI and automation are reshaping contribution workflows, and get real about visibility gaps in Chrome extensions. The Hunt Clinic is open with subscriber questions on Python notebooks for hunting, dream hunts that never got enough data, and our unanimous answer to “What tool would you kill in your stack?” If you love chaos, practical tips, and community-powered threat hunting, you’re in the right place. ⏱️ Episode Breakdown * 00:00 – Welcome to Ask a Thrunter (June Edition) * 01:18 – Team intros: John, Sydney, Lauren * 03:11 – DEF CON DJ meetup plans to see Brett (8PM local on 8/8) * 03:51 – Shoutout to free, paid, and founding subscribers * 05:28 – Icebreaker: Logs we love (and hate) * 08:25 – HEARTH gets a full revamp: new frontend, database, auto-submission from CTI * 12:05 – Leaderboard unveiled + swag potential * 15:40 – Dispatch Deep Cuts * 16:22 – Highlight: From the Fire Q1 FY25 (Lauren) * 18:45 – Highlight: If I Were a Threat Hunter (Jordan Hind) * 23:56 – Highlight: Red With Benefits (John) * 26:48 – Shoutouts: Plugin & Extension Hunt (Sydney), Misinformation and the Intel Cycle (Sherpa), Purple Teaming the Fallout (John) * 31:08 – Ask a Thrunter * 31:42 – Ask a Thrunter: Hunts we wish we could do * 33:38 – Ask a Thrunter: Python notebooks + PEAK * 35:43 – Ask a Thrunter: One tool to kill in your stack * 36:50 – Giveaway winner * 41:37 – Wrap up & see you next month! 🎤 Hosts & Guests * Lauren Proehl (Host) – Global Head of Detection & Response at a Fortune 500 financial firm. Co-founder of THOR Collective. * Sydney Marrone (Host) – Principal Threat Hunter at a major software company. Co-founder of THOR Collective. * John Grageda (Host) – Red Teamer and original member of THOR. Brings a purple team/red team lens to threat hunting. Co-founder of THOR Collective. 🔗 Resources & Mentions * 🛠️ HEARTH GitHub Project * 🔥 From the Fire Q1 FY25 by Lauren Proehl * 👀 If I Were a Threat Hunter by Jordan Hind * 💻 Red With Benefits by John Grageda * 🧩 Your Plugins and Extensions Are (Probably) Fine. Hunt Them Anyway by Sydney Marrone * 🧠 Don't Let Mis(s) Information Take the Crown by Sherpa Intelligence * ⚙️ Purple Teaming the Fallout: A Red Team Perspective on U.S. Infrastructure Risks Amid Israel-Iran Conflict by John Grageda * 🎵 THOR Collective soundtrack brought to you by ELIPSCION (Brett) 📢 Call to Action * 💬 Join the THOR Collective Discord (paid subscribers get access to live Q&A) * 📬 Subscribe to the Dispatch * 📝 Submit to HEARTH using your favorite CTI source * 👕 Rep your THOR pride with merch (code: THRUNT20) * ❓ Send your questions in for July’s Ask a Thrunter! 📬 Connect with THOR Collective * 🌐 thorcollective.com * 🗺️ Twitter/X: THOR_Collective * 💼 LinkedIn: THOR Collective Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

    43 min

  8. 06/06/2025

    Ask-a-Thrunter: May 2025 Recap 🐏

    🎧 Episode Title: Ask-a-Thrunter: May 2025 Recap 🐏 🗓️ Release Date: May 2025 📝 Episode Summary In this episode of Ask a Thrunter, we’re catching up on the best of May and making up for missing our usual THORsday slot (thanks, Broadway). We finally do proper introductions and shout out two of our favorite Dispatch posts: one on SOC personality dynamics and another on integrating AI into your hunt workflows. We debate whether threat hunters should be using AI, share our hottest takes (and horror stories) on LLMs, and talk about risk, tooling, and practicality when bringing generative AI into real-world hunting. There's a surprise drop you won't want to miss, and we close things out with a fantastic paid subscriber Q&A from Austin that covers rule validation, detection review cadences, and PEAK framework nuances. If you like a little chaos with your cyber, you’re in the right place. ⏱️ Episode Breakdown * 00:00 – Intro & Broadway vs. THORsday * 02:03 – Team introductions: Lauren, Sydney, and John * 05:57 – Episode overview * 07:10 – Dispatch highlights begin * 07:30 – Dispatch pick: Quiet, Loud, and in the Log Files by Alex Hurtado * 12:24 – Dispatch pick: AI Is My Bestie by Lauren Proehl * 14:11 – Claude AI hallucinations * 17:49 – Should threat hunters use AI? * 19:28 – Should orgs block access to LLM tools like Claude and Copilot? * 22:37 – AI integrated in supply chain * 24:01 – Giveaway winner announcement * 25:05 – Ask a Thrunter Q&A * 26:51 – Rule and detection validation question * 30:27 – Defining queries from the PEAK template question * 34:16 – Detection lifecycle validation question * 37:19 – Alert vs event vs incident question * 39:43 – Special announcement * 39:59 – THOR Supply Shop announcement – use code THRUNT20 for 20% off! * 41:41 – We love Brett! * 43:28 – Outro 🎤 Hosts & Guests * Lauren Proehl (Host) – Global Head of Detection & Response at a Fortune 500 financial firm. Co-founder of THOR Collective. * Sydney Marrone (Host) – Principal Threat Hunter at a major software company. Co-founder of THOR Collective. * John Grageda (Host) – Red Teamer and original member of THOR. Brings a purple team/red team lens to threat hunting. Co-founder of THOR Collective. 🔗 Resources & Mentions * 🧵 Quiet, Loud and in the Log Files by Alex Hurtado * 🧠 AI is My Bestie by Lauren Proehl * 🧪 Red Canary Atomic Red Team * 🧑‍🏫 PEAK Threat Hunting Framework * 💬 Anthropic’s report on Claude abuse by threat actors * 👕 THOR Collective Merch Store – use code THRUNT20 for 20% off * 🎵 THOR Collective soundtrack brought to you by ELIPSCION (Brett) 📢 Call to Action * 💬 Join the THOR Collective Discord (paid subscribers get access to live Q&A) * 📬 Subscribe to the Dispatch * 🧵 Submit your questions for June's Ask-a-Thrunter * 👕 Use THRUNT20 at shop.thorcollective.com for merch! 📬 Connect with THOR Collective * 🌐 thorcollective.com * 🗺️ Twitter/X: THOR_Collective * 💼 LinkedIn: THOR Collective Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

    44 min

  9. 05/05/2025

    Ask-a-Thrunter: The Recap Is Here 🐏

    What happens when you put a bunch of threat hunters in a Discord call and ask them questions? * Watch the replay of our first Ask-a-Thrunter—exclusively from the THOR Collective Discord * Want in on the next live one? Paid subscribers get access, live Q&A privileges, and a shot at monthly giveaways. THOR Collective Dispatch is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber. THOR Collective Dispatch is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber. Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

    34 min
  • 9 Episodes

About

The voice of the thrunters. This is where threat hunters, defenders, and curious minds plug in for raw takes, field notes, and conversations that don’t always follow the playbook. Expect practical insights, weird hunts, and unfiltered energy from the front lines of cyber defense. Powered by the same chaos and community that fuels THOR Collective Dispatch—just louder. The views expressed on THOR Collective Radio are our own and don’t represent those of our employers—past, present, or future. This is an independent show, built by practitioners, fueled by chaos, and made for the community. dispatch.thorcollective.com

Information

  • Creator
    For thrunters, by thrunters.
  • Years Active
    2025 - 2026
  • Episodes
    9
  • Rating
    Explicit
  • Copyright
    © THOR Collective
  • Show Website
    THOR Collective Radio