DISCARDED: Tales From the Threat Research Trenches

Proofpoint
DISCARDED: Tales From the Threat Research Trenches

DISCARDED: Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns. Each episode you’ll hear real world insights from our researchers about the latest trends in malware, threat actors, TTPs, and more. Welcome to DISCARDED

  1. 11月15日

    Scams, Smishing, and Safety Nets: How Emerging Threats Catches Phish

    Hello to all our Cyber Pals! Join host Selena Larson and guest, Genina Po, Threat Researcher at Emerging Threats at Proofpoint. She shares how she tackles emerging cyber threats, breaking down the process of turning data into detection signatures. Using tools like Suricata to create detections for malicious activity, she maps out her approach to writing rules that identify and block these threats. The goal? Equip companies to stay secure, and encourage listeners with the skills to spot and prevent scams on their own. Genina shares her journey tracking pig butchering scams through thousands of domains and URLs. She reveals patterns—certain headers and markers—that help identify these sites amid a flood of data, and she describes the challenges in detection, as scammers increasingly vary their setups to evade filters.  Also discussed:proactive measures against phishing and fraud sites, with Proofpoint using "takedown" services to remove malicious domains, disrupting scams before they impact usersthe importance of questioning biases, particularly in cyber threat intelligence where assumptions can shape classifications and responsescollaboration with Chainalysis to connect various scams through cryptocurrency wallets, showing cross-over between different fraud typesResources mentioned: Book: Why Fish Don’t Exist by Lulu Miller For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    51 分鐘
  2. 9月30日

    Champagne Attack Chains on a Kool-Aid Budget

    Hello to all our Pumpkin Spice cyber friends! Join host Selena Larson and today’s co-host, Tim Kromphardt, as they chat with Joe Wise, Senior Threat Researcher and Kyle Cucci, Staff Threat Researcher both from Proofpoint. Together, they unpack recent campaigns involving the abuse of legitimate services, particularly focusing on the clever tactics used by cybercriminals to evade detection.Joe and Kyle discuss a fascinating trend where attackers are leveraging Cloudflare’s temporary tunnels, bundling Python packages, and deploying a range of malware like Xworm and Venom Rat. They explore the increasing abuse of legitimate services like Google Drive, Adobe Acrobat, and Dropbox, which allow attackers to blend in with regular business traffic. The conversation also touches on a range of threat clusters, including Exormactor and Voldemort malware, and TA2541, who have consistently leveraged Google Drive URLs to spread malicious content.  Also discussed: the challenge of detecting and mitigating these types of threats and the importance of staying ahead of the evolving attack strategies the motivations behind these campaignswhy traditional defense mechanisms may fall short Resources mentioned: https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort https://www.proofpoint.com/us/blog/threat-insight/scammer-abuses-microsoft-365-tenants-relaying-through-proofpoint-servers-deliver For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    34 分鐘
  3. 9月17日

    Guarding the Vote: Unmasking Cyber Threats in Election Season

    Hello to all our cyber citizens! Join host Selena Larson and today’s co-host, Tim Kromphardt, as they chat with Joshua Miller, Senior Threat Researcher and Rob Kinner, Senior Threat Analyst both from Proofpoint. With election season on the horizon, cyber attackers are sharpening their tactics—impersonating government agencies, emailing journalists, and crafting sophisticated phishing schemes. But how real is the threat? And what can be done to protect our democracy from the digital shadows? Today, we pull back the curtain on the unseen battles being fought in cyberspace and what it means for voters, journalists, and defenders alike. The discussion covers a range of election threats, from malicious domains, impersonation, and typo-squatting to sophisticated credential phishing campaigns that exploit government and election-related themes. Also discussed:how state-sponsored actors from DPRK, Russia, and China are interested in espionage around election related topics the impersonation of various government entities for phishing purposes, revealing the creativity and resourcefulness of threat actorswhile cyber threats are pervasive, the integrity of the voting process remains strong, backed by robust defenses and ongoing efforts by dedicated professionals Resources mentioned: https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-delivering https://www.justice.gov/opa/pr/justice-department-disrupts-covert-russian-government-sponsored-foreign-malign-influence https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalists https://www.proofpoint.com/us/blog/threat-insight/media-coverage-doesnt-deter-actor-threatening-democratic-voters For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    33 分鐘
  4. 9月4日

    Very Mindful, Very APT: Inside the Activity of Current Espionage Actors

    Hello to all our mindful and demure cyber sleuths! Join host Selena Larson and today’s co-host, Sarah Sabotka as they chat with Joshua Miller and Greg Lesnewich, Threat Researchers at Proofpoint about the ever-evolving world of advanced persistent threats (APTs). The team unravels the latest espionage tactics of threat actors from Iran, North Korea, and Russia, exploring everything from Iran’s sophisticated social engineering campaigns to North Korea’s customized Mac malware. They also highlight the increasing interest in MacOS malware in the cybercrime landscape and examine examine the threat posed by a group targeting AI researchers with unique malware like "SugarGh0st RAT." Also discussed:the quirky and often amusing names given to malware campaigns in the cybersecurity world.unexpected connections between cybersecurity and pop culture, featuring a discussion on how celebrities like Taylor Swift handle digital security.what recent activity suggests about the actors’ changing tactics. Resources mentioned: SleuthCon Talk: Presenter, Selena Larson Rivers of Phish from CitizenLab https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-delivering https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta450-uses-embedded-links-pdf-attachments-latest-campaign https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds https://www.theguardian.com/music/shortcuts/2019/jan/29/digital-security-taylor-swift-facetime-privacy-bug-breaches https://www.youtube.com/watch?v=LYHmTjFW-nY https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week https://www.proofpoint.com/us/blog/threat-insight/security-brief-artificial-sweetener-sugargh0st-rat-used-target-american  For more information about Proofpoint, check out our website. Subscribe & Follow: Don't...

    50 分鐘
  5. 8月20日

    Rebel Security Training: Cyber Lessons from A Galaxy Far, Far Away

    Hello, cyber rebels! Ever wondered what lightsabers, the Force, and intergalactic battles have in common with the world of cybersecurity? Welcome to a special episode of the Discarded Podcast. Join host Selena and co-host Greg Lesnewich, Senior Threat Researcher at Proofpoint, along with our guest, Eric Geller, cybersecurity reporter and host of the Hoth Takes Star Wars podcast, as they dive into the fascinating intersection of Star Wars and cybersecurity. He reveals how the tactics and strategies from a galaxy far, far away can be applied to modern-day digital defense. Greg and Eric share their love for Star Wars while drawing parallels between iconic moments from the saga and modern cybersecurity practices. Ever wondered how the Rebels' infiltration of the Death Star reflects real-world hacking techniques? Or how the Empire's security flaws could be lessons for today's digital defenses? We've got you covered. They highlight how living off the land techniques, identity protection failures, and internal security oversights in the Star Wars universe can teach us valuable lessons for defending against cyber threats. From red teaming with Han and Chewbacca to intelligence analysis with Princess Leia, and even hardware hacking with Babu Frik, we cover a broad spectrum of cyber roles through the lens of Star Wars. We also delve into who would make the best CISO in the Star Wars universe, with some surprising nominations and entertaining analogies. Whether you're a Star Wars enthusiast or a cybersecurity professional, this episode provides a unique and entertaining perspective on the skills and strategies essential for both realms. Tune in for a fun and insightful conversation that bridges the gap between fiction and reality in the most engaging way possible. Resources mentioned: Hoth Takes (podcast) NIST Framework https://www.wired.com/author/eric-geller/ For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    57 分鐘
  6. 8月6日

    The Art of Frustrating Hackers: Diving Into the DEaTH Cycle with Randy Pargman

    Hello, Cyber Stars! In today's episode of the Discarded Podcast, hosts Selena Larson and Sarah Sabotka are joined by Randy Pargman, Director of Threat Detection at Proofpoint. Randy shares his extensive experience in cybersecurity, from working at the FBI and understanding law enforcement’s role in cyber defense, to endpoint detection and response, to his current role at Proofpoint. We explore the relentless cat-and-mouse game between cyber defenders and threat actors. Randy discusses the importance of Detection Engineering and Threat Hunting (DEATH) and how these disciplines work together to outsmart cybercriminals. He also highlights the significance of log data retention and how investing in longer retention periods can drastically improve the efficacy of detection measures. Randy touches on the upcoming DEATHCon, a must-attend event for cybersecurity professionals. He shares fascinating stories and analogies, making complex cybersecurity concepts accessible and engaging. We also talk about: the concept of the "pyramid of pain" and how spending too much time on IOCs can be a losing battle against agile threat actorsthe value of empathy and collaboration among security teamspractical steps for building shared lab environmentsResources mentioned: DeathCON Operation Endgame  Clipboard to Compromise Blog: https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn DFIR Report Labs: https://thedfirreport.com/services/dfir-labs/ For more information about Proofpoint, check out our website. Subscribe & Follow: Don't miss out on future episodes—subscribe to the Discarded Podcast on your favorite platform.

    53 分鐘
5
(滿分 5 顆星)
52 則評分

簡介

DISCARDED: Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns. Each episode you’ll hear real world insights from our researchers about the latest trends in malware, threat actors, TTPs, and more. Welcome to DISCARDED

你可能也會喜歡

若要收聽兒少不宜的單集,請登入帳號。

隨時掌握此節目最新消息

登入或註冊後,即可追蹤節目、儲存單集和掌握最新資訊。

選取國家或地區

非洲、中東和印度

亞太地區

歐洲

拉丁美洲與加勒比海地區

美國與加拿大