Risky Business Patrick Gray

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


Activists who are totally not Israeli military hackers make Iranian steel mills firebally
Chinese APT crews use ransomware to muddy attribution
Attackers are now ransoming cloud access
Chinese APTs using building control systems for persistence and stealth
USA, UK and NZ govts issue PowerShell advice
Much, much more


This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Today’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery.

If you’re not familiar with Rumble, well, you should be. It’s a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can’t even connect to directly because HD and his team have done some really crazy work on pulling device information out of obscure protocol queries and things like that. It takes a few minutes to set up a scan with Rumble, so it’s infinitely easier than trying to do passive network discovery on the network or pull data from other solutions.

But Rumble isn’t just a network scanner anymore. They’ve been doing basic cloud asset inventory since the early days, but as you’ll hear it’s an area they’ve really been putting a lot of work into lately. Another big thing they’ve worked on is ICS and OT fingerprinting techniques that won’t actually cause those devices to command things to explode, so that’s nice.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


Paige Thompson guilty of Capital One hack
Microsoft is hiding serious Azure security issues
New Australian government lobbying for Julian Assange
How to ransomware documents in the cloud
Microsoft stops Windows 10/11 downloads in Russia
Belarusian cyber partisans obtain spy agency’s audio recordings
Much, much more


This week’s edition of the show is brought to you by Gigamon. Josh Day, Gigamon’s Director of applied threat research team, will be along in this week’s sponsor interview to talk about detecting badness on your network in encrypted traffic.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


“Shields Up” advice is now provably meaningless
Russia to ditch offshore comms apps like WhatsApp
Evil Corp’s Lockbit sanctions evasion attempt backfires
Binance is a cesspit of shady financial dealings
Apple’s passkey release foreshadows FIDO mass adoption
Much, much more


This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


The msdt/office lolbinapalooza
Microsoft to introduce sensible defaults to Azure
Twitter fined $150m for sms 2fa spam
It turns out npm got owned in that Heroku/Travis CI thing
AWS cred-stealing supply chain attack was research your honour, I swear!
Much, much more


We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


Conti’s war against Costa Rica
DoJ revises CFAA guidance
Naughty kids get access to DEA portal
A look at a Russian disinfo tool
PyPI and PHP supply chain drama
Much, much more


This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week’s sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.