20 episodes

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

Risky Business Patrick Gray

    • Technology
    • 4.7 • 318 Ratings

Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.

    Risky Business #669 -- Finally, an ICS attack that made stuff explode!

    Risky Business #669 -- Finally, an ICS attack that made stuff explode!

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


    Activists who are totally not Israeli military hackers make Iranian steel mills firebally
    Chinese APT crews use ransomware to muddy attribution
    Attackers are now ransoming cloud access
    Chinese APTs using building control systems for persistence and stealth
    USA, UK and NZ govts issue PowerShell advice
    Much, much more


    This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Risky Biz Soap Box: HD Moore on taking Rumble to the cloud

    Risky Biz Soap Box: HD Moore on taking Rumble to the cloud

    Today’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery.

    If you’re not familiar with Rumble, well, you should be. It’s a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can’t even connect to directly because HD and his team have done some really crazy work on pulling device information out of obscure protocol queries and things like that. It takes a few minutes to set up a scan with Rumble, so it’s infinitely easier than trying to do passive network discovery on the network or pull data from other solutions.

    But Rumble isn’t just a network scanner anymore. They’ve been doing basic cloud asset inventory since the early days, but as you’ll hear it’s an area they’ve really been putting a lot of work into lately. Another big thing they’ve worked on is ICS and OT fingerprinting techniques that won’t actually cause those devices to command things to explode, so that’s nice.

    Risky Business #668 -- Microsoft is hiding its Azure security problems

    Risky Business #668 -- Microsoft is hiding its Azure security problems

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


    Paige Thompson guilty of Capital One hack
    Microsoft is hiding serious Azure security issues
    New Australian government lobbying for Julian Assange
    How to ransomware documents in the cloud
    Microsoft stops Windows 10/11 downloads in Russia
    Belarusian cyber partisans obtain spy agency’s audio recordings
    Much, much more


    This week’s edition of the show is brought to you by Gigamon. Josh Day, Gigamon’s Director of applied threat research team, will be along in this week’s sponsor interview to talk about detecting badness on your network in encrypted traffic.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Risky Business #667 -- "Shields Up" for cyber's forever war

    Risky Business #667 -- "Shields Up" for cyber's forever war

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


    “Shields Up” advice is now provably meaningless
    Russia to ditch offshore comms apps like WhatsApp
    Evil Corp’s Lockbit sanctions evasion attempt backfires
    Binance is a cesspit of shady financial dealings
    Apple’s passkey release foreshadows FIDO mass adoption
    Much, much more


    This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Risky Business #666 -- The msdt RTF of DOOM

    Risky Business #666 -- The msdt RTF of DOOM

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


    The msdt/office lolbinapalooza
    Microsoft to introduce sensible defaults to Azure
    Twitter fined $150m for sms 2fa spam
    It turns out npm got owned in that Heroku/Travis CI thing
    AWS cred-stealing supply chain attack was research your honour, I swear!
    Much, much more


    We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

    Risky Business -- #665 You can ransomware whole countries now

    Risky Business -- #665 You can ransomware whole countries now

    On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:


    Conti’s war against Costa Rica
    DoJ revises CFAA guidance
    Naughty kids get access to DEA portal
    A look at a Russian disinfo tool
    PyPI and PHP supply chain drama
    Much, much more


    This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week’s sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky.

    Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Customer Reviews

4.7 out of 5
318 Ratings

318 Ratings

maddie@podcastingyou ,

Great podcast!

So much information and insight in each episode! This podcast is a truly valuable resource for anyone looking to expand their knowledge of cutting edge security technology and opportunities!

User46451 ,

Best Security podcast available

Great combination of news, in depth interviews, and paid content.

TFWol ,

Hilarious and informative

My favorite part is when Patrick and Adam discuss the security news.

I usually end up crying from laughter, sometimes just wincing. It’s great stuff and super informative.

Especially when the news portions run long, it’s like dessert.

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
NPR
Jack Rhysider
PJ Vogt
Andrew Gelina

You Might Also Like

Johannes B. Ullrich
The Record by Recorded Future
CyberWire, Inc.
Cybereason
Graham Cluley, Carole Theriault
Jack Rhysider