
20 episodes

Risky Business Patrick Gray
-
- Technology
-
-
4.7 • 318 Ratings
-
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
-
Risky Business #669 -- Finally, an ICS attack that made stuff explode!
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
Activists who are totally not Israeli military hackers make Iranian steel mills firebally
Chinese APT crews use ransomware to muddy attribution
Attackers are now ransoming cloud access
Chinese APTs using building control systems for persistence and stealth
USA, UK and NZ govts issue PowerShell advice
Much, much more
This week’s show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he’s using it to make phishing triage and automation less traumatic.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. -
Risky Biz Soap Box: HD Moore on taking Rumble to the cloud
Today’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery.
If you’re not familiar with Rumble, well, you should be. It’s a network scanner that you just set loose and it will go and find all the devices on your network. It has a freaky ability to see around corners, finding devices it can’t even connect to directly because HD and his team have done some really crazy work on pulling device information out of obscure protocol queries and things like that. It takes a few minutes to set up a scan with Rumble, so it’s infinitely easier than trying to do passive network discovery on the network or pull data from other solutions.
But Rumble isn’t just a network scanner anymore. They’ve been doing basic cloud asset inventory since the early days, but as you’ll hear it’s an area they’ve really been putting a lot of work into lately. Another big thing they’ve worked on is ICS and OT fingerprinting techniques that won’t actually cause those devices to command things to explode, so that’s nice. -
Risky Business #668 -- Microsoft is hiding its Azure security problems
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
Paige Thompson guilty of Capital One hack
Microsoft is hiding serious Azure security issues
New Australian government lobbying for Julian Assange
How to ransomware documents in the cloud
Microsoft stops Windows 10/11 downloads in Russia
Belarusian cyber partisans obtain spy agency’s audio recordings
Much, much more
This week’s edition of the show is brought to you by Gigamon. Josh Day, Gigamon’s Director of applied threat research team, will be along in this week’s sponsor interview to talk about detecting badness on your network in encrypted traffic.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. -
Risky Business #667 -- "Shields Up" for cyber's forever war
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
“Shields Up” advice is now provably meaningless
Russia to ditch offshore comms apps like WhatsApp
Evil Corp’s Lockbit sanctions evasion attempt backfires
Binance is a cesspit of shady financial dealings
Apple’s passkey release foreshadows FIDO mass adoption
Much, much more
This week’s sponsor interview is about Elastic’s teardown on some really interesting APT linux malware called BPFdoor. Jake King and Colson Wilhoit joined the show for that interview.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. -
Risky Business #666 -- The msdt RTF of DOOM
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
The msdt/office lolbinapalooza
Microsoft to introduce sensible defaults to Azure
Twitter fined $150m for sms 2fa spam
It turns out npm got owned in that Heroku/Travis CI thing
AWS cred-stealing supply chain attack was research your honour, I swear!
Much, much more
We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. -
Risky Business -- #665 You can ransomware whole countries now
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
Conti’s war against Costa Rica
DoJ revises CFAA guidance
Naughty kids get access to DEA portal
A look at a Russian disinfo tool
PyPI and PHP supply chain drama
Much, much more
This week’s show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week’s sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Customer Reviews
Great podcast!
So much information and insight in each episode! This podcast is a truly valuable resource for anyone looking to expand their knowledge of cutting edge security technology and opportunities!
Best Security podcast available
Great combination of news, in depth interviews, and paid content.
Hilarious and informative
My favorite part is when Patrick and Adam discuss the security news.
I usually end up crying from laughter, sometimes just wincing. It’s great stuff and super informative.
Especially when the news portions run long, it’s like dessert.