Ahead of the Breach

Sprocket

5.0 (4)
科技
两周一更

Welcome to the Ahead of the Breach, the podcast dedicated to equipping security experts and practitioners with the knowledge and insights needed to excel in the future of cybersecurity. Join us as we explore innovative strategies, emerging trends, actionable takeaways to help security leaders stay ahead.

9月30日

What Makes Hybrid Pentesting So Powerful?

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses what makes hybrid pentesting so powerful. Would you like to have Casey answer one of your questions in a future episode? Email podcast@sprocketsecurity.com with your question and a short summary of why you're looking for an answer! Get in touch with your host, Casey Cammilleri: LinkedIn Listen to more episodes: Apple Spotify YouTube

1 分钟
9月23日

GreyNoise’s Andrew Morris on Internet Background Noise as Data

What if you could predict major security vulnerabilities weeks before they're publicly disclosed? Andrew Morris, Founder & Chief Architect at GreyNoise Intelligence, built a global sensor network that does exactly that by tracking internet-wide scanning patterns that spike 3-4 weeks before critical vulnerabilities become public knowledge. This transforms the chaotic noise of billions of daily internet scans into precise threat intelligence that helps organizations focus on real attacks. Andrew walks Casey through how he created what he calls the "opposite of Shodan." Instead of cataloging what's scannable on the internet, GreyNoise tracks who's doing the scanning and why. The technical challenge required learning new programming languages and building infrastructure across hostile network environments globally, but the result is a system that functions like noise-canceling headphones for cybersecurity. Topics discussed: The methodology behind building internet-wide sensor networks across multiple cloud providers and regional hosting environments. How network fingerprinting techniques using MTU overhead, TLS signatures, and protocol implementations reveal the true origins of scanning traffic through VPNs and proxies. The correlation between massive scanning spikes for specific software or hardware and vulnerability disclosures that follow 3-4 weeks later. Why embedded systems and edge devices represent the most vulnerable attack surface on the internet. Technical challenges of processing and indexing billions of daily network sessions while applying pattern matching and classification rules at line rate performance. The operational realities of maintaining distributed infrastructure in hostile network environments. How threat actors use geographic and software-specific targeting patterns that become visible only through comprehensive internet-wide monitoring capabilities. The discovery of zero day vulnerabilities through automated classification pipelines that identify previously unknown attack patterns. Why traditional threat intelligence approaches fail to distinguish between legitimate research scanning and malicious reconnaissance activities targeting organizations. Strategic approaches to handling sensor network detection and fingerprinting by adversaries, including infrastructure rotation and traffic obfuscation techniques. Listen to more episodes: Apple Spotify YouTube Website

29 分钟
9月16日

How Does Expert-Driven Offensive Security Provide Comprehensive Risk Insight?

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses how expert-driven offensive security provides comprehensive risk insight. Would you like to have Casey answer one of your questions in a future episode? Email podcast@sprocketsecurity.com with your question and a short summary of why you're looking for an answer! Get in touch with your host, Casey Cammilleri: LinkedIn Listen to more episodes: Apple Spotify YouTube

2 分钟
9月9日

Sprinklr’s Roger Allen on Why Vendor Telemetry Only Gets You 90% There

Modern attackers have abandoned obvious indicators and now mimic legitimate engineering activities so closely that traditional detection methods fail. Roger Allen, Sr. Director, Global Head of Detection & Response at Sprinklr, has watched this evolution firsthand. He gives Casey the rundown of how his team's response involves outcome-based detection strategies that focus on what attackers accomplish rather than the specific actions they take to get there. But detection is only part of the equation. From transforming UBA alerts into contextualized "events of interest" that correlate across the MITRE framework to implementing breach response scenarios that consider cloud-native production implications, Roger shares tactical approaches that bridge the gap between red team thinking and blue team operations. Topics discussed: Why focusing on what attackers accomplish rather than individual actions creates more effective monitoring as threat actors become increasingly sophisticated in mimicking legitimate engineering activities. Filling the critical 10-20% gap in security coverage through business context enrichment and custom detection logic that vendors can't provide. Converting traditional user behavior analytics from noise-generating alerts into correlated "events of interest" that map to MITRE kill chain stages for dynamic alert prioritization. Systematic approaches to removing unnecessary tools like Netcat and Telnet while creating contextual detections for essential utilities. Building tier-based response frameworks that account for production disruption risks when containing threats in environments where simply isolating hosts could shut down customer-facing services. Implementing scenario-based training that goes beyond tabletop exercises to create muscle memory for security operations teams responding to active compromises. Why having practitioners in both development and leadership chains at security vendors correlates with product effectiveness and company growth trajectories. How to distinguish between genuine artificial intelligence capabilities and rebranded automation when evaluating security tools, plus practical applications for analyst efficiency without replacement Listen to more episodes: Apple Spotify YouTube Website

24 分钟
9月2日

Why is Continuous Pentesting a Must for Dynamic Environments?

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses why continuous pentesting is a must for dynamic environments. Would you like to have Casey answer one of your questions in a future episode? Email podcast@sprocketsecurity.com with your question and a short summary of why you're looking for an answer! Get in touch with your host, Casey Cammilleri: LinkedIn Listen to more episodes: Apple Spotify

2 分钟
8月26日

Armis’ Andrew Grealy on Left-of-Boom Threat Actor Intelligence

What if you could predict which vulnerabilities threat actors will weaponize months before CISA adds them to their Known Exploited Vulnerabilities list? Andrew Grealy, Head of Armis Labs, has built exactly that capability, providing organizations with threat intelligence that arrives 3-12 months ahead of traditional indicators. His "left of boom" approach changes how security teams prioritize patches and allocate resources. But early warning is just the beginning, Andrew tells Casey. From mom and pop honeypots that catch nation-state actors to AI-powered supply chain attacks that slip malicious packages into enterprise applications, Andrew details how attackers are weaponizing the same AI tools that security teams use for defense. He also offers insights on the "triple threat" evolution of ransomware and practical frameworks for securing AI-generated code. Topics discussed: Building CVE early warning systems that identify threat actor targets 56% faster than CISA's Known Exploited Vulnerabilities list. Implementing "left of boom" intelligence collection through honeypots in mom and pop infrastructure. Moving beyond CVSS scores as risk indicators to prioritize patches based on actual threat actor behavior and CWE patterns. Deploying strategic security controls like WAFs to eliminate 28% of ESX server console attacks, reducing patch urgency and operational disruption. Understanding the "triple threat" ransomware evolution that combines traditional encryption with data exfiltration and AI-powered internal investigation for multiple revenue streams. Combating AI-accelerated supply chain attacks where 54% of coding assistants automatically introduce vulnerabilities into generated code. Preventing typosquatting attacks where threat actors create packages with similar name that AI tools recommend to infiltrate internal applications. Establishing approved package repositories with exact version matching and implementing coding checks throughout the development pipeline as countermeasures. Evaluating LLMs for security applications by testing with known answers first, then gradually increasing complexity to validate capabilities before deployment. Listen to more episodes: Apple Spotify YouTube Website

28 分钟
8月19日

How Do You Build an Offensive Security Program from Scratch?

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses how to build an offensive security program from scratch. Would you like to have Casey answer one of your questions in a future episode? Email podcast@sprocketsecurity.com with your question and a short summary of why you're looking for an answer! Get in touch with your host, Casey Cammilleri: LinkedIn Listen to more episodes: Apple Spotify YouTube

3 分钟
8月12日

Covert Entry: Tools, Tricks, and True Stories from the Field

What happens when a covert entry specialist turns a Super Bowl hotel room into a rooftop breach point? Brent White, Sr. Principal Security Consultant & Covert Entry Specialist at Dark Wolf Solutions, offers Casey his approach to physical security testing that goes far beyond lock picking, rooted in understanding human psychology and building systematic infiltration strategies. Brent shares how his team compressed an entire backpack of penetration tools into a concealed-carry belt system that even works with swimming trunks. But the real breakthrough isn't in the gear — it's in his multi-day reconnaissance methodology that builds familiarity before attempting entry. Brent's "Post It flag" system transforms traditional physical assessments by having clients mark objects they're comfortable losing, leading to scenarios where his team wheels office chairs and $500 juice machines through bank lobbies while security guards helpfully watch their haul. This approach moves beyond simple "can you get in" to demonstrating real-world impact and exfiltration capabilities. Topics discussed: Building familiarity through multi-day reconnaissance that establishes psychological comfort before entry attempts rather than relying on cold tailgating approaches. Transitioning from backpack-based toolkits to concealed carry belt systems that house bypass tools for major door configurations, American padlock bypasses, and dimple lock rakes. Mapping regional security culture patterns where Northeast locations show higher vigilance compared to South and Midwest willingness to help strangers. Using Proxmark readers and modified Flipper Zero devices hidden in Starbucks cups to capture badge credentials during natural conversations. Implementing hybrid covert-to-overt assessment methodology that escalates until detection then transitions to educational walkthroughs with clients. Developing systematic drone security evaluation frameworks that assess radio frequencies, web interfaces, payload access, and MAVLink flight data to identify pilot locations. Creating quick-change disguise systems using wig colors matched to facial hair combined with tactical clothing featuring concealed tool pockets. Establishing post-engagement flag collection strategies where clients mark acceptable-loss items, enabling teams to wheel office chairs and expensive equipment through lobbies as proof of exfiltration capability. Understanding how sUAS government standards are forcing commercial drone manufacturers to implement stronger security measures. Navigating destructive versus non-destructive entry protocols when clients approve hinge removal and window manipulation while avoiding classified room decertification that triggers 24/7 guard requirements. Listen to more episodes: Apple Spotify YouTube Website

32 分钟

查看全部 42 集

5

共 5 分

4 个评分

Welcome to the Ahead of the Breach, the podcast dedicated to equipping security experts and practitioners with the knowledge and insights needed to excel in the future of cybersecurity. Join us as we explore innovative strategies, emerging trends, actionable takeaways to help security leaders stay ahead.

创作者

Sprocket
活跃年份

2024年 - 2025年
单集

42
分级

儿童适宜
版权

© Copyright 2024 All rights reserved.
节目网站

Ahead of the Breach

科技新闻

科技新闻

一日一更