Breaking Badness

Follow Breaking Badness
Share on
Copy link to clipboard

Where timely and relevant security news meets ninja jokes and sit down comedy. Our goal is to keep network defenders apprised of pertinent news and trends in under thirty minutes.

DomainTools


    • May 28, 2025 LATEST EPISODE
    • weekly NEW EPISODES
    • 40m AVG DURATION
    • 292 EPISODES

    Ivy Insights

    The Breaking Badness podcast is a must-listen for anyone interested in staying up to date on cybersecurity industry news while also enjoying a good pun. The hosts, Emily, Tim, and Kelsey, do an excellent job of keeping the tone light even when discussing dark topics. With their expertise and wit, they provide a quick gauge of how worried listeners should be through their unique "hoodie scale."

    One of the best aspects of this podcast is its ability to make complex security news accessible to a wide range of listeners. Reading reports about advanced persistent threats (APTs) or vulnerability reports can be mind-numbing for those who aren't security researchers. However, the Breaking Badness team's audio interpretation brings these topics to life and makes them engaging and understandable.

    Another standout feature of this podcast is its perfect length of 30 minutes. It strikes the right balance between providing enough information to keep listeners informed without overwhelming them with excessive details. Additionally, the hosts' ability to keep the show light and entertaining creates an enjoyable listening experience.

    It's challenging to pinpoint any significant downsides to The Breaking Badness podcast. However, some listeners may find that the humor and lighthearted approach occasionally overshadow the seriousness of certain cybersecurity threats. While it's important to keep a positive tone, striking the right balance between humor and conveying potential risks may be a challenge at times.

    In conclusion, The Breaking Badness podcast excels at delivering current cybersecurity industry news in an accessible and entertaining manner. The team's expert knowledge combined with their sense of humor makes each episode both informative and enjoyable. Whether you're looking for a comprehensive update on security news or simply appreciate a good pun, this podcast is sure to satisfy your needs.



    Search for episodes from Breaking Badness with a specific topic:

    Latest episodes from Breaking Badness

    It Takes a Village to Secure AI

    Play Episode Listen Later May 28, 2025 23:24


    In this episode of Breaking Badness, we sit down with Raji Vannianathan, a cybersecurity leader at Microsoft driving the charge on AI security and safety. Raji shares her experience leading the team responsible for managing the end-to-end lifecycle of AI vulnerability disclosures, building proactive safety frameworks, and cultivating a global community of AI security researchers. From developing Microsoft's AI Bug Bar to launching the "Guardians of AI Safety" Discord community, she brings both vision and practical strategies to a rapidly evolving field. We discuss the shifting threat landscape as threat actors begin to leverage generative AI, the critical need for shared language and cross-functional collaboration, and how Microsoft is thinking about trust, transparency, and incident response in the AI era. If you're navigating the challenges of AI risk, vulnerability coordination, or ethical deployment, this is an essential listen.

    Building Secure Campaigns and Better Humans: A Conversation with Mick Baccio

    Play Episode Listen Later May 14, 2025 23:03


    In this episode of Breaking Badness, Kali Fencl sits down with Mick Baccio, Global Security Advisor at Splunk and former CISO for Pete Buttigieg's 2020 presidential campaign. Mick shares his journey from aspiring Navy nuclear engineer to leading security in some of the highest-stakes environments, including the White House. They explore how threat intelligence, storytelling, and mentorship shape the future of cybersecurity. From his early days in government to his work on the Splunk SURGe team, Mick opens up about what it takes to build secure systems, stronger teams, and more empathetic leadership in cybersecurity.

    Hacking the Stage: John Donovan on RSAC, BSides SF, and the Human Side of Cybersecurity

    Play Episode Listen Later May 7, 2025 22:13


    In this episode of Breaking Badness, we sit down with John Donovan of ZEDEDA to unpack the lighter and more profound sides of cybersecurity's biggest gatherings. From RSA's unexpected baby goats and vendor booth antics to BSides San Francisco's community-driven keynote stage, John shares personal stories, industry insights, and valuable advice on how newcomers and veterans alike can navigate events like RSA, BSides, and DEF CON. You'll hear how he "hacked" his way onto the main stage, what it means to wear a “No Purchasing Authority” pin, and why protecting your mom from scams might be more urgent than defending your enterprise.

    Inside Morphing Meerkat and Proton66: How Cybercrime Is Getting Easier

    Play Episode Listen Later Apr 30, 2025 39:39


    In this episode of Breaking Badness, the crew investigates two escalating threats in the cybercrime ecosystem: the cleverly named phishing-as-a-service platform Morphing Meerkat, and the bulletproof hosting provider Proton66, a favorite among amateur cybercriminals. First, they dig into how Morphing Meerkat uses DNS-over-HTTPS (DoH) and clever phishing kits to evade detection. Then, they shift focus to Proton66, a Russian-based bulletproof host that shelters a new generation of low-skill attackers, including a threat actor known as "Coquettte" with ties to the Horrid Hacking group.

    DFIR Foundations: Real-World Lessons in Containment, Eradication, and Recovery

    Play Episode Listen Later Apr 23, 2025 54:45


    In this powerful continuation of our DFIR series, cybersecurity experts Daniel Schwalbe, David Bianco, Lesley Carhart, and Sarah Sabotka dissect the heart of effective incident response, containment, eradication, recovery, and lessons learned. Packed with firsthand war stories, sharp tactical advice, and honest debates, this episode is a must-listen for anyone building or refining their digital forensics and incident response capabilities. Tune in to learn why planning matters, what to do (and not do) during a breach, and how to make the adversary's job harder, one containment plan at a time.

    DFIRside Chat: Lessons from the Frontlines of Incident Response

    Play Episode Listen Later Apr 16, 2025 42:36


    In Part 1 of this special two-part panel, the Breaking Badness podcast gathers leading cybersecurity experts to explore the foundations of DFIR - Digital Forensics and Incident Response. Featuring Daniel Schwalbe (DomainTools), Lesley Carhart (Dragos), David Bianco (Splunk), and Sarah Sabotka (Proofpoint), the panel dives into what makes an effective incident response program, why preparation is often overlooked, and how to bring technical and human elements together during high-stakes security events.

    How Russian Disinformation Campaigns Exploit Domain Registrars and AI

    Play Episode Listen Later Apr 9, 2025 38:57


    In this episode of Breaking Badness, host Kali Fencl is joined by DomainTools' Daniel Schwabe and disinformation expert Scot Terban to uncover how modern Russian disinformation campaigns are using domain registrars, homoglyph attacks, and generative AI to mimic legitimate news outlets and manipulate public perception. From the eerie sophistication of Doppelganger operations to the exploitation of domain infrastructure, this episode sheds light on how truth is being weaponized in the digital era. We also explore how AI is accelerating the speed and scale of these attacks, and the limited levers defenders have to push back.

    DNS Masterclass: Attacks, Defenses, and the Day the Internet Was Saved

    Play Episode Listen Later Mar 30, 2025 41:17


    In this special DNS Masterclass episode of Breaking Badness, hosts Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce take a deep dive into the Domain Name System often dubbed the backbone and battleground of the internet. From its humble beginnings with host files to its critical role in modern security, the episode unpacks DNS's evolution, vulnerabilities, and impact on InfoSec.

    From ValleyRAT to Silver Fox: How Graph-Based Threat Intel is Changing the Game

    Play Episode Listen Later Mar 24, 2025 57:53


    In this episode of Breaking Badness, host Kali Fencl welcomes Wes Young of CSIRT Gadgets and Daniel Schwalbe, CISO and head of investigations at DomainTools, dive into a recent DomainTools Investigations (DTI) analysis involving ValleyRAT and Silver Fox, and how new tools are enabling faster, more accessible analysis for junior and seasoned analysts alike. Whether you're a threat intel veteran or an aspiring analyst, this episode is packed with hard-earned lessons, technical insights, and future-forward thinking. They also unpack the evolution of threat intelligence from early higher-ed days of wiki-scraped snort rules to today's graph-powered AI analysis. Wes shares the origin story behind his platform AlphaHunt, how it's being used to automate and enhance threat detection, and why community sharing remains essential even in an era of advanced tooling.

    APT 41's VPN Exploits & The Great Firewall's Leaky Secrets

    Play Episode Listen Later Mar 18, 2025 31:17


    In this episode of Breaking Badness, we dive into two major cybersecurity stories: the exploitation of a VPN vulnerability by Chinese APT 41 and the newly discovered “Wall Bleed” flaw in the Great Firewall of China. APT 41 has been using a critical VPN vulnerability to infiltrate operational technology (OT) organizations, targeting industries like aerospace and defense. Meanwhile, researchers have uncovered a flaw in China's DNS injection system, which inadvertently leaks internal data—an ironic twist for a government known for its strict internet censorship. Join us as we break down these exploits, their impact on cybersecurity, and what they reveal about modern cyber espionage. We also discuss best practices for securing VPNs, firewall vulnerabilities, and the ethical implications of studying censorship technologies.

    Hacked Chats & Telecom Takedowns: Black Basta & Salt Typhoon

    Play Episode Listen Later Mar 10, 2025 43:23


    Episode 202 of Breaking Badness takes a deep dive into two of the biggest cybersecurity stories of the year (so far): ● Black Basta's Leaked Chats – A major data leak has exposed internal conversations from this notorious ransomware gang, revealing their internal struggles, ransom negotiations, and even workplace drama. ● Salt Typhoon's Cyber Espionage – A sophisticated Chinese threat group has been caught infiltrating major U.S. telecommunications providers, raising serious concerns about national security.

    Building a Hacker Conference from Scratch: The Wild Origins of ShmooCon

    Play Episode Listen Later Mar 5, 2025 44:32


    In this episode of Breaking Badness, we sit down with Bruce and Heidi Potter, two of the masterminds behind ShmooCon, the legendary cybersecurity conference that ran for 20 years. They take us behind the scenes, from its hilarious bar-napkin origins to how they built a tight-knit hacker community that thrived for two decades.

    Takeovers, DeepSeek Deceptions & the Cloud's Dirty Laundry

    Play Episode Listen Later Feb 23, 2025 40:14


    In this episode of Breaking Badness, we dive into two major cybersecurity concerns: the risks of abandoned S3 buckets and a wave of phishing attacks impersonating DeepSeek. Watchtowr Labs uncovers how forgotten AWS storage can be hijacked for malicious purposes, potentially compromising military, government, and enterprise systems. Meanwhile, attackers exploit DeepSeek's rising popularity to create lookalike sites, tricking unsuspecting users into downloading malware or exposing credentials. Join hosts Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce as they break down these findings with humor, deep insights, and even a few pop culture references. Plus, we rate the severity of these threats on our infamous Hoodie Scale and wrap up with Gold, Guidance & Grievances.

    Cybersecurity's Evolution, 200 Puns Later!

    Play Episode Listen Later Feb 16, 2025 44:36


    Welcome to the 200th episode of Breaking Badness!

    Zero Trust, Secure Coding & Developer Incentives: Tanya Janca on AppSec's Biggest Challenges

    Play Episode Listen Later Feb 9, 2025 36:49


    In this episode of Breaking Badness, we welcome back Tanya Janca, aka SheHacksPurple, to discuss her latest book, Alice and Bob Learn Secure Coding. Tanya dives deep into the fundamental principles of secure software development, the psychology behind developer incentives, and the often-overlooked importance of zero trust security.

    DNS Errors and Malware Builders Turning on Attackers

    Play Episode Listen Later Feb 3, 2025 35:10


    In this episode of Breaking Badness, we analyze two fascinating cybersecurity incidents that expose both corporate misconfigurations and hacker missteps. Security researcher Philippe H. discovered a typo in MasterCard's DNS records, which left the company open to traffic hijacking and data exposure. This long-overlooked flaw, dating back years, could have been exploited by attackers to redirect users, intercept data, and manipulate services. The Script Kitty Trap: In a turn of events that underscores the “no honor among thieves” trope, a threat actor baited low-skilled hackers (script kitties) with a fake malware builder. Instead of gaining hacking capabilities, they unwittingly installed a backdoor on their own machines, allowing the original attacker to steal their data and take control of their systems. Show Notes:

    Leveling Up Mental Health: Tackling Gaming Toxicity and Cybersecurity Burnout

    Play Episode Listen Later Jan 29, 2025 35:46


    In this episode of Breaking Badness, Tricia Howard of Akamai joins Kali Fencl and Ian Campbell to dive deep into the intersection of gaming culture, mental health, and cybersecurity. Tricia shares her journey from theater arts to cybersecurity research, her love for gaming, and her experiences tackling emotional toxicity in digital spaces. The episode covers the concept of "mind patches," the role of community in digital wellness, and how gaming and workspaces mirror each other in their challenges with mental health and collaboration. Tune in to hear her thoughts on reducing stigma, creating safe digital spaces, and embracing vulnerability for a healthier cybersecurity community.

    Spring Cleaning Your Digital Life: APT Threats, Third-Party Breaches, and Chat Risks

    Play Episode Listen Later Jan 22, 2025 31:06


    In this episode of Breaking Badness, we dive into the cybersecurity headlines making waves in 2025. We discuss the U.S. Treasury breach, allegedly orchestrated by Chinese hackers using third-party access. Learn about how lingering chat histories can expose sensitive data and the importance of digital spring cleaning.

    Tanya Janca on Secure Coding, AppSec, and Breaking Barriers in Cybersecurity

    Play Episode Listen Later Jan 12, 2025 47:28


    In this episode of Breaking Badness, we sit down with Tanya Janca, aka SheHacksPurple, a cybersecurity educator, and author of the best-selling book Alice and Bob Learn Application Security. Tanya shares her journey from software developer to AppSec expert, dives into the unique challenges of teaching secure coding, and discusses the impact of cybersecurity breaches on industries and individuals. From her creative teaching methods to her advocacy for change in university curriculums, Tanya offers insights that resonate with developers, educators, and security professionals alike. Discover how Tanya is paving the way for accessible AppSec education, the role of AI in secure coding, and her mission to teach security as a fundamental skill for every developer.

    Breaking Badness Book Club Mash Up

    Play Episode Listen Later Jan 5, 2025 34:03


    Welcome to this special episode of the Breaking Badness Cybersecurity Podcast! We're turning the spotlight on the books that have shaped the world of cybersecurity and inspired professionals in the field. As part of our ongoing book club series, this episode is a journey into storytelling, research, and the unique perspectives that make cybersecurity literature so compelling. From Ransomware Diaries to the geopolitics of cyber warfare, this discussion is packed with insights and actionable takeaways for anyone working in Infosec.

    Top Cyber Moments of 2024: Hoodies, Goodies, and Hilarious Puns

    Play Episode Listen Later Dec 21, 2024 39:13


    In this special episode of Breaking Badness, we wrap up 2024 with a countdown of the top episodes, puns, and cybersecurity moments that defined the year. From the hoodiest hacks to the goodiest wins, Kali, Tim, and Taylor reflect on critical insights, industry-changing events, and listener favorites. Tune in for discussions about evolving OT security, DNS mishaps, ransomware trends, and expert predictions for 2025. Featuring special moments like our Hacker Summer Camp interviews and top cybersecurity guests, this episode is both insightful and entertaining.

    2025 Cybersecurity Predictions: AI, Ransomware, and Quantum Threats

    Play Episode Listen Later Dec 15, 2024 59:41


    In this special 2025 Predictions episode of Breaking Badness, host Kali Fencl joins cybersecurity experts Sean McNee, Tim Helming, and Daniel Schwalbe to discuss the future of cyber threats and defense. From ransomware evolution and AI-powered attacks to quantum computing and “synthetic identity fraud,” the group compares their insights with predictions generated by leading AI platforms like ChatGPT, Claude, Copilot, and Meta AI. Will 2025 be the year of AI-compromised models or industrial control system hacks? Are biometric security risks on the rise, and what's next for ransomware gangs? Tune in for insights, banter, and some predictions you'll want to track!

    DNS Gone Rogue & DARPA's Cyber Puzzle: Lessons in Security Innovation

    Play Episode Listen Later Dec 7, 2024 32:26


    In this episode of Breaking Badness, we dive into two fascinating stories shaping the cybersecurity landscape. First, we unpack the case of Gabriel Koo and his surprising acquisition of the domain us-east-1.com, a domain closely tied to AWS's naming conventions. What insights can this seemingly simple purchase reveal about DNS misconfigurations and AWS security practices? Next, we shift focus to DARPA's ambitious new project aimed at revolutionizing cybersecurity by breaking software into smaller, more secure compartments. With expert analysis and intriguing insights, we explore the intersection of DNS, innovation, and the future of cybersecurity.

    The Rise of Holiday Scams and State-Sponsored Cyber Threats

    Play Episode Listen Later Dec 1, 2024 44:20


    In this episode of Breaking Badness, we delve into the cybersecurity trends shaping the holiday season. We unpack the 60% surge in scam domain registrations targeting holiday shoppers, discuss the tactics of TAG-112, a Chinese state-sponsored threat group, and analyze their use of compromised websites to deliver Cobalt Strike malware. Plus, we share actionable insights on mitigating these threats. Tune in for expert analysis, lighthearted banter, and a few cybersecurity holiday tips to keep you safe this season

    Breaking Down SBOMs: The Secret Weapon in Healthcare Security

    Play Episode Listen Later Nov 27, 2024 31:22


    In this episode of Breaking Badness, we dive into the critical challenges and innovations in healthcare cybersecurity with Ken Zalevsky, CEO of Vigilant Ops. From the vulnerabilities in medical devices to the revolutionary role of Software Bill of Materials (SBOMs), Ken shares his two decades of expertise in safeguarding patient safety and hospital systems against emerging threats. Tune in to learn about shifting cybersecurity left, the complexities of interconnected healthcare systems, and actionable strategies to combat ransomware and legacy vulnerabilities.

    From Wingdings to Warfare: Inside the Wildest Cybersecurity Stories

    Play Episode Listen Later Nov 20, 2024 38:58


    In this episode of Breaking Badness, we explore two fascinating cybersecurity stories. First, we delve into the unusual case of an ex-Disney employee who hacked menu systems, creating chaos in the happiest place on Earth. Next, we discuss Sophos' five-year-long battle with a determined group of attackers targeting their firewalls. Tune in as we break down the insider threat at Disney, the lessons learned from Sophos' transparency, and what it all means for the future of cybersecurity. Plus, don't miss our signature Gold, Guidance, and Grievances segment for unique insights and takeaways.

    Jason Haddix on Red Team Tactics, CISO Challenges, and the Battle for Gaming Security

    Play Episode Listen Later Nov 13, 2024 44:21


    In this episode of the Breaking Badness Cybersecurity Podcast, Jason Haddix dives into his unique journey from red teaming and pentesting to leading security teams as a CISO in high-profile organizations, including a top gaming company. Jason unpacks the distinct challenges of securing a gaming company, where risks come not only from state actors but also from clout-seeking young hackers. He shares valuable insights on building scalable security programs, secrets management, and the importance of radical transparency in corporate security cultures. Tune in to hear why, in Jason's words, "gaming saved me from a misspent youth," and learn about his latest ventures into offensive security training and AI-driven security solutions.

    194. Locate X Unleashed & APT29's Latest Gambit: The Battle for Digital Privacy

    Play Episode Listen Later Nov 6, 2024 32:54


    In this week's episode of Breaking Badness, we dive deep into two major cybersecurity stories that are shaping today's landscape. First, we explore the alarming capabilities of Locate X, a powerful smartphone tracking tool used by U.S. law enforcement without a warrant. How does it work, what are the privacy implications, and what can individuals do to protect their data? We then shift gears to APT29's latest campaign as discovered by Amazon, uncovering how this well-known threat actor employed advanced tactics to impersonate AWS infrastructure and target victims. Join Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce as they dissect these stories and share their expert insights. Stick around for the Grim Reaper's hoodie ratings and our signature segment, Gold, Guidance, and Grievances.

    Inside the Mind of ‘The Gibson': Ethics, Activism, and the Evolution of Hacking

    Play Episode Listen Later Oct 29, 2024 41:30


    Join Kali Fencl as she dives deep into a conversation with cybersecurity veteran The Gibson. With 25+ years in InfoSec, The Gibson shares his journey from coding as a child to shaping threat intelligence and privacy-first technology today. In this episode, they discuss hacker ethics, the influential hacker groups Loft and Cult of the Dead Cow, the evolution of hacktivism, and the groundbreaking work on privacy-focused projects like Veilid. Tune in for insights on hacking culture, cybersecurity ethics, and the balance between creativity and responsibility in the digital age.

    Rogue Hackers and the Internet Archive Breach: 31 Million Accounts Exposed!

    Play Episode Listen Later Oct 23, 2024 44:48


    In this episode of Breaking Badness, Kali, Tim, and Taylor discuss two major stories shaking up the cybersecurity world. First, a researcher has discovered how attackers are exploiting Whois data to grant themselves unprecedented superpowers in the digital space. Second, the Internet Archive suffers a breach possibly exposing 31 million accounts, raising questions about the security of trusted online platforms. Join the team as they break down these complex stories, share lessons learned, and explore how organizations can better protect themselves in similar situations.

    The Future of Endpoint Security: AI, EDR, and SOC Evolution

    Play Episode Listen Later Oct 16, 2024 37:03


    In this episode of Breaking Badness, we dive deep into the evolving world of Endpoint Detection and Response (EDR) and its critical role in modern cybersecurity. With threats advancing and the sheer volume of endpoint data skyrocketing, AI and deep learning are becoming game changers in threat detection and prevention. Join us as Carl Froggett, CIO at Deep Instinct, and Melissa Bischoping, Senior Director of Security at Tanium, discuss the past, present, and future of EDR, the impact of AI on cybersecurity, and how SOC teams are evolving to stay ahead of bad actors. Learn about how generative AI is influencing attacks, the challenge of SOC burnout, and the innovations shaping the future of endpoint security.

    Cracking the Code: API Security, Mobile Myths, and Real-World Threats

    Play Episode Listen Later Oct 9, 2024 39:10


    In this episode of Breaking Badness, we dive deep into the critical world of API security and governance, uncovering key strategies to keep data safe in today's threat landscape. Special guests Matthias Friedlingsdorf (iVerify), Tristan Kalos (ESCAPE), and Aqsa Taylor (Gutsy) join the conversation to share their experiences with detecting advanced threats like Pegasus, the importance of API governance, and the powerful role bug bounty programs play in identifying critical vulnerabilities. Whether you're an API developer, cybersecurity professional, or someone navigating the risks of mobile device exploits, this episode will arm you with the knowledge to better protect your digital assets.

    Defending Your Digital Domain: AI, Ransomware, and the Power of Reputation

    Play Episode Listen Later Oct 2, 2024 30:29


    In this episode of Breaking Badness, we dive into the rapidly evolving world of cybersecurity with three industry leaders: Raymond Dijkxhoorn, CEO of SURBL; Nabil Hannan, Field CISO at NetSPI; and Jason Mar-Tang, Field CISO at Pentera. They explore the critical role of domain reputation in combating phishing and spam, how AI is reshaping both offensive and defensive cybersecurity strategies, and the growing threat of ransomware in today's digital landscape. With insights from BlackHat and beyond, we discuss everything from the future of phishing defense to the challenges AI poses in securing sensitive data, as well as how ransomware continues to evolve. Tune in to gain actionable insights on staying ahead of cyber threats and protecting your digital domain.

    Achieving Cyber Resilience through Vulnerability Management and Supply Chain Security

    Play Episode Listen Later Sep 25, 2024 25:39


    In this special Black Hat edition of Breaking Badness, Part 2 of a 5 Part Series, we dive deep into the world of vulnerability management, cyber resilience, and supply chain security. Our expert guests—Jacob Graves, Director of Solution Architecture at Gutsy, Theresa Lanowitz, Chief Evangelist at Level Blue, Pukar Hamal, CEO at SecurityPal, and Vinay Anand, Chief Product Officer at NetSPI discuss the increasing complexity of managing vulnerabilities, the critical importance of reducing mean time to detect (MTTD) and mean time to repair (MTTR), and the emerging strategies for securing the supply chain against growing risks. Learn how vulnerability management isn't just a technical challenge but an organizational one, and explore the nuanced roles of the CIO, CTO, and CISO in maintaining a resilient cyber infrastructure.

    AI's Role in Cybersecurity: From EDR Evolution to Generative AI Threats and Supply Chain Risks

    Play Episode Listen Later Sep 18, 2024 22:02


    In this special Black Hat edition of the Breaking Badness Cybersecurity Podcast, Part 1 of a 5 Part Series, we dive deep into how artificial intelligence is transforming the cybersecurity landscape. Our guests—Mark Wojtasiak (VP of Product at Vectra AI), Carl Froggett (CIO at Deep Instinct), Dan Fernandez (Staff Product Manager at Chainguard), and Marcus Ludwig (CEO of Ticura)—join us to explore the evolution of Endpoint Detection and Response (EDR), the growing threats posed by generative AI, and the complexities of securing AI in supply chains. With AI becoming a tool for both attackers and defenders, this episode uncovers the ongoing "AI arms race" and highlights the urgent need for a more preventative approach to cybersecurity.

    Breaking Down Retail Targeted Campaigns: Domain Fraud, Copycats, and Ponzi Schemes

    Play Episode Listen Later Sep 11, 2024 30:35


    In this special research edition of Breaking Badness, hosts Kali Fencl, Tim Helming, Sean McNee, and guest Sasha Angus from Sylla Intel dive deep into the world of cybercriminal campaigns targeting retailers. They explore how bad actors exploit the growing threat landscape, discussing specific fraud tactics, infrastructure reuse, and ways organizations can defend themselves. From pandemic-driven scams to sophisticated brand impersonation schemes, this episode offers valuable insights for both retailers and consumers navigating the complex world of e-commerce security.

    Industrial Cybersecurity Explained with Lesley Carhart

    Play Episode Listen Later Sep 4, 2024 25:16


    Kali Fencl and Daniel Schwalbe sat down with Lesley Carhart, a seasoned incident responder specializing in Operational Technology (OT) cybersecurity at Dragos, in person at BlackHat USA 2024. Lesley shares their journey, from their unique background in avionics and electronics to becoming a leading expert in the field. We explore the evolving landscape of OT cybersecurity, the challenges of protecting legacy systems, and the critical importance of building strong relationships between cybersecurity teams and operational engineers. Lesley also discusses the realities of incident response in industrial environments, the misconceptions surrounding OT security, and the human-centric approach needed to tackle these complex issues. Tune in to learn about the delicate balance between innovation and safety in protecting the critical infrastructure that powers our world.

    192. TLD-fense

    Play Episode Listen Later Aug 28, 2024 63:43


    Kali Fencl, Daniel Schwalbe, and Tim Helming discuss Brian Krebs' article on namespace collisions and the risks associated with new generic TLDs (gTLDs) along with facial recognition and privacy concerns at major sporting events

    brian krebs tim helming
    191. Hacker Summer Camp Retrospective

    Play Episode Listen Later Aug 21, 2024 52:32


    191. Hacker Summer Camp Retrospective by DomainTools

    190. The Weak Security Default in Our Stars

    Play Episode Listen Later Jul 17, 2024 51:42


    This week we compromised domains targeting DeFi protocols along with the JFrog research team's findings regarding a leaked access token with admin access to Python repositories

    Voices from Infosec: Tanya Janca

    Play Episode Listen Later Jul 10, 2024 62:49


    We're thrilled Tanya Janca (aka SheHacksPurple) joined us this week on the podcast! She and Kali Fencl discuss secure guardrails, Semgrep Academy, the process of writing two books, gardening, and so much more.

    189. Malware the Wild Things Are

    Play Episode Listen Later Jul 3, 2024 46:56


    In this episode of the Breaking Badness Cybersecurity Podcast, Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce discuss vulnerabilities impacting your phone's 5G connection along with the new owner of the popular Polyfill JS project injecting malware into more than 100,000 sites.

    Voices from Infosec: Jake Bernardes

    Play Episode Listen Later Jun 26, 2024 38:15


    Jake Bernardes, Field CISO of Anecdotes, joins the Breaking Badness Cybersecurity Podcast in this week's episode! We're sharing Jake's background and path within infosec along with what's intriguing him about the industry currently, how conferences and in-person events can still play a role in community involvement, and we'll touch briefly on American history.

    188. Vish Upon a Star

    Play Episode Listen Later Jun 19, 2024 54:35


    This week Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce discuss vishing attacks against CISA along with a threat campaign targeting Snowflake customer database instances.

    [Mini Series] The Art of the Possible: Aqsa Taylor

    Play Episode Listen Later Jun 12, 2024 29:52


    It is the final episode of our mini-series from RSAC 2024! Join Kali as she speaks with Aqsa Taylor, Director of Product Management at Gutsy! They'll discuss Aqsa's path to infosec, the importance of governance strategy and how to achieve a cleaner security posture, women in cybersecurity, and how to break into the field.

    [Mini Series] The Art of the Possible: Zack Schuler and Lawrence Gentilello

    Play Episode Listen Later Jun 5, 2024 42:21


    It's the penultimate episode of our RSAC mini series! We're speaking with Zack Schuler of NINJIO in the first half of the episode and in the second, we speak with Lawrence Gentilello of Optery.

    [Mini Series] The Art of the Possible: Joe Slowik and David Goldschlag

    Play Episode Listen Later May 29, 2024 50:02


    We're halfway through our RSAC mini series! We're speaking with Joe Slowik of MITRE in the first half of the episode and in the second, Kali is joined by Daniel Schwalbe to speak with David Goldschlag of Aembit.

    [Mini Series] The Art of the Possible: Ben April and Allan Liska

    Play Episode Listen Later May 22, 2024 52:53


    In our second iteration of our mini-series, we'll speak with Ben April of Maltego and Allan Liska of Recorded Future. We'll cover topics such as AI, the LockBit ransomware gang, cybersecurity comic books, and more!

    [Mini Series] The Art of the Possible: Jori VanAntwerp and Steve Stone

    Play Episode Listen Later May 15, 2024 65:32


    In our first episode of our mini-series, we'll speak with Jori VanAntwerp of EmberOT and Steve Stone of Rubrik Zero Labs. We'll cover topics like IT and operational technology and how ransomware is impacting the healthcare space.

    The Art of the Possible Mini-Series Trailer

    Play Episode Listen Later May 15, 2024 1:57


    We're back on the road at RSA 2024 talking with thought leaders in the infosecurity space! Be sure to check in weekly as we share nine interviews with folks from Recorded Future, Gutsy, Maltego, Aembit, MITRE, EmberOT, Optery, Rubrik, and NINJIO.

    Breaking Badness Book Club with Dmitri Alperovitch

    Play Episode Listen Later May 1, 2024 49:04


    This week on the Breaking Badness Cybersecurity podcast, Kali Fencl is joined by CEO of DomainTools, Tim Chen, and Executive Chairman of the Silverado Policy Accelerator and co-founder of CrowdStrike, Dimitri Alperovitch to discuss his book, “World on the Brink: How America Can Beat China in the Race for the 21st Century.”

    Claim Breaking Badness

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel