Dr. Chaos Podcast

Tony G and Aamir discuss their frustrations in the world of cybersecurity. Join us as we discuss the multiple failures we have seen in the industry that keep repeating. Inspired by temporary guest news anchor Peter Griffin from Quahog News 5 let's find out What Really Grinds My (Our) Gears

John Simmons joins the Dr. Chaos podcast. John is an IR specialist. He has worked with the United States White House, other government agencies, and many private organizations. He will walk us thru what he sees in the world and how he helps clients during attacks. Uber has a CSO problem as data breaches are paid thru bug bounty programs

Janet Jackson is her CVE as Rhythm Malware Nation destroys hard drives. Log4J might be giving Iranian attackers the upper hand. Tony G and Aamir Lakhani discuss cyber news on the Dr. Chaos podcast.

We are back at Blackhat and Defcon 2022 Las Vegas. Aamir and Tony discuss the conference, what they enjoyed, and little nuggets of information they learned.

A new threat actor goes destructive

Two UK teenagers were charged with hacking and being members of Lapsus$ the Dr. Chaos podcast discusses motivations around why teenagers and young adults may be motivated by cybercrime and how they might have gotten involved.

A Closer Look at the LAPSUS$ Data Extortion Group. In the latest edition, we talk about their latest attacks, some of the techniques being used, and how they are getting caught.

Russian threat actor Conti has their data leaked. In this podcast, we will take a look at the leaked data and see what we can learn about one of the largest threat actors operating.

Ransom payments are tax-deductible, and no one cares. Should we? https://www.foxbusiness.com/lifestyle/ransomware-attack-payment-tax-deductible North Korea exploits VPN vulnerabilities. Possibly gains nuclear research. Think about this; North Korea may achieve nuclear capabilities and advancements because someone did not patch their systems. https://thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html

We are honored to have Dr. Alex Tarter, CTO of Thales UK and co-founder of TurgenSec, and Breaches.UK on our podcast. Alex is a bit of a legend in the CISO space. He discusses the concepts of attack surface management capabilities that the team at TurgenSec has developed. Alex shares his thoughts around his experience on deception technologies, frustrating attackers, supply chain breaches. Don't miss his horror story around responsible disclosure of security vulnerabilities go wrong. TurgenSec - R&D focused Information Security - https://www.turgensec.com/ Twitter: https://twitter.com/turgensec Breaches UK - Fight Back against data leaks - https://breaches.uk/ Twitter: https://twitter.com/BreachesUK

Tony G and Aamir Lakhani discuss their long week of investigating remote work cyber attacks, the craziness of ransomware, the Colonial Pipeline attack, and a debate on Cobalt Strike being a tool made for attackers or being used by attackers. Our excitement leads to openly discussing the problems with paying for ransom or the consequences of making it illegal

Tony G and Aamir Lakhani discuss the Microsoft Exchange Zero-Day vulnerabilities.

Tony G and Dr. Chaos return to discuss what is XDR. Is it just hype? Is it more than repackaged tools? Let's break down the new industry buzzword.

Aamir Lakhani and Tony G discuss breach attack simulation tools on this week's episode. Learn about the differences between breach attack simulation tools and pen testing and red team exercises. Aamir and Tony G discuss their favorite open-source and commercial tools. Are you ready for BAS?

This week we conclude our exciting interview with Jim. This former US Intelligence cyber specialist discusses attribution challenges to State actors, US Election security, and a new superhero: Metrics Man! If you haven't heard part I, do so first, then listen to the conclusion only on the Dr. Chaos podcast.

Attacks, Cyberwar, and Attack Attribution from the perspective of a cyber professional who spent years working for US Intelligence organizations helping to protect the United States from Cyber Attacks. Join us as discusses his experience working for the Federal government and the differences he sees on how large global private organizations handle cybersecurity.

Tony G and Jonas Walker explain how ransomware negations occur between a victim and an attacker. Learn how a travel management company negotiated a $10 million ransom to a $4.5 million payout and got tips from the attackers to help them understand how they were attacked. References: https://siliconangle.com/2020/08/02/travel-management-company-cwt-hands-4-5m-following-ransomware-attack/ https://www.fortinet.com/blog/threat-research/offense-defense-a-tale-of-two-sides-group-policy-and-logon-scripts

Chris Louie (https://www.linkedin.com/in/chlouie/) blogger and security professional from zScaler speaks to us on today's podcast about all things security. Join Tony G and Dr. Chaos on our latest episode as we discuss ransomware, the US Presidential Elections, and all things security.

We discuss online and free resources that are available to learn Cybersecurity skills. Special co-host Jonas Walker joins us as he discusses his Twitter kung-fu, favorite podcasts, and other tricks to stay ahead of the curve.

The financial sector takes cybersecurity seriously, and almost no one takes it more seriously than Chris Konrad, World Wide Technology Director of Global Financial Security. Join us as he discusses what makes the financial sector different, what products they are using to protect their environment, and the most significant cyber challenges he faces safeguarding the industry. Join me and Anthony Giandomenico on the Dr. Chaos Podcast.

Industrial cybersecurity specialist James Cabe from CyberX, discusses ICS attacks, OT vs IT, and working for a startup that just got acquired by Microsoft.

Industrial Cybersecurity Specialist James Cabe at CyberX, talks about ICS attacks, the differences between IT and OT security, and his experience working for a startup that just got acquired by Microsoft.

Researchers Aamir Lakhani and Anthony Giandomenico discuss the EKANS ransomware and why it was an effective and targetted attack.

Aamir Lakhani and Tony G discuss the latest findings of the 2020 Verizon Data Breach report. From ransomware to passwords dumpers. What does it mean how you should shape your cybersecurity policy? Join us on the latest episode of Dr. Chaos Podcast to find out.

Welcome to the world of chaos. In this special episode, we repost audio from a recent interview, where your co-host Dr. Chaos, discussing how he got his nickname, common themes around attacks, why he hates working on the principle of assumed breaches, and what people panic about first during a breach. Don't miss this exciting one-one interview with the doctor before his next regeneration.

The Information Technology Disaster Resource Center harnesses the collective resources of the technology community to provide no-cost Information, Communications, and Technology (ICT) solutions that connect survivors and responders in crisis. Today's Dr. Chaos Podcast Anthony Giandomenico and I speak with Roger Rustad and Bryan Watson as they educate us on the ITDRC.

Cybersecurity startups are providing excellent opportunities for people who want to create and bring to market new products. They can also be financially rewarding. How do you decide if working for a startup is right for you? Do you understand the real risks and the benefits from a financial and career point of view? Join us as we talk with Jared Hufferd. Jared has made it a job in picking the right startups to work for as a cybersecurity account manager. Jared has had successful exits at Netscreen, Sourcefire, and several other successful organizations. We will discuss with him what he looks for in a cybersecurity startup and what he avoids.

Do you have what it takes to investigate cyber breaches, data exfiltration, and attacks? How does one get started in the career of incident response? Yakov Goldberg, Senior Director of Customer Investigations and Threat Intelligence at Fortinet, speaks to us around his career as an incident response specialist. He shares his favorite tools as resources such as the YouTube channel 13Cubed that he uses to keep up to date on the latest investigation techniques.

How do you hire, manage, and interact with the best engineers when they work for you? Join John Jacobs (known as JJ), who is an experienced technology sales professional, having led world-class providers and hardware manufacturers' customers through concept, design, implementation, and support of their solutions. John speaks to us on how he has seen the industry change, what qualities he sees in highly successful and highly technical people who have and are reporting to him. Lastly, he will speak around some things you should be thinking about your career in a fluid and challenging time as a cybersecurity professional.

What if your first cybersecurity certification was the toughest one to get? How would it impact your career? What would be your next steps? Join us as we speak to Jonas Walker as he describes his experience from zero to OCSP certified in 3 months

How Threat Landscape has Changed with COVID-19. Aamir Lakhani and Derek Manky discuss the thread landscape and flattening the cyber curve.

We answer your questions around cybersecurity, COVID-19, and RDP vulnerabilities.

Today's topic on the Dr. Chaos Cybersecurity podcast is Enterprise Segmentation. Enterprise Segmentation is a hot topic as organizations race to protect their cloud and remote workforce. Join us as we talk to an expert on the topic, Bryan Liebert. Bryan Liebert is a Senior Manager for Cybersecurity Consulting Services. He advises and works with the world's largest organizations on how to implement Enterprise Segmentation within their organization.

Brandon Robinson discusses the next steps for the IT professional to elevate their career. Listen to his tips on how to think outside the box and map your career to the next level.

On this week's podcast, my co-host Tony G is back! Join us as we interview Jack Chan, product manager at Fortinet. Jack discusses his thoughts on how we have seen artificial intelligence and machine learning evolve in products offered by OEMs and other vendors in the last year and what benefits we can expect from them.

Keith Rayle left his perfect job to take on the role of a CISO. What could possibly go wrong in a brand new city, brand new job, and a worldwide pandemic impacting every part of their organization.

RDP Goes Bad and Frankenstein - Dr. Chaos Podcast June 5th, 2019 by Dr. Chaos

We just got back from Mitre ATT&CK Con. Tony G and Dr. Chaos were both impressed. Let's talk about creating and testing the ATT&CK framework.

Tony G and Dr. Chaos discuss crypojacking - is it really a problem? How does it lead to greater security threats? What does it really mean for enterprise organizations? Join us for the Dr. Chaos podcast

Aamir Lakhani and Tony G talk around MITRE ATT&CK methodology and malware embedded in DLL

Aamir Lakhani and "Tony G" discuss the latest techniques in new botnets with hive like awareness.

I sit down and talk to Keith Rayle around AI and Machine Learning

Keith Rayle, a senior security advisor gives a detailed presentation on how AI and Machine learning works for the masses

Is CryptoJacking really that bad? What about sites that are asking for user's permission before they mine? Tony G and Dr. Chaos discuss CryptoJacking. Opening music: bensound - bensound-dubstep.mp3

Organizations of all sizes continue to be targets of cyber criminals and the threats that they present. However, some organizations are taking a proactive approach and are hunting for these threats. But what exactly is “threat hunting"? How does it fit into the SOC? Should my organization be threat hunting? How could it help us? Do I leverage outside expertise to augment my staff?

Aamir Lakhani and Tony G discuss how to start a threat hunting program within an organization.