SECURE AF

Got a question or comment? Message us here!In this episode of the #SOCBrief, we dig into how world events can trigger cyber fallout that lands directly on the desks of security teams. From ransomware crews capitalizing on instability to hacktivists launching DDoS attacks and opportunistic actors going after vulnerable sectors, we talk through why geopolitical tension often leads to increased cyber activity. We break down real patterns, recent trends, and the warnings SOCs should be paying attention to right now ... plus practical defensive steps you can take to stay ahead of emerging threats. ⚠️

Got a question or comment? Message us here!

Got a question or comment? Message us here!This week's #SOCBrief dives into the FortiWeb zero-day that's letting attackers create admin accounts with a single unauthenticated HTTP request. With exploitation spiking and Fortinet pushing out a quiet fix, SOC teams are under pressure to lock down configs, audit firewalls, and patch fast. We break down what happened, who's affected, and how to defend before attackers pivot deeper into your network.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!We're back with the Hacker Holiday Gift Guide, and this year's lineup is stacked with RF gadgets, Wi-Fi tools, red-team essentials, and quirky cyber gifts Tanner swears by. Whether you're shopping for a pentester, a tinkerer, or someone who just loves breaking things (legally), these picks won't miss. Get ready to level up your holiday shopping.Read here ➡️ https://aliascybersecurity.com/blog/2025-ethical-hackers-holiday-gift-guide/Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!A new zero-day. 63 flaws. Endless patching chaos. This week's #SOCBrief breaks down Microsoft's November Patch Tuesday and what it means for your SOC. We'll cover the top critical CVEs, patching priorities, and how to keep your systems resilient before attackers strike.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!This week, we're digging into a case where ransomware negotiators allegedly became the attackers themselves, leveraging insider access to hit organizations they were supposed to help. This one raises real questions about trust, vendor oversight, and the human element in incident response. We break down what happened and what SOC teams can take away from it.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!In this episode, we break down the real mechanics of social engineering, from phishing emails and text scams to vishing calls and full-on physical pen tests. We share stories from the field, including how attackers build trust, why confidence is often more effective than technical skill, and what happens when social engineering meets the physical world. If you've ever wondered how someone can just walk right in and blend into a company they don't work for… this one's for you. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!

Got a question or comment? Message us here!“I'm not a robot.”

Got a question or comment? Message us here!This week on the #SOCBrief, Andrew breaks down RondoDox, a rapidly growing botnet campaign taking aim at routers, DVRs, and IoT devices worldwide. With over 50 vulnerabilities across 30+ vendors, this “shotgun” exploitation strategy is fueling massive DDoS and crypto-mining attacks.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!In this week's #SOCBrief, Hickman and Peters break down Obscura ... a new ransomware variant making waves with aggressive evasion tactics, process terminations, and domain controller targeting. We cover what's known so far, the risks it poses to businesses, and the key defenses every SOC should prioritize.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!What's the real difference between a penetration test and a red team engagement, and how can each benefit your SOC? In this episode, Andrew is joined by Tanner, to unpack how pentests uncover vulnerabilities, how red teams stress-test defenders, and why every organization should be leveraging these exercises.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!This week on #SecureAFPodcast, we're recapping #SECCON 2025. From the keynote to the villages and everything in between, join us for a look back at the highlights, takeaways, and community moments that made this year's conference our best yet.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!Ransomware is evolving faster than ever, from double extortion tactics to lightning-fast attack chains. In this episode, we break down how these threats work, why every organization is a target, and the layered defenses SOCs can use to detect and stop attacks early. Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!In this episode of The #SOCBrief, we break down the rising FileFix attack, a new social engineering technique using steganography to deliver info-stealing malware. Learn how attackers disguise malicious PowerShell commands, the risks this poses for browsers, messengers, and crypto wallets, and the proactive defenses SOCs can use to detect and contain these threats before they escalate into larger breaches.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!

Got a question or comment? Message us here!

Got a question or comment? Message us here!Fresh off the chaos of DEF CON 33, Tanner, Hickman, and Will break down the four-day hacker conference, from the eye-opening hacker villages and mind-bending talks to Hickman's clutch CTF victory and Will's bold dive into the Social Engineering Community's Vishing Competition. No sleep, all signal.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!In this episode, we break down the emerging Crypto24 ransomware attacks that use living-off-the-land techniques to bypass EDR. We'll explore how these attacks unfold and the defensive strategies SOCs and organizations can use, like layered security, enhanced monitoring, and rapid response, to stay ahead of evolving threats.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!This week, we're unpacking the phishing wave hitting SaaS platforms ... from social engineering to OAuth abuse and AI voice spoofing. Learn why people remain the #1 attack vector and how to stay one step ahead.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!On this episode of the #SOCBrief, we break down attacks on SonicWall firewalls. A wave of ransomware, possibly exploiting zero-day vulnerabilities, is compromising even fully patched systems. Learn how SOCs can respond fast and stay ahead.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!This week's SOC Brief unpacks how a misconfigured cloud bucket exposed 72,000+ user images from the Tea app, complete with geolocation metadata and real IDs. From national security risks to doxxing fallout, we break down what went wrong and what your security team must do to avoid the same mistakes.Support the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Got a question or comment? Message us here!A critical zero-day (CVE-2025-53770) is actively targeting on-premises SharePoint servers AND it's already been used to compromise over 100 organizations. In this #SOCBrief, Andrew and Tanner break down how the exploit works and what steps your team should take now. If your SharePoint instance is public-facing and unpatched ... assume compromise.

Got a question or comment? Message us here!In this week's #SOCBrief, we break down why offboarding policies are ABSOLUTELY critical for security teams. Overlooked items from abandoned accounts to old VPN access can leave backdoors wide open. Learn how SOCs monitor, contain, and shut down lingering access, and why communication between HR, IT, and cybersecurity is essential.

Got a question or comment? Message us here!

Got a question or comment? Message us here!Hackers just unleashed the largest DDoS attack in history, peaking at 7.3 Tbps and 4.8 billion packets per second. In just 45 seconds, it pummeled its target with the data equivalent of over 9,000 HD movies, a powerful reminder of how far attack capabilities have evolved.

Got a question or comment? Message us here!In this episode of The SOC Brief, the team unpacks a critical zero-day vulnerability in Google Chrome (CVE-2025-6554) that's being actively exploited. Learn how attackers use type confusion bugs to hijack browser memory, what makes this exploit so dangerous, and why it's targeting high-value organizations. Discover actionable steps for updating Chrome, securing endpoints, and training users to spot phishing attempts before they lead to compromise.

Got a question or comment? Message us here!In this episode, our security engineers break down the latest cybersecurity headlines, from the real scoop behind the “16 billion password” leak to the rise of hacker groups like Scattered Spider.

Got a question or comment? Message us here!In this episode of The SOC Brief, Andrew and Dax dive into the world of false positives – those misleading alerts that flood security teams with noise. They discuss how misconfigurations, lack of context, and overly sensitive rules can lead to alert fatigue. With practical tips on investigation, tuning tools, and understanding your environment, they highlight how reducing false positives helps analysts stay sharp and focused on real threats ⚠️.#SOCBrief #FalsePositives #SecureAFSupport the showWatch full episodes at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Welcome to

Alias Cybersecurity Jonathan Kimmitt is joined by Chad Kliewer to discuss the exciting CISO Showdown competition between Chief Information Security Officers (CISOs) at BSidesOK. They delve into the history of the showdown, how it works, and highlight significance of the championship belt. Tune in as they share insights and fun facts about this unique event!  Don't miss out! Follow us for more updates, episodes, and all things cybersecurity! Instagram: @alias_cybersecurity X: https://x.com/cyber_af LinkedIn: https://www.linkedin.com/company/aliascybersecurity/Watch the full video at youtube.com/@aliascybersecurity.Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.

Alias Cybersecurity CISO Jonathon Kimmitt is joined by Derrac Page to discuss the new changes to the HIPAA security rules being set in place this year. Listen as they go over many of the biggest points raised from the 660+ page guidelines and discuss ways that HIPAA Privacy Officers and HIPAA Security Officers can get ahead of compliance.Sponsored by Arrow Force, an MSP that puts Security First. https://www.arrowforce.comWatch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Following BSides Oklahoma where Tanner gave an 8 hour training on the basics of penetration testing, Tanner and Keelan give advice on how to present red team/pen test training... specifically how to make the trainings not suck. Sponsored by AFCyberAcademy.com. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

On this week's Secure AF podcast, Tanner poses a controversial question: is SANS the overpriced dinosaur of cybersecurity training? The answer is not a simple one. Listen in as Tanner and CISO Jonathan Kimmitt go in depth on the pros and cons of different security certifications such as Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), and more.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

As we step into the new year, it's essential to reinforce our defenses against cyber threats. Join Jonathan Kimmitt and Todd Wedel for part 2 of their discussion of cyberresolutions.Their list includes: - **Data Inventory**: Know your data—what, where, and who has access. Regular audits are a must!- **Backup Strategies**: Implement air-gapped backups and regularly test their effectiveness.- **Incident Response Playbooks**: Develop and regularly update clear procedures for handling breaches.-**And more!**Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Ready for an IR? You may have controls, policies, and procedures, but how do you know they exist? Are robust? Followed and adhered to? Join Jonathan Kimmitt and Alexandria Hendryx as they discuss what a tabletop is, how to conduct one effectively, and why they matter to your organization to prevent and prepare for the hoped never to appear IR.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Join Jonathan Kimmitt and Todd Wedel as they continue discussing how to practice IR aversion tactics. 'Tis the season for IRs and best practice cybersecurity.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

 'Tis the holiday season! A time for family...and breaches. Want to be cyberprepared to spoil the hacker's celebration? Listen to our 2 part series where Jonathan Kimmitt ensures your festivities are without incident. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Firewalls are an often overlooked or unmanaged part of a network infrastructure. Listen as Andrew Hickman and Keelan Knox discuss what they are, why you should pay attention to them, what we've seen on incident responses, and what you need to do to secure your network. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Attend S3CCON? Enjoy experiencing the recap. Miss S3CCON? Hear what was awesome, what we learned, and what to look forward to in 2025!Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Jonathan and Todd continue the conversation about how the way we talk about cybersecurity puts us in a deficit against the malicious actors and how we might reframe to better equip the defenders.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Are hackers really as successful as they appear? Or is it that they have better messaging? Join us for a conversation about how marketing around cybersecurity might play a part in the hacker mystique.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

On this episode of the SecureAF Podcast, Keelan Knox interviews our 2024 interns. They share insights on how they got in, what they are learning, and where this will take them.Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Alias CEO Donovan Farrow and Business Development Coordinator Trey Allen talk the tips and tricks of the vishing trade. They're gearing up for the DEFCON social engineering village. Listen or watch to hear their tales and experiences to learn how they're going to bring the heat to Las Vegas. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

Bryan Filice of Trap Technologies joins Keelan Knox to talk about the current threat landscape and why security has to involve every system, host, and employee. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at https://bit.ly/47eYPTKListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.