Podcasts about dfir

Segment 1: Erik Bloch Interview The math on SOC AI just isn't adding up. It's not easy to do the math, either, as each SOC automation vendor is tackling alert fatigue and SecOps assistants a bit differently. Fortunately for us and our audience, Erik Bloch met with many of these vendors at RSAC and is going to share what he learned with us! Segment 2: Enterprise Weekly News In this week's enterprise security news, 1. Some interesting new companies getting funding 2. Chainguard isn't unique anymore 3. AI slop coming to open source soon 4. Wiz dominance analysis 5. the IKEA effect in cybersecurity 6. LLM model collapse 7. vulnerabilities 8. DFIR reports 9. and fun with LinkedIn and prompt injection! Segment 3: RSAC Interviews runZero Interview with HD Moore Despite becoming a checkbox feature in major product suites, vulnerability management is fundamentally broken. The few remaining first-wave vulnerability scanners long ago shifted their investments and attention into adjacent markets to maintain growth, bolting on fragmented functionality that's added complexity without effectively securing today's attack surfaces. Meanwhile, security teams are left contending with massive blind spots and disparate tools that collectively fail to detect exposures that are commonly exploited by attackers. Our industry is ready for change. Jeff and HD explore the current state of vulnerability management, what's required to truly prevent real-world incidents, new perspectives that are challenging the status quo, and innovative approaches that are finally overcoming decades old problems to usher in a new era of vulnerability management. Segment Resources: Read more about runZero's recent launch, including new exposure management capabilities: https://www.runzero.com/blog/new-era-exposure-management/ Watch a two-minute summary and deeper dive videos here: https://www.youtube.com/@runZeroInc Tune into runZero's monthly research webcast, runZero Hour, to hear about the team's latest research findings and additional debate on all things exposure management: https://www.runzero.com/research/runzero-hour/ Try runZero free for 21 days by visiting https://securityweekly.com/runzerorsac. After 21 days, the trial converts into a free Community Edition license that is great for small environments and home networks. Imprivata interview with Joel Burleson-Davis Organizations in mission-critical industries are acutely aware of the growing cyber threats, like the Medusa ransomware gang attacking critical US sectors, but are wary that implementing stricter security protocols will slow productivity and create new barriers for employees. This is a valid concern, but organizations should not accept the trade-off between the inevitability of a breach by avoiding productivity-dampening security measures, or the drop in employee productivity and rise in frustration caused by implementing security measures that might mitigate a threat like Medusa. In this conversation, Joel will discuss how organizations can build a robust security strategy that does not impede productivity. He will highlight how Imprivata's partnership with SailPoint enables stronger enterprise identity security while enhancing efficiency—helping organizations strike the right balance. This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivatarsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-408

Heather Barnhart and Paul Lorenz join the Forensic Focus Podcast to discuss key insights from Cellebrite's 2025 DFIR Industry Trends Survey. They dive into the challenges facing digital forensics today - from locked devices and encrypted applications to overwhelming case backlogs. The survey, which gathered responses from over 2,100 professionals across 95 countries, reveals notable trends: 98% of prosecutors consider digital evidence critical to their cases, and 80% of respondents believe AI can enhance investigation effectiveness. The discussion delves into the growing acceptance of cloud storage in forensics, the cautious adoption of AI in investigations, and the preference for in-person training despite the convenience of online options. The guests also discuss cognitive bias in investigations and the importance of maintaining forensic integrity when presenting digital evidence. #digitalforensics #dfir 00:00 Welcome and Introductions 00:56 Paul Lorenz's Journey into Forensics 03:19 Challenges in Digital Forensics 04:36 Industry Trends and Survey Insights 06:37 Mental Health and Community Support 17:19 AI in Digital Investigations 22:57 Case Studies and Real-World Examples 27:37 Diverse Paths in Investigations 28:07 Challenges of Bias in Forensic Cases 30:33 The Complexity of Cloud Storage 37:45 Generational Shifts in Technology Adoption 41:30 The Importance of Training in Forensics 43:19 In-Person vs. Online Training Preferences 50:12 Concluding Thoughts and Future Trends Show Notes 2025 Industry Trends Survey - https://cellebrite.com/en/industry-trends-survey-2025 Cellebrite - https://cellebrite.com/en/home  

In this powerful continuation of our DFIR series, cybersecurity experts Daniel Schwalbe, David Bianco, Lesley Carhart, and Sarah Sabotka dissect the heart of effective incident response, containment, eradication, recovery, and lessons learned. Packed with firsthand war stories, sharp tactical advice, and honest debates, this episode is a must-listen for anyone building or refining their digital forensics and incident response capabilities. Tune in to learn why planning matters, what to do (and not do) during a breach, and how to make the adversary's job harder, one containment plan at a time.

Brett Shavers joins the Forensic Focus Podcast to discuss the critical "investigative mindset" needed for effective digital forensics. Drawing from his unique background in undercover law enforcement operations and his transition to digital forensics, Brett shares invaluable insights on why technical skills alone aren't enough in DFIR. Digging into practical challenges with hosts Si and Desi, Brett tackles head-on why DFIR isn't an entry-level field, the importance of understanding human behavior behind digital evidence, and how to approach cases with both technical precision and investigative strategy. He discusses his journey authoring several influential books including "DFIR Investigative Mindset," "Placing the Suspect Behind the Keyboard," and the definitive guide to X-Ways Forensics. Whether you're a seasoned investigator or considering a career in digital forensics, Brett offers practical wisdom on balancing technical proficiency with investigative thinking, effective communication of complex findings, and why we should remember we're not investigating computers—we're investigating people who use computers. #digitalforensics #dfir 00:00 Introduction and Guest Welcome 02:01 Brett Shavers' Background in Law Enforcement 03:33 Transition to Forensics 05:03 Challenges in DFIR 07:17 Educational Pathways and Industry Insights 12:51 X-Ways Forensics and Tool Proficiency 16:58 Investigative Mindset and New Book 27:46 The Importance of Education in Cybersecurity 28:04 Challenges in Teaching Investigative Skills 28:59 Real-World Training Scenarios 30:38 Understanding the Human Element in Cybersecurity 35:35 The Role of Communication in Cybersecurity 42:59 Technical Proficiency and Case Management 47:32 Continuous Improvement and Collaboration 53:42 Conclusion and Final Thoughts Show Notes Brett's Ramblings - https://www.brettshavers.com/ DFIR Training - https://www.dfir.training/ Brett's Books - https://brettshavers.com/my-books  

One of the essential skill sets for a DFIR analyst is the ability to understand the impact of vulnerabilities quickly. In many IR scenarios, you may find a newly discovered vulnerability or receive a scan that flags multiple potential weaknesses. To stay efficient, you must...

Brandon Epstein joins the Forensic Focus Podcast to discuss the evolving landscape of digital forensics and the growing role of artificial intelligence in evidence analysis. Brandon shares his journey from being a major crimes detective in New Jersey to co-founding Medex Forensics (later acquired by Magnet), and discusses his current roles both at Magnet Forensics and as chair of the Scientific Working Group on Digital Evidence (SWGDE). In this wide-ranging conversation, he explains how AI is being responsibly implemented in forensic tools like Magnet Axiom's Copilot feature and Magnet Verify, highlighting the critical distinction between using AI for investigative leads versus evidentiary conclusions. Brandon also dives into the challenges of media authentication in an era of deepfakes, the shift toward cloud-based forensic platforms, and provides a preview of his upcoming "AI Unpacked" webinar series. #digitalforensics #dfir #ai 00:00 Welcome and Introduction 00:32 Life in Nashville and User Summit Highlights 02:07 The Importance of Networking at Conferences 04:32 Brandon's Journey to Magnet Forensics 10:17 AI and Digital Forensics 16:02 AI Unpacked Webinar Series 21:40 Scientific Working Group on Digital Evidence (SWGDE) 33:16 The Collaborative Spirit in Forensics 34:45 Magnet's Expanding Product Line 36:14 The Future of Cloud in Digital Forensics 39:08 Challenges and Benefits of Cloud Adoption 45:26 The Role of AI and Cloud in Conferences 46:09 Magnet's Acquisition of DVR Examiner  48:47 The Importance of Video Authenticity 52:29 Emerging Technologies in Forensics 58:04 Personal Insights and Closing Remarks Show Notes Magnet Forensics - https://www.magnetforensics.com AI Unpacked - https://www.magnetforensics.com/ai-unpacked/?utm_source=ForensicFocus&utm_medium=Referral&utm_campaign=UTMC-0000077 SWGDE - https://www.swgde.org

- Response and Recovery (Part III) Markus Epner - Head of Academy at F24 AG. Markus possesses a wealth of experience in security and crisis management. In this episode, he is in conversation with - Lorenz Kuhlee, who is a highly experienced IT security professional working with PwC's Risk & Regulation Team in Germany. His specialties include large-scale data breach investigations, cyber incident response, and digital forensics. At PwC, Lorenz leads technical teams through complex cases and brings expertise in project management, specifically tailored to digital forensics and incident response (DFIR). In addition to his work at PwC, Lorenz is the co-author of Computer Forensics Hacks, a practical collection of methods, tips, and tricks from computer forensics. 01:14 Once your team is activate, what are the key phases and actions required to mitigate the situation? 02:59 If there's a ransomeware attack on a company, should they pay or not? 09:46 How do you ensure your that your containment meausres do not interefre with the company's ongoing activities? 15:00 Do criminals follow some kind of internal SOP when they attack a company? 18:00 What steps should companies take to ensure that they are well prepared against a cyber attack?

Sponsor by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠SEC Playground⁠⁠

Modern Windows systems use a tightly coordinated sequence of core processes to establish secure system and user environments. DFIR investigators and incident responders must understand the interrelationships between processes such as Idle, SMSS, CSRSS, WININIT, and WINLOGON. Recognizing expected behaviors and anomalies in these steps is crucial for detecting potential system compromises. This episode demystifies the Windows 10/11 process flow and provides context for effective triage and analysis.

- Response and Recovery (Part II) Markus Epner - Head of Academy at F24 AG. Markus possesses a wealth of experience in security and crisis management. In this episode, he is in conversation with - Lorenz Kuhlee, who is a highly experienced IT security professional working with PwC's Risk & Regulation Team in Germany. His specialties include large-scale data breach investigations, cyber incident response, and digital forensics. At PwC, Lorenz leads technical teams through complex cases and brings expertise in project management, specifically tailored to digital forensics and incident response (DFIR). In addition to his work at PwC, Lorenz is the co-author of Computer Forensics Hacks, a practical collection of methods, tips, and tricks from computer forensics. 02:30 How should companies communicate internally during the early stage of a crisis/incident? 03:53 What happens if the whole system is compromised and there are no redundant channels for crisis communication? 07:40 What could make a situation worse? 11:34 Should they call the police or that will make the situation worse? 15:35 Communicating with the Attacker - Am I allowed to speak to the cyber criminal?

Dr Michael Bourke joins the Forensic Focus Podcast to discuss the psychological impact of investigating internet crimes against children and how organizations can better support digital forensic investigators' mental health. As a distinguished clinical psychologist and researcher, Dr Bourke shares powerful insights from his extensive work in this field, explaining how repeated exposure to disturbing material can affect even the most resilient professionals. Dr Bourke introduces his innovative "sunburn analogy" to explain how secondary traumatic stress accumulates over time, discusses practical strategies for protecting investigators' wellbeing, and reveals details about the groundbreaking FORWARD Center, a new non-profit wellness facility dedicated to supporting first responders. He also shares insights from the National Wellness Survey, which received responses from 8,000 law enforcement professionals, demonstrating the urgent need for better mental health support in this field. #digitalforensics #DFIR #mentalhealth #wellbeing 00:00 Introduction and Welcome 02:00 Inspiration Behind the Research 03:01 Challenges Faced by Digital Forensic Investigators 06:00 The Importance of Proactive Mental Health Support 13:32 Cultural Competence in Therapy 23:42 Practical Steps for Organizations 34:23 The National Wellbeing Survey 38:03 The Forward Center Initiative 48:07 Conclusion and Final Thoughts

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-394

We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI. Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You're Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-394

In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-394

In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-394

Si and Desi kick off 2025 with a deep dive into critical trends shaping digital forensics. They tackle pressing challenges such as AI-driven threats, including deepfakes and AI-generated images, and examine the security risks associated with connected devices. The discussion also explores the ongoing impact of the pandemic on mental health, remote work, and the forensic community's well-being. With a focus on practical insights and support for forensic professionals, they cover evolving threats, emerging technologies, and the importance of mental resilience in the field. Stay tuned for updates on future podcast guests, conferences, and new tech developments. Don't forget to check the show notes for resources, including mental health support services and recommended reading. 00:00 Welcome to 2025 01:10 AI in Law: Conference Insights from Luxembourg 03:07 The Impact of AI on Social Media and Deepfakes 05:03 AI-Generated Images 06:51 The Future of Digital Watermarking and Cybersecurity 11:59 Advancements in AI and Desktop Supercomputers 21:37 The Rise of Smart Home Devices and Security Concerns 23:16 Privacy Issues with Medical Devices and Data Collection 31:14 Predictive Algorithms and the Dystopian Future 32:12 Apple's Siri Payout 32:35 Films Predicting 2025 34:18 US Strategic Preparation Plans 37:04 Mental Health in 2024 44:08 Impact of Remote Work 51:17 The Role of Gossip in Society 59:19 Cyber Threats and Mental Health 01:01:05 Final Thoughts and Resources Show Notes NVIDIA Puts Grace Blackwell on Every Desk and at Every AI Developer's Fingertips, Nvidia News - https://nvidianews.nvidia.com/news/nvidia-puts-grace-blackwell-on-every-desk-and-at-every-ai-developers-fingertips US man used AI to generate 13,000 child sexual abuse pictures, FBI alleges, The Guardian - https://www.theguardian.com/technology/article/2024/may/21/child-sexual-abuse-material-artificial-intelligence-arrest  Tasmanian jailed for possessing AI-generated child abuse material, AFP - https://www.afp.gov.au/news-centre/media-release/tasmanian-jailed-possessing-ai-generated-child-abuse-material Raspberry Pi - https://www.raspberrypi.com/products/raspberry-pi-5/ Rise of killer robot fridges as experts warn kitchen appliances getting 'smarter', Daily Star - https://www.dailystar.co.uk/tech/rise-killer-robot-fridges-experts-34387400 ‘I'm Possibly Alive Because It Exists:' Why Sleep Apnea Patients Rely on a CPAP Machine Hacker, Vice - https://www.vice.com/en/article/im-possibly-alive-because-it-exists-why-sleep-apnea-patients-rely-on-a-cpap-machine-hacker/  Raven Rock: The Story of the U.S. Government's Secret Plan to Save Itself — While the Rest of Us Die, Goodreads - https://www.goodreads.com/book/show/25813952-raven-rock While the Rest of Us Die: Secrets of America's Shadow Government, Wikipedia - https://en.wikipedia.org/wiki/While_the_Rest_of_Us_Die:_Secrets_of_America's_Shadow_Government Sandy Hook Promise - https://www.sandyhookpromise.org/ The Selfish Gene, Goodreads - https://www.goodreads.com/book/show/61535.The_Selfish_Gene Sapiens: A Brief History of Humankind, Goodreads - https://www.goodreads.com/book/show/23692271-sapiens Unexpected Privacy Risks in CPAP Machine Updates, LinkedIn - https://www.linkedin.com/pulse/unexpected-privacy-risks-cpap-machine-updates-ryan-chalupovitsch-gh2kc/ Canceling the apocalypse? What can we learn from films set in 2025, The Guardian - https://www.theguardian.com/film/2025/jan/02/what-learn-movie-set-future Forensic Focus Discord - https://discord.gg/97zKvTXHeS If you have been affected by any of the issues raised in this episode, these organisations may be of help: Samaritans – https://www.samaritans.org Mind – https://www.mind.org.uk Oscar Kilo – https://www.oscarkilo.org.uk/ Occupational health unit (OHU) – all police forces have access to an OHU providing a range of support services Employee Assistance Scheme (EAS) – check with your employer to see what specific resources are available to you  GP – your GP can provide access to various local resources and make referrals to psychological support services Beyond Blue - https://www.beyondblue.org.au/

- Response and Recovery (Part I) Markus Epner - Head of Academy at F24 AG. Markus possesses a wealth of experience in security and crisis management. In this episode, he is in conversation with - Lorenz Kuhlee, who is a highly experienced IT security professional working with PwC's Risk & Regulation Team in Germany. His specialties include large-scale data breach investigations, cyber incident response, and digital forensics. At PwC, Lorenz leads technical teams through complex cases and brings expertise in project management, specifically tailored to digital forensics and incident response (DFIR). In addition to his work at PwC, Lorenz is the co-author of Computer Forensics Hacks, a practical collection of methods, tips, and tricks from computer forensics. 03:30 If you could describe a cyber incident in three words, what would they be? 06:30 There's only three ways in which you can compromise your computer network 12:48 In your experience, what is the most critical aspect of a company's readiness for engaging a CERT team during an incident? 16:31 I am always saying I can train every company to be like James Bond, 007 - but that also has something to do with the culture and the DNA of the company 17:19 How does a CERT team function and collaborate during an incident?

Send us a textGet ready for a hands-on look at digital forensics and the challenges professionals tackle every day. We share a story about forensic guessing that highlights the importance of testing assumptions and following the evidence to avoid errors. The discussion emphasizes how staying grounded in facts can prevent investigations from going off track.We also highlight advancements in forensic tools and training. Learn about tools like Belkasoft, the UFADE tool for iOS device extraction, and SQBite for SQLite database analysis. These tools are improving efficiency and accessibility in the field. But it's not all about the tech. We address the important topic of mental health in digital forensics. We discuss the pressures of the job, strategies for managing stress, and the importance of supporting one another. Personal experiences and practical tips highlight the need to prioritize mental well-being in this demanding field.This episode provides valuable information on tools, investigative approaches, and mental health strategies for forensic professionals. Notes:Belkasoft Windows Forensics Coursehttps://belkasoft.com/windows-forensics-trainingUpdates to UFADEhttps://github.com/prosch88/UFADE/releasesThe Duck Hunter's Bloghttps://digital4n6withdamien.blogspot.com/2025/01/the-duck-hunters-guide-blog-1.htmlhttps://digital4n6withdamien.blogspot.com/2025/01/the-duck-hunters-guide-blog-2.htmlhttps://digital4n6withdamien.blogspot.com/2025/01/the-duck-hunters-guide-blog-3.htmlSQBitehttps://digital4n6withdamien.blogspot.com/2025/01/introducing-sqbite-alpha-python-tool.htmlhttps://github.com/SpyderForensics/SQLite_Forensics/tree/main/SQBiteMental Health in DFIRhttps://thebinaryhick.blog/2019/06/21/mental-health-in-dfir-its-kind-of-a-big-deal/https://www.forensicfocus.com/podcast/the-impact-of-traumatic-material-on-dfir-well-being/https://www.forensicfocus.com/news/dfir-and-mental-health-are-we-doing-enough-to-protect-investigators/https://www.sciencedirect.com/science/article/pii/S2666281721000251https://belkasoft.com/preventing-burnout-in-digital-forensicshttps://www.magnetforensics.com/resources/taking-care-of-mental-health-during-digital-forensics-investigations/https://www.harmlessthepodcast.com/https://www.shiftwellness.org/about-ushttps://www.nyleap.org/What's New with the LEAPPShttps://github.com/abrignoni

We discuss our latest report "The Curious Case of an Egg-Cellent Resume" Host: ⁠⁠⁠⁠@Kostastsale⁠⁠⁠⁠ Analysts: ⁠⁠⁠⁠⁠⁠@_pete_0, Zach Stanford (aka @svch0st) Report: ⁠⁠⁠⁠https://thedfirreport.com/2024/12/02/the-curious-case-of-an-egg-cellent-resume/ Contact Us: ⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠ Services: ⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠⁠ Music by FASSounds from Pixabay

Security risk assessments can be a tool for guiding and prioritizing incident response investigations. By evaluating the potential impact and likelihood of various threats, these assessments provide a structured framework to identify and mitigate risks effectively. This episode will explore how integrating security risk assessments into incident response workflows enhances response strategies.

Pete Strouse, CEO and Founder of InfoSec Connect, joins us for our last conversation of 2024. He has 10 years of experience recruiting in the cybersecurity industry, from technical engineering and architecture positions, to offensive security, DFIR, and security compliance. Join us as we dive into the cyber talent market challenges and opportunities! And be sure to check out his podcast Talent Gap Fireside Chat for more cyber job market discussions https://youtube.com/@TalentGapFiresideChat

Forensic examiners have quite a few programs at their disposal these days to complete their work.  Many of them are quite expensive; however, there are other programs that can be utilized and don't cost an arm and a leg.  In this episode Becky and I talk about some of these programs, what they're used for and how much they cost, if anything.  This is part 1 of a 2-part series on forensic tools.

Join us for the “Heroes Unite: Exploring the Future of Legal Technology Careers” panel at the 3rd Annual ACEDS eDiscovery Day in Austin, Texas. This dynamic session brings together industry leaders to discuss the rapidly evolving legal technology landscape. Gain insights into how emerging technologies are reshaping career paths, the growing importance of technical expertise and soft skills, and discover new opportunities for growth and innovation in the field. Whether you're a seasoned professional or just starting your journey, this discussion will equip you with the knowledge to thrive in the ever-changing world of eDiscovery and beyond. 

AI fortifies cybersecurity but it also strengthens cyberthreats. How can your company tackle this double-edged dilemma? We're asking our guest, Rob Lee, Chief of Research at the SANS Institute, the go-to leader in cybersecurity training.With more than 20 years of experience in digital forensics and incident response, Rob is dubbed “The Godfather of DFIR.” He's also the co-author of the must-read book, Know Your Enemy.Get ready to learn about … 

In 2024, AI has not only revolutionized how we defend against cyber threats but also how those threats are being carried out. We'll explore how AI is enabling faster, more efficient security incident responses, with real-world examples of its application in automated threat detection and response, advanced forensics, and more. But with every technological leap forward, there's a dark side and attackers are harnessing AI to orchestrate sophisticated attacks...

For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing. We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared. Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-379

For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing. We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared. Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-379

In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-379

In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-379

This episode features Matthew Rasmussen, Founder and CEO of ModeOne, which is an app that provides targeted smart phone data discovery. Matt discusses his journey from a psych major waiting tables to landing a job in eDiscovery in its earliest days-- a job that ultimately helped him land jobs in BigLaw for multiple firms running their litigation technology departments. It was when he was working for O'Melveny & Meyers when he had his "light bulb moment" that led to the creation of ModeOne, a solution addressing the challenges of efficient data collection from mobile devices. Matt explains how ModeOne works, its benefits over traditional digital forensic collection methods, and how it addresses concerns about evidentiary defensibility. He also highlights the various use cases for ModeOne beyond litigation, including internal investigations, HR matters, and compliance. The conversation delves into ModeOne's development, its unique approach compared to competitors, and its future roadmap, including internationalization and integrations with other platforms like Relativity. Learn more about Matt. Key Discussion Points: [0:39] Matt's unconventional path to eDiscovery [3:35] The "light bulb moment" that sparked the idea for Mode One [9:02] How Mode One works and its advantages [11:36] Addressing evidentiary concerns and gaining credibility [19:19] Expanding use cases beyond litigation [22:48] iOS and Android certification process [23:31] Apps and data supported by Mode One [25:18] Mode One's built-in review tool and Relativity integration [28:04] Future roadmap and upcoming features  

Today, Marc and James have the pleasure of sitting down with Omar Aviles, a seasoned expert in DFIR, threat hunting, and malware analysis. Omar takes us on a journey through his early days of dismantling computers out of sheer curiosity to the high-stakes world of battling ransomware in real-time. He delves into the growing dangers of corporate espionage, nation-state attacks, and the ever-evolving landscape of cybersecurity. Throughout the conversation, Omar's passion for protecting the digital world shines brightly, as he shares his favorite hacking techniques, insights on hunting and neutralizing threats, and invaluable advice for those looking to break into the cybersecurity field.

I decided to talk this week about the Importance of Secure Coding Knowledge for Security Incident Response Investigations. Knowing secure coding principles helps identify the root causes of vulnerabilities and recognize attack patterns. It facilitates effective communication and collaboration with developers, ensuring accurate incident reports and actionable recommendations. Secure coding knowledge enhances forensic analysis by aiding in code reviews and log analysis to detect anomalies. It also allows responders to suggest mitigation strategies and improve the security posture of applications. Ultimately, this knowledge leads...

International Law Enforcement Seizes Domains of Russian Crypto Laundering Networks. The real-world risk of a recently revealed Linux vulnerability appears low. Criminal Charges Loom in the Iranian Hack of the Trump Campaign. Meta is fined over a hundred million dollars for storing users' passwords in plaintext. Delaware's public libraries grapple with the aftermath of a ransomware attack. Tor merges with Tails. Progress Software urges customers to patch multiple vulnerabilities. A critical vulnerability in VLC media player has been discovered. Our guests are Mark Lance, Vice President of DFIR and Threat Intelligence at GuidePoint Security, and Andrew Nelson, Principal Security Consultant at GuidePoint Security discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story." Having the wisdom to admit you just don't know.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Mark Lance, Vice President DFIR and Threat Intelligence at GuidePoint Security, discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story."  Selected Reading US-led operation disrupts crypto exchanges linked to Russian cybercrime (The Record) Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected (SecurityWeek) Criminal charges coming in alleged Iranian hack of Trump campaign emails: Sources (ABC News) Meta fined $101 million for storing hundreds of millions of passwords in plaintext (The Record) Hackers attack Delaware libraries, seek ransom. Here's what we know (Delaware Online) Tor Merges With Security-Focused OS Tails (SecurityWeek) Progress urges admins to patch critical WhatsUp Gold bugs ASAP (Bleeping Computer) VLC Player Vulnerability Let Attackers Execute Malicious Code, Update Now (Cyber Security News) Bigger AI chatbots more inclined to spew nonsense — and people don't always realize (Nature) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we're covering zero-day vulnerability response from a Digital Forensics and Incident Response professional's perspective. In our roles, we often get involved in various tasks that require a security mindset, and one critical task is responding to zero-day vulnerabilities. To provide a real-world context, we'll integrate the recently disclosed zero-day exploit "Copy2Pwn" (CVE-2024-38213) and discuss the specific forensic artifacts and methods used to achieve the objectives of a DFIR response.

Breaking into Cybersecurity - DFIR Career Advice w/Cathy UllmanDr. Catherine J. Ullman is a security researcher, speaker, author, and Principal Technology Architect and security at the University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff, educating and informing users about how to prevent and detect social engineering threats and compute and digitally communicate safely. Cathy has presented at numerous information security conferences, including DEF CON and Blue Team Con. Cathy is a contributor to the O'Reilly title 97 Things Every Information Professional Should Know and the author of the Wiley title The Active Defender. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth, Flash, at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.Sponsored by CPF Coaching LLC - http://cpf-coaching.comThe Breaking into Cybersecurity: It's a conversation about what they did before, why did they pivot into cyber, what the process was they went through Breaking Into Cybersecurity, how they keep up, and advice/tips/tricks along the way.The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership and tips/tricks/advice from cybersecurity leaders.This podcast runs on listener support and funding. Consider supporting this podcast:https://breaking-into-cybersecurity.captivate.fm/supportCheck out our books:Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level https://amzn.to/3443AUIHack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/About the hosts:Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cybersecurity, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cybersecurity profession. https://www.linkedin.com/in/reneebrownsmall/Download a free copy of her book at magnetichiring.com/bookChristophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over ten years of experience as an experienced...

Ransomware has shifted from simple, isolated attacks to coordinated, human-operated campaigns that target entire organizations.  In this episode of the Endace Packet Forensics Files, Michael Morris talks with Ryan Chapman, SANS Instructor and expert in Digital Forensic and Incident Response (DFIR) about these evolving threats.  Ryan explains how attackers are becoming more methodical and sophisticated, focusing on disabling EDR/XDR solutions to evade detection and leaving organizations vulnerable to advanced attacks.  One of the key challenges Ryan highlights is visibility. Without robust logging, packet capture, and monitoring tools, it's nearly impossible to understand how an attack happened fully. Even encrypted traffic can reveal critical patterns if analyzed properly.   Ryan shares examples of organizations that suffered reinfections because they rushed to restore systems without identifying the original entry point. Packet capture data plays a vital role in pinpointing when and how attackers infiltrated, ensuring a safe recovery and minimizing disruption.  As ransomware tactics evolve, adopting a Zero-Trust approach is essential. Ryan discusses how limiting permissions and avoiding overly trusting software configurations can help prevent breaches. He cites the Kaseya attack, where some organizations avoided compromise by not blindly whitelisting trusted directories. As attackers increasingly use legitimate tools, verifying all network activity and following least privilege principles are critical defenses.   Don't miss this insightful episode, where Ryan provides actionable advice for preparing your organization against today's ransomware threats.  

This week, we are joined by Jason Baker, Senior Threat Consultant at GuidePoint Security, and he is discussing their work on "Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider." In early 2024, a current RansomHub RaaS affiliate was identified as a former Alphv/Black Cat affiliate and is believed to be linked to the Scattered Spider group, known for using overlapping tools, tactics, and victims. The high-confidence assessment by GuidePoint's DFIR and GRIT teams is supported by the consistent use of tools like ngrok and Tailscale, social engineering tactics, and systematic playbooks in intrusions. The research can be found here: Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Jason Baker, Senior Threat Consultant at GuidePoint Security, and he is discussing their work on "Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider." In early 2024, a current RansomHub RaaS affiliate was identified as a former Alphv/Black Cat affiliate and is believed to be linked to the Scattered Spider group, known for using overlapping tools, tactics, and victims. The high-confidence assessment by GuidePoint's DFIR and GRIT teams is supported by the consistent use of tools like ngrok and Tailscale, social engineering tactics, and systematic playbooks in intrusions. The research can be found here: Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider Learn more about your ad choices. Visit megaphone.fm/adchoices

Text us feedback!In this episode, Spencer is joined by Joey Vandergrift (SecurIT360's VP of Security Operations) and Mark Brophy (SecurIT360's DFIR practice lead). Together they discuss how CrowdStrike, a leading EDR product, caused one of the largest global IT outages in history.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Summary In this episode of Chattinn Cyber, Mark Schein chats with John Morrissey, Cryptocurrency Operating Compliance Director for Arete, focusing on various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John explains how he ended up in his current role, combining his cybersecurity background with his passion for trading and investing. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC when it comes to making ransom payments. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats. John shares his journey of how he becomes the Cryptocurrency Operating Compliance Director for Arete. He mentions that he met Joe Mann, the founder of Arete, while working in the Virginia DC area. John became Arete's first client when he ran a DFIR (Digital Forensics and Incident Response) services organization. With his background in cybersecurity and his passion for trading and investing, John found a perfect fit in his current role, where he manages crypto relationships and helps clients navigate the complexities of the market. The conversation then shifts to the concept of crypto puzzles and the volatility of the cryptocurrency market. John explains that crypto is the most volatile asset in the world, and its value can fluctuate significantly in response to market conditions. He gives an example of how Bitcoin's value dropped from $69,000 to $16,000 during a market crash. John highlights the challenges of working with a new industry that lacks regulation and dealing with assets that are highly volatile. He emphasizes the need to understand how all these factors fit together. The discussion then turns to ransomware attacks and the changing demands of adversaries. John mentions that during previous market crashes, ransom demands were often made in Bitcoin. However, after the crash, there has been a shift towards demanding cash instead of Bitcoin. He notes that the ransoms are increasing year over year, with some groups demanding even higher amounts. John also mentions the increasing scrutiny and compliance requirements imposed by organizations like OFAC (Office of Foreign Assets Control) when it comes to making ransom payments. He explains the steps Arete takes to ensure compliance, including analyzing threat actor wallets, conducting blockchain analysis, and verifying the absence of sanctions. Mark asks John how Arete can help in situations involving ransomware attacks. John explains that Arete is a full-service organization specializing in digital forensics and incident response (DFIR). They offer assistance from the moment a hack is discovered, providing a 24/7 phone number and email for immediate response. Arete's team helps clients through the entire process, from triage to recovery, and even offers guidance on planning and prevention. If necessary, Arete can also assist with the process of making ransom payments. In conclusion, the conversation between Mark Schein and John covers various aspects of the cryptocurrency industry and the challenges associated with ransomware attacks. John shares his background and how he ended up in his current role. He discusses the volatility of the cryptocurrency market and the impact it has on ransom demands. He also highlights the increasing scrutiny and compliance requirements imposed by organizations like OFAC. John emphasizes the importance of taking cybersecurity seriously and investing in the right tools and processes to protect organizations from cyber threats. Arete's role in assisting clients with ransomware attacks is also discussed, highlighting their full-service approach and expertise in digital forensics and incident response. Key Takeaways

This week, I will be discussing the Linux operating system from a DFIR perspective. It is highly recommended for every examiner to become proficient in Linux, especially with the increasing prevalence of cloud-based infrastructures in enterprise environments. As these platforms become the norm, you can expect to encounter Linux systems frequently during your investigations.

We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Show Notes: https://securityweekly.com/esw-366

We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss: What to be aware of when deploying GenAI Key use cases and successes organizations are having with GenAI Some of the risks to be aware of How to prepare employees for GenAI Best practices to prepare for evolving threats For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any). Segment Resources: Why It's Time to Evolve from Threat-centric to Compromise-centric Security Evolve from Threat-Centric to Compromise-Centric Security How to Close the Visibility Gaps Across Your Multi-Cloud Environment Defend HPC Data Centers with Frictionless Security & Observability We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-366

We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss: What to be aware of when deploying GenAI Key use cases and successes organizations are having with GenAI Some of the risks to be aware of How to prepare employees for GenAI Best practices to prepare for evolving threats For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any). Segment Resources: Why It's Time to Evolve from Threat-centric to Compromise-centric Security Evolve from Threat-Centric to Compromise-Centric Security How to Close the Visibility Gaps Across Your Multi-Cloud Environment Defend HPC Data Centers with Frictionless Security & Observability We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week. This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market. We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries. We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise. We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware. Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie. Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge). Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-366

The Windows registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as for applications running on the platform. In order to make use of any of this information, you must understand the registry from a DFIR point of view, and that's exactly what I'm doing in this episode...

Windows Scheduled Tasks are often used by attackers to establish persistence. As an analyst, you want to be aware of the different windows event codes that record these details. These artifacts come up in just about every windows compromise assessment, consider them core triage skills. There are several events, all of which I will go over in this episode. I will break them down from a DFIR point of view and give you the triage methodology...

This week I talk about career moves for the DFIR professional. The skill set is valuable, but it must be combined with the right additional technical skills to maximize future job opportunities. Of course, there is one skill set that stands out above the rest...

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our sponsored guest, Aaron Shaha, CISO, CyberMaxx. In this episode: Is technical debt an inevitability in any organization? How do you go about "paying it down?" How do you decide when you need a systematic refresh and when can you kick the can down the road a little longer? Thanks to our podcast sponsor, CyberMaxx CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is my guest, Thom Langford, CISO, Velonetic. In this episode: Why do lots of businesses pledge to never pay ransomware demands? And why do their priorities quickly change when they need to get the business back to normal after an attack occurs? What good is a pledge like that without the infrastructure and organizational commitment to make it possible? Thanks to our podcast sponsor, CyberMaxx CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Joshua Brown, vp and global CISO, H&R Block. In this episode: Why is retaining cyber talent so hard? How can organizations keep an employee from going elsewhere? Why do organizations often not prioritize the factors to keep key employees? Thanks to our podcast sponsor, CyberMaxx CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.