Podcasts about Red team

Bryce Hoffman, the bestselling author of 'Red Teaming: How Your Business Can Conquer the Competition by Challenging Everything', helps companies plan more effectively by applying systems learned from business and the military. He became the first and only civilian to graduate from the U.S. Army's Red Team Leader Program at Fort Leavenworth, Kansas. Red Team Thinking is a systematic approach to making critical and contrarian thinking a part of any team's strategic planning process, providing a robust set of tools to challenge assumptions, expose hidden threats, and stress-test your plans and strategies. Red Teaming is an important discipline for any company owner, senior executive and strategist.   LINKS   Bryce's website https://brycehoffman.com   Book on Amazon Red Teaming: How Your Business Can Conquer the Competition by Challenging Everything   The Mojo Sessions website www.themojosessions.com   The Mojo Sessions on Patreon www.patreon.com/TheMojoSessions Full transcripts of the show (plus time codes) are available on Patreon.   The Mojo Sessions on Facebook www.facebook.com/TheMojoSessions   Gary on LinkedIn www.linkedin.com/in/gary-bertwistle   Gary on Twitter : www.twitter.com/GaryBertwistle   The Mojo Sessions on Instagram www.instagram.com/themojosessions   If you like what you hear, we'd be grateful for a review on Apple Podcasts or Spotify. Happy listening!   © 2026 Gary Bertwistle. All Rights Reserved.

Discover how Anthropic's secretive red team and the MITRE ATT&CK framework are mapping the chilling rise of malicious AI use, revealing cyber threats that now move faster than defenders can respond. Was a U.S. law firm right to pay a $20 million ransom. Could Cisco have yet another SD-WAN 0-day in the wild. Why is it so difficult to author secure PHP code. Teens use "WeedHack" to spy and attack each other. Researchers create the first AI-enabled Internet worm. Google Chrome pops-up "Shop with confidence." What... The discovered and irresponsibly disclosed HTTP/2 Bomb. What Anthropic learns from their past year of Claude abuse: It's bad Show Notes - https://www.grc.com/sn/SN-1082-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now outsystems.com/twit guardsquare.com doppel.com cyberhoot.com/securitynow

Discover how Anthropic's secretive red team and the MITRE ATT&CK framework are mapping the chilling rise of malicious AI use, revealing cyber threats that now move faster than defenders can respond. Was a U.S. law firm right to pay a $20 million ransom. Could Cisco have yet another SD-WAN 0-day in the wild. Why is it so difficult to author secure PHP code. Teens use "WeedHack" to spy and attack each other. Researchers create the first AI-enabled Internet worm. Google Chrome pops-up "Shop with confidence." What... The discovered and irresponsibly disclosed HTTP/2 Bomb. What Anthropic learns from their past year of Claude abuse: It's bad Show Notes - https://www.grc.com/sn/SN-1082-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now outsystems.com/twit guardsquare.com doppel.com cyberhoot.com/securitynow

Discover how Anthropic's secretive red team and the MITRE ATT&CK framework are mapping the chilling rise of malicious AI use, revealing cyber threats that now move faster than defenders can respond. Was a U.S. law firm right to pay a $20 million ransom. Could Cisco have yet another SD-WAN 0-day in the wild. Why is it so difficult to author secure PHP code. Teens use "WeedHack" to spy and attack each other. Researchers create the first AI-enabled Internet worm. Google Chrome pops-up "Shop with confidence." What... The discovered and irresponsibly disclosed HTTP/2 Bomb. What Anthropic learns from their past year of Claude abuse: It's bad Show Notes - https://www.grc.com/sn/SN-1082-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now outsystems.com/twit guardsquare.com doppel.com cyberhoot.com/securitynow

Discover how Anthropic's secretive red team and the MITRE ATT&CK framework are mapping the chilling rise of malicious AI use, revealing cyber threats that now move faster than defenders can respond. Was a U.S. law firm right to pay a $20 million ransom. Could Cisco have yet another SD-WAN 0-day in the wild. Why is it so difficult to author secure PHP code. Teens use "WeedHack" to spy and attack each other. Researchers create the first AI-enabled Internet worm. Google Chrome pops-up "Shop with confidence." What... The discovered and irresponsibly disclosed HTTP/2 Bomb. What Anthropic learns from their past year of Claude abuse: It's bad Show Notes - https://www.grc.com/sn/SN-1082-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: threatlocker.com for Security Now outsystems.com/twit guardsquare.com doppel.com cyberhoot.com/securitynow

Sexyy Red - Team Lil Booty ft. Pluto Remix Travis Porter - Make It Rain

Sexyy Red - Team Lil Booty ft. Pluto Remix BossMan Dlow - Shake Dat Ass (Twerk Song)

Parce que… c'est l'épisode 0x301! Shameless plug 3 au 5 juin 2026 - SSTIC 2026 24 et 25 juin 2026 - Troopers 26 et 27 juin 2026 - leHACK 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Description Dans cet épisode, Georges Badro, consultant chez Mandiant à Paris spécialisé dans les infrastructures critiques et les systèmes industriels, explique le fonctionnement et la sécurisation des sous-stations électriques. Architecture du réseau électrique Le réseau électrique se décompose en trois zones : la génération (centrales hydrauliques, nucléaires, thermiques, renouvelables), le transport et la distribution. Le réseau de transmission permet de limiter les pertes d'énergie et surtout d'équilibrer production et consommation afin de maintenir une fréquence stable. Contrairement à un réseau d'eau, un réseau électrique exige un équilibre permanent entre ce qui est produit et ce qui est consommé, sous peine de l'endommager. Les sous-stations sont les nœuds névralgiques de ce réseau de transmission : ces grands parcs clôturés que l'on aperçoit au bord des routes centralisent et redistribuent l'électricité. On y trouve des transformateurs et des disjoncteurs, ces derniers permettant d'ouvrir ou de fermer le courant. Aujourd'hui, ces équipements ne sont plus opérés manuellement mais via du contrôle numérique : interfaces homme-machine (IHM), contrôle à distance, RTU (Remote Terminal Units servant de passerelle vers le centre de contrôle), relais de protection et de contrôle (qui lisent tension, intensité et fréquence pour automatiser des décisions), postes d'ingénierie et équipements réseau. Interconnexion croissante et surface d'attaque Badro insiste sur la disparition de l'« air gap » d'autrefois. Les sous-stations sont désormais interconnectées avec les centres de contrôle, des tiers, des partenaires, parfois directement à internet, voire avec le cloud pour la maintenance prédictive. L'architecture type comprend un réseau IT, une DMZ séparant l'IT des systèmes industriels (OT), un centre de contrôle régional ou national (avec historians, serveurs SCADA, bases de données) relié aux sous-stations via VPN ou MPLS. Chaque sous-station est configurée différemment. Certaines connexions exploitent le Powerline Communication (PLC), qui utilise les câbles électriques existants pour transmettre des paquets TCP/IP. Cette multiplication des accès distants, justifiée par la difficulté d'intervenir physiquement dans des zones rurales, augmente considérablement le risque. Les protocoles courants incluent IEC 104, DNP3 et GOOSE. Scénario d'attaque en Red Team Badro détaille l'approche Red Team de Mandiant, précisant qu'un véritable attaquant ne prendrait pas les mêmes précautions. L'attaque commence généralement par un accès initial à l'IT via phishing ou exploitation de vulnérabilités. Suit une phase de reconnaissance : énumération du domaine, recherche de documentation sur les partages réseau et wikis, fichiers de configuration aux extensions spécifiques, mots de passe en clair (notamment de VPN) et schémas d'architecture. L'accès au réseau OT s'obtient ensuite via un VPN, l'exploitation de flux autorisés au firewall, ou la compromission d'hyperviseurs hébergeant des VM IT et OT. Plutôt qu'un scan NMAP destructeur, l'équipe privilégie une reconnaissance furtive : écoute passive du trafic, analyse des adresses IP et MAC, utilisation de logiciels légitimes d'opérateurs et de scripts spécialisés (Modbus, DNP3). Les vulnérabilités exploitées sont souvent basiques : mots de passe par défaut sur interfaces web, SSH ou Telnet, parfois sur des fonctionnalités cachées utilisées par les fournisseurs et inconnues des équipes. À partir d'une IHM, l'attaquant remonte vers les relais de protection, cibles plus insidieuses permettant des dégâts coûteux. Compromissions réelles Badro compare deux attaques réelles. En Ukraine en 2015, l'attaque a démarré sur l'IT par phishing (malware Black Energy via macro), récupéré des mots de passe VPN, accédé aux IHM, RTU et switchs Moxa, puis ouvert les disjoncteurs et déployé des firmwares corrompus pour empêcher la reprise de contrôle. En Pologne en décembre 2025, l'attaque a ciblé directement l'OT en exploitant une CVE connue mais non corrigée pendant plusieurs semaines sur des firewalls exposés à internet. L'attaquant s'est étendu aux RTU, relais, IHM et convertisseurs série-Ethernet via des comptes par défaut, a lancé des scans locaux, uploadé des firmwares corrompus, supprimé des fichiers système des relais et déployé des wipers sur les IHM. Le constat marquant : malgré dix ans d'écart, les mêmes vulnérabilités basiques persistent. Si l'entrée dans les réseaux IT s'est durcie, le côté OT reste comme l'IT « d'il y a très longtemps » — peu de mots de passe robustes, peu de contrôles — par préjugé d'isolement et par des pratiques de maintenance figées. Attaques avancées et défense Au-delà de la simple ouverture d'un disjoncteur, des attaques plus subtiles ciblent la logique des relais : modifier des valeurs de déclenchement, fausser une LED, ou altérer la fonction de réenclenchement automatique. Ces manipulations restent invisibles jusqu'à une condition rare (un arbre tombant sur une ligne) et sont très difficiles à diagnostiquer sans journalisation. Côté défense, Badro recommande : changer les mots de passe par défaut (et alerter si l'ancien est réutilisé), maintenir à jour les systèmes exposés à internet, restreindre les accès SSH/HTTP à des points spécifiques, contrôler les flux PLC venant des centrales, et surtout établir une visibilité réseau et événementielle à tous les niveaux. La prévisibilité des réseaux OT facilite la définition d'une baseline et la détection d'anomalies. L'approche consiste à décomposer chaque système, comprendre les fonctions et leurs interfaces internes/externes (par exemple le GPS spoofing), puis concevoir protections et détections adaptées — en protégeant avant tout le disjoncteur, élément le plus critique. Collaborateurs Nicolas-Loïc Fortin Georges Badro Crédits Montage par Intrasecure inc Locaux réels par Google Paris

South Texas Coaches Association (STCA) All-Star boys basketball showcase game, May 16, in Floresville. Red Team defeated Blue Team, 85-75. Roster Red Team, coached by Floresville's Robert Brooks: Logan Pawlik, Floresville Sammy Rodriguez, Floresville Walker Brandon, La Vernia Ethan Dye, La Vernia Omar Abundis, Nixon-Smiley Antonio DeHoyos, Poth Koy Moczygemba, Poth Article Link

South Texas Coaches Association (STCA) All-Star girls basketball showcase game, May 16, in Floresville. Red Team defeated Blue Team, 70-50. Roster Red Team:Libby Lee, Falls CityLaynie Ruple, Falls CityAlissa Hilario, FloresvilleLacey Matney, La VerniaKatelyn Dugi, PothBerklie Urbanczyk, PothBrianna Tomerlin, Stockdale. Article Link

South Texas Coaches Association (STCA) All-Star football showcase game, May 16, in Floresville. Red Team defeated Blue Team, 28-7. Roster Red Team, coached by La Vernia's Brian Null: Floresville — Josh Beaty, Dylan Brazell, Dario Gilchrist, Raymon Gutierrez, Wesley Kotzur, Noelyn Lozano, Story Maldonado, Jett Martinez, and Daniel Schaefer La Vernia — Jackson Cooper, Bryar Crane, Caden Diaz, Hayden Dietrich, Kole Farmer, Sean Garza, Jeffery Majka, Beckett Richardson, Garrett Ristow, Remington Rohde, and Peyton Stahl Nixon-Smiley — Julian Amaya, Alan Espino, Noe Hernandez III, and Adan Zavala Poth — Jacob Clark, Antonio DeHoyos, Mason Delgado, Jaden Kotara, Major Luna, Brady... Article Link

South Texas Coaches Association (STCA) All-Star volleyball showcase game, May 16, in Floresville. Blue Team defeated Red Team, 3-1. Roster Laynie Ruple, Falls City (Red Team)Madison Harden, Floresville (Blue Team)Makenna Hertless, Floresville (Blue Team)Lyla Smith, Floresville (Blue Team)Sadie Walden, Nixon-Smiley (Blue Team)Katelyn Dugi, Poth (Blue Team)Kenzie Wiatrek, Poth (Blue Team)Adisen Magill, Stockdale (Blue Team)Brianna Tomerlin, Stockdale (Blue Team). Article Link

Hello friends! Today's a hybrid episode — some security content up top about a new certification I've kicked off, followed by an aggressively quick trip to Tangent Town. Feel free to bail after the security stuff if tangents aren't your thing! The security part: starting CARTP I've started the Certified Azure Red Team Professional course from Altered Security (enterprisesecurity.io). It's the Azure follow-up to CRTP, which I took a few years back. Quick notes: Why now: Active Directory and internal pentests will always be my first love, but more and more of our customers are shifting to hybrid or full-Azure environments. Time to get some formal training in that lane. Self-paced vs. live: They offer both. I'm past the point of giving up Saturdays to security training, so I went with the ~$500 self-paced 30-day option. You get a portal, a lab manual, and a remote Windows VM with low-priv creds into a target Azure tenancy to attack and enumerate. The catch: The lab manual is thorough on "do this, see this output" steps, but light on "and here's the wow moment hiding in line 47 of the output." With the live class, an instructor would highlight that stuff in real time. In the self-paced version, you're on your own to find the meaning in 200 lines of output. The fix: Started a Claude project that's effectively co-teaching the class with me. I paste command output and ask "what's the important bit here?" — Claude pulls out the line that matters and explains why (e.g., "this user has write access to a key vault, which means…"). Way more efficient than ALT-TABbing alone. Tools I've touched so far: ROADtools, GraphRunner, and Monkey365 (kind of a PingCastle-for-Azure that spits out a health-check report). Where I'm at: Module 4 of 40-something. Course culminates in a 24-hour exam, which I swore I'd never do again after CRTP — but James Bond and Justin Bieber both say "Never say never." Tangent Town: The Shake Shack incident. It's gross and not funny. But kind of funny. Saw (and sort of met) Calum Scott at the Fillmore in Minneapolis. Standing-room-only venue, but my wife found a clutch spot wedged between a security barrier and a support beam, perfect for our family. During an acoustic set, Calum and his band came right past us. My wife (unable to help herself) gave his shoulder a squeezy squeeze. I held out for the fist bump on his return trip to the stage — and we're basically best friends now. I highly recommend his show: very positive guy, family-friendly, genuine. Seven super-fast non-spoilery movie reviews from plane rides and hotel nights: Coherence — for smart people. I am not those people. Probably great if you can follow it. Deadstream (Netflix) — YouTuber live-streams a night in a haunted house. Surprisingly entertaining, a couple of real jump-scares. Get Away — a family vacations on a forbidden island. Goes somewhere unexpected in the third act. Hell House LLC — found-footage haunted house. A couple of genuine flinches; story was just OK. Hokum — Adam Scott as a writer at a hotel with a personal history. Creepy-crawly, goes to some dark places. Loved it. Predator: Badlands — went in expecting mind-numbing action, but I loved it! I'd give it an 8 or 9 out of 10. It had action, LOLs, and even some tender Predator moments. Going to watch it again soon. Obsession — young man buys a wish-granting trinket so a young lady will like him. It works. Then it really works. The movie slowly goes into full-on bonkers sauce mode! Satisfying but uncomfortable to watch at parts. That's it! 7MinSec.com for services, 7MinSec.club for the Substack, 7MinSec.wiki for pentest tips and scripts.

Build AI agents that meet your standards for quality, safety, and performance using Microsoft Foundry. Trace every run end-to-end, generate synthetic datasets to stress-test on demand, fire automated Red Team attacks at your own agents, and pin down why evaluations fail — all from the Microsoft Foundry control plane. Lock in guardrails that inspect every tool call at runtime, define the risks once, and enforce them across every agent run. Mohammad Abuomar, Responsible AI Principal Architect, shares how to turn a coding agent into production-ready software inside Foundry. ► QUICK LINKS: 00:00 - Microsoft Foundry control plane 00:33 - See a finished agent 02:30 - See where the agent started 03:19 - Traces 04:04 - Built-in monitoring 04:34 - Evaluation types 05:51 - Red team evaluations 07:08 - Evaluation results 08:14 - Built-in Guardrails 08:14 - Wrap up ► Link References Get everything you need in Microsoft Foundry at https://ai.azure.com ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

#Lockboss Show: Red Team Tools Explained with Deviant Ollam — Tubular Picks, Decoders, Safety Straps and MoreIf you want to understand physical security at the highest level, you go straight to the source.In this episode of the #Lockboss Show & Giveaway, PJ sits down with Deviant Ollam, penetration tester, DEF CON and Black Hat presenter, and author of Practical Lock Picking, one of the most referenced books in the physical security world. CLK Supplies is now carrying his line of Red Team Tools and this conversation goes deep into the products, the purpose behind them, and how professionals actually use them in the field.We break down:Deviant Ollam's background and his work in physical security and penetration testingWhat Red Team Tools are designed for and who uses themRTT Quick-Connect Tubular Lockpick and Impressioning HeadTubular Bitting Decoder and its real world applicationsDeadbolt Safety Strap and what vulnerabilities it addressesLever Door Handle Shroud Guard and how it works in the fieldAdditional tools from the Red Team Tools lineupThe philosophy behind building tools for real security work versus recreational useWhat locksmiths and security professionals can learn from the penetration testing worldWhether you are a locksmith, a security professional, or just deeply curious about how physical security actually works at the highest level, this episode is packed with insight you won't find anywhere else.

Parce que… c'est l'épisode 0x2FC! Shameless plug 3 au 5 juin 2026 - SSTIC 2026 24 et 25 juin 2026 - Troopers 26 et 27 juin 2026 - leHACK 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Description Dans cet épisode spécial de Polysécure consacré à Cybereco, Charles F. Hamilton présente son analyse annuelle de l'état de la menace cyber en 2026. Comme chaque année, il s'efforce de distinguer le discours marketing des vendeurs de la réalité observée sur le terrain, fort de son expérience quotidienne en tests d'intrusion offensifs. Azure et Entra ID : des failles par défaut Une large partie de la discussion porte sur l'environnement Microsoft Azure et Entra ID (anciennement Azure Active Directory). Charles souligne un problème fondamental : beaucoup d'entreprises partent du principe que « si c'est Microsoft, c'est sécurisé », ce qui crée une forme de déresponsabilisation dangereuse. En réalité, la configuration par défaut d'Azure offre très peu de visibilité — les logs et informations de sécurité essentiels sont verrouillés derrière un paywall, rendant la validation quasi impossible sans un intervenant offensif. Un exemple frappant illustre ce problème : lorsqu'une entreprise configure une politique d'accès conditionnel imposant le MFA pour toutes les applications mais ajoute une seule exception (par exemple pour un compte d'automatisation), Microsoft ajoutait silencieusement Microsoft Graph et Azure Active Directory dans les exceptions. Or, Microsoft Graph est le point d'entrée vers pratiquement tous les services cloud. Un attaquant disposant d'un identifiant et mot de passe pouvait donc s'authentifier via Microsoft Graph sans aucun MFA. Bien que Microsoft ait corrigé ce comportement récemment, toute exception créée avant le correctif reste active. Charles en découvre encore quotidiennement, ce qui pose un problème majeur — notamment pour les assureurs, dont les questionnaires de conformité ne détectent pas ces failles. Le décalage entre sécurité offensive et défensive Charles défend l'idée que la sécurité offensive a une longueur d'avance considérable sur la défensive. Les produits de sécurité défensive bloquent souvent des menaces qui datent de plusieurs années, pas celles d'aujourd'hui. Il prend l'exemple du device code phishing, une technique qu'il utilise depuis une dizaine d'années et que les attaquants malveillants commencent seulement à découvrir en 2026. Les entreprises qui ont investi dans des tests offensifs il y a cinq ou six ans sont déjà protégées ; les autres paniquent aujourd'hui. Il insiste sur la valeur du Red Team : contrairement à un scan automatisé qui produit des milliers de vulnérabilités toutes marquées « critiques », un Red Team raconte une histoire — il identifie le chemin qu'un attaquant emprunterait pour atteindre ce qui a réellement de la valeur pour l'entreprise. Charles mentionne également le score EPSS (Exploit Prediction Scoring System), encore trop méconnu, qui permet de prioriser les vulnérabilités en fonction de leur probabilité réelle d'exploitation plutôt que de leur sévérité théorique. Infostealers et ClickFix : les menaces du quotidien La conversation aborde ensuite les infostealers, des logiciels malveillants qui récupèrent les mots de passe stockés dans les navigateurs. Leur efficacité tient à leur discrétion : ils ne touchent pas aux processus surveillés par les EDR/XDR et sont donc très peu détectés. Pire, ils se propagent souvent via des installeurs gratuits pour des jeux populaires comme Roblox ou Minecraft, ciblant les enfants. Quand un parent prête son ordinateur professionnel à son enfant, les identifiants corporatifs se retrouvent compromis. Charles rapporte des chiffres vertigineux : un de ses contacts dans le domaine possède des logs provenant de 600 millions de postes uniques infectés par des infostealers. Quant aux attaques ClickFix, Charles se dit fasciné qu'elles fonctionnent, car elles demandent à l'utilisateur d'exécuter une série d'étapes complexes — copier du PowerShell dans une invite de commande, par exemple. Mais l'utilisateur moyen ne comprend tout simplement pas ce qu'il fait : les extensions de fichiers, les commandes, tout cela n'a aucun sens pour lui. Le succès du phishing repose uniquement sur l'expérience utilisateur : plus c'est simple, plus ça marche. Supply chain et cas extrêmes Charles partage des histoires marquantes de sa carrière. Il a testé la sécurité d'avions dont les interfaces pilotes tournaient sous Flash et Windows embarqué. Bien que l'avion soit physiquement déconnecté d'internet, le laptop de mise à jour, lui, y passait — ouvrant la porte à des attaques de supply chain. Il raconte aussi le cas de guichets ATM dont le système de gestion acceptait des mises à jour non signées, permettant l'injection de code malveillant. Plus récemment, il a travaillé sur des cas d'infiltration d'employés nord-coréens se faisant passer pour des développeurs. Fait surprenant : ces individus étaient de bons ingénieurs et se faisaient toujours démasquer par des anomalies humaines (incohérences de localisation), jamais par leur code. IA, vibe coding et secrets exposés L'essor du vibe coding assisté par IA aggrave un problème existant : des développeurs qui ne comprennent pas ce qu'ils produisent. Charles a trouvé plus de 124 000 résultats sur GitHub pour « remove client secret » — des commits où des développeurs retirent des secrets Azure (tenant ID, application ID, client secret) sans jamais les révoquer. Beaucoup de ces commits portent les traces caractéristiques de code généré par IA, avec des emojis dans les commentaires. Le paradoxe de l'industrie cyber En conclusion, Charles soulève un paradoxe central : on n'a jamais eu autant de produits de sécurité, de solutions et de technologies pour prévenir les brèches, et pourtant on n'a jamais eu autant de brèches. Les entreprises s'étouffent sous les abonnements coûteux et les promesses marketing, mais négligent l'hygiène de base — segmentation réseau, gestion des correctifs, inventaire des systèmes. L'industrie souffre aussi d'un manque de conséquences réelles pour les entreprises négligentes, ce qui pousse beaucoup d'entre elles à faire le strict minimum. Le vrai travail reste à faire, et il commence par les fondamentaux. Collaborateurs Nicolas-Loïc Fortin Charles F. Hamilton Crédits Montage par Intrasecure inc Locaux réels par Intrasecure inc

When Demetri Giannikopoulos was diagnosed with multiple sclerosis, his community neurologist handed him a sheet with fifty medication options and told him to pick one. That was a long time ago. Today he's the Chief Innovation Officer at RadAI, overseeing how artificial intelligence gets deployed in radiology across US health systems — and he's spent two decades learning how to navigate a healthcare apparatus that, in his words, "is not designed for sick patients." In this conversation Demetri explains why the most valuable thing AI has done for him as a patient isn't clinical — it's the 50 pages of insurance underwriting documents he fed into ChatGPT to save several thousand dollars on a plan that looked, on paper, worse. He walks through his "red team" prompting technique, the error he caught in a radiology report where legacy speech-recognition software had dropped the word "no," and why he thinks the regulatory debate around AI in healthcare should look less like drug approval and more like how we regulate nuclear power. If you want a ground-level view of what AI can and cannot do inside the American medical system, this is where to start. Additional resource with prompt tips: https://aipatients.org/ Additional resource: Scanxiety toolkit: https://edge.sitecorecloud.io/americancoldf5f-acrorgf92a-productioncb02-3650/media/ACR/Files/Clinical/Patient-Family-Centered-Care/PFCC-Scanxiety-Toolkit-Brochure-Digital-Version.pdf Full Agentic Patient series: https://www.facesofdigitalhealth.com/agentic-patient-blog Detailed summary and tips from Demetri: https://www.facesofdigitalhealth.com/agentic-patient-blog/red-teaming-your-health-plan-demetri-giannikopoulos-on-responsible-ai-the-cures-act-and-what-patients-should-actually-do 6 tips on AI use for patients: https://fodh.substack.com/p/the-agentic-patients-are-here

A new episode of the Resilient Cyber Show just dropped, and this one is a conversation I've been looking forward to for a long time.I sat down with Tanya Janca, better known to most of the AppSec world as SheHacksPurple. Tanya is the best-selling author of Alice and Bob Learn Application Security and Alice and Bob Learn Secure Coding, an OWASP Lifetime Distinguished Member, CEO of She Hacks Purple Consulting, and one of the most recognized voices in application security and developer education on the planet.The timing of this conversation is hard to overstate. The OWASP Top 10 2025 was announced at the Global AppSec Conference last year, with two new categories, Software Supply Chain Failures and Mishandling of Exceptional Conditions, and SSRF folded into Broken Access Control. Recently, Anthropic released the Claude Mythos Preview system card, documenting a model that has already found thousands of high-severity zero-day vulnerabilities autonomously, including bugs in every major operating system and web browser, and a 27-year-old vulnerability in OpenBSD.In other words, AppSec is at a hinge moment, and Tanya is exactly the right person to think out loud with about it.Here's what we get into:What the OWASP Top 10 2025 got right, what it missed, and how teams should actually use itAI-generated code, “vibe coding,” and Tanya's brand-new free prompt library for secure coding with AI assistants, SecureMyVibe.caWhat Mythos-class capabilities mean for the offense/defense asymmetry AppSec has always lived withHow AI is genuinely changing the SDLC, where it creates lift, where it creates noise, and where it creates entirely new attack surfaceArchitecting real defenses at the prompt layer, across MCP servers, and inside RAG pipelines, not just bolting content filters onto the front doorWhy developers are the new attack surface, and why a lot of what gets labeled as “supply chain attacks” lately is really a developer compromise that cascaded into the supply chainTanya's threat model, defense framework, and maturity model for protecting developers themselvesDevSec Station, Tanya's new podcast delivering 5–10 minute secure coding lessons in a format built for how developers actually consume contentWhat she'd change tomorrow about how AppSec programs are built and run if she could change just one thingThis is one of those conversations that ranges from the practical (what to do Monday morning) to the philosophical (what does it even mean to “secure software” when an AI can find more zero-days in a weekend than a Red Team finds in a year). Tanya brings the rare combination of deep technical chops, real teaching ability, and genuine warmth that makes a hard subject feel approachable.If you lead an AppSec program, write code for a living, run a security team trying to keep up with AI-assisted development, or you're just trying to figure out where this whole industry is heading, this is the episode for you.Resources from the episode:SecureMyVibeDevSec Station Podcast (Tanya's new show)She Hacks Purple ConsultingAlice and Bob Learn Application Security and Alice and Bob Learn Secure CodingOWASP Top 10 2025 — https://owasp.org/Top10/2025/Claude Mythos Preview System Card — AnthropicThanks for being here. If this episode landed for you, the best thing you can do is share it with one person on your team who'd find it useful, that's how this newsletter and show grow.

Chuck Todd unpacks a night of significant Democratic wins — starting with Virginia voters passing the controversial redistricting measure, a result that hands Democrats a meaningful victory but at what Chuck argues is a steep cost. He questions whether Democrats are trading their most valuable brand asset, being seen as "the rule followers," for a short-term partisan gain they may not need: if Democrats narrowly win the House majority thanks to redistricting, then the gamble worked — but independents, who were already souring on partisan games, aren't likely to give Democrats the benefit of the doubt going forward. He warns that Abigail Spanberger, who wanted to govern from the center but was forced into the role of a partisan warrior to get this done, may not recover politically from the episode. He then turns to Iran, where Trump has unilaterally extended the ceasefire indefinitely because he can't actually land a deal — Iran won the second round of negotiations simply by not showing up, the Chinese will eventually have to step in to pressure Tehran, and Trump is now visibly signaling desperation, meaning he'll be lucky to walk away with terms similar to what Obama negotiated years ago. He calls the war a strategic disaster worse than Iraq that will permanently taint the presidential prospects of both Marco Rubio and JD Vance, and closes with the big political picture: overall it was a terrible night for Republicans, new polling shows Democrats suddenly competitive in rural Midwestern states, all the data points to Democratic momentum heading into the midterms, the economy will be deeply unpopular by Election Day, and the only real advantage Republicans have left is money — a boon he argues is consistently overstated when the political environment is this bad for the party in power. Finally Chuck reveals his ToddCast Top 5 most overlooked races for the midterm elections and answers questions in the “Ask Chuck” segment. Thank you Wildgrain for sponsoring. Visit http://wildgrain.com/TODDCAST and use the code "TODDCAST" at checkout to receive $30 off your first box PLUS free Croissants for life! Protect your family with life insurance from Ethos. Get up to $3 million in coverage in as little as 10 minutes at https://ethos.com/chuck. Application times may vary. Rates may vary. Link in bio or go to https://getsoul.com & enter code TODDCAST for 30% off your first order. Timeline: (Timestamps may vary based on advertisements) 00:00 Chuck Todd’s introduction 01:15 Virginia voters pass redistricting measure, a big win for Democrats 03:00 Strength of Democratic party was being viewed as the “rule followers” 03:45 Democrats won’t get the benefit of the doubt with independents 04:45 There was a path to 8-3 for Dems with the original map 06:15 If Dems narrowly win the house majority, then redistricting worked 07:00 Dems are closer to winning now, but at what cost? 08:30 Spanberger wants to govern from center, but had to be a partisan warrior 10:30 Filing deadline for Virginia is FRIDAY, will we see GOP retirements? 11:00 Court case could disqualify the referendum 12:30 Florida likely to redistrict in response to Virginia 14:00 Florida redistricting makes a lot of light red districts that are vulnerable 15:30 These partisan acts will increase appetite for a third party 17:15 Abigail Spanberger may not recover politically from this 18:15 Trump can’t get Iran deal, unilaterally extends ceasefire indefinitely 19:00 Iran has won the second round of negotiations by not showing up 19:45 At some point the Chinese will put pressure on Iran to end this 20:30 Trump started a war he wasn’t prepared to finish 21:15 This war has been a strategic disaster, even worse than Iraq 22:00 Trump will be lucky to get terms similar to what Obama got 22:45 Trump is signaling to Iran that he’s desperate for a deal 24:30 The war will taint presidential chances for Rubio & Vance 25:15 Overall, it’s been a disastrous night for Republicans 26:00 We will have a very unpopular economy when the midterms arrive 26:30 New polling shows Democrats are competitive in rural midwest states 27:45 All the data shows Democratic momentum going into the midterms 28:15 The only advantage Republicans have is money 29:30 Tuesday was a really good day for team blue, and bad for team red 35:00 ToddCast Top 5 overlooked races this election cycle 36:00 #5 Florida governor 41:00 #4 Oregon governor 44:00 #3 Alabama governor 47:00 #2 Texas governor 51:30 #1 Minnesota senate 55:30 Ask Chuck 55:45 Would it be worse for Spanberger politically to lose redistricting fight? 58:15 Who in Trump’s orbit would be willing to invoke the 25th amendment? 1:02:15 Thoughts on Vance & importance of “political athleticism” for GOP in ‘28? 1:08:30 What are the long term impacts if Trump pulls out of NATO? 1:11:45 Which piece of legislation does the opposite party most misunderstand? 1:18:15 Do our elected officials actually understand China?See omnystudio.com/listener for privacy information.

WhatsApp Group Link: https://chat.whatsapp.com/Ha7kZt23xPR1RabasUGsucLinkedIn: https://www.linkedin.com/company/tamilboomi-technologies/Instagram: https://www.instagram.com/tamilboomitechnologies/?hl=enWhatsApp: +91 9619663272Website : https://www.tamilboomi.com/Email: arumugam@tamilboomi.com

Fagan Afandiyev — Elite Cybersecurity Competitor and Legendary Whitehatter No Password Required: Breakout Room: Episode 1 — Fagan Afandiyev Fagan Afandiyev is a cybersecurity student at the University of South Florida and a member of the CyberHerd competition team, known for his strategic mindset and passion for solving complex challenges. From competing in international robotics competitions to discovering cybersecurity through hands-on platforms, Fagan has built his skills through curiosity, persistence, and a love for problem solving. Fagan shares how competitions, community, and continuous learning shaped his journey into cybersecurity. He walks through his growth within USF's cyber community, and how that led to a penetration testing internship at Microsoft. He also offers insight into the mindset needed to succeed in cybersecurity, encouraging others to embrace challenges, learn through failure, and find enjoyment in the process. Follow Fagan on Linked in here: https://www.linkedin.com/in/fagan-afandi/ Presented by ThreatLocker Chapters:  00:00 Introduction to Cybersecurity Passion 3:02   Journey to Cyber Herd and University Life 06:12 Internship at Microsoft and Career Aspirations 08:59 Hackathon Experience and Community Engagement 12:39 Behind the Scenes of Cyber Competitions 14:30  Overcoming Challenges in Cyber Competitions 18:00 Gratitude and Mentorship in Cybersecurity  

In nearly a thousand episodes of Natural Born Coaches, a topic like this has never been tackled! Today, Marc is joined by Bryce Hoffman, the founder of Red Team Thinking and a former business journalist who has spent decades looking inside the world's most successful organizations, as he dives into the concept of Red Teaming, a methodology originally developed by military and intelligence agencies to stress-test strategies and navigate extreme uncertainty. In a world that feels increasingly volatile, complex, and disrupted by AI, the old way of doing things isn't just a choice; it's a liability. Bryce breaks down how coaches can use these tools to help leaders challenge their own assumptions, identify unseen threats, and surface missed opportunities that others are walking right past, plus much more. Bryce is hosting a Red Team Coaching Bootcamp next Monday, April 27th at 12 PM EST. Listeners will learn foundational tools like Think-Write-Share and the Six Strategic Questions to help clients navigate complexity with clarity, and you can claim your spots now at https://www.naturalborncoaches.com/redteamcoaching!  What You'll Hear In This Episode: Defining the concept of red teaming within a business context and how deliberate challenge can actually strengthen an organization's strategy. A look at the massive shifts in the coaching industry over the last few years and the disruptive impact of a "VUCA world". How coaches can help leaders establish their unique value and build cognitive resilience in a market flooded with low-cost alternatives. The one critical limitation of AI and why this is important for coaches to understand. Practical steps for applying red team thinking to your own coaching business by focusing on the three Cs: Clarity, Capability, and Culture. A sneak peek at the upcoming Red Team Coaching Bootcamp and the two foundational tools that mine the hidden wisdom already existing within an organization. LINKS:  Register for Bryce's Red Team Bootcamp (Happening Next Monday, April 27th, 2026)!  Bryce's Website, Podcast & Book  Red Team Thinking's Website Need help launching a podcast or editing your current show? This podcast is proudly sponsored, edited and produced by PodAssist. Visit their website below for more info!  http://www.podassist.com Book a no-obligation 1:1 strategy call with Marc for your coaching business: http://www.chatwithmarcm.com   If you'd like more coaching clients without sending cold messages or spending money on ads, the Natural Born Coach Program is for you. Get the details here! http://www.nbcprogram.com Join The Coaching Jungle Facebook Group! http://www.thecoachingjungle.com   Become a Coaching Jungle VIP member which includes special posting perks in the group to reach almost 30,000 potential clients! http://www.myjunglevip.com   Grow your business with The Coaching Jungle Mastermind! http://www.coachingjunglemastermind.com If you have a product or service that helps coaches, and you'd like to get it in front of 100,000 of them: http://www.jvwithmarc.com

In this episode of Friday Focus, Malachi sits down with Levi Gillespie, this summer's Red Team leader, for a behind-the-scenes look at his heart, his story, and his excitement for the months ahead. Levi shares his personal salvation testimony, giving listeners a glimpse of how the Lord worked in his life and led him to where he is today. From his journey to Southland to the key moments that shaped his faith, this conversation highlights God's guiding hand and faithfulness.The episode also turns toward the future as Levi talks about what he's most looking forward to this summer. He reveals the Red Team theme, shares his vision for team unity and spiritual growth, and even gives a preview of some of the cheers he's most excited about. Whether you're a camper, staff member, or just someone who loves hearing how God is working in lives, this episode will encourage you and build anticipation for an impactful summer.

Tim Powers fills in for Vassy Kapelos, as Sarnia MP Marilyn Gladu becomes the fourth Conservative MP to join Mark Carney's Liberals. It comes less than a week before a trio of pivotal byelections, which now means the Red Team needs a singular win to secure a majority. Joining us to dissect the potential implications of today's floor-crossing are CTV Ottawa Bureau Chief Graham Richardson, CTV political analyst Scott Reid, and Abacus Data CEO David Coletto. On today's show: Retired Major-General David Fraser discusses what we know, and what we don't know, about the Iran ceasefire deal. New numbers from the CFIB find that 50% of small business owners are worried about rising crime, and how it could impact their employees. The Daily Debrief Panel - featuring Laura D'Angelo, Jeff Rutledge, and Stephanie Levitz. W5's Jon Woodward has a preview of a CTV exclusive investigation: How multiple Canadian women found out they are married to the same man.

The security industry has spent years debating which tools to buy. Impetum is asking a different question: are the tools you already have actually working? Founded by incident responders who saw the same failures across hundreds of breaches, Impetum built the Persistent Purple Team platform to simulate advanced threat actors inside customer environments on a continuous monthly basis -- not as a one-time engagement, but as an ongoing relationship built around real data, custom TTPs, and a measurable Threat Resilience Score. Matt Stewart and Alex Grohmann spoke with Sean Martin and Marco Ciappelli at RSAC Conference 2026 about what they are hearing on the show floor: agentic AI is accelerating the speed of compromise and exposing vulnerabilities in legacy systems that have been dormant for decades. Against that backdrop, the value of knowing -- not assuming -- that your detection and response capabilities hold up becomes critical. The platform builds that knowledge through live-fire exercises using an organization's own data, validating patch management, XDR, SIEM tuning, and post-compromise detection in a way no annual pen test can. The conversation also touched on the structural talent problem agentic AI is creating inside SOCs. As AI fills the level one analyst role, the pipeline for developing level two analysts and incident responders is narrowing. Impetum sees persistent purple teaming as the training ground that closes that gap -- giving existing teams the repeated, realistic practice they need to respond with confidence when an actual breach begins. Impetum targets mid-size organizations that have the right security tools but lack the budget, bandwidth, and access to industry events to keep those tools continuously validated against evolving attack paths. For those teams, the platform delivers something an annual report cannot: a documented, ongoing record of what works, what does not, and where the program is heading. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Matt Stewart, Co-Founder, Impetum Alex Grohmann, Co-Founder, Impetum LinkedIn: https://www.linkedin.com/in/alexandergrohmann/ RESOURCES Impetum / Persistent Purple Team: https://www.persistentpurpleteam.com ITSPmagazine RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac-2026-conference-san-francisco-usa-cybersecurity-event-infosec-conference-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Matt Stewart, Alex Grohmann, Impetum, Persistent Purple Team, Remedium Security, Sean Martin, RSAC Conference 2026, brand spotlight, brand story, brand marketing, marketing podcast, purple teaming, continuous security validation, threat resilience, CISO, security operations, SOC, red team, blue team, incident response, agentic AI, MITRE ATT&CK, penetration testing, cybersecurity Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

What if the very tools designed to save you time are actually costing you your authority? In a world where answer engines are rapidly replacing traditional search, how do you ensure your human voice doesn't get lost in the machine-generated noise? In this episode, leadership mindset and business strategist Beverly JoLynn joins Marc to discuss the critical balance of staying human in the age of AI. From her early days as an early adopter of automation to her current mission of protecting the human presence advantage, Beverly shares how coaches can use AI as a high-powered research and accountability partner without surrendering their unique personality or creative sovereignty, and so much more. What You'll Hear In This Episode: The evolution from SEO to AEO and why coaches need to focus on optimizing for answer engines right now. The hidden dangers of passing your authority and creative sovereignty over to a machine instead of using it as a directed tool. Beverly's advice on how to preserve your unique human personality in an era of AI-generated content. Key high-value AI tasks for coaches, including analyzing meeting transcripts to identify personal growth areas and more. What Beverly's "BAM List" entails and how she uses AI as a digital accountability partner. The critical importance of staying active with problem-solving and creativity to prevent the loss of critical neural pathways. What the "Red Team" strategy for business planning looks like and how coaches can use specific AI prompts to implement it. A look at The Human Presence Advantage and something Beverly is doing to cut through the digital noise and foster deeper human connection. LINKS Beverly's Website Her Facebook & LinkedIn  ChatGPT Made Him Delusional (Psychology Today)  ChatGPT May Be Eroding Critical Thinking Skills, According to a New MIT Study (Time)   Need help launching a podcast or editing your current show? This podcast is proudly sponsored, edited and produced by PodAssist. Visit their website below for more info!  http://www.podassist.com Book a no-obligation 1:1 strategy call with Marc for your coaching business: http://www.chatwithmarcm.com If you'd like more coaching clients without sending cold messages or spending money on ads, the Natural Born Coach Program is for you. Get the details here! http://www.nbcprogram.com Join The Coaching Jungle Facebook Group! http://www.thecoachingjungle.com   Become a Coaching Jungle VIP member which includes special posting perks in the group to reach almost 30,000 potential clients! http://www.myjunglevip.com Grow your business with The Coaching Jungle Mastermind! http://www.coachingjunglemastermind.com If you have a product or service that helps coaches, and you'd like to get it in front of 100,000 of them: http://www.jvwithmarc.com

One batch file flatlined an entire school district's network. That was 1994, in a town so small you could drive fifteen minutes and see nothing but the curvature of the earth. By sixteen he was building one of Wyoming's first ISPs, and by 1996 he had already founded a Red Team. Then came twenty three years as a DEF CON goon, followed by an offensive security practice that scaled to 132 pen testers and nearly forty million dollars a year. He has breached security inside Ferrari dealerships, biolabs, and financial trading floors. If it had a lock, a network, a password, or a perimeter, Pyr0 found a way through it. Now he lives off grid in the mountains of Northern Colorado, running ham radio on solar, raising chickens, and still pulling sixty hour weeks breaking into things that were never supposed to be breakable. And this year, he's building something new. A conference on the beach at Carolina Beach, NC that is dedicated to preserving the stories and the history of hacking before they're lost to time.TIMESTAMPS00:00 Introduction and Background09:44 Life Off-Grid: The Journey19:10 Introducing naclcon: A Community-Driven Conference26:55 Conference Planning and Logistics32:10 Badge Life and Unique Experiences37:03 Celebrating Hacker Culture and History39:04 Organizational Challenges and Insights42:00 Creating a Unique Conference Experience47:12 The Vision for a Cybersecurity BarLINKS[NaClCon Official Website] – https://naclcon.com Main website for NaClCon where users can register, book accommodations, and access full event details.[NaC Con Contact Email] – mailto:info@naclcon.com Official support email for inquiries about the conference, including registration and partnerships.[Pyr0 (Luke McOmie) Email] – mailto:pyr0303@gmail.com Direct contact for sponsorships, collaborations, and communication with the event organizer.[Fat Pelican – Carolina Beach] – https://fatpelican.com – Iconic dive bar on the Carolina Beach boardwalk highlighted as a must-visit during NaClCon.[Red Helm] – https://redhelm.com – Pyr0's company where he serves as VP of Offensive Security.[DEFCON] – https://defcon.org – The world's largest hacking conference where Pyr0 spent 23 years as a senior goon and founded SkyTalks.[SkyTalks at DEFCON] – https://skytalks.info – The off-the-record talk track at DEFCON founded by Pyr0.[Dual Core] – https://dualcoremusic.com – Nerdcore hip-hop artist performing live at NaClCon's Concert at Sea.

Madhav Nakar — AI Security Researcher and Documentarian of Spirituality and Play   No Password Required Season 7: Episode 3 - Madhav Nakar   Madhav Nakar is a Security Researcher at BeyondTrust specializing in identity threats, endpoint security, and cloud attack paths. With a background in theoretical mathematics, his current research focuses on analyzing attacker behavior to build practical systems of detection.   In this episode, Madhav shares the pivotal moments that shaped his career, including his first experience witnessing a nation-state attack unfold in real time from his seat in a SOC. He explains how mathematical thinking sharpens security strategy and why strong research is rooted in exploration, not predetermined outcomes.   Jack Clabby of Carlton Fields, joined by co-host Kayley Melton of the Cognitive Security Institute, welcomes Madhav for a conversation on modern cyber defense. From AI-driven attacks and agentic systems to privilege escalation risks in role-based access environments, Madhav breaks down what teams are getting wrong about AI and why defending against AI increasingly requires AI-powered tools.   The conversation turns to Madhav's philosophy of “serious play,” where curiosity, experimentation, and failure fuel better research and resilience. He also shares insights from his spiritual and philosophy project, The Fire of Knowing, exploring consciousness and belief through a neutral lens.   In the Lifestyle Polygraph, Madhav pitches a cybersecurity documentary, debates growth versus comfort, and reflects public dancing experiments.  Follow Madhav Nakar here: https://www.linkedin.com/in/madhav-nakar/ Follow "The Fire of Knowing" on Instagram and Youtube!  CHAPTERS:  00:00 Introduction with Kayley and Jack 08:08 Transition from Theoretical Math to Cybersecurity 16:13 Exploring Spiritual Traditions and Madhav's Documentary 19:48 The Intersection of Art and Science in Content Creation 25:20 The Lifestyle Polygraph: Challenging Perspectives on Security

In this video, we dive into a real-world Red Team vs. Blue Team scenario. We simulate a cyberattack on a Finance Application that has integrated a new LLM Chatbot. You'll see firsthand how attackers use Prompt Injection to bypass standard rules, how they move laterally through Kubernetes clusters, and how they attempt to execute Zero Day exploits. More importantly, we show you how to defend against it. Using Cisco's Hybrid Mesh Firewall, AI Defense, and Secure Workload, we demonstrate how to: 1. Detect & Block Prompt Injections: safeguarding your LLMs from manipulation. 2. Secure Kubernetes: using micro-segmentation to isolate threats in the cloud. 3. Inspect Encrypted Traffic: utilizing the Encrypted Visibility Engine (EVE) to spot malware in TLS flows without decryption. Whether you are a Network Engineer, Security Analyst, or just interested in how AI is changing the cybersecurity landscape, this demo is packed with practical insights Big thank you to Cisco for sponsoring my trip to Cisco Live Amsterdam. // Ant Ducker SOCIALS // LinkedIn: / ant-ducker-0052801 YouTube channel dCloud: / @ciscodcloud // Website REFERENCE // Cisco Security Cloud control: https://sign-on.security.cisco.com/ Cisco.com: https://www.cisco.com/site/us/en/solu... // YouTube Video REFERENCE // Rick Miles' video will be linked at a later stage once published. / David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 01:29 - Intro 02:20 - Demo Overview 03:57 - Demo Begins 09:35 - Adding Guardrails 11:45 - Secure Workloads 14:30 - Segmentation Workflow 18:33 - Overviewing Finance App 21:02 - Encrypted Visibility Engine 24:34 - Firewall Obversability and Control 25:44 - Ant's Advice For The Youth 26:40 - How to Learn Hybrid Mesh Firewall 28:16 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cisco #ciscolive #ciscoemea

In this video David speaks to Peter Bailey (SVP and GM of Cisco's Security business). AI agents are moving fast inside enterprises, and CISOs are hitting the brakes for one reason: the attack surface is expanding at machine speed. In this interview, we break down how agentic AI changes security, why MCP servers and agent tool access create new risks, and what a zero trust approach looks like when the “user” is a non-deterministic agent. We cover real-world problems like shadow MCP servers, agents touching sensitive systems and PII, and why traditional perimeter controls and firewalls are not enough when traffic is encrypted and actions happen too quickly downstream. You'll also hear what Cisco is doing across the AI lifecycle: AI Defense for model scanning, provenance and guardrails, plus new protections focused on agent identity, dynamic authorization, behavior monitoring, and revocation. On the networking side, we discuss how SD-WAN and secure access (SASE) can add visibility and policy control for AI usage, including prioritizing latency-sensitive AI traffic while still enforcing security. If you're a security engineer, network engineer, or CISO trying to move from AI hype to safe deployment, this video gives you a practical mental model and the controls to start building now. Big thank you to ‪@Cisco‬ for sponsoring this video and for sponsoring my trip to Cisco Live Amesterdam. // Peter Baily' SOCIALS // LinkedIn: / peterhbailey Guest Bio: https://newsroom.cisco.com/c/r/newsro... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:30 - Introduction 01:15 - CISOs Problems with AI 02:35 - Real Issues with AI Agents 04:29 - Growth of the Attack Surface 05:34 - Concern of Poisoned AI and MCP 08:09 - What is the Kill-chain 10:16 - AI with Built-in Security 11:56 - Best Practises for AI Security 14:08 - Cisco Innovations for AI 16:48 - Cisco's Red Team for own AI 18:27 - Secure AI in Public Places 20:09 - Should You get into Cyber Security 21:26 - Advice To Your Younger Self 22:29 - Outro Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cisco #ciscoemea #ciscolive

There's a particular kind of clarity you get when you talk to someone who spends their days breaking into things for a living. Not with malice — with purpose. John Steigerwald, known to most in the industry simply as "Stigs," co-founded White Knight Labs in 2016 with a mission that sounds almost disarmingly simple: build the best penetration testing team anyone has ever seen, and actually deliver results. Nearly a decade later, the company has grown to 40 people, gone international, and is busier than ever. The question worth asking is: why?The uncomfortable answer, according to Stigs, is that the fundamental problems haven't changed. At all."Honestly, it's still 2015," he said during our most recent conversation on ITSPmagazine's Brand Story series. Not as a metaphor. As a diagnosis. The same misconfigurations, the same weak identity policies, the same unlocked back doors that red teamers were exploiting a decade ago are still wide open today. The apps built in a COVID-era frenzy — pushed out fast, tested never — are now running critical business infrastructure. And the organizations using them are only finding out when something breaks.What's changed is the surface area. Cloud, AI, Microsoft 365, vibe-coded production apps — each new layer of technology gets adopted at speed, and each one arrives carrying the same original sin: no one turned on the basics. Stigs used Microsoft 365 as a pointed example. Millions of businesses are running on it with DMARC turned off, default configurations untouched, Copilot layered on top, and not a single CIS Benchmark policy applied. "Every client is vulnerable," he said. "Not just 10% of clients. Every client."That's a striking statement. It's also, if you've been paying attention to breach headlines, not a surprising one.The AI angle adds a new and almost darkly comedic wrinkle. Vibe coding — the practice of using AI tools like Cursor or Claude to generate production-ready code at speed — has given entry-level developers intermediate-level output. Which sounds great, until you realize that the AI models many of them leaned on were trained on outdated, sometimes vulnerable data. Stigs described visiting multiple clients with nearly identical security weaknesses, all tracing back to the same ChatGPT-generated setup instructions. "You and your neighbor did the same thing," he told one client. That's not just a funny anecdote. It's a warning about what happens when an entire industry bootstraps its infrastructure from the same flawed source.And yet, Stigs isn't anti-AI. He uses it every day. He just sees it with the clarity of someone who also finds the holes it leaves behind. His prediction for the near future: a massive wave of secure code review requests, as companies start reckoning with the vibe-coded backlog they've been quietly accumulating. AppSec is about to have a very good year.Looking forward, White Knight Labs is watching the growing intersection of private sector expertise and government infrastructure testing with particular interest. Critical infrastructure in America, long overdue for rigorous physical and embedded testing, is starting to receive that attention. Stigs and his team are already in the room.What makes White Knight Labs different isn't just technical skill — it's the ability to communicate what they find in language that actually lands. In an industry full of reports that gather dust, that matters. The best penetration test in the world is useless if no one acts on it.The door is open. It's been open for years. The question is who you call to finally lock it.To learn more about White Knight Labs, visit their website or reach out directly. Listen to the full conversation on ITSPmagazine.GUESTJohn StigerwaltFounder at White Knight Labs | Red Team Operations Leaderhttps://www.linkedin.com/in/john-stigerwalt-90a9b4110/RESOURCESWhite Knight Labs:  https://whiteknightlabs.com_____________________________________________________________Are you interested in telling your story?▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

How have large language models impacted hacking? Richard talks to Erica Burgess about her experiences using LLMs for red team hacking, collecting bug bounties, and identifying vulnerabilities in systems. Erica discusses the power of LLMs to generate a variety of viewpoints on a potential exploit and help the hacker think "out of the box." Coordinating multiple agents to attempt a variety of exploits, retrieve information, and otherwise deal with the drudgery parts of hacking means a skilled operator can move faster - what once would be days of work can be minutes. Where does AI in hacking go? Lots of scary places - but also pointing the way to new ways to protect systems!LinksBurninator SecRecorded January 24, 2026

Cisco just announced massive changes for 2026, including free AI training, a new Ethical Hacking certificate, and the return of the Wireless track. In this video, I sit down with Ryan and Lacey from Cisco to break down the biggest updates to the certification portfolio since 2020. Whether you are looking to break into Red Teaming with the new Ethical Hacker track, recertify your CCNA/CCNP using free CE credits, or master the new AI infrastructure, this guide covers everything you need to know to level up your career for free. What's Inside: • Free AI Training: How to get 16+ CE credits through the new RevUp program. • Ethical Hacking: Details on the new "Red Team" certificate and where to find the free course. • Wireless is Back: The return of the CCNP and CCIE Wireless tracks. • Cybersecurity Overhaul: CyberOps is evolving into CCNA/CCNP Cybersecurity. • Recertification Hack: How to use these free courses to renew your existing certifications without paying for exams. Big thank you to Cisco for sponsoring my trip to Cisco Live Amsterdam // FREE courses // Cisco AI Technical Practitioner | AITECH: https://u.cisco.com/paths/cisco-ai-te... Cisco AI Business Practitioner | AIBIZ: https://u.cisco.com/paths/cisco-ai-bu... Free Ethical Hacking Course: https://www.cisco.com/site/us/en/lear... Understanding Cisco Network Automation Essentials (DEVNAE): https://learningnetwork.cisco.com/s/f... Blog entry about Rev Up: https://learningnetwork.cisco.com/s/q... // Other courses - NOT free // Cisco Silicon One for AI Networking | DCSOAI: https://u.cisco.com/paths/cisco-silic... Enhancing Cisco Security Solutions with Splunk | ECSS: https://u.cisco.com/paths/cisco-splun... Cisco Silicon One for AI Networking | DCSOAI: https://u.cisco.com/paths/enhancing-c... CCNA Automation: https://www.cisco.com/site/us/en/lear... Programming for Network Engineers | PRNE: https://u.cisco.com/paths/programming... // Ryan Rose's SOCIAL // LinkedIn: / ryanrose3 Cisco Blogs: https://blogs.cisco.com/author/ryanrose X: https://x.com/RyanRose // Lacey Senko SOCIAL // LinkedIn: / laceycsenko // Websites and YouTube Channel links // Career Map / Path: https://www.cisco.com/c/dam/en_us/tra... Learn Cisco: / @ciscoutube Cisco U: https://u.cisco.com/ Cisco Networking Academy: https://www.cisco.com/site/us/en/lear... Cisco Learning Network: https://learningnetwork.cisco.com/s/ Netacad: https://www.netacad.com Cisco Learning Community: https://learningnetwork.cisco.com/s/ Free Ethical Hacking Course: https://www.cisco.com/site/us/en/lear... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming Up 0:36 - Introduction 0:48 - Rev Up Updates 02:36 - What are CE Credits? 03:27 - Cisco Learning Network Community 06:14 - How Cisco CCNA Changes Lives 07:06 - Cisco Live Announcements Training 12:04 - Navigating Cisco Learning Network Site 14:25 - CiscoU Free Account 14:49 - Cyber & AI Security Learning Track 17:16 - Ethical Hacker Certificate 19:16 - Everything under the Learn with Cisco Brand 21:20 - Passing of Knowledge through Cisco 23:13 - Where Does a Person Start? 24:35 - Parting Words Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cisco #ciscolive #ciscoemea

Matthew 28:18-20 | Mark Vance, Cornerstone Church

Larry Sharpe returns to dismantle the NY GOP's culture of losing with a fusion voting strategy that weaponizes state matching funds to eliminate property taxes and bring nuclear power to the Empire State. Larry Sharpe, candidate for New York Governor, joins Brian Nichols to reveal his "Fusion Voting" strategy to break the Democrat stronghold and why the NY GOP's "weak resistance" results in a 24-year losing streak. Larry explains how running on the Republican, Conservative, and Libertarian lines simultaneously allows him to bypass the "spoiler" effect while weaponizing New York's matching funds system to finance a liberty-focused revolution. He breaks down the failure of the current establishment to address the exodus of residents and details why the "Red Team, Blue Team" mindset is destroying the Empire State. We expose the reality of New York's broken political machine and how Larry plans to use a Sovereign Wealth Fund to eliminate school property taxes overnight. You need to hear this blueprint for decentralizing education, rejecting federal funding to fire bloat-heavy administrators, and empowering local communities with 50% ownership of new nuclear power plants. This isn't just a campaign speech; it's a tactical guide on how to dismantle a one-party state from the inside out using actual policy solutions rather than empty rhetoric. Chapters: 0:00 - Intro 2:47 - The 24-Year GOP Losing Streak 4:33 - Fusion Voting Explained 6:22 - Exploiting State Matching Funds 9:00 - The "Tipping Point" for Victory 11:06 - Why Elise Stefanik Refused to Run 14:49 - Gov. Hochul: "Get on a Bus to Florida" 16:02 - The GOP Establishment Hates Me 22:30 - The Sovereign Fund Solution 23:32 - Eliminating School Property Taxes 26:12 - Nuclear Power & Local Ownership 31:38 - The "One in Six" Voter Problem 35:36 - Politicians Stealing Larry's Ideas 36:40 - How to Help (Volunteer & Donate) Studio Sponsor: Cardio Miracle - "Unlock the secret to a healthier heart, increased energy levels, and transform your cardiovascular fitness like never before.": CardioMiracle.com/TBNS Links Section Larry Sharpe's Website & Volunteer: larrysharpe.com ❤️ Order Cardio Miracle (CardioMiracle.com/TBNS) for 15% off and take a step towards better heart health and overall well-being!

Larry Sharpe returns to dismantle the NY GOP's culture of losing with a fusion voting strategy that weaponizes state matching funds to eliminate property taxes and bring nuclear power to the Empire State. Larry Sharpe, candidate for New York Governor, joins Brian Nichols to reveal his "Fusion Voting" strategy to break the Democrat stronghold and why the NY GOP's "weak resistance" results in a 24-year losing streak. Larry explains how running on the Republican, Conservative, and Libertarian lines simultaneously allows him to bypass the "spoiler" effect while weaponizing New York's matching funds system to finance a liberty-focused revolution. He breaks down the failure of the current establishment to address the exodus of residents and details why the "Red Team, Blue Team" mindset is destroying the Empire State. We expose the reality of New York's broken political machine and how Larry plans to use a Sovereign Wealth Fund to eliminate school property taxes overnight. You need to hear this blueprint for decentralizing education, rejecting federal funding to fire bloat-heavy administrators, and empowering local communities with 50% ownership of new nuclear power plants. This isn't just a campaign speech; it's a tactical guide on how to dismantle a one-party state from the inside out using actual policy solutions rather than empty rhetoric. Chapters: 0:00 - Intro 2:47 - The 24-Year GOP Losing Streak 4:33 - Fusion Voting Explained 6:22 - Exploiting State Matching Funds 9:00 - The "Tipping Point" for Victory 11:06 - Why Elise Stefanik Refused to Run 14:49 - Gov. Hochul: "Get on a Bus to Florida" 16:02 - The GOP Establishment Hates Me 22:30 - The Sovereign Fund Solution 23:32 - Eliminating School Property Taxes 26:12 - Nuclear Power & Local Ownership 31:38 - The "One in Six" Voter Problem 35:36 - Politicians Stealing Larry's Ideas 36:40 - How to Help (Volunteer & Donate) Studio Sponsor: Cardio Miracle - "Unlock the secret to a healthier heart, increased energy levels, and transform your cardiovascular fitness like never before.": CardioMiracle.com/TBNS Links Section Larry Sharpe's Website & Volunteer: larrysharpe.com ❤️ Order Cardio Miracle (CardioMiracle.com/TBNS) for 15% off and take a step towards better heart health and overall well-being!

Send a textThe Traitors-One Traitor StandingThe Traitors – Season 4, Episode 8: The Queen Never Comes Off Her ThronePodcast SummaryThis episode is pure psychological warfare—and the walls officially close in on the traitors.We start in the turret after Lisa's banishment. Rob admits he feels bad personally, but strategically she had to go. Alan drops a major twist: Rob and Candace can either murder a faithful as usual or recruit a new traitor immediately. After debating the risks, they choose to stay a duo—no new blood, no extra liability.They debate murder targets, with Candace floating several names. Despite hesitation, Colton ultimately becomes the victim.At breakfast, suspicion explodes. Colton's final words—hinting that Candace might be a traitor—spread fast. Candace tries to flip the narrative by encouraging players to look at people they've never suspected, subtly steering heat toward Rob. Meanwhile, Rob quietly lets it be known that Colton suspected Candace, planting seeds everywhere.The gallery challenge only deepens divisions. The Red Team dominates, while the Green Team repeatedly fails. Trust lines harden, shields are taken, and alliances quietly solidify.As conversations spiral, Candace realizes her name is everywhere. She confronts Rob directly, accusing him of manipulating Colton and playing snake-like. Rob insists it's just gameplay, but Candace warns him: if she goes down, she's taking him with her.At the round table, everything unravels. Candace's throwaway vote from the night before becomes the smoking gun. Her shifting suspicions, Rob's “nervous” breakfast behavior, and Lisa's gold allegedly ending up with Stephen all get dissected. Candace tries to explain her strategy, but the room has turned.The votes are nearly unanimous.Candace is banished—and in a dramatic reveal, admits she was a traitor. That makes two traitors banished in two nights, leaving Rob as the sole survivor in the turret.But there's no victory lap. Alan delivers the final blow: Rob must recruit a new traitor immediately. Rob chooses Eric, revealing himself and setting the stage for an entirely new power dynamic heading into the next episode.Cold. Calculated. And far from over.Support the showhttps://www.wewinewhenever.com/

Larry Sharpe, candidate for New York Governor, joins Brian Nichols to reveal his "Fusion Voting" strategy to break the Democrat stronghold and why the NY GOP's "weak resistance" results in a 24-year losing streak. Larry explains how running on the Republican, Conservative, and Libertarian lines simultaneously allows him to bypass the "spoiler" effect while weaponizing New York's matching funds system to finance a liberty-focused revolution. He breaks down the failure of the current establishment to address the exodus of residents and details why the "Red Team, Blue Team" mindset is destroying the Empire State. We expose the reality of New York's broken political machine and how Larry plans to use a Sovereign Wealth Fund to eliminate school property taxes overnight. You need to hear this blueprint for decentralizing education, rejecting federal funding to fire bloat-heavy administrators, and empowering local communities with 50% ownership of new nuclear power plants. This isn't just a campaign speech; it's a tactical guide on how to dismantle a one-party state from the inside out using actual policy solutions rather than empty rhetoric. Chapters: 0:00 - Intro 2:47 - The 24-Year GOP Losing Streak 4:33 - Fusion Voting Explained 6:22 - Exploiting State Matching Funds 9:00 - The "Tipping Point" for Victory 11:06 - Why Elise Stefanik Refused to Run 14:49 - Gov. Hochul: "Get on a Bus to Florida" 16:02 - The GOP Establishment Hates Me 22:30 - The Sovereign Fund Solution 23:32 - Eliminating School Property Taxes 26:12 - Nuclear Power & Local Ownership 31:38 - The "One in Six" Voter Problem 35:36 - Politicians Stealing Larry's Ideas 36:40 - How to Help (Volunteer & Donate) Studio Sponsor: Cardio Miracle - "Unlock the secret to a healthier heart, increased energy levels, and transform your cardiovascular fitness like never before.": CardioMiracle.com/TBNS Links Section Larry Sharpe's Website & Volunteer: larrysharpe.com ❤️ Order Cardio Miracle (CardioMiracle.com/TBNS) for 15% off and take a step towards better heart health and overall well-being!

Frontier Fiber any good? EU is looking for “on-Prem” Data Centers vs a US Public Cloud. Open Source Excel - Libre Office, My computer upgraded itself now I need to upgrade the driver, Waymo hitting kids and other cars…., CISA defense chief “accidentally” uploaded government info into ChatGPT, Old HP Laptop updated and now my battery no longer works, How to configure OpenDNS on Win 11, iphone 11's what do I do? Iowa Sheriff costs the county $600,000.00 for defaming Red-Team hackers for doing their job.

Recorded for release New Years Eve 2025 It's time for the twenty twenty five Milk Bar end of year Quiz! Your Quizmaster is Jason Forrest and Sound engineer Andy Walters. On the Green Team , charlotte Webb, Kelly Jeffs, Joanne Till and Bob Gessey. On the Red Team, Chris Congreave, Alex Fletcher, Rod Bissit and Chris Allen. Music between rounds from Bob Gessey. Recorded at WCR.

Send us a textWe trace a winding path from offshore rigs to elite red team ops and into subsea data centers, using one sewer-side breach as the spark for a new way to secure and scale compute. Along the way we unpack social engineering basics, the blue vs red culture clash, and whether AI is building features or changing outcomes.• junk folders, platform fatigue, and curated personas • kids chasing influence and the low barrier to entry • leaving school early, offshore work, and non-linear careers • social engineering as ordinary behavior with intent • red team vs blue team dynamics and trust • the sewer break-in that birthed an idea • how subsea data centers plug into power and fiber • threat models at sea and nation-state realities • latency wins for gaming, streaming, fintech, telehealth • AI hype, thin moats, and the need for stack controlFind Maxi: most active on LinkedIn; launching an AI security blog and weekly newsletter at maxirynolds.comSupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

In this episode of 'Cybersecurity Today,' host Jim Love covers multiple pressing topics: CloudFlare's major outage affecting services like OpenAI and Discord, Microsoft's new AI feature in Windows 11 and its potential malware risks, a new red team tool that exploits cloud-based EDR systems, and a new tactic using calendar invites as a stealth attack vector. Additionally, a critical SAP vulnerability scoring a perfect 10 on the CVSS scale is discussed alongside a peculiar event where Anthropic's AI mistakenly tried to report a cybercrime to the FBI. The episode wraps up with a mention of the book 'Alyssa, A Tale of Quantum Kisses' and a thank you to Meter for sponsoring the podcast. Tune in for essential cybersecurity insights. 00:00 Introduction and Sponsor Message 00:22 CloudFlare Outage Causes Major Disruptions 02:55 Microsoft's New AI Features and Malware Risks 05:22 Silent but Deadly: New Red Team Tool 07:39 Calendar Invites as a Stealth Attack Vector 10:04 Critical SAP Vulnerability 12:11 Anthropic's AI and the FBI Incident 14:06 Conclusion and Final Thoughts

What if your security team is playing defense while hackers play offense 24/7? Foster Davis, former Navy cyber warfare officer and founder of BreachBits, breaks down why traditional penetration tests become obsolete in weeks—and how continuous red teaming changes the game. From hunting pirates in the Indian Ocean to defending critical infrastructure, Foster shares hard-earned lessons about adversarial thinking, operational risk management, and why the junior person in the room might spot your biggest vulnerability. What You'll Learn: Why red teaming creates psychological advantages penetration testing can't match How operational risk management translates technical findings into executive action The real cost of point-in-time security assessments (hint: ask St. Paul, Minnesota) Military-grade frameworks for continuous threat simulation in civilian organizations Why attackers operate 365 days a year—but most organizations test once Don't let your organization become another headline. Security teams need to think like attackers, not just defenders. Subscribe for more conversations that challenge conventional cybersecurity thinking. #RedTeam #CybersecurityStrategy #PenetrationTesting #MilitaryCyber #ThreatHunting #InfoSec 

Red Teaming 101: understand your target before you attack. On this episode, we invited two heavy hitters, Principal Security Consultants Hans Lakhan and Oddvar Moe on the show to talk about Red Team operations. We discuss footprinting and reconnaissance techniques including identifying a target's online presence, the tools and methods used for reconnaissance, and social engineering. Listen as we walk through how we map the digital terrain before a red team engagement! About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the infosec topics that interest them the most. Find more cybersecurity resources on our website at https://trustedsec.com/resources. Red teaming services: https://trustedsec.com/services/red-teaming

In this week's Frankly, Nate considers the ways in which our social species overvalues false-confidence rather than the more honest and inquisitive response of “I don't know.” He invites us to consider the science behind this cultural bias towards certainty: from our biological response from the stress of “not knowing” to the reinforcing effects of motivated reasoning that ensnares even the smartest among us (especially the smartest among us). Overconfidence and the desire for quick answers have been the root cause of many of humanity's disasters, from the space shuttle Challenger explosion to the Deep Water Horizon oil spill to the subprime housing bubble. And now, the exponential growth and integration of Artificial Intelligence is hyper-fueling this risk, as AI mirrors the human aversion to uncertainty through “hallucinations”. As some AI companies are now considering penalizing over-confident answers in favor of “I don't know”, perhaps humans could learn to do the same for ourselves. How often do you say. "I don't know"?  In what ways do we lose opportunities for conversation and exploration by not admitting our own uncertainties? Can listening to our own gut for “truth” and embracing intentional Red Team dissent shift “I don't know” from weakness to wisdom? (Recorded October 17th, 2025)   Show Notes and More Watch this video episode on YouTube   Want to learn the broad overview of The Great Simplification in 30 minutes? Watch our Animated Movie. ---   Support The Institute for the Study of Energy and Our Future   Join our Substack newsletter   Join our Hylo channel and connect with other listeners