Sign up to save your podcasts
Or
Share ESW #284 - Ryan Fried & Joseph Carson
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
ESW #284 - Ryan Fried & Joseph Carson
This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report
https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54
https://www.cisa.gov/uscert/ncas/alerts/aa22-181a
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw287
View all episodes
By Security Weekly Productions
4.9
1414 ratings
This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS's CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report
https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54
https://www.cisa.gov/uscert/ncas/alerts/aa22-181a
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw287
More shows like Enterprise Security Weekly (Audio)
View all
NPR News Now
14,588 Listeners
Last Podcast On The Left
51,337 Listeners
This Week in Tech (Audio)
3,057 Listeners
Risky Business
373 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
649 Listeners
CyberWire Daily
1,027 Listeners
Security Weekly News (Audio)
33 Listeners
Darknet Diaries
8,110 Listeners
Unsubscribe Podcast
2,180 Listeners
Risky Bulletin
45 Listeners