Sign up to save your podcasts
Or
Share ESW #284 - Ryan Fried & Joseph Carson
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
ESW #284 - Ryan Fried & Joseph Carson
This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker’s techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS’s CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report
https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54
https://www.cisa.gov/uscert/ncas/alerts/aa22-181a
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw287
View all episodes
By Security Weekly Productions
4.4
206206 ratings
This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker’s techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS’s CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report
https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54
https://www.cisa.gov/uscert/ncas/alerts/aa22-181a
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw287
More shows like Security Weekly Podcast Network (Audio)
View all
Security Now (Audio)
1,970 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Hacked
176 Listeners
CyberWire Daily
1,006 Listeners
Smashing Security
312 Listeners
Click Here
408 Listeners
Darknet Diaries
7,876 Listeners
Cybersecurity Today
166 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
127 Listeners
Risky Bulletin
43 Listeners