Sign up to save your podcasts
Or
Share Signatures and Surprises: Inside the Emerging Threats Team
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Signatures and Surprises: Inside the Emerging Threats Team
Send us fan mail!
Hello to all our Cyber Masked Vigilantes! In this episode of Discarded, host Selena Larson and co-host Tim Kromhardt are joined by James Emery-Callcott, a Security Researcher on Proofpoint’s Emerging Threats team, for an insider’s look at the technical, tactical, and collaborative forces shaping modern network detection.
James takes us behind the curtain of rule writing, CVE coverage, and malware detection, breaking down how signatures are developed, validated, and deployed to protect against a constantly shifting threat landscape. From the fading heyday of exploit kits to the rise of infostealers and ClickFix, we explore how detections evolve—and why the most persistent threats often hinge on the fundamentals of networking.
You’ll also hear how the team maps detection rules to frameworks like MITRE ATT&CK and CISA KEV, using metadata tags to reduce alert fatigue and prioritize real-world risks. James shares why this kind of tagging isn’t just technical polish—it’s operational gold.
But detection doesn’t happen in a vacuum. James explains how the community—through Discord chats, support tickets, and collaborative research—plays a vital role in surfacing false positives, sharing POCs, and suggesting metadata improvements.
Bonus highlights include:
- Why writing reliable detection rules is still too nuanced for AI
- The anatomy of a CVE rollout (and the surprising role of an Xbox controller)
- Signature performance testing and hardware challenges
- Why older vulnerabilities still matter
- A sneak peek at a free Suricata training series in the works
Whether it’s a shoutout to Tony for pushing tagging innovation or a nod to students eager to get started, the message is clear: everyone can contribute to better detection.
Resources Mentioned:
CrazyHunter: https://www.trendmicro.com/en_us/research/25/d/crazyhunter-campaign.html
https://www.proofpoint.com/us/blog/threat-insight/emerging-threats-updates-improve-metadata-including-mitre-attck-tags
For more information about Proofpoint, check out our website.
Subscribe & Follow:
Stay ahead of emerging threats, and subscribe! Happy hunting!
View all episodes
By Proofpoint
4.9
5555 ratings
Send us fan mail!
Hello to all our Cyber Masked Vigilantes! In this episode of Discarded, host Selena Larson and co-host Tim Kromhardt are joined by James Emery-Callcott, a Security Researcher on Proofpoint’s Emerging Threats team, for an insider’s look at the technical, tactical, and collaborative forces shaping modern network detection.
James takes us behind the curtain of rule writing, CVE coverage, and malware detection, breaking down how signatures are developed, validated, and deployed to protect against a constantly shifting threat landscape. From the fading heyday of exploit kits to the rise of infostealers and ClickFix, we explore how detections evolve—and why the most persistent threats often hinge on the fundamentals of networking.
You’ll also hear how the team maps detection rules to frameworks like MITRE ATT&CK and CISA KEV, using metadata tags to reduce alert fatigue and prioritize real-world risks. James shares why this kind of tagging isn’t just technical polish—it’s operational gold.
But detection doesn’t happen in a vacuum. James explains how the community—through Discord chats, support tickets, and collaborative research—plays a vital role in surfacing false positives, sharing POCs, and suggesting metadata improvements.
Bonus highlights include:
- Why writing reliable detection rules is still too nuanced for AI
- The anatomy of a CVE rollout (and the surprising role of an Xbox controller)
- Signature performance testing and hardware challenges
- Why older vulnerabilities still matter
- A sneak peek at a free Suricata training series in the works
Whether it’s a shoutout to Tony for pushing tagging innovation or a nod to students eager to get started, the message is clear: everyone can contribute to better detection.
Resources Mentioned:
CrazyHunter: https://www.trendmicro.com/en_us/research/25/d/crazyhunter-campaign.html
https://www.proofpoint.com/us/blog/threat-insight/emerging-threats-updates-improve-metadata-including-mitre-attck-tags
For more information about Proofpoint, check out our website.
Subscribe & Follow:
Stay ahead of emerging threats, and subscribe! Happy hunting!
More shows like DISCARDED: Tales From the Threat Research Trenches
View all
Security Now (Audio)
1,983 Listeners
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
636 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Hacked
183 Listeners
CyberWire Daily
1,009 Listeners
Smashing Security
312 Listeners
Click Here
415 Listeners
Darknet Diaries
7,913 Listeners
Cybersecurity Today
166 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
127 Listeners
Risky Bulletin
43 Listeners