From the sunny beaches of The Netherlands, Marc Smeets, co-founder of Outflank and experienced red teamer, talks to us about their DAMTA (defend against modern targeted attacks) training, the work they've done on building extensions for Cobalt Strike, RedELK, and the TIBER framework for the financial industry. We also learn if Microsoft Defender ATP is giving them a hard time during their red team exercises.
Dirk-jan Mollema, hacker, teamer and researcher at Fox-IT, talks about red teaming, his ROADtools exploration framework for Azure AD, the privexchange bug he discovered last year, Microsoft BlueHat and his work with Microsoft's Security and Response Center, and his view on Microsoft Defender ATP.
Milad Aslaner, principal security program manager at Microsoft, part of the Microsoft Threat Protection engineering team, talks about Defender ATP, his ThreatHunt tool, advanced hunting with KQL, the newly announced Android protection and his brother and sister also get a mention!
Cristin Goodwin, Microsoft's assistant general counsel, talks about how Microsoft tracks nation state activities, providing context to governments and other stakeholders, what patterns they see and we briefly touch on threat modeling Sharks with Lasers ;-)
Ruben Bouman and Marcus Bakker, both threat hunters and cyberdefense specialists, join me in talking about their DETT&CT project, the MITRE ATT&CK framework, Microsoft Defender ATP and threat hunting in general.
Christina Lekati, social engineering security specialist, talks about HUMINT, insider threats and how social engineering is both a science and an art. We discuss psychology, ethics, and more. We also answer listener questions and learn what pizza toppings Christina likes ;-)
Ashwin Patil, senior program manager at Microsoft's Threat Intelligence Center, shares how he built the AWS threat hunting samples for Azure Sentinel, what he loves about Jupyter and we re-visit the subject of Sysmon as previously discussed with Olaf Hartong. We also answer listener questions and get tips on how to start a career in cybersecurity.
Olaf Hartong, data dweller at FalconForce, talks about Sysmon, EDR tools, his work with Microsoft Defender ATP and Azure Sentinel, and his proposal for a rainbow of tactics in MITRE ATT&CK.
Ram Shankar, security data cowboy at Microsoft, gives us an introduction into the crossroads of cybersecurity and machine learning. We talk about adversarial machine learning, Azure Sentinel FUSION and how to go from billions of events to a handful of high fidelity incidents in 3 steps.