Adventures of Alice & Bob

Over its 11 years in publication, the BeyondTrust Microsoft Vulnerabilities Report has been downloaded over 16,000 times, aiding thousands in enhancing their cyber defenses with detailed data analysis and expert insights. This year's report not only examines 2023 Microsoft vulnerabilities but also evaluates their use in identity-based attacks, highlights significant CVEs (9.0+ CVSS scores), and discusses mitigation strategies.In this special Alice & Bob episode, James is joined by top cybersecurity experts and report commentators Paula Januszkiewicz, Terry Cutler, Eliza-May Austin, and Sami Laiho. They discuss the report's findings, share their experiences with vulnerabilities, and explore the future of Microsoft security and AI.

This week, Marc Maiffret sits down with Mark Weatherford to discuss his role in responding to the Moonlight Maze incident, one of the first major cyber espionage operations targeting U.S. government systems in the late 1990s. Mark talks about how Moonlight Maze highlighted significant vulnerabilities and reshaped cybersecurity strategies within the government and beyond. Mark also discusses broader topics in cybersecurity, the evolution of cyber threats, and the impact and security challenges AI is bringing to the table. 

This week James sits down with Michael Daniel, former Cybersecurity Coordinator at the White House and current President and CEO of the Cyber Threat Alliance. With over 20 years of cybersecurity experience, Michael shares insider insights into some of the most significant cyber incidents in recent history, including the notorious OPM breach. From budgeting to policy-making, he offers a candid look at the challenges and triumphs of securing the nation's digital frontiers.

This week, James hosts the renowned ethical hacker Heath Adams, famously known as The Cyber Mentor™. Heath shares his unconventional journey, beginning as an accountant and transitioning into the world of cybersecurity. He delves into some jaw-dropping experiences, including the time his team penetrated a city's system, uncovering confidential informant lists and crime stopper reports. They also discuss the critical importance of accessibility and affordability in cybersecurity education, highlighting how Heath's mission is truly transforming lives. Don't miss this glimpse into the mind of a true cybersecurity crusader.

Join us in a special out-of-band episode of Adventures of Alice and Bob, where we explore the exciting expansion of BeyondTrust through its recent acquisition of Entitle, a pioneering privilege management solution. Discover how this strategic move enhances BeyondTrust's identity security solutions across the cloud. BeyondTrust CTO, Marc Maiffret, and Entitle co-founders, Ron Nissim and Avi Zetser, also cover what exactly just-in-time (JIT) access is, what modern identity security looks like across the cloud, and what this exciting new union means for the landscape of identity security and access management.

Today, James is joined by Vincent Scott, a former US Navy cryptologist and founder of Defense Cybersecurity Group. Vincent shares his raw and authentic experience while bridging intelligence gaps during the 9/11 crisis and navigating cyber warfare operations in the Gulf Wars. He also shares the culture challenges he experienced while transitioning from military to corporate cybersecurity, the broken windows approach to fixing small cyber cracks before they shatter, and the paradox of expensive tools failing to deliver without the right people. 

Today, Marc is speaking with Dr. Jessica Barker, a cybersecurity culture expert and co-founder of Cygenta. Join us for some incredibly true stories, including a behind-the-scenes look at her royal honor ceremony at the historic Windsor Castle. You'll hear all the details - from battling nerves while practicing that all-important curtsy, to the opulent pomp and circumstance of receiving her honor from Prince William himself.But Jessica's tales from the front lines don't stop there. She'll also pull back the curtain on the shockingly sleazy underworld of romance scams, where con artists follow meticulously crafted "playbooks" full of psychological manipulation tactics to drain unsuspecting victims of their entire life savings through emotional exploitation.And brace yourself as she reveals how AI deepfakes are making phishing attacks even more devious and hard to detect. You'll learn how cybercriminals are leveraging this cutting-edge technology to generate hyper-realistic lures - from emails to videos - that could easily fool even cautious individuals.

This week, James is joined by Michael Perklin, information security expert and Chairman of the Board at C4. Listen in as Michael pulls back the curtain on the current cryptocurrency landscape. This episode is a roller-coaster ride, spanning Michael's career journey from trying to debunk Bitcoin as a "scam" to realizing its brilliance and founding one of the first Bitcoin security consultancies. You'll be on the edge of your seat as he recounts high-stakes experiences like securing Ethereum's historic initial coin offering, hunting down insider threats at ShapeShift, and guiding the company's pioneering transition into a decentralized autonomous organization (DAO). Get ready for a whirlwind of stories that showcase the challenges, opportunities, and mind-bending possibilities of blockchain technology.

Today, Marc is joined by Hector Monsegur, the infamous hacker formerly known as Sabu. In this episode, Hector takes us on a journey through his past, from his early inspirations drawn from hacker films to his pivotal role in the LulzSec hacking collective. With raw honesty, he delves into the motivations and mindsets that fueled his involvement in hacktivism, shedding light on the complexities and ethical dilemmas surrounding digital activism. Hector's story is a testament to the transformative power of embracing one's passion, and his insights offer a rare glimpse into the psyche of a cyber outlaw-turned-cybersecurity professional.

Microsoft is one of the world's largest and most security-focused companies. Yet in late 2022, a sophisticated threat actor known as Midnight Blizzard breached their systems in Azure through a forgotten test account. Join James Maude and Marc Maiffret together as they dive into the technical details of the Blizzard attack, how machine identities and misconfigured OAuth apps provided the foothold, and the lessons learned about protecting corporate cloud environment. James & Marc also discuss actionable ways to reduce risk, the limitations of relying only on detection, and why unified visibility over all identities is key for a proactive defense.