Down the Security Rabbithole Podcast (DtSR)

Prologue Back in episode 469 ( https://ftwr.libsyn.com/dtsr-episode-469-yght-they-hacked-ransomware ) we brought Steve Perkins of Nubeva ("Cloud Go" in Portuguese) to talk about a very interesting "accidental" development. They'd figured out a way to steal encryption keys from ransomware, thus rendering it potentially toothless. Well, now Steve's back with a product, and a way to reverse ransomware's encryption with minimal friction and without paying the ransom. So ... yeah. Listen in.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue Have you ever made a payment from your mobile device, wirelessly using NFC? Of course you have, most of us have by now. Did you know there are some (or at least were) fairly significant design flaws, otherwise known as "features", in the various platforms? On this show, we're interested in learning more about Timur's research and what he's uncovered. You'll want to do what I did, check your phone's NFC payments settings, once this show is over.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue We have a repeat guest today! Mr. Mark Simos joins me once again to talk about Microsoft's Cloud Adoption Framework (CAF) and it's applicability to not only Azure, but also your other clouds. Building resilient and secure clouds isn't just about security, it's about design and architecture that adheres to good practices. Microsoft's CAF is fantastic place to start - listen here to learn more. Guest Mark Simos LinkedIn: https://www.linkedin.com/in/marksimos/  Twitter: @marksimos Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue This week, on a good start to the new year, Eric Escobar joins us to talk about hacking wireless - and a little bit of history on the topic. Taking us back to early wireless hacking where you had to have the right wireless PCMCIA card and drivers, to today where things are a little more complicated but oddly not too much has changed. Guest Eric Escobar LinkedIn: https://www.linkedin.com/in/eric-escobar/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue Bentsi is a guy with some experience in the bad guy world when it comes to devices and gadgets getting compromised. In this episode, he tells us stories and anecdotes on things he's seen and the threats gadgets face. It's a very interesting discussion, and might just make you a little more paranoid before it's over. Guest Bentsi ben-Atar https://www.linkedin.com/in/bentsi-ben-atar-6b0128/ Check out Sepio - https://sepio.systems/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue Have you ever plugged your smart phone, tablet or other "smart thing" into a power cable that wasn't yours? I'm guessing you've answered yes - and if so, you need to listen to this episode. As we travel and move around with our smart devices, we don't always have our charging cables & blocks with us, and that can lead to disaster. Hear more from Robert Rowley on how "juice jacking" can cause security problems we aren't even aware of. Guest Robert Rowley LinkedIn: https://www.linkedin.com/in/robertlei/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue In a technically deeper episode, Ev joins Rafal to discuss how security has made productivity challenging at times, in terms of having to jump through hoops to get work done, and what we should be doing about it. Ev asks us to image an entirely new paradigm of productive access to necessary resources - so listen in and dream big with us. Guest: Ev Kontsevoy LinkedIn: https://www.linkedin.com/in/kontsevoy/  Teleport: https://www.linkedin.com/company/go-teleport/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue This week's episode is one of my favorite topics - marketing buzzwords. You've all heard the term "XDR" and wondered (probably like me) what the heck it is and how it's different than EDR or MDR. Do we really need more buzzwords? Mark Alba from Anomali joins me this week to discuss this, and I think it'll help sort things out for you, it sure did for me. I'm still not a big fan of new buzzwords, but at least I get it now. Guest Mark Alba LinkedIn: https://www.linkedin.com/in/markalba/ Anomali XDR Info: https://www.anomali.com/learn/the-impact-of-xdr-in-the-modern-soc-v2  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue Welcome to the last month of 2021 - December. This month we have a few bonus episodes, starting with this gem on identity. We've got a great guest and Mike Kiser has some interesting opinions he's definitely not holding back on. Thanks for listening - we hope you enjoy this episode. And special thanks to SailPoint for bringing Mike to the mic. Guest Mike Kiser LinkedIn: https://www.linkedin.com/in/mike-kiser/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

Prologue Folks, the video of this episode which was live-streamed to our YouTube channel is here: https://youtu.be/IYVB_LNhURQ - and if you can, watch it. Huge mega-thanks to Microsoft and Lightstream for bringing together Jeff and Mark on this one to deliver some truly phenomenal content. This week is Azure Security Benchmark (not baseline, oops) version 3.0 hot off the presses. We talk about what it is, how to apply it, and where and why it's so useful for keeping not just your Azure public cloud safe, but also the "other" public clouds you use too. Guests Mark Simos LinkedIn: https://www.linkedin.com/in/marksimos/  Twitter: https://twitter.com/marksimos Jeff Collins LinkedIn: https://www.linkedin.com/in/jmcollins/  Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast