7MS #529: Interview with Matthew Warner of Blumira

7MS #529: Interview with Matthew Warner of Blumira

Today we're featuring a great interview with Matthew Warner, CTO and co-founder of Blumira. You might remember Matt from such podcasts as this one) when Matt gave us a fountain of info on why out-of-the-box Windows logging isn't awesome, and how to get it turned up to 11!

Today, we talk about a cool report that Blumira put out called 2022 Blumira's State of Detection & Response, and dive into some interesting topics within it, including:

  • How do companies like Blumira (who we rely on to stay on top of threats) keep their teams on top of threats?

  • Why open source detections are a great starting point - but not a magic bullet

  • Consider this "what if" - a C2 beacon lands on your prod file server in the middle of the work day. Do you take it down during a busy time to save/clean the box as much as possible? Or do you hope to be able to wait until the weekend and triage it on a weekend?

  • Why annoying traffic/alerts are still worth having a conversation about. For example, if you RDP out of your environment and into Azure, that might be fine. But what about when you see an RDP connection going out to a Digital Ocean droplet? Should you care? Well, do you use Digital Ocean for legit biz purposes?

  • Data exfiltration - where does it sit on your priority list? How hard is it to monitor/block?

  • Common lateral movement tools/techniques

  • Why honeypots rule!

Episoder(696)

7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

I got a fun project involving wireless sniffing, followed up by scraping through packets looking for credit card data! Here’s part 1, which talks about about software/hardware you might need to do this the right way. 7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

28 Mai 20157min

7MS #63: I’m Excited to Go Phishing (audio)

7MS #63: I’m Excited to Go Phishing (audio)

This week I’ll be launching a phishing campaign against an organization that has been well trained to defend against such malicious attacks and links! Will this organization break my company’s 100% success rate for phishing, or will I be able to craft an email to fool at least one person? 7MS #63: I’m Excited to…

21 Mai 20157min

7MS #62: You Should Run LAPS (audio)

7MS #62: You Should Run LAPS (audio)

I’m excited about this! Microsoft has released a tool called Local Administrator Password Solution to help administrators manage local admin credentials for domain-joined machines. Check out this article for more information, and please contact me if you end up running this, as I’d love to hear about your experience. 7MS #62: You Should Run LAPS…

19 Mai 20157min

7MS #61: Why Local Admin Rights Suck (audio)

7MS #61: Why Local Admin Rights Suck (audio)

Users running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulnerabilities would be thwarted by removing admin rights. 7MS #61: Why Local Admin Rights Suck (audio)

14 Mai 20158min

7MS #60: How Not to Suck at Customer Service (audio)

7MS #60: How Not to Suck at Customer Service (audio)

This episode was inspired by two awesome customer service experiences I had in the past week. It got me thinking: how can we as infosec professionals suck less with our customer service approach? 7MS #60: How Not to Suck at Customer Service (audio)

12 Mai 20158min

7MS #59: Traveling with a Red Giant – Part 2 (audio)

7MS #59: Traveling with a Red Giant – Part 2 (audio)

A few episodes back I talked about Red Giant, a cool service that provides you with a pre-paid debit card that can be controlled/locked with your phone. I finally got my card working, and this episode’s about some cool things I learned about it. 7MS #59: Traveling with a Red Giant – Part 2 (audio)

7 Mai 20157min

7MS #58: What Should We Do First? (audio)

7MS #58: What Should We Do First? (audio)

At the end of just about every assessment I deliver, the client asks “What should we do first?” They (understandably) want to know a “top 5″ list of things they should change right away to improve their security posture. Today’s episode explores that a bit. 7MS #58: What Should We Do Next? (audio)

5 Mai 20158min

7MS #57: How to Review a Firewall (audio)

7MS #57: How to Review a Firewall (audio)

In this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you’re looking for a firewall review/audit tool. 7MS #57: How to Review a Firewall (audio)

30 Apr 20158min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
forklart
aftenpodden-usa
popradet
stopp-verden
fotballpodden-2
dine-penger-pengeradet
det-store-bildet
nokon-ma-ga
rss-dannet-uten-piano
frokostshowet-pa-p5
aftenbla-bla
bt-dokumentar-2
rss-ness
e24-podden
rss-borsmorgen-okonominyhetene
rss-gukild-johaug
rss-penger-polser-og-politikk
rss-fredrik-og-zahid-loser-ingenting