Listen to Talos security experts as they bring their hot takes on current security topics and Talos research to the table. Along the way Lurene, Matt, and Mitch and a rotating chair of special guests will talk about anything (and we mean anything) that's on their minds, from the latest YouTube trends to Olympic curling etiquette. New episodes every other Thursday.
Recorded 4/27/18 - Special guest intro this week from Chippah. We chat about what defines an “APT”, the recent BGP attacks, and the progress of GravityRAT. We also get an update on Vuln Discovery and the spate of recent releases. Matt has specific feelings about USB-C and his new computer.
Recorded 4/13/18 - We just upgraded all our gear, so naturally we had a straight tech meltdown this week and we saved it the best we could. Matt will sound way better next week. Promise. We cover Smart Installer. Again. But that leads down a discussion of security versus convenience that leads to us discussing the process of vuln disclosure - how vendor discussions, release dates, and policies work in the real world. Seriously, we grounded Matt’s computer for misbehaving with the audio.
Recorded 3/29/18 - Joel is sitting out this week and Bill Largent from the Outreach team fills in. We are pretty sure he was just wrong late trying to live on Joel Mean Time, which is now a GitHub project thanks to Moses (link below). We cover a wide range in this episode, so stay with us! We chat about the Talos Threat Research Summit coming in June, we wonder where the carrots to match the sticks in security are, and the value of finding your own damn vulns. The last part of the show starts with discussing GoScanSSH which ends up being a discussion on the larger battle for the edge.
Recorded 3/13/18 - LIVE from San Jose, CA.
First of all - we still have a podcast and jobs, so ostensibly, we did okay hosting the meeting event we talked about last time. There may have even been an award involved, just sayin’. Since we were all in one place together and we didn’t get fired, we decided to do our podcast live after the meeting for an audience. We are joined by Talos Sr. Director Matt Watchinski this episode, discussing such existential questions as “why security?” and more concrete things like nation state vs. cybercriminal actors and their differing motivations. We also discuss router security and network devices as a preferred attack vector for advanced actors. Special bonus: Matt beats perhaps the last laugh out of the dead horse that is Paul Revere himself. #CantBooShowNotes
Recorded 3/2/18 - Craig is out this week, but the rest of the crew goes through COINHORDER and Memcached and takes a deeper look at authentication and passwords. We cover an overview of reflection attacks and how some passwords schemes that are meant to protect, actually cause harm. We also bid you farewell, since our next episode is supposed to be live after the crew hosts a meeting that stands a not-insignificant chance of getting us all fired. Wish us luck - and send us questions that can make Craig pose to really important Cisco executives.
Recorded 2/16/18 - This week, Mitch learns about starting a show without Matt with no other plans to control Craig in place. The team discusses Olympic Destroyer and then takes on attribution in light of recent developments with Nyetya. We look at what attribution actually takes and the ease and commonality of planting false flags.
Recorded 2/2/18 - Guests two EPs in a row! We are joined by Omar Santos from Cisco PSIRT to discuss CVE-2018-0101, the Cisco ASA Remote Code Execution and Denial of Service Vulnerability. See the PSIRT post below for latest updates. We also discuss Crypto miners overtaking ransomware, a Flash 0-day carrying a known ROKRAT payload (huh??), and we couldn’t escape discussing Autosploit because Rob Joyce faved one of Craig’s tweets.
It is a packed episode this time! We are joined by Edmund from the Talos Outreach Group to chat about Threat Modeling after we make our way through attribution and Group 123, hipster artisanal patching (hand flipped bits!), and spend a good bit of time talking about how Talos identifies the cream of the crop when we are hiring.
This is easily our best podcast of 2018 (so far). The crew discusses the recent spike in crypto-mania sweeping the globe and also goes in-depth on how vulnerability discovery plays a critical role in overall security. Plus, the crew all (shockingly) have different takes on Spectre/Meltdown and Craig decides to up the ante with the killer robots.
Quotes intended, we think you know why. Mitch takes control to present the best of the first (partial) year of the podcast. He covers some of our guests, some of our favorite non-security bits, and a look back at our in-the-moment view of some of the top stories of the year.
Things you can look forward to: Mitch struggling through sailing solo with bad bits and unnecessary ukulele music, and a not-at-all-contrived apology for permanently deleting the hilarious fallout from an embarrassing faux pas. …but the clips are really good!